security: remove user data get API

The API rte_security_get_userdata() was being unused by most of
the drivers and it was retrieving userdata from mbuf dynamic field.
Hence, the API was removed and the application can directly get the
userdata from dynamic field. This helps in removing extra checks
in datapath.

Signed-off-by: Srujana Challa <schalla@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This commit is contained in:
Srujana Challa 2022-08-12 14:28:36 +05:30 committed by Akhil Goyal
parent 832cecc03d
commit 68d25915d2
13 changed files with 16 additions and 284 deletions

View File

@ -438,43 +438,6 @@ mock_set_pkt_metadata(void *device,
return mock_set_pkt_metadata_exp.ret; return mock_set_pkt_metadata_exp.ret;
} }
/**
* get_userdata mockup
*
* Verified parameters: device, md.
* The userdata parameter works as an output parameter, so a passed address
* is verified not to be NULL and filled with userdata stored in structure.
*/
static struct mock_get_userdata_data {
void *device;
uint64_t md;
void *userdata;
int ret;
int called;
int failed;
} mock_get_userdata_exp = {NULL, 0UL, NULL, 0, 0, 0};
static int
mock_get_userdata(void *device,
uint64_t md,
void **userdata)
{
mock_get_userdata_exp.called++;
MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_get_userdata_exp, device);
MOCK_TEST_ASSERT_U64_PARAMETER(mock_get_userdata_exp, md);
MOCK_TEST_ASSERT_NOT_NULL(mock_get_userdata_exp.failed,
userdata,
"Expecting parameter userdata not to be NULL but it's %p",
userdata);
*userdata = mock_get_userdata_exp.userdata;
return mock_get_userdata_exp.ret;
}
/** /**
* capabilities_get mockup * capabilities_get mockup
* *
@ -518,7 +481,6 @@ struct rte_security_ops mock_ops = {
.session_stats_get = mock_session_stats_get, .session_stats_get = mock_session_stats_get,
.session_destroy = mock_session_destroy, .session_destroy = mock_session_destroy,
.set_pkt_metadata = mock_set_pkt_metadata, .set_pkt_metadata = mock_set_pkt_metadata,
.get_userdata = mock_get_userdata,
.capabilities_get = mock_capabilities_get, .capabilities_get = mock_capabilities_get,
}; };
@ -638,7 +600,6 @@ ut_setup(void)
mock_session_stats_get_exp.called = 0; mock_session_stats_get_exp.called = 0;
mock_session_destroy_exp.called = 0; mock_session_destroy_exp.called = 0;
mock_set_pkt_metadata_exp.called = 0; mock_set_pkt_metadata_exp.called = 0;
mock_get_userdata_exp.called = 0;
mock_capabilities_get_exp.called = 0; mock_capabilities_get_exp.called = 0;
mock_session_create_exp.failed = 0; mock_session_create_exp.failed = 0;
@ -647,7 +608,6 @@ ut_setup(void)
mock_session_stats_get_exp.failed = 0; mock_session_stats_get_exp.failed = 0;
mock_session_destroy_exp.failed = 0; mock_session_destroy_exp.failed = 0;
mock_set_pkt_metadata_exp.failed = 0; mock_set_pkt_metadata_exp.failed = 0;
mock_get_userdata_exp.failed = 0;
mock_capabilities_get_exp.failed = 0; mock_capabilities_get_exp.failed = 0;
return TEST_SUCCESS; return TEST_SUCCESS;
@ -1688,121 +1648,6 @@ test_set_pkt_metadata_success(void)
return TEST_SUCCESS; return TEST_SUCCESS;
} }
/**
* rte_security_get_userdata tests
*/
/**
* Test execution of rte_security_get_userdata with NULL instance
*/
static int
test_get_userdata_inv_context(void)
{
#ifdef RTE_DEBUG
uint64_t md = 0xDEADBEEF;
void *ret = rte_security_get_userdata(NULL, md);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
