[dpdk-dev,v3] net/ixgbe: check security enable bits
Checks
Commit Message
Check if the security enable bits are not fused before setting
offload capabilities for security
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
drivers/net/ixgbe/ixgbe_ethdev.c | 19 ++++++++++---------
drivers/net/ixgbe/ixgbe_ipsec.c | 38 ++++++++++++++++++++++++++++++--------
drivers/net/ixgbe/ixgbe_ipsec.h | 3 +--
3 files changed, 41 insertions(+), 19 deletions(-)
Comments
> -----Original Message-----
> From: Nicolau, Radu
> Sent: Thursday, January 18, 2018 12:47 PM
> To: dev@dpdk.org
> Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Lu, Wenzhuo <wenzhuo.lu@intel.com>; Ananyev, Konstantin <konstantin.ananyev@intel.com>;
> Zhao, XinfengX <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Zhang, Helin
> <helin.zhang@intel.com>; Nicolau, Radu <radu.nicolau@intel.com>
> Subject: [PATCH v3] net/ixgbe: check security enable bits
>
> Check if the security enable bits are not fused before setting
> offload capabilities for security
>
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
> drivers/net/ixgbe/ixgbe_ethdev.c | 19 ++++++++++---------
> drivers/net/ixgbe/ixgbe_ipsec.c | 38 ++++++++++++++++++++++++++++++--------
> drivers/net/ixgbe/ixgbe_ipsec.h | 3 +--
> 3 files changed, 41 insertions(+), 19 deletions(-)
>
> diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c
> index 43e0132..b717dda 100644
> --- a/drivers/net/ixgbe/ixgbe_ethdev.c
> +++ b/drivers/net/ixgbe/ixgbe_ethdev.c
> @@ -1141,13 +1141,6 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev)
> return 0;
> }
>
> -#ifdef RTE_LIBRTE_SECURITY
> - /* Initialize security_ctx only for primary process*/
> - eth_dev->security_ctx = ixgbe_ipsec_ctx_create(eth_dev);
> - if (eth_dev->security_ctx == NULL)
> - return -ENOMEM;
> -#endif
> -
> rte_eth_copy_pci_info(eth_dev, pci_dev);
>
> /* Vendor and Device ID need to be set before init of shared code */
> @@ -1174,6 +1167,12 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev)
> /* Unlock any pending hardware semaphore */
> ixgbe_swfw_lock_reset(hw);
>
> +#ifdef RTE_LIBRTE_SECURITY
> + /* Initialize security_ctx only for primary process*/
> + if (ixgbe_ipsec_ctx_create(eth_dev))
> + return -ENOMEM;
> +#endif
> +
> /* Initialize DCB configuration*/
> memset(dcb_config, 0, sizeof(struct ixgbe_dcb_config));
> ixgbe_dcb_init(hw, dcb_config);
> @@ -3685,8 +3684,10 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
> dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_OUTER_IPV4_CKSUM;
>
> #ifdef RTE_LIBRTE_SECURITY
> - dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
> - dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
> + if (dev->security_ctx) {
> + dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
> + dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
> + }
> #endif
>
> dev_info->default_rxconf = (struct rte_eth_rxconf) {
> diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
> index 97f025a8..a60b29a 100644
> --- a/drivers/net/ixgbe/ixgbe_ipsec.c
> +++ b/drivers/net/ixgbe/ixgbe_ipsec.c
> @@ -694,15 +694,37 @@ static struct rte_security_ops ixgbe_security_ops = {
> .capabilities_get = ixgbe_crypto_capabilities_get
> };
>
> -struct rte_security_ctx *
> +static int
> +ixgbe_crypto_capable(struct rte_eth_dev *dev)
> +{
> + struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
> + uint32_t reg_i, reg, capable = 1;
> + /* test if rx crypto can be enabled and then write back initial value*/
> + reg_i = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
> + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, 0);
> + reg = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
> + if (reg != 0)
> + capable = 0;
> + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, reg_i);
> + return capable;
> +}
> +
> +int
> ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev)
> {
> - struct rte_security_ctx *ctx = rte_malloc("rte_security_instances_ops",
> - sizeof(struct rte_security_ctx), 0);
> - if (ctx) {
> - ctx->device = (void *)dev;
> - ctx->ops = &ixgbe_security_ops;
> - ctx->sess_cnt = 0;
> + struct rte_security_ctx *ctx = NULL;
> +
> + if (ixgbe_crypto_capable(dev)) {
> + ctx = rte_malloc("rte_security_instances_ops",
> + sizeof(struct rte_security_ctx), 0);
> + if (ctx) {
> + ctx->device = (void *)dev;
> + ctx->ops = &ixgbe_security_ops;
> + ctx->sess_cnt = 0;
> + dev->security_ctx = ctx;
> + } else {
> + return -ENOMEM;
> + }
> }
> - return ctx;
> + return 0;
> }
> diff --git a/drivers/net/ixgbe/ixgbe_ipsec.h b/drivers/net/ixgbe/ixgbe_ipsec.h
> index acd9f3e..d13c407 100644
> --- a/drivers/net/ixgbe/ixgbe_ipsec.h
> +++ b/drivers/net/ixgbe/ixgbe_ipsec.h
> @@ -110,8 +110,7 @@ struct ixgbe_ipsec {
> };
>
>
> -struct rte_security_ctx *
> -ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
> +int ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
> int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev);
> int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
> const void *ip_spec,
> --
> 2.7.5
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> -----Original Message-----
> From: Ananyev, Konstantin
> Sent: Monday, January 22, 2018 6:24 PM
> To: Nicolau, Radu; dev@dpdk.org
> Cc: Yigit, Ferruh; Lu, Wenzhuo; Zhao, XinfengX; De Lara Guarch, Pablo; Zhang,
> Helin
> Subject: RE: [PATCH v3] net/ixgbe: check security enable bits
>
>
>
> > -----Original Message-----
> > From: Nicolau, Radu
> > Sent: Thursday, January 18, 2018 12:47 PM
> > To: dev@dpdk.org
> > Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Lu, Wenzhuo
> > <wenzhuo.lu@intel.com>; Ananyev, Konstantin
> > <konstantin.ananyev@intel.com>; Zhao, XinfengX
> > <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>; Zhang, Helin
> > <helin.zhang@intel.com>; Nicolau, Radu <radu.nicolau@intel.com>
> > Subject: [PATCH v3] net/ixgbe: check security enable bits
> >
> > Check if the security enable bits are not fused before setting offload
> > capabilities for security
> >
> > Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> > ---
> > drivers/net/ixgbe/ixgbe_ethdev.c | 19 ++++++++++---------
> > drivers/net/ixgbe/ixgbe_ipsec.c | 38
> > ++++++++++++++++++++++++++++++--------
> > drivers/net/ixgbe/ixgbe_ipsec.h | 3 +--
> > 3 files changed, 41 insertions(+), 19 deletions(-)
> >
> > diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c
> > b/drivers/net/ixgbe/ixgbe_ethdev.c
> > index 43e0132..b717dda 100644
> > --- a/drivers/net/ixgbe/ixgbe_ethdev.c
> > +++ b/drivers/net/ixgbe/ixgbe_ethdev.c
> > @@ -1141,13 +1141,6 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev)
> > return 0;
> > }
> >
> > -#ifdef RTE_LIBRTE_SECURITY
> > - /* Initialize security_ctx only for primary process*/
> > - eth_dev->security_ctx = ixgbe_ipsec_ctx_create(eth_dev);
> > - if (eth_dev->security_ctx == NULL)
> > - return -ENOMEM;
> > -#endif
> > -
> > rte_eth_copy_pci_info(eth_dev, pci_dev);
> >
> > /* Vendor and Device ID need to be set before init of shared code */
> > @@ -1174,6 +1167,12 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev)
> > /* Unlock any pending hardware semaphore */
> > ixgbe_swfw_lock_reset(hw);
> >
> > +#ifdef RTE_LIBRTE_SECURITY
> > + /* Initialize security_ctx only for primary process*/
> > + if (ixgbe_ipsec_ctx_create(eth_dev))
> > + return -ENOMEM;
> > +#endif
> > +
> > /* Initialize DCB configuration*/
> > memset(dcb_config, 0, sizeof(struct ixgbe_dcb_config));
> > ixgbe_dcb_init(hw, dcb_config);
> > @@ -3685,8 +3684,10 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev,
> struct rte_eth_dev_info *dev_info)
> > dev_info->tx_offload_capa |=
> DEV_TX_OFFLOAD_OUTER_IPV4_CKSUM;
> >
> > #ifdef RTE_LIBRTE_SECURITY
> > - dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
> > - dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
> > + if (dev->security_ctx) {
> > + dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
> > + dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
> > + }
> > #endif
> >
> > dev_info->default_rxconf = (struct rte_eth_rxconf) { diff --git
> > a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
> > index 97f025a8..a60b29a 100644
> > --- a/drivers/net/ixgbe/ixgbe_ipsec.c
> > +++ b/drivers/net/ixgbe/ixgbe_ipsec.c
> > @@ -694,15 +694,37 @@ static struct rte_security_ops ixgbe_security_ops =
> {
> > .capabilities_get = ixgbe_crypto_capabilities_get };
> >
> > -struct rte_security_ctx *
> > +static int
> > +ixgbe_crypto_capable(struct rte_eth_dev *dev) {
> > + struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data-
> >dev_private);
> > + uint32_t reg_i, reg, capable = 1;
> > + /* test if rx crypto can be enabled and then write back initial value*/
> > + reg_i = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
> > + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, 0);
> > + reg = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
