diff mbox series

[v3,3/8] net/cnxk: rework security session framework

Message ID	20211018213452.2734720-4-gakhil@marvell.com (mailing list archive)
State	Superseded, archived
Delegated to:	akhil goyal
Headers	From: Akhil Goyal <gakhil@marvell.com> To: <dev@dpdk.org> CC: <thomas@monjalon.net>, <david.marchand@redhat.com>, <hemant.agrawal@nxp.com>, <anoobj@marvell.com>, <pablo.de.lara.guarch@intel.com>, <fiona.trahe@intel.com>, <declan.doherty@intel.com>, <matan@nvidia.com>, <g.singh@nxp.com>, <roy.fan.zhang@intel.com>, <jianjay.zhou@huawei.com>, <asomalap@amd.com>, <ruifeng.wang@arm.com>, <konstantin.ananyev@intel.com>, <radu.nicolau@intel.com>, <ajit.khaparde@broadcom.com>, <rnagadheeraj@marvell.com>, <adwivedi@marvell.com>, <ciara.power@intel.com>, <haiyue.wang@intel.com>, <jiawenwu@trustnetic.com>, <jianwang@trustnetic.com>, Akhil Goyal <gakhil@marvell.com>, "Nithin Dabilpuram" <ndabilpuram@marvell.com> Date: Tue, 19 Oct 2021 03:04:47 +0530 Message-ID: <20211018213452.2734720-4-gakhil@marvell.com> In-Reply-To: <20211018213452.2734720-1-gakhil@marvell.com> References: <20211013192222.1582631-2-gakhil@marvell.com> <20211018213452.2734720-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Subject: [dpdk-dev] [PATCH v3 3/8] net/cnxk: rework security session framework Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	crypto/security session framework rework \| [v3,0/8] crypto/security session framework rework [v3,1/8] security: rework session framework [v3,2/8] security: hide security session struct [v3,3/8] net/cnxk: rework security session framework [v3,4/8] security: pass session iova in PMD sess create [v3,5/8] drivers/crypto: support security session get size op [v3,6/8] cryptodev: rework session framework [v3,7/8] cryptodev: hide sym session structure [v3,8/8] cryptodev: pass session iova in configure session

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

Akhil Goyal Oct. 18, 2021, 9:34 p.m. UTC

  Aligned the security session create and destroy
as per the recent changes in rte_security
and used the fast mdata field introduced in
rte_security. Enabled compilation of cnxk driver.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/net/cnxk/cn10k_ethdev_sec.c | 64 +++++++++++------------------
 drivers/net/cnxk/cn9k_ethdev_sec.c  | 59 ++++++++++----------------
 drivers/net/cnxk/cnxk_ethdev.c      |  6 +--
 drivers/net/cnxk/cnxk_ethdev.h      |  6 ---
 drivers/net/cnxk/cnxk_ethdev_sec.c  | 21 ----------
 drivers/net/meson.build             |  2 +-
 6 files changed, 48 insertions(+), 110 deletions(-)

diff mbox series

Patch

diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 82dc6367dd..3d0f4044d9 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -228,15 +228,14 @@  cn10k_eth_sec_sso_work_cb(uint64_t *gw, void *args)
 static int
 cn10k_eth_sec_session_create(void *device,
 			     struct rte_security_session_conf *conf,
-			     struct rte_security_session *sess,
-			     struct rte_mempool *mempool)
+			     void *sess_priv)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct cnxk_eth_sec_sess *eth_sec = sess_priv;
 	struct rte_security_ipsec_xform *ipsec;
-	struct cn10k_sec_sess_priv sess_priv;
+	struct cn10k_sec_sess_priv fast_mdata;
 	struct rte_crypto_sym_xform *crypto;
-	struct cnxk_eth_sec_sess *eth_sec;
 	bool inbound, inl_dev;
 	int rc = 0;
 
@@ -264,13 +263,8 @@  cn10k_eth_sec_session_create(void *device,
 		return -EEXIST;
 	}
 
-	if (rte_mempool_get(mempool, (void **)&eth_sec)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
-	sess_priv.u64 = 0;
+	fast_mdata.u64 = 0;
 