ret, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 0);
return TEST_SUCCESS;
#else
return TEST_SKIPPED;
#endif
}
/**
* Test execution of rte_security_get_userdata with invalid
* security operations structure (NULL)
*/
static int
test_get_userdata_inv_context_ops(void)
{
#ifdef RTE_DEBUG
struct security_unittest_params *ut_params = &unittest_params;
uint64_t md = 0xDEADBEEF;
ut_params->ctx.ops = NULL;
void *ret = rte_security_get_userdata(&ut_params->ctx, md);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
ret, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 0);
return TEST_SUCCESS;
#else
return TEST_SKIPPED;
#endif
}
/**
* Test execution of rte_security_get_userdata with empty
* security operations
*/
static int
test_get_userdata_inv_context_ops_fun(void)
{
struct security_unittest_params *ut_params = &unittest_params;
uint64_t md = 0xDEADBEEF;
ut_params->ctx.ops = &empty_ops;
void *ret = rte_security_get_userdata(&ut_params->ctx, md);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
ret, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 0);
return TEST_SUCCESS;
}
/**
* Test execution of rte_security_get_userdata when get_userdata
* security operation fails
*/
static int
test_get_userdata_ops_failure(void)
{
struct security_unittest_params *ut_params = &unittest_params;
uint64_t md = 0xDEADBEEF;
void *userdata = (void *)0x7E577E57;
mock_get_userdata_exp.device = NULL;
mock_get_userdata_exp.md = md;
mock_get_userdata_exp.userdata = userdata;
mock_get_userdata_exp.ret = -1;
void *ret = rte_security_get_userdata(&ut_params->ctx, md);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
ret, NULL, "%p");
TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 1);
return TEST_SUCCESS;
}
/**
* Test execution of rte_security_get_userdata in successful execution path
*/
static int
test_get_userdata_success(void)
{
struct security_unittest_params *ut_params = &unittest_params;
uint64_t md = 0xDEADBEEF;
void *userdata = (void *)0x7E577E57;
mock_get_userdata_exp.device = NULL;
mock_get_userdata_exp.md = md;
mock_get_userdata_exp.userdata = userdata;
mock_get_userdata_exp.ret = 0;
void *ret = rte_security_get_userdata(&ut_params->ctx, md);
TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
ret, userdata, "%p");
TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 1);
return TEST_SUCCESS;
}
/** /**
* rte_security_capabilities_get tests * rte_security_capabilities_get tests
*/ */
@ -2569,17 +2414,6 @@ static struct unit_test_suite security_testsuite = {
TEST_CASE_ST(ut_setup_with_session, ut_teardown, TEST_CASE_ST(ut_setup_with_session, ut_teardown,
test_set_pkt_metadata_success), test_set_pkt_metadata_success),
TEST_CASE_ST(ut_setup_with_session, ut_teardown,
test_get_userdata_inv_context),
TEST_CASE_ST(ut_setup_with_session, ut_teardown,
test_get_userdata_inv_context_ops),
TEST_CASE_ST(ut_setup_with_session, ut_teardown,
test_get_userdata_inv_context_ops_fun),
TEST_CASE_ST(ut_setup_with_session, ut_teardown,
test_get_userdata_ops_failure),
TEST_CASE_ST(ut_setup_with_session, ut_teardown,
test_get_userdata_success),
TEST_CASE_ST(ut_setup_with_session, ut_teardown, TEST_CASE_ST(ut_setup_with_session, ut_teardown,
test_capabilities_get_inv_context), test_capabilities_get_inv_context),
TEST_CASE_ST(ut_setup_with_session, ut_teardown, TEST_CASE_ST(ut_setup_with_session, ut_teardown,

