From patchwork Tue Jul 13 10:27:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 95763 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id BA11AA0C4A; Tue, 13 Jul 2021 12:27:23 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4195C410E6; Tue, 13 Jul 2021 12:27:23 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 9113940687 for ; Tue, 13 Jul 2021 12:27:21 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16DAQnmt018053 for ; Tue, 13 Jul 2021 03:27:20 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=DGRB+LMJvSJawKPQiUtF80/hp06y39ibRUBfbRyuhvM=; b=cDLGD6waYwQpHPAxbaE/S3fT3qKAp0YymNoO+s+N8QJLRfuA9gLYCt9rYRk0vmwF1kKi 4ZIV9GGdB0kzrlw0SVSDscYkQxIiw8isBgwk36U1G98de9QG3ZmPNuELtGrIBeOXx6E9 ma63x760/0ai/6aUD1aGuUqnHO6ZHxopgjCJGO1A7ctyQvJtW1sl+gVQS3mCwHGr0h45 vs0JeXGzW0+FKuNdyrGiP/oBZ1Oq/vheLTcNeIZOSDiavVl+zEpeiDseNdlI5Ep3FNgn 26wOYwbjvnxrlRHfD+2JiXOVcJDhJ8ercBosP2RQySpGGrefxraF/Ybr4MHpnYnZAZjj OQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 39s8n8r3j2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Tue, 13 Jul 2021 03:27:20 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 13 Jul 2021 03:27:18 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 13 Jul 2021 03:27:18 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 45B313F70C5; Tue, 13 Jul 2021 03:27:15 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Anoob Joseph , Ankur Dwivedi , Tejasree Kondoj , Date: Tue, 13 Jul 2021 15:57:06 +0530 Message-ID: <1626172028-100-1-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 X-Proofpoint-GUID: h0x8gnzvsn4aMASKeltlZr27CIHQoL0v X-Proofpoint-ORIG-GUID: h0x8gnzvsn4aMASKeltlZr27CIHQoL0v X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-13_04:2021-07-13, 2021-07-13 signatures=0 Subject: [dpdk-dev] [PATCH 1/3] crypto/octeontx2: fix member overlap X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" The member 'dir' should not overlap with 'ip'. Usage of union for all members would mean dir would get corrupt. Fixes: e91b4f45ff54 ("net/octeontx2: support anti-replay for security session") Cc: adwivedi@marvell.com Signed-off-by: Anoob Joseph Acked-by: Akhil Goyal --- drivers/crypto/octeontx2/otx2_security.h | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h index 9f1ba71..29c8fc3 100644 --- a/drivers/crypto/octeontx2/otx2_security.h +++ b/drivers/crypto/octeontx2/otx2_security.h @@ -20,14 +20,16 @@ #define OTX2_SEC_AES_GCM_ROUNDUP_BYTE_LEN 4 #define OTX2_SEC_AES_CBC_ROUNDUP_BYTE_LEN 16 -union otx2_sec_session_ipsec { - struct otx2_sec_session_ipsec_ip ip; - struct otx2_sec_session_ipsec_lp lp; +struct otx2_sec_session_ipsec { + union { + struct otx2_sec_session_ipsec_ip ip; + struct otx2_sec_session_ipsec_lp lp; + }; enum rte_security_ipsec_sa_direction dir; }; struct otx2_sec_session { - union otx2_sec_session_ipsec ipsec; + struct otx2_sec_session_ipsec ipsec; void *userdata; /**< Userdata registered by the application */ } __rte_cache_aligned; From patchwork Tue Jul 13 10:27:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 95764 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1221CA0C4A; Tue, 13 Jul 2021 12:27:28 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5230241228; Tue, 13 Jul 2021 12:27:27 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 545ED41228 for ; Tue, 13 Jul 2021 12:27:25 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16DAQnOp018040 for ; Tue, 13 Jul 2021 03:27:24 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=XAPPiAyoTeifyVBlUnFEriV0H32AfOdvovCDfpnU+kU=; b=W7vKU0mgmrrIDNezhmLrAuugsdcUmUUjtu01TgyIqzvxHVaD4Z+bd1DgNZoV6SakcfyH