> > + if (reg != 0)
> > + capable = 0;
> > + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, reg_i);
> > + return capable;
> > +}
> > +
> > +int
> > ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev) {
> > - struct rte_security_ctx *ctx = rte_malloc("rte_security_instances_ops",
> > - sizeof(struct rte_security_ctx), 0);
> > - if (ctx) {
> > - ctx->device = (void *)dev;
> > - ctx->ops = &ixgbe_security_ops;
> > - ctx->sess_cnt = 0;
> > + struct rte_security_ctx *ctx = NULL;
> > +
> > + if (ixgbe_crypto_capable(dev)) {
> > + ctx = rte_malloc("rte_security_instances_ops",
> > + sizeof(struct rte_security_ctx), 0);
> > + if (ctx) {
> > + ctx->device = (void *)dev;
> > + ctx->ops = &ixgbe_security_ops;
> > + ctx->sess_cnt = 0;
> > + dev->security_ctx = ctx;
> > + } else {
> > + return -ENOMEM;
> > + }
> > }
> > - return ctx;
> > + return 0;
> > }
> > diff --git a/drivers/net/ixgbe/ixgbe_ipsec.h
> > b/drivers/net/ixgbe/ixgbe_ipsec.h index acd9f3e..d13c407 100644
> > --- a/drivers/net/ixgbe/ixgbe_ipsec.h
> > +++ b/drivers/net/ixgbe/ixgbe_ipsec.h
> > @@ -110,8 +110,7 @@ struct ixgbe_ipsec { };
> >
> >
> > -struct rte_security_ctx *
> > -ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
> > +int ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
> > int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev); int
> > ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
> > const void *ip_spec,
> > --
> > 2.7.5
>
> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Applied to dpdk-next-net-intel, thanks!
/Helin
@@ -1141,13 +1141,6 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev)
return 0;
}
-#ifdef RTE_LIBRTE_SECURITY
- /* Initialize security_ctx only for primary process*/
- eth_dev->security_ctx = ixgbe_ipsec_ctx_create(eth_dev);
- if (eth_dev->security_ctx == NULL)
- return -ENOMEM;
-#endif
-
rte_eth_copy_pci_info(eth_dev, pci_dev);
/* Vendor and Device ID need to be set before init of shared code */
@@ -1174,6 +1167,12 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev)
/* Unlock any pending hardware semaphore */
ixgbe_swfw_lock_reset(hw);
+#ifdef RTE_LIBRTE_SECURITY
+ /* Initialize security_ctx only for primary process*/
+ if (ixgbe_ipsec_ctx_create(eth_dev))
+ return -ENOMEM;
+#endif
+
/* Initialize DCB configuration*/
memset(dcb_config, 0, sizeof(struct ixgbe_dcb_config));
ixgbe_dcb_init(hw, dcb_config);
@@ -3685,8 +3684,10 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_OUTER_IPV4_CKSUM;
#ifdef RTE_LIBRTE_SECURITY
- dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
- dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
+ if (dev->security_ctx) {
+ dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
+ dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
+ }
#endif
dev_info->default_rxconf = (struct rte_eth_rxconf) {
@@ -694,15 +694,37 @@ static struct rte_security_ops ixgbe_security_ops = {
.capabilities_get = ixgbe_crypto_capabilities_get
};
-struct rte_security_ctx *
+static int
+ixgbe_crypto_capable(struct rte_eth_dev *dev)
+{
+ struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ uint32_t reg_i, reg, capable = 1;
+ /* test if rx crypto can be enabled and then write back initial value*/
+ reg_i = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
+ IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, 0);
+ reg = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
+ if (reg != 0)
+ capable = 0;
+ IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, reg_i);
+ return capable;
+}
+
+int
ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev)
{
- struct rte_security_ctx *ctx = rte_malloc("rte_security_instances_ops",
- sizeof(struct rte_security_ctx), 0);
- if (ctx) {
- ctx->device = (void *)dev;
- ctx->ops = &ixgbe_security_ops;
- ctx->sess_cnt = 0;
+ struct rte_security_ctx *ctx = NULL;
+
+ if (ixgbe_crypto_capable(dev)) {
+ ctx = rte_malloc("rte_security_instances_ops",
+ sizeof(struct rte_security_ctx), 0);
+ if (ctx) {
+ ctx->device = (void *)dev;
+ ctx->ops = &ixgbe_security_ops;
+ ctx->sess_cnt = 0;
+ dev->security_ctx = ctx;
+ } else {
+ return -ENOMEM;
+ }
}
- return ctx;
+ return 0;
}
@@ -110,8 +110,7 @@ struct ixgbe_ipsec {
};
-struct rte_security_ctx *
-ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
+int ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev);
int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
const void *ip_spec,