View File

@ -433,7 +433,7 @@ protocol operations. See security library and PMD documentation for more details
* **[uses] rte_eth_txconf,rte_eth_txmode**: ``offloads:RTE_ETH_TX_OFFLOAD_SECURITY``. * **[uses] rte_eth_txconf,rte_eth_txmode**: ``offloads:RTE_ETH_TX_OFFLOAD_SECURITY``.
* **[uses] mbuf**: ``mbuf.l2_len``, ``mbuf.l3_len``, ``mbuf.ol_flags``. * **[uses] mbuf**: ``mbuf.l2_len``, ``mbuf.l3_len``, ``mbuf.ol_flags``.
* **[implements] rte_security_ops**: ``session_create``, ``session_update``, * **[implements] rte_security_ops**: ``session_create``, ``session_update``,
``session_stats_get``, ``session_destroy``, ``set_pkt_metadata``, ``get_userdata``, ``session_stats_get``, ``session_destroy``, ``set_pkt_metadata``,
``capabilities_get``. ``capabilities_get``.
* **[provides] rte_eth_dev_info**: ``rx_offload_capa,rx_queue_offload_capa:RTE_ETH_RX_OFFLOAD_SECURITY``, * **[provides] rte_eth_dev_info**: ``rx_offload_capa,rx_queue_offload_capa:RTE_ETH_RX_OFFLOAD_SECURITY``,
``tx_offload_capa,tx_queue_offload_capa:RTE_ETH_TX_OFFLOAD_SECURITY``. ``tx_offload_capa,tx_queue_offload_capa:RTE_ETH_TX_OFFLOAD_SECURITY``.

View File

@ -655,11 +655,6 @@ For Inline Crypto and Inline protocol offload, device specific defined metadata
updated in the mbuf using ``rte_security_set_pkt_metadata()`` if updated in the mbuf using ``rte_security_set_pkt_metadata()`` if
``RTE_ETH_TX_OFFLOAD_SEC_NEED_MDATA`` is set. ``RTE_ETH_TX_OFFLOAD_SEC_NEED_MDATA`` is set.
For inline protocol offloaded ingress traffic, the application can register a
pointer, ``userdata`` , in the security session. When the packet is received,
``rte_security_get_userdata()`` would return the userdata registered for the
security session which processed the packet.
.. note:: .. note::
In case of inline processed packets, ``RTE_SECURITY_DYNFIELD_NAME`` field In case of inline processed packets, ``RTE_SECURITY_DYNFIELD_NAME`` field

View File

@ -247,6 +247,11 @@ API Changes
and security capability structure ``rte_security_capability`` and security capability structure ``rte_security_capability``
to accommodate MACsec capabilities. to accommodate MACsec capabilities.
* security: The experimental API ``rte_security_get_userdata`` was being unused
by most of the drivers and it was retrieving userdata from mbuf dynamic field.
The API is now removed and the application can directly get the userdata from
mbuf dynamic field.
* metrics: Updated ``rte_metrics_init`` so it returns an error code instead * metrics: Updated ``rte_metrics_init`` so it returns an error code instead
of calling ``rte_exit``. of calling ``rte_exit``.

View File

@ -17,7 +17,6 @@ struct rte_security_ops cnxk_sec_ops = {
.session_get_size = NULL, .session_get_size = NULL,
.session_stats_get = NULL, .session_stats_get = NULL,
.set_pkt_metadata = NULL, .set_pkt_metadata = NULL,
.get_userdata = NULL,
.capabilities_get = cnxk_crypto_sec_capabilities_get .capabilities_get = cnxk_crypto_sec_capabilities_get
}; };

View File

@ -1700,8 +1700,7 @@ cnxk_eth_dev_init(struct rte_eth_dev *eth_dev)
return -ENOMEM; return -ENOMEM;
sec_ctx->device = eth_dev; sec_ctx->device = eth_dev;
sec_ctx->ops = &cnxk_eth_sec_ops; sec_ctx->ops = &cnxk_eth_sec_ops;
sec_ctx->flags = sec_ctx->flags = RTE_SEC_CTX_F_FAST_SET_MDATA;
(RTE_SEC_CTX_F_FAST_SET_MDATA | RTE_SEC_CTX_F_FAST_GET_UDATA);
eth_dev->security_ctx = sec_ctx; eth_dev->security_ctx = sec_ctx;
/* For secondary processes, the primary has done all the work */ /* For secondary processes, the primary has done all the work */