 	/* Acquire lock on inline dev for inbound */
 	if (inbound && inl_dev)
@@ -290,11 +284,11 @@  cn10k_eth_sec_session_create(void *device,
 			plt_err("Failed to create ingress sa, inline dev "
 				"not found or spi not in range");
 			rc = -ENOTSUP;
-			goto mempool_put;
+			goto err;
 		} else if (!sa) {
 			plt_err("Failed to create ingress sa");
 			rc = -EFAULT;
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_sa = (struct roc_ot_ipsec_inb_sa *)sa;
@@ -304,7 +298,7 @@  cn10k_eth_sec_session_create(void *device,
 			plt_err("Inbound SA with SPI %u already in use",
 				ipsec->spi);
 			rc = -EBUSY;
-			goto mempool_put;
+			goto err;
 		}
 
 		memset(inb_sa, 0, sizeof(struct roc_ot_ipsec_inb_sa));
@@ -313,7 +307,7 @@  cn10k_eth_sec_session_create(void *device,
 		rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa, ipsec, crypto);
 		if (rc) {
 			plt_err("Failed to init inbound sa, rc=%d", rc);
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_priv = roc_nix_inl_ot_ipsec_inb_sa_sw_rsvd(inb_sa);
@@ -326,12 +320,11 @@  cn10k_eth_sec_session_create(void *device,
 		inb_sa->w1.s.cookie = rte_cpu_to_be_32(ipsec->spi);
 
 		/* Prepare session priv */
-		sess_priv.inb_sa = 1;
-		sess_priv.sa_idx = ipsec->spi;
+		fast_mdata.inb_sa = 1;
+		fast_mdata.sa_idx = ipsec->spi;
 
 		/* Pointer from eth_sec -> inb_sa */
 		eth_sec->sa = inb_sa;
-		eth_sec->sess = sess;
 		eth_sec->sa_idx = ipsec->spi;
 		eth_sec->spi = ipsec->spi;
 		eth_sec->inl_dev = !!dev->inb.inl_dev;
@@ -352,7 +345,7 @@  cn10k_eth_sec_session_create(void *device,
 		/* Alloc an sa index */
 		rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx);
 		if (rc)
-			goto mempool_put;
+			goto err;
 
 		outb_sa = roc_nix_inl_ot_ipsec_outb_sa(sa_base, sa_idx);
 		outb_priv = roc_nix_inl_ot_ipsec_outb_sa_sw_rsvd(outb_sa);
@@ -365,7 +358,7 @@  cn10k_eth_sec_session_create(void *device,
 		if (rc) {
 			plt_err("Failed to init outbound sa, rc=%d", rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Save userdata */
@@ -377,16 +370,15 @@  cn10k_eth_sec_session_create(void *device,
 		cnxk_ipsec_outb_rlens_get(rlens, ipsec, crypto);
 
 		/* Prepare session priv */
-		sess_priv.sa_idx = outb_priv->sa_idx;
-		sess_priv.roundup_byte = rlens->roundup_byte;
-		sess_priv.roundup_len = rlens->roundup_len;
-		sess_priv.partial_len = rlens->partial_len;
-		sess_priv.mode = outb_sa->w2.s.ipsec_mode;
-		sess_priv.outer_ip_ver = outb_sa->w2.s.outer_ip_ver;
+		fast_mdata.sa_idx = outb_priv->sa_idx;
+		fast_mdata.roundup_byte = rlens->roundup_byte;
+		fast_mdata.roundup_len = rlens->roundup_len;
+		fast_mdata.partial_len = rlens->partial_len;
+		fast_mdata.mode = outb_sa->w2.s.ipsec_mode;
+		fast_mdata.outer_ip_ver = outb_sa->w2.s.outer_ip_ver;
 
 		/* Pointer from eth_sec -> outb_sa */
 		eth_sec->sa = outb_sa;
-		eth_sec->sess = sess;
 		eth_sec->sa_idx = sa_idx;
 		eth_sec->spi = ipsec->spi;
 
