diff mbox

[dpdk-dev] net/ixgbe: check if security capabilities are enabled by HW

Message ID 1516187946-30607-1-git-send-email-radu.nicolau@intel.com (mailing list archive)
State Superseded, archived
Headers

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation fail Compilation issues

Commit Message

Radu Nicolau Jan. 17, 2018, 11:19 a.m. UTC 
  Check if the security enable bits are not fused before setting
offload capabilities for security

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
 drivers/net/ixgbe/ixgbe_ethdev.c |  6 ++++--
 drivers/net/ixgbe/ixgbe_ipsec.c  | 15 +++++++++++++++
 drivers/net/ixgbe/ixgbe_ipsec.h  |  1 +
 3 files changed, 20 insertions(+), 2 deletions(-)

Comments

Ananyev, Konstantin Jan. 17, 2018, 11:34 a.m. UTC | #1 
Hi Radu,

> -----Original Message-----
> From: Nicolau, Radu
> Sent: Wednesday, January 17, 2018 11:19 AM
> To: dev@dpdk.org
> Cc: Lu, Wenzhuo <wenzhuo.lu@intel.com>; Ananyev, Konstantin <konstantin.ananyev@intel.com>; Zhao, XinfengX
> <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Nicolau, Radu <radu.nicolau@intel.com>
> Subject: [PATCH] net/ixgbe: check if security capabilities are enabled by HW
> 
> Check if the security enable bits are not fused before setting
> offload capabilities for security

In theory dev_info_get() - could be called at any stage of device configuration
or even when RX/TX is active.
Do you really want to assert SECRXCTRL at that moment?
Probably better to do this only once at init time and then just use some stored value?  
Konstantin

> 
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
>  drivers/net/ixgbe/ixgbe_ethdev.c |  6 ++++--
>  drivers/net/ixgbe/ixgbe_ipsec.c  | 15 +++++++++++++++
>  drivers/net/ixgbe/ixgbe_ipsec.h  |  1 +
>  3 files changed, 20 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c
> index 43e0132..4f2ab2f 100644
> --- a/drivers/net/ixgbe/ixgbe_ethdev.c
> +++ b/drivers/net/ixgbe/ixgbe_ethdev.c
> @@ -3685,8 +3685,10 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
>  		dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_OUTER_IPV4_CKSUM;
> 
>  #ifdef RTE_LIBRTE_SECURITY
> -	dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
> -	dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
> +	if (ixgbe_crypto_capable(dev)) {
> +		dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
> +		dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
> +	}
>  #endif
> 
>  	dev_info->default_rxconf = (struct rte_eth_rxconf) {
> diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
> index 97f025a8..a495679 100644
> --- a/drivers/net/ixgbe/ixgbe_ipsec.c
> +++ b/drivers/net/ixgbe/ixgbe_ipsec.c
> @@ -602,6 +602,21 @@ ixgbe_crypto_capabilities_get(void *device __rte_unused)
> 
> 
>  int
> +ixgbe_crypto_capable(struct rte_eth_dev *dev)
> +{
> +	struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
> +	uint32_t reg_i, reg, capable = 1;
> +	/* test if rx crypto can be enabled and then write back initial value*/
> +	reg_i = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
> +	IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, 0);
> +	reg = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
> +	if (reg != 0)
> +		capable = 0;
> +	IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, reg_i);
> +	return capable;
> +}
> +
> +int
>  ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev)
>  {
>  	struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
> diff --git a/drivers/net/ixgbe/ixgbe_ipsec.h b/drivers/net/ixgbe/ixgbe_ipsec.h
> index acd9f3e..eeba39f 100644
> --- a/drivers/net/ixgbe/ixgbe_ipsec.h
> +++ b/drivers/net/ixgbe/ixgbe_ipsec.h
> @@ -112,6 +112,7 @@ struct ixgbe_ipsec {
> 
>  struct rte_security_ctx *
>  ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
> +int ixgbe_crypto_capable(struct rte_eth_dev *dev);
>  int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev);
>  int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
>  					  const void *ip_spec,
> --
> 2.7.5
Radu Nicolau Jan. 17, 2018, 11:40 a.m. UTC | #2 
> -----Original Message-----
> From: Ananyev, Konstantin
> Sent: Wednesday, January 17, 2018 11:34 AM
> To: Nicolau, Radu <radu.nicolau@intel.com>; dev@dpdk.org
> Cc: Lu, Wenzhuo <wenzhuo.lu@intel.com>; Zhao, XinfengX
> <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Subject: RE: [PATCH] net/ixgbe: check if security capabilities are enabled by
> HW
> 
> Hi Radu,
> 
> > -----Original Message-----
> > From: Nicolau, Radu
> > Sent: Wednesday, January 17, 2018 11:19 AM
> > To: dev@dpdk.org
> > Cc: Lu, Wenzhuo <wenzhuo.lu@intel.com>; Ananyev, Konstantin
> > <konstantin.ananyev@intel.com>; Zhao, XinfengX
> > <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>; Nicolau, Radu
> > <radu.nicolau@intel.com>
> > Subject: [PATCH] net/ixgbe: check if security capabilities are enabled
> > by HW
> >
> > Check if the security enable bits are not fused before setting offload
> > capabilities for security
> 
> In theory dev_info_get() - could be called at any stage of device
> configuration or even when RX/TX is active.
> Do you really want to assert SECRXCTRL at that moment?
> Probably better to do this only once at init time and then just use some
> stored value?
> Konstantin
> 

Yes, that's true. I will send a v2
diff mbox

Patch

diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c
index 43e0132..4f2ab2f 100644
--- a/drivers/net/ixgbe/ixgbe_ethdev.c
+++ b/drivers/net/ixgbe/ixgbe_ethdev.c
@@ -3685,8 +3685,10 @@  ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
 		dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_OUTER_IPV4_CKSUM;
 
 #ifdef RTE_LIBRTE_SECURITY
-	dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
-	dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
+	if (ixgbe_crypto_capable(dev)) {
+		dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
+		dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
+	}
 #endif
 
 	dev_info->default_rxconf = (struct rte_eth_rxconf) {
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index 97f025a8..a495679 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -602,6 +602,21 @@  ixgbe_crypto_capabilities_get(void *device __rte_unused)
 
 
 int
+ixgbe_crypto_capable(struct rte_eth_dev *dev)
+{
+	struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+	uint32_t reg_i, reg, capable = 1;
+	/* test if rx crypto can be enabled and then write back initial value*/
+	reg_i = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
+	IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, 0);
+	reg = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
+	if (reg != 0)
+		capable = 0;
+	IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, reg_i);
+	return capable;
+}
+
+int
 ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev)
 {
 	struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.h b/drivers/net/ixgbe/ixgbe_ipsec.h
index acd9f3e..eeba39f 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.h
+++ b/drivers/net/ixgbe/ixgbe_ipsec.h
@@ -112,6 +112,7 @@  struct ixgbe_ipsec {
 
 struct rte_security_ctx *
 ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
+int ixgbe_crypto_capable(struct rte_eth_dev *dev);
 int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev);
 int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 					  const void *ip_spec,