View File

@ -1482,7 +1482,6 @@ static struct rte_security_ops iavf_ipsec_crypto_ops = {
.session_stats_get = iavf_ipsec_crypto_session_stats_get, .session_stats_get = iavf_ipsec_crypto_session_stats_get,
.session_destroy = iavf_ipsec_crypto_session_destroy, .session_destroy = iavf_ipsec_crypto_session_destroy,
.set_pkt_metadata = iavf_ipsec_crypto_pkt_metadata_set, .set_pkt_metadata = iavf_ipsec_crypto_pkt_metadata_set,
.get_userdata = NULL,
.capabilities_get = iavf_ipsec_crypto_capabilities_get, .capabilities_get = iavf_ipsec_crypto_capabilities_get,
}; };

View File

@ -2182,39 +2182,15 @@ pool_init(struct socket_ctx *ctx, int32_t socket_id, int portid,
printf("Allocated mbuf pool on socket %d\n", socket_id); printf("Allocated mbuf pool on socket %d\n", socket_id);
} }
static inline int
inline_ipsec_event_esn_overflow(struct rte_security_ctx *ctx, uint64_t md)
{
struct ipsec_sa *sa;
/* For inline protocol processing, the metadata in the event will
* uniquely identify the security session which raised the event.
* Application would then need the userdata it had registered with the
* security session to process the event.
*/
sa = (struct ipsec_sa *)rte_security_get_userdata(ctx, md);
if (sa == NULL) {
/* userdata could not be retrieved */
return -1;
}
/* Sequence number over flow. SA need to be re-established */
RTE_SET_USED(sa);
return 0;
}
static int static int
inline_ipsec_event_callback(uint16_t port_id, enum rte_eth_event_type type, inline_ipsec_event_callback(uint16_t port_id, enum rte_eth_event_type type,
void *param, void *ret_param) void *param, void *ret_param)
{ {
uint64_t md; uint64_t md;
struct rte_eth_event_ipsec_desc *event_desc = NULL; struct rte_eth_event_ipsec_desc *event_desc = NULL;
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_eth_dev_get_sec_ctx(port_id);
RTE_SET_USED(param); RTE_SET_USED(param);
RTE_SET_USED(port_id);
if (type != RTE_ETH_EVENT_IPSEC) if (type != RTE_ETH_EVENT_IPSEC)
return -1; return -1;
@ -2227,8 +2203,10 @@ inline_ipsec_event_callback(uint16_t port_id, enum rte_eth_event_type type,
md = event_desc->metadata; md = event_desc->metadata;
if (event_desc->subtype == RTE_ETH_EVENT_IPSEC_ESN_OVERFLOW) if (event_desc->subtype == RTE_ETH_EVENT_IPSEC_ESN_OVERFLOW) {
return inline_ipsec_event_esn_overflow(ctx, md); if (md == 0)
return -1;
}
else if (event_desc->subtype >= RTE_ETH_EVENT_IPSEC_MAX) { else if (event_desc->subtype >= RTE_ETH_EVENT_IPSEC_MAX) {
printf("Invalid IPsec event reported\n"); printf("Invalid IPsec event reported\n");
return -1; return -1;

View File

@ -212,11 +212,7 @@ prepare_one_packet(struct rte_security_ctx *ctx, struct rte_mbuf *pkt,
struct ipsec_sa *sa; struct ipsec_sa *sa;
struct ipsec_mbuf_metadata *priv; struct ipsec_mbuf_metadata *priv;
/* Retrieve the userdata registered. Here, the userdata sa = *(struct ipsec_sa **)rte_security_dynfield(pkt);
* registered is the SA pointer.
*/
sa = (struct ipsec_sa *)rte_security_get_userdata(ctx,
*rte_security_dynfield(pkt));
if (sa == NULL) { if (sa == NULL) {
/* userdata could not be retrieved */ /* userdata could not be retrieved */
return; return;

View File

@ -226,23 +226,6 @@ __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
sess, m, params); sess, m, params);
} }
void *
__rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
{
void *userdata = NULL;
#ifdef RTE_DEBUG
RTE_PTR_OR_ERR_RET(instance, NULL);
RTE_PTR_OR_ERR_RET(instance->ops, NULL);
#endif
if (*instance->ops->get_userdata == NULL)
return NULL;
if (instance->ops->get_userdata(instance->device, md, &userdata))
return NULL;
return userdata;
}
const struct rte_security_capability * const struct rte_security_capability *
rte_security_capabilities_get(struct rte_security_ctx *instance) rte_security_capabilities_get(struct rte_security_ctx *instance)
{ {