@@ -407,29 +399,23 @@  cn10k_eth_sec_session_create(void *device,
 	/*
 	 * Update fast path info in priv area.
 	 */
-	set_sec_session_private_data(sess, (void *)sess_priv.u64);
+	rte_security_session_fast_mdata_set(sess_priv, fast_mdata.u64);
 
 	return 0;
-mempool_put:
+err:
 	if (inbound && inl_dev)
 		roc_nix_inl_dev_unlock();
-	rte_mempool_put(mempool, eth_sec);
 	return rc;
 }
 
 static int
-cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
+cn10k_eth_sec_session_destroy(void *device, void *sess_priv)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
-	struct roc_ot_ipsec_inb_sa *inb_sa;
+	struct cnxk_eth_sec_sess *eth_sec = sess_priv;
 	struct roc_ot_ipsec_outb_sa *outb_sa;
-	struct cnxk_eth_sec_sess *eth_sec;
-	struct rte_mempool *mp;
-
-	eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
-	if (!eth_sec)
-		return -ENOENT;
+	struct roc_ot_ipsec_inb_sa *inb_sa;
 
 	if (eth_sec->inl_dev)
 		roc_nix_inl_dev_lock();
@@ -464,9 +450,7 @@  cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 		    eth_sec->sa_idx, eth_sec->inl_dev);
 
 	/* Put eth_sec object back to pool */
-	mp = rte_mempool_from_obj(eth_sec);
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(mp, eth_sec);
+	rte_security_session_fast_mdata_set(sess_priv, 0);
 	return 0;
 }
 
diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c
index b070ad57fc..8a6fa75b37 100644
--- a/drivers/net/cnxk/cn9k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
@@ -137,15 +137,14 @@  ar_window_init(struct cn9k_inb_priv_data *inb_priv)
 static int
 cn9k_eth_sec_session_create(void *device,
 			    struct rte_security_session_conf *conf,
-			    struct rte_security_session *sess,
-			    struct rte_mempool *mempool)
+			    void *sess_priv)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct cnxk_eth_sec_sess *eth_sec = sess_priv;
 	struct rte_security_ipsec_xform *ipsec;
-	struct cn9k_sec_sess_priv sess_priv;
+	struct cn9k_sec_sess_priv fast_mdata;
 	struct rte_crypto_sym_xform *crypto;
-	struct cnxk_eth_sec_sess *eth_sec;
 	bool inbound;
 	int rc = 0;
 
@@ -169,13 +168,8 @@  cn9k_eth_sec_session_create(void *device,
 		return -EEXIST;
 	}
 
-	if (rte_mempool_get(mempool, (void **)&eth_sec)) {
-		plt_err("Could not allocate security session private data");
-		return -ENOMEM;
-	}
-
 	memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
-	sess_priv.u64 = 0;
+	fast_mdata.u64 = 0;
 
 	if (inbound) {
 		struct cn9k_inb_priv_data *inb_priv;
@@ -192,7 +186,7 @@  cn9k_eth_sec_session_create(void *device,
 		if (!inb_sa) {
 			plt_err("Failed to create ingress sa");
 			rc = -EFAULT;
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Check if SA is already in use */
@@ -200,7 +194,7 @@  cn9k_eth_sec_session_create(void *device,
 			plt_err("Inbound SA with SPI %u already in use",
 				ipsec->spi);
 			rc = -EBUSY;
-			goto mempool_put;
+			goto err;
 		}
 
 		memset(inb_sa, 0, sizeof(struct roc_onf_ipsec_inb_sa));
@@ -209,7 +203,7 @@  cn9k_eth_sec_session_create(void *device,
 		rc = cnxk_onf_ipsec_inb_sa_fill(inb_sa, ipsec, crypto);
 		if (rc) {
 			plt_err("Failed to init inbound sa, rc=%d", rc);
-			goto mempool_put;
+			goto err;
 		}
 
 		inb_priv = roc_nix_inl_onf_ipsec_inb_sa_sw_rsvd(inb_sa);
@@ -223,16 +217,15 @@  cn9k_eth_sec_session_create(void *device,
 		if (inb_priv->replay_win_sz) {
 			rc = ar_window_init(inb_priv);
 			if (rc)
-				goto mempool_put;
+				goto err;
 		}
 
