[dpdk-dev,v2] net/ixgbe: check if security capabilities are enabled by HW
Checks
Commit Message
Check if the security enable bits are not fused before setting
offload capabilities for security
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
drivers/net/ixgbe/ixgbe_ethdev.c | 20 +++++++++++---------
drivers/net/ixgbe/ixgbe_ipsec.c | 31 +++++++++++++++++++++++++------
2 files changed, 36 insertions(+), 15 deletions(-)
Comments
> -----Original Message-----
> From: Nicolau, Radu
> Sent: Wednesday, January 17, 2018 11:55 AM
> To: dev@dpdk.org
> Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Lu, Wenzhuo <wenzhuo.lu@intel.com>; Ananyev, Konstantin <konstantin.ananyev@intel.com>;
> Zhao, XinfengX <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Nicolau, Radu
> <radu.nicolau@intel.com>
> Subject: [PATCH v2] net/ixgbe: check if security capabilities are enabled by HW
>
> Check if the security enable bits are not fused before setting
> offload capabilities for security
>
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Ananyev, Konstantin
> Sent: Thursday, January 18, 2018 6:48 AM
> To: Nicolau, Radu; dev@dpdk.org
> Cc: Yigit, Ferruh; Lu, Wenzhuo; Zhao, XinfengX; De Lara Guarch, Pablo
> Subject: Re: [dpdk-dev] [PATCH v2] net/ixgbe: check if security capabilities are
> enabled by HW
>
>
>
> > -----Original Message-----
> > From: Nicolau, Radu
> > Sent: Wednesday, January 17, 2018 11:55 AM
> > To: dev@dpdk.org
> > Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Lu, Wenzhuo
> > <wenzhuo.lu@intel.com>; Ananyev, Konstantin
> > <konstantin.ananyev@intel.com>; Zhao, XinfengX
> > <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>; Nicolau, Radu
> > <radu.nicolau@intel.com>
> > Subject: [PATCH v2] net/ixgbe: check if security capabilities are
> > enabled by HW
> >
> > Check if the security enable bits are not fused before setting offload
> > capabilities for security
> >
> > Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> > ---
>
> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Applied to dpdk-next-net-intel, with minor commit title changes. Thanks!
/Helin
On 1/18/2018 12:43 AM, Zhang, Helin wrote:
>
>
>> -----Original Message-----
>> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Ananyev, Konstantin
>> Sent: Thursday, January 18, 2018 6:48 AM
>> To: Nicolau, Radu; dev@dpdk.org
>> Cc: Yigit, Ferruh; Lu, Wenzhuo; Zhao, XinfengX; De Lara Guarch, Pablo
>> Subject: Re: [dpdk-dev] [PATCH v2] net/ixgbe: check if security capabilities are
>> enabled by HW
>>
>>
>>
>>> -----Original Message-----
>>> From: Nicolau, Radu
>>> Sent: Wednesday, January 17, 2018 11:55 AM
>>> To: dev@dpdk.org
>>> Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Lu, Wenzhuo
>>> <wenzhuo.lu@intel.com>; Ananyev, Konstantin
>>> <konstantin.ananyev@intel.com>; Zhao, XinfengX
>>> <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo
>>> <pablo.de.lara.guarch@intel.com>; Nicolau, Radu
>>> <radu.nicolau@intel.com>
>>> Subject: [PATCH v2] net/ixgbe: check if security capabilities are
>>> enabled by HW
>>>
>>> Check if the security enable bits are not fused before setting offload
>>> capabilities for security
>>>
>>> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
>>> ---
>>
>> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> Applied to dpdk-next-net-intel, with minor commit title changes. Thanks!
Removed from next-net because new version of the patch sent [1].