View File

@ -82,12 +82,9 @@ struct rte_security_ctx {
}; };
#define RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001 #define RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001
/**< Driver uses fast metadata update without using driver specific callback */ /**< Driver uses fast metadata update without using driver specific callback.
* For fast mdata, mbuf dynamic field would be registered by driver
#define RTE_SEC_CTX_F_FAST_GET_UDATA 0x00000002 * via rte_security_dynfield_register().
/**< Driver provides udata using fast method without using driver specific
* callback. For fast mdata and udata, mbuf dynamic field would be registered
* by driver via rte_security_dynfield_register().
*/ */
/** /**
@ -896,40 +893,6 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
return __rte_security_set_pkt_metadata(instance, sess, mb, params); return __rte_security_set_pkt_metadata(instance, sess, mb, params);
} }
/** Function to call PMD specific function pointer get_userdata() */
__rte_experimental
extern void *__rte_security_get_userdata(struct rte_security_ctx *instance,
uint64_t md);
/**
* Get userdata associated with the security session. Device specific metadata
* provided would be used to uniquely identify the security session being
* referred to. This userdata would be registered while creating the session,
* and application can use this to identify the SA etc.
*
* Device specific metadata would be set in mbuf for inline processed inbound
* packets. In addition, the same metadata would be set for IPsec events
* reported by rte_eth_event framework.
*
* @param instance security instance
* @param md device-specific metadata
*
* @return
* - On success, userdata
* - On failure, NULL
*/
__rte_experimental
static inline void *
rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
{
/* Fast Path */
if (instance->flags & RTE_SEC_CTX_F_FAST_GET_UDATA)
return (void *)(uintptr_t)md;
/* Jump to PMD specific function pointer */
return __rte_security_get_userdata(instance, md);
}
/** /**
* Attach a session to a symmetric crypto operation * Attach a session to a symmetric crypto operation
* *

View File

@ -182,22 +182,6 @@ typedef int (*security_set_pkt_metadata_t)(void *device,
struct rte_security_session *sess, struct rte_mbuf *mb, struct rte_security_session *sess, struct rte_mbuf *mb,
void *params); void *params);
/**
* Get application specific userdata associated with the security session.
* Device specific metadata provided would be used to uniquely identify
* the security session being referred to.
*
* @param device Crypto/eth device pointer
* @param md Metadata
* @param userdata Pointer to receive userdata
*
* @return
* - Returns 0 if userdata is retrieved successfully.
* - Returns -ve value for errors.
*/
typedef int (*security_get_userdata_t)(void *device,
uint64_t md, void **userdata);
/** /**
* Get security capabilities of the device. * Get security capabilities of the device.
* *
@ -224,8 +208,6 @@ struct rte_security_ops {
/**< Clear a security sessions private data. */ /**< Clear a security sessions private data. */
security_set_pkt_metadata_t set_pkt_metadata; security_set_pkt_metadata_t set_pkt_metadata;
/**< Update mbuf metadata. */ /**< Update mbuf metadata. */
security_get_userdata_t get_userdata;
/**< Get userdata associated with session which processed the packet. */
security_capabilities_get_t capabilities_get; security_capabilities_get_t capabilities_get;
/**< Get security capabilities. */ /**< Get security capabilities. */
security_macsec_sc_create_t macsec_sc_create; security_macsec_sc_create_t macsec_sc_create;

View File

@ -13,7 +13,6 @@ DPDK_23 {
EXPERIMENTAL { EXPERIMENTAL {
global: global:
__rte_security_get_userdata;
__rte_security_set_pkt_metadata; __rte_security_set_pkt_metadata;
rte_security_dynfield_offset; rte_security_dynfield_offset;
rte_security_macsec_sa_create; rte_security_macsec_sa_create;