 		/* Prepare session priv */
-		sess_priv.inb_sa = 1;
-		sess_priv.sa_idx = ipsec->spi;
+		fast_mdata.inb_sa = 1;
+		fast_mdata.sa_idx = ipsec->spi;
 
 		/* Pointer from eth_sec -> inb_sa */
 		eth_sec->sa = inb_sa;
-		eth_sec->sess = sess;
 		eth_sec->sa_idx = ipsec->spi;
 		eth_sec->spi = ipsec->spi;
 		eth_sec->inb = true;
@@ -252,7 +245,7 @@  cn9k_eth_sec_session_create(void *device,
 		/* Alloc an sa index */
 		rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx);
 		if (rc)
-			goto mempool_put;
+			goto err;
 
 		outb_sa = roc_nix_inl_onf_ipsec_outb_sa(sa_base, sa_idx);
 		outb_priv = roc_nix_inl_onf_ipsec_outb_sa_sw_rsvd(outb_sa);
@@ -265,7 +258,7 @@  cn9k_eth_sec_session_create(void *device,
 		if (rc) {
 			plt_err("Failed to init outbound sa, rc=%d", rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
-			goto mempool_put;
+			goto err;
 		}
 
 		/* Save userdata */
@@ -282,14 +275,13 @@  cn9k_eth_sec_session_create(void *device,
 		/* Save rlen info */
 		cnxk_ipsec_outb_rlens_get(rlens, ipsec, crypto);
 
-		sess_priv.sa_idx = outb_priv->sa_idx;
-		sess_priv.roundup_byte = rlens->roundup_byte;
-		sess_priv.roundup_len = rlens->roundup_len;
-		sess_priv.partial_len = rlens->partial_len;
+		fast_mdata.sa_idx = outb_priv->sa_idx;
+		fast_mdata.roundup_byte = rlens->roundup_byte;
+		fast_mdata.roundup_len = rlens->roundup_len;
+		fast_mdata.partial_len = rlens->partial_len;
 
 		/* Pointer from eth_sec -> outb_sa */
 		eth_sec->sa = outb_sa;
-		eth_sec->sess = sess;
 		eth_sec->sa_idx = sa_idx;
 		eth_sec->spi = ipsec->spi;
 
@@ -306,27 +298,21 @@  cn9k_eth_sec_session_create(void *device,
 	/*
 	 * Update fast path info in priv area.
 	 */
-	set_sec_session_private_data(sess, (void *)sess_priv.u64);
+	rte_security_session_fast_mdata_set(sess_priv, fast_mdata.u64);
 
 	return 0;
-mempool_put:
-	rte_mempool_put(mempool, eth_sec);
+err:
 	return rc;
 }
 
 static int
-cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
+cn9k_eth_sec_session_destroy(void *device, void *sess_priv)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct cnxk_eth_sec_sess *eth_sec = sess_priv;
 	struct roc_onf_ipsec_outb_sa *outb_sa;
 	struct roc_onf_ipsec_inb_sa *inb_sa;
-	struct cnxk_eth_sec_sess *eth_sec;
-	struct rte_mempool *mp;
-
-	eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
-	if (!eth_sec)
-		return -ENOENT;
 
 	if (eth_sec->inb) {
 		inb_sa = eth_sec->sa;
@@ -353,10 +339,7 @@  cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 		    eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
 		    eth_sec->sa_idx);
 
-	/* Put eth_sec object back to pool */
-	mp = rte_mempool_from_obj(eth_sec);
-	set_sec_session_private_data(sess, NULL);
-	rte_mempool_put(mp, eth_sec);
+	rte_security_session_fast_mdata_set(sess_priv, 0);
 	return 0;
 }
 
diff --git a/drivers/net/cnxk/cnxk_ethdev.c b/drivers/net/cnxk/cnxk_ethdev.c
index 966bd23c7f..572b40e11b 100644
--- a/drivers/net/cnxk/cnxk_ethdev.c
+++ b/drivers/net/cnxk/cnxk_ethdev.c
@@ -154,8 +154,7 @@  nix_security_release(struct cnxk_eth_dev *dev)
 		/* Destroy inbound sessions */
 		tvar = NULL;
 		RTE_TAILQ_FOREACH_SAFE(eth_sec, &dev->inb.list, entry, tvar)
-			cnxk_eth_sec_ops.session_destroy(eth_dev,
-							 eth_sec->sess);
+			cnxk_eth_sec_ops.session_destroy(eth_dev, eth_sec);
 