TvJsLCzI98sGZcma1TFlDtrh4yyZj1fg3akCieR6JUqmmxehEoFr8rjbvEQkh8w2MqT5 lgarEATWxLkf1ZAPJ9lMSkRU7gEiDHxlk5RNqsNZhd3zZyjFNHBQ+4CNuoOoR3Sy8SeK SR4/ERuKkcz14EFRNYqNWaxBQoOGnM+yhP3HjCg4iewUTb9To38pq1AwqeyQxM5Wsz+M kBJdf+3M8mnsEGcxE+3fIgq1ChmTMB8XhcWdUIAEnPUot4bX649Khsyf4eU0+RIQ4zSR yA== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 39s8n8r3jc-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Tue, 13 Jul 2021 03:27:24 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 13 Jul 2021 03:27:22 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 13 Jul 2021 03:27:22 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 60BF03F70B9; Tue, 13 Jul 2021 03:27:20 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Anoob Joseph , Ankur Dwivedi , Tejasree Kondoj , Date: Tue, 13 Jul 2021 15:57:07 +0530 Message-ID: <1626172028-100-2-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1626172028-100-1-git-send-email-anoobj@marvell.com> References: <1626172028-100-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: meCtQl6m6Z4A1GMUfOetQBfeOECgctsQ X-Proofpoint-ORIG-GUID: meCtQl6m6Z4A1GMUfOetQBfeOECgctsQ X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-13_04:2021-07-13, 2021-07-13 signatures=0 Subject: [dpdk-dev] [PATCH 2/3] net/octeontx2: add locking for inline IPsec tbl updates X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add locking for IPsec table updates. Fixed error handling to clear SA entry if the SA population functions encounters any error. Signed-off-by: Anoob Joseph --- drivers/net/octeontx2/otx2_ethdev.h | 2 + drivers/net/octeontx2/otx2_ethdev_sec.c | 83 +++++++++++++++++++++++++-------- 2 files changed, 66 insertions(+), 19 deletions(-) diff --git a/drivers/net/octeontx2/otx2_ethdev.h b/drivers/net/octeontx2/otx2_ethdev.h index e95d933..7871e3d 100644 --- a/drivers/net/octeontx2/otx2_ethdev.h +++ b/drivers/net/octeontx2/otx2_ethdev.h @@ -14,6 +14,7 @@ #include #include #include +#include #include #include @@ -356,6 +357,7 @@ struct otx2_eth_dev { bool sdp_link; /* SDP flag */ /* Inline IPsec params */ uint16_t ipsec_in_max_spi; + rte_spinlock_t ipsec_tbl_lock; uint8_t duplex; uint32_t speed; } __rte_cache_aligned; diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c index 1ee597f..72298cf 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec.c +++ b/drivers/net/octeontx2/otx2_ethdev_sec.c @@ -21,6 +21,8 @@ #include "otx2_sec_idev.h" #include "otx2_security.h" +#define ERR_STR_SZ 256 + struct eth_sec_tag_const { RTE_STD_C11 union { @@ -162,7 +164,8 @@ lookup_mem_sa_tbl_clear(struct rte_eth_dev *eth_dev) } static int -lookup_mem_sa_index_update(struct rte_eth_dev *eth_dev, int spi, void *sa) +lookup_mem_sa_index_update(struct rte_eth_dev *eth_dev, int spi, void *sa, + char *err_str) { static const char name[] = OTX2_NIX_FASTPATH_LOOKUP_MEM; struct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev); @@ -173,7 +176,8 @@ lookup_mem_sa_index_update(struct rte_eth_dev *eth_dev, int spi, void *sa) mz = rte_memzone_lookup(name); if (mz == NULL) { - otx2_err("Could not find fastpath lookup table"); + snprintf(err_str, ERR_STR_SZ, + "Could not find fastpath lookup table"); return -EINVAL; } @@ -472,23 +476,32 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev, struct otx2_ipsec_fp_sa_ctl *ctl; struct otx2_ipsec_fp_in_sa *sa; struct otx2_sec_session *priv; + char err_str[ERR_STR_SZ]; struct otx2_cpt_qp *qp; + memset(err_str, 0, ERR_STR_SZ); + if (ipsec->spi >= dev->ipsec_in_max_spi) { otx2_err("SPI exceeds max supported"); return -EINVAL; } sa = in_sa_get(port, ipsec->spi); + if (sa == NULL) + return -ENOMEM; + ctl = &sa->ctl; priv = get_sec_session_private_data(sec_sess); priv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; sess = &priv->ipsec.ip; + rte_spinlock_lock(&dev->ipsec_tbl_lock); + if (ctl->valid) { - otx2_err("SA already registered"); - return -EINVAL; + snprintf(err_str, ERR_STR_SZ, "SA already registered"); + ret = -EEXIST; + goto tbl_unlock; } memset(sa, 0, sizeof(struct otx2_ipsec_fp_in_sa)); @@ -512,10 +525,13 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev, auth_key_len = auth_xform->auth.key.length; } - if (cipher_key_len != 0) + if (cipher_key_len != 0) { memcpy(sa->cipher_key, cipher_key, cipher_key_len); - else - return -EINVAL; + } else { + snprintf(err_str, ERR_STR_SZ, "Invalid cipher key len"); + ret = -EINVAL; + goto sa_clear; + } sess->in_sa = sa; @@ -523,33 +539,49 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev, sa->replay_win_sz = ipsec->replay_win_sz; - if (lookup_mem_sa_index_update(eth_dev, ipsec->spi, sa)) - return -EINVAL; + if (lookup_mem_sa_index_update(eth_dev, ipsec->spi, sa, err_str)) { + ret = -EINVAL; + goto sa_clear; + } ret = ipsec_fp_sa_ctl_set(ipsec, crypto_xform, ctl); - if (ret) - return ret; + if (ret) { + snprintf(err_str, ERR_STR_SZ, + "Could not set SA CTL word (err: %d)", ret); + goto sa_clear; + } if (auth_key_len && auth_key) { /* Get a queue pair for HMAC init */ ret = otx2_sec_idev_tx_cpt_qp_get(port, &qp); - if (ret) - return ret; + if (ret) { + snprintf(err_str, ERR_STR_SZ, "Could not get CPT QP"); + goto sa_clear; + } + ret = hmac_init(ctl, qp, auth_key, auth_key_len, sa->hmac_key); otx2_sec_idev_tx_cpt_qp_put(qp); - if (ret) - return ret; + if (ret) { + snprintf(err_str, ERR_STR_SZ, "Could not put CPT QP"); + goto sa_clear; + } } if (sa->replay_win_sz) { if (sa->replay_win_sz > OTX2_IPSEC_MAX_REPLAY_WIN_SZ) { - otx2_err("Replay window size is not supported"); - return -ENOTSUP; + snprintf(err_str, ERR_STR_SZ, + "Replay window size is not supported"); + ret = -ENOTSUP; + goto sa_clear; } sa->replay = rte_zmalloc(NULL, sizeof(struct otx2_ipsec_replay), 0); - if (sa->replay == NULL) - return -ENOMEM; + if (sa->replay == NULL) { + snprintf(err_str, ERR_STR_SZ, + "Could not allocate memory"); + ret = -ENOMEM; + goto sa_clear; + } rte_spinlock_init(&sa->replay->lock); /* @@ -563,6 +595,17 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev, sa->esn_hi = 0; } + rte_spinlock_unlock(&dev->ipsec_tbl_lock); + return 0; + +sa_clear: + memset(sa, 0, sizeof(struct otx2_ipsec_fp_in_sa)); + +tbl_unlock: + rte_spinlock_unlock(&dev->ipsec_tbl_lock); + + otx2_err("%s", err_str); + return ret; } @@ -853,6 +896,8 @@ otx2_eth_sec_init(struct rte_eth_dev *eth_dev) goto sec_fini; } + rte_spinlock_init(&dev->ipsec_tbl_lock); + return 0; sec_fini: From patchwork Tue Jul 13 10:27:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 95765 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 172E1A0C4A; Tue, 13 Jul 2021 12:27:33 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 79F214122E; Tue, 13 Jul 2021 12:27:32 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 7A56440687 for ; Tue, 13 Jul 2021 12:27:30 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16DAR9I2019012 for ; Tue, 13 Jul 2021 03:27:30 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=iM02ewoMyuUG5TcpR/68CUDmKi0krCoQbYGc8xq38BE=; b=XrXTgp6NF+Le+FU8tsSjhp+b1vunlA1CxIUgCmUSlROR879DCfK/75t5aTaAO4FUTzBg RwDhO/VS3pLZ+iisns6ZNj2JhadCYH2jbjrey95bSISK2TzUPVa+L2xjdU4ezt9ZlkkP TqCTfsSHFu5R7dNe+puBxN4HBkUngSG9ugznFHxviDpqtzWcPaVco0HaqlhPHVpx2Cxz ljk/a+g11q2K+8mP/YhLRBdunLkvPwlTBXOs/9JW7YpEk3O4HFFOnF+0Zbr9hfw2VDSe