[dpdk-stable] [PATCH] examples/ipsec-secgw: fix pool usage for security session
Ananyev, Konstantin
konstantin.ananyev at intel.com
Tue Apr 23 13:49:17 CEST 2019
Hi Akhil,
> Currently, two separate mempools are being used for creating crypto
> sessions and its private data.
> crypto sessions are created and initialized separately, so a separate
> mempool is passed to each API, but in case of security sessions, where
> only one API create and initialize the private data as well.
> So if session mempool is passed to create a security session, the
> mempool element size is not sufficient enough to hold the private
> data as well.
> As a perfect solution, the security session create API should take 2
> mempools for header and private data and initiatlize accordingly,
> but that would mean an API breakage, which will be done in the next
> release cycle. So introducing this patch as a workaround to resolve this
> issue.
>
> Fixes: 261bbff75e34 ("examples: use separate crypto session mempools")
> Cc: roy.fan.zhang at intel.com
> Cc: stable at dpdk.org
>
> Signed-off-by: Akhil Goyal <akhil.goyal at nxp.com>
> ---
> examples/ipsec-secgw/ipsec.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 4352cb842..7b8533077 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -102,7 +102,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> set_ipsec_conf(sa, &(sess_conf.ipsec));
>
> sa->sec_session = rte_security_session_create(ctx,
> - &sess_conf, ipsec_ctx->session_pool);
> + &sess_conf, ipsec_ctx->session_priv_pool);
> if (sa->sec_session == NULL) {
> RTE_LOG(ERR, IPSEC,
> "SEC Session init failed: err: %d\n", ret);
> @@ -117,7 +117,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> int ret = 0;
>
> sa->sec_session = rte_security_session_create(ctx,
> - &sess_conf, ipsec_ctx->session_pool);
> + &sess_conf, ipsec_ctx->session_priv_pool);
> if (sa->sec_session == NULL) {
> RTE_LOG(ERR, IPSEC,
> "SEC Session init failed: err: %d\n", ret);
> --
Looks good to me , but seems incomplete.
I think we also need to:
static int32_t
cryptodevs_init(void)
{
...
/* create session pools for eth devices that implement security */
RTE_ETH_FOREACH_DEV(port_id) {
if ((enabled_port_mask & (1 << port_id)) &&
rte_eth_dev_get_sec_ctx(port_id)) {
int socket_id = rte_eth_dev_socket_id(port_id);
- if (!socket_ctx[socket_id].session_pool) {
+ if (!socket_ctx[socket_id].session_priv_pool) {
char mp_name[RTE_MEMPOOL_NAMESIZE];
struct rte_mempool *sess_mp;
snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
"sess_mp_%u", socket_id);
sess_mp = rte_mempool_create(mp_name,
(CDEV_MP_NB_OBJS * 2),
max_sess_sz,
CDEV_MP_CACHE_SZ,
0, NULL, NULL, NULL,
NULL, socket_id,
0);
if (sess_mp == NULL)
rte_exit(EXIT_FAILURE,
"Cannot create session pool "
"on socket %d\n", socket_id);
else
printf("Allocated session pool "
"on socket %d\n", socket_id);
- socket_ctx[socket_id].session_pool = sess_mp;
+ socket_ctx[socket_id].session_priv_pool = sess_mp;
}
}
}
Konstantin
> 2.17.1
More information about the stable
mailing list