 		/* Clear lookup mem */
 		cnxk_nix_lookup_mem_sa_base_clear(dev);
@@ -172,8 +171,7 @@  nix_security_release(struct cnxk_eth_dev *dev)
 		/* Destroy outbound sessions */
 		tvar = NULL;
 		RTE_TAILQ_FOREACH_SAFE(eth_sec, &dev->outb.list, entry, tvar)
-			cnxk_eth_sec_ops.session_destroy(eth_dev,
-							 eth_sec->sess);
+			cnxk_eth_sec_ops.session_destroy(eth_dev, eth_sec);
 
 		rc = roc_nix_inl_outb_fini(nix);
 		if (rc)
diff --git a/drivers/net/cnxk/cnxk_ethdev.h b/drivers/net/cnxk/cnxk_ethdev.h
index ff21b977b7..eca6c77e7a 100644
--- a/drivers/net/cnxk/cnxk_ethdev.h
+++ b/drivers/net/cnxk/cnxk_ethdev.h
@@ -174,9 +174,6 @@  struct cnxk_eth_sec_sess {
 	/* SPI */
 	uint32_t spi;
 
-	/* Back pointer to session */
-	struct rte_security_session *sess;
-
 	/* Inbound */
 	bool inb;
 
@@ -497,9 +494,6 @@  __rte_internal
 int cnxk_nix_inb_mode_set(struct cnxk_eth_dev *dev, bool use_inl_dev);
 struct cnxk_eth_sec_sess *cnxk_eth_sec_sess_get_by_spi(struct cnxk_eth_dev *dev,
 						       uint32_t spi, bool inb);
-struct cnxk_eth_sec_sess *
-cnxk_eth_sec_sess_get_by_sess(struct cnxk_eth_dev *dev,
-			      struct rte_security_session *sess);
 
 /* Other private functions */
 int nix_recalc_mtu(struct rte_eth_dev *eth_dev);
diff --git a/drivers/net/cnxk/cnxk_ethdev_sec.c b/drivers/net/cnxk/cnxk_ethdev_sec.c
index ae3e49cc82..b220f4d2cf 100644
--- a/drivers/net/cnxk/cnxk_ethdev_sec.c
+++ b/drivers/net/cnxk/cnxk_ethdev_sec.c
@@ -87,27 +87,6 @@  cnxk_eth_sec_sess_get_by_spi(struct cnxk_eth_dev *dev, uint32_t spi, bool inb)
 	return NULL;
 }
 
-struct cnxk_eth_sec_sess *
-cnxk_eth_sec_sess_get_by_sess(struct cnxk_eth_dev *dev,
-			      struct rte_security_session *sess)
-{
-	struct cnxk_eth_sec_sess *eth_sec = NULL;
-
-	/* Search in inbound list */
-	TAILQ_FOREACH(eth_sec, &dev->inb.list, entry) {
-		if (eth_sec->sess == sess)
-			return eth_sec;
-	}
-
-	/* Search in outbound list */
-	TAILQ_FOREACH(eth_sec, &dev->outb.list, entry) {
-		if (eth_sec->sess == sess)
-			return eth_sec;
-	}
-
-	return NULL;
-}
-
 static unsigned int
 cnxk_eth_sec_session_get_size(void *device __rte_unused)
 {
diff --git a/drivers/net/meson.build b/drivers/net/meson.build
index 7a09f7183d..bcf488f203 100644
--- a/drivers/net/meson.build
+++ b/drivers/net/meson.build
@@ -12,7 +12,7 @@  drivers = [
         'bnx2x',
         'bnxt',
         'bonding',
-#        'cnxk',
+        'cnxk',
         'cxgbe',
         'dpaa',
         'dpaa2',