[1]
https://dpdk.org/dev/patchwork/patch/34016/
>
> /Helin
>
> -----Original Message-----
> From: Zhang, Helin
> Sent: Thursday, January 18, 2018 8:43 AM
> To: Ananyev, Konstantin; Nicolau, Radu; dev@dpdk.org
> Cc: Yigit, Ferruh; Lu, Wenzhuo; Zhao, XinfengX; De Lara Guarch, Pablo
> Subject: RE: [PATCH v2] net/ixgbe: check if security capabilities are enabled by
> HW
>
>
>
> > -----Original Message-----
> > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Ananyev,
> > Konstantin
> > Sent: Thursday, January 18, 2018 6:48 AM
> > To: Nicolau, Radu; dev@dpdk.org
> > Cc: Yigit, Ferruh; Lu, Wenzhuo; Zhao, XinfengX; De Lara Guarch, Pablo
> > Subject: Re: [dpdk-dev] [PATCH v2] net/ixgbe: check if security
> > capabilities are enabled by HW
> >
> >
> >
> > > -----Original Message-----
> > > From: Nicolau, Radu
> > > Sent: Wednesday, January 17, 2018 11:55 AM
> > > To: dev@dpdk.org
> > > Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Lu, Wenzhuo
> > > <wenzhuo.lu@intel.com>; Ananyev, Konstantin
> > > <konstantin.ananyev@intel.com>; Zhao, XinfengX
> > > <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo
> > > <pablo.de.lara.guarch@intel.com>; Nicolau, Radu
> > > <radu.nicolau@intel.com>
> > > Subject: [PATCH v2] net/ixgbe: check if security capabilities are
> > > enabled by HW
> > >
> > > Check if the security enable bits are not fused before setting
> > > offload capabilities for security
> > >
> > > Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> > > ---
> >
> > Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> Applied to dpdk-next-net-intel, with minor commit title changes. Thanks!
Removed from dpdk-next-net-intel, as new version was sent out. Thanks!
/Helin
>
> /Helin
@@ -1141,13 +1141,6 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev)
return 0;
}
-#ifdef RTE_LIBRTE_SECURITY
- /* Initialize security_ctx only for primary process*/
- eth_dev->security_ctx = ixgbe_ipsec_ctx_create(eth_dev);
- if (eth_dev->security_ctx == NULL)
- return -ENOMEM;
-#endif
-
rte_eth_copy_pci_info(eth_dev, pci_dev);
/* Vendor and Device ID need to be set before init of shared code */
@@ -1174,6 +1167,13 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev)
/* Unlock any pending hardware semaphore */
ixgbe_swfw_lock_reset(hw);
+#ifdef RTE_LIBRTE_SECURITY
+ /* Initialize security_ctx only for primary process*/
+ eth_dev->security_ctx = ixgbe_ipsec_ctx_create(eth_dev);
+ if (eth_dev->security_ctx == NULL)
+ return -ENOMEM;
+#endif
+
/* Initialize DCB configuration*/
memset(dcb_config, 0, sizeof(struct ixgbe_dcb_config));
ixgbe_dcb_init(hw, dcb_config);
@@ -3685,8 +3685,10 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_OUTER_IPV4_CKSUM;
#ifdef RTE_LIBRTE_SECURITY
- dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
- dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
+ if (dev->security_ctx) {
+ dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
+ dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
+ }
#endif
dev_info->default_rxconf = (struct rte_eth_rxconf) {
@@ -694,15 +694,34 @@ static struct rte_security_ops ixgbe_security_ops = {
.capabilities_get = ixgbe_crypto_capabilities_get
};
+static int
+ixgbe_crypto_capable(struct rte_eth_dev *dev)
+{
+ struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ uint32_t reg_i, reg, capable = 1;
+ /* test if rx crypto can be enabled and then write back initial value*/
+ reg_i = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
+ IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, 0);
+ reg = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
+ if (reg != 0)
+ capable = 0;
+ IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, reg_i);
+ return capable;
+}
+
struct rte_security_ctx *
ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev)
{
- struct rte_security_ctx *ctx = rte_malloc("rte_security_instances_ops",
- sizeof(struct rte_security_ctx), 0);
- if (ctx) {
- ctx->device = (void *)dev;
- ctx->ops = &ixgbe_security_ops;
- ctx->sess_cnt = 0;
+ struct rte_security_ctx *ctx = NULL;
+
+ if (ixgbe_crypto_capable(dev)) {
+ ctx = rte_malloc("rte_security_instances_ops",
+ sizeof(struct rte_security_ctx), 0);
+ if (ctx) {
+ ctx->device = (void *)dev;
+ ctx->ops = &ixgbe_security_ops;
+ ctx->sess_cnt = 0;
+ }
}
return ctx;
}