SO8Kyzat5znP3zU4KMOw/l8cLVH/2dXihA47I5qtrqcjroAFMiMm0k/TOUWrh3qMzwQ5 ng== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 39s8n8r3jy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Tue, 13 Jul 2021 03:27:29 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 13 Jul 2021 03:27:27 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 13 Jul 2021 03:27:27 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 7B9E53F70AB; Tue, 13 Jul 2021 03:27:24 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Anoob Joseph , Ankur Dwivedi , Tejasree Kondoj , Date: Tue, 13 Jul 2021 15:57:08 +0530 Message-ID: <1626172028-100-3-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1626172028-100-1-git-send-email-anoobj@marvell.com> References: <1626172028-100-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: RI4L6tOPA9hRjBTUSRf5dKR0euFwWUdM X-Proofpoint-ORIG-GUID: RI4L6tOPA9hRjBTUSRf5dKR0euFwWUdM X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-13_04:2021-07-13, 2021-07-13 signatures=0 Subject: [dpdk-dev] [PATCH 3/3] net/octeontx2: clear SA valid during session destroy X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" SA table entry would be reserved for inline inbound operations. Clear valid bit of the SA so that CPT would treat SA entry as invalid. Also, move setting of valid bit to the end in case of session_create() to eliminate possibility of hardware seeing partial data. Signed-off-by: Anoob Joseph --- drivers/crypto/octeontx2/otx2_ipsec_fp.h | 1 - drivers/net/octeontx2/otx2_ethdev_sec.c | 28 ++++++++++++++++++++++++---- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/octeontx2/otx2_ipsec_fp.h b/drivers/crypto/octeontx2/otx2_ipsec_fp.h index a33041d..58b24a2 100644 --- a/drivers/crypto/octeontx2/otx2_ipsec_fp.h +++ b/drivers/crypto/octeontx2/otx2_ipsec_fp.h @@ -365,7 +365,6 @@ ipsec_fp_sa_ctl_set(struct rte_security_ipsec_xform *ipsec, ctl->esn_en = 1; ctl->spi = rte_cpu_to_be_32(ipsec->spi); - ctl->valid = 1; return 0; } diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c index 72298cf..c2a3688 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec.c +++ b/drivers/net/octeontx2/otx2_ethdev_sec.c @@ -455,6 +455,9 @@ eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev, goto cpt_put; } + rte_io_wmb(); + ctl->valid = 1; + return 0; cpt_put: otx2_sec_idev_tx_cpt_qp_put(sess->qp); @@ -595,6 +598,9 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev, sa->esn_hi = 0; } + rte_io_wmb(); + ctl->valid = 1; + rte_spinlock_unlock(&dev->ipsec_tbl_lock); return 0; @@ -682,10 +688,12 @@ otx2_eth_sec_free_anti_replay(struct otx2_ipsec_fp_in_sa *sa) } static int -otx2_eth_sec_session_destroy(void *device __rte_unused, +otx2_eth_sec_session_destroy(void *device, struct rte_security_session *sess) { + struct otx2_eth_dev *dev = otx2_eth_pmd_priv(device); struct otx2_sec_session_ipsec_ip *sess_ip; + struct otx2_ipsec_fp_in_sa *sa; struct otx2_sec_session *priv; struct rte_mempool *sess_mp; int ret; @@ -696,9 +704,21 @@ otx2_eth_sec_session_destroy(void *device __rte_unused, sess_ip = &priv->ipsec.ip; - /* Release the anti replay window */ - if (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) - otx2_eth_sec_free_anti_replay(sess_ip->in_sa); + if (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { + rte_spinlock_lock(&dev->ipsec_tbl_lock); + sa = sess_ip->in_sa; + + /* Release the anti replay window */ + otx2_eth_sec_free_anti_replay(sa); + + /* Clear SA table entry */ + if (sa != NULL) { + sa->ctl.valid = 0; + rte_io_wmb(); + } + + rte_spinlock_unlock(&dev->ipsec_tbl_lock); + } /* Release CPT LF used for this session */ if (sess_ip->qp != NULL) {