d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

crypto/cnxk: align HW accessible fields to ROC

Browse Source 
Hardware accessible memory need to be aligned to ROC.
Enforced the same. Moved software specific fields to padding space.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This commit is contained in:
Anoob Joseph 2022-10-12 17:40:33 +05:30 committed by Akhil Goyal
parent 410d016961
commit aa6dc34fe3
4 changed files with 80 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
drivers/crypto/cnxk/cn10k_cryptodev_ops.c
View File

@ -72,7 +72,6 @@ cpt_sec_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
struct cn10k_sec_session *sess, struct cpt_inst_s *inst)
{
struct rte_crypto_sym_op *sym_op = op->sym;
struct cn10k_ipsec_sa *sa;
int ret;
if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) {
@ -85,12 +84,10 @@ cpt_sec_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
return -ENOTSUP;
}
sa = &sess->sa;
if (sa->is_outbound)
ret = process_outb_sa(&qp->lf, op, sa, inst);
if (sess->is_outbound)
ret = process_outb_sa(&qp->lf, op, sess, inst);
else
ret = process_inb_sa(op, sa, inst);
ret = process_inb_sa(op, sess, inst);
return ret;
}
@ -122,11 +119,11 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
sec_sess = SECURITY_GET_SESS_PRIV(sym_op->session);
sec_sess = (struct cn10k_sec_session *)(sym_op->session);
ret = cpt_sec_inst_fill(qp, op, sec_sess, &inst[0]);
if (unlikely(ret))
return 0;
w7 = sec_sess->sa.inst.w7;
w7 = sec_sess->inst.w7;
} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
sess = CRYPTODEV_GET_SYM_SESS_PRIV(sym_op->session);
ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
@ -298,13 +295,10 @@ cn10k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
/* Set meta according to session type */
if (op_type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
struct cn10k_sec_session *priv;
struct cn10k_ipsec_sa *sa;
struct cn10k_sec_session *sec_sess = (struct cn10k_sec_session *)sess;
priv = SECURITY_GET_SESS_PRIV(sess);
sa = &priv->sa;
sa->qp = qp;
sa->inst.w2 = w2;
sec_sess->qp = qp;
sec_sess->inst.w2 = w2;
} else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
struct cnxk_se_sess *priv;
@ -335,13 +329,12 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
{
if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
struct cn10k_sec_session *priv;
struct cn10k_ipsec_sa *sa;
struct cn10k_sec_session *sec_sess;
priv = SECURITY_GET_SESS_PRIV(op->sym->session);
sa = &priv->sa;
*qp = sa->qp;
*w2 = sa->inst.w2;
sec_sess = (struct cn10k_sec_session *)op->sym->session;
*qp = sec_sess->qp;
*w2 = sec_sess->inst.w2;
} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
struct cnxk_se_sess *priv;

77
drivers/crypto/cnxk/cn10k_ipsec.c
View File

@ -36,19 +36,17 @@ static int
cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
struct rte_security_ipsec_xform *ipsec_xfrm,
struct rte_crypto_sym_xform *crypto_xfrm,
struct rte_security_session *sec_sess)
struct cn10k_sec_session *sec_sess)
{
union roc_ot_ipsec_outb_param1 param1;
struct roc_ot_ipsec_outb_sa *sa_dptr;
struct cnxk_ipsec_outb_rlens rlens;
struct cn10k_sec_session *sess;
struct cn10k_ipsec_sa *sa;
union cpt_inst_w4 inst_w4;
void *out_sa;
int ret = 0;
sess = SECURITY_GET_SESS_PRIV(sec_sess);
sa = &sess->sa;
sa = &sec_sess->sa;
out_sa = &sa->out_sa;
/* Allocate memory to be used as dptr for CPT ucode WRITE_SA op */
@ -65,21 +63,21 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
goto sa_dptr_free;
}
sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, out_sa);
sec_sess->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, out_sa);
#ifdef LA_IPSEC_DEBUG
/* Use IV from application in debug mode */
if (ipsec_xfrm->options.iv_gen_disable == 1) {
sa_dptr->w2.s.iv_src = ROC_IE_OT_SA_IV_SRC_FROM_SA;
if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
sa->iv_offset = crypto_xfrm->aead.iv.offset;
sa->iv_length = crypto_xfrm->aead.iv.length;
sec_sess->iv_offset = crypto_xfrm->aead.iv.offset;
sec_sess->iv_length = crypto_xfrm->aead.iv.length;
} else if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
sa->iv_offset = crypto_xfrm->cipher.iv.offset;
sa->iv_length = crypto_xfrm->cipher.iv.length;
sec_sess->iv_offset = crypto_xfrm->cipher.iv.offset;
sec_sess->iv_length = crypto_xfrm->cipher.iv.length;
} else {
sa->iv_offset = crypto_xfrm->auth.iv.offset;
sa->iv_length = crypto_xfrm->auth.iv.length;
sec_sess->iv_offset = crypto_xfrm->auth.iv.offset;
sec_sess->iv_length = crypto_xfrm->auth.iv.length;
}
}
#else
@ -90,14 +88,14 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
}
#endif
sa->is_outbound = true;
sec_sess->is_outbound = true;
/* Get Rlen calculation data */
ret = cnxk_ipsec_outb_rlens_get(&rlens, ipsec_xfrm, crypto_xfrm);
if (ret)
goto sa_dptr_free;
sa->max_extended_len = rlens.max_extended_len;
sec_sess->max_extended_len = rlens.max_extended_len;
/* pre-populate CPT INST word 4 */
inst_w4.u64 = 0;
@ -125,7 +123,7 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
inst_w4.s.param1 = param1.u16;
sa->inst.w4 = inst_w4.u64;
sec_sess->inst.w4 = inst_w4.u64;
if (ipsec_xfrm->options.stats == 1) {
/* Enable mib counters */
@ -163,18 +161,16 @@ static int
cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
struct rte_security_ipsec_xform *ipsec_xfrm,
struct rte_crypto_sym_xform *crypto_xfrm,
struct rte_security_session *sec_sess)
struct cn10k_sec_session *sec_sess)
{
union roc_ot_ipsec_inb_param1 param1;
struct roc_ot_ipsec_inb_sa *sa_dptr;
struct cn10k_sec_session *sess;
struct cn10k_ipsec_sa *sa;
union cpt_inst_w4 inst_w4;
void *in_sa;
int ret = 0;
sess = SECURITY_GET_SESS_PRIV(sec_sess);
sa = &sess->sa;
sa = &sec_sess->sa;
in_sa = &sa->in_sa;
/* Allocate memory to be used as dptr for CPT ucode WRITE_SA op */
@ -192,8 +188,8 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
goto sa_dptr_free;
}
sa->is_outbound = false;
sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, in_sa);
sec_sess->is_outbound = false;
sec_sess->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, in_sa);
/* pre-populate CPT INST word 4 */
inst_w4.u64 = 0;
@ -221,7 +217,7 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
inst_w4.s.param1 = param1.u16;
sa->inst.w4 = inst_w4.u64;
sec_sess->inst.w4 = inst_w4.u64;
if (ipsec_xfrm->options.stats == 1) {
/* Enable mib counters */
@ -281,11 +277,11 @@ cn10k_ipsec_session_create(void *dev,
roc_cpt = &vf->cpt;
if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
return cn10k_ipsec_inb_sa_create(roc_cpt, &qp->lf, ipsec_xfrm,
crypto_xfrm, sess);
return cn10k_ipsec_inb_sa_create(roc_cpt, &qp->lf, ipsec_xfrm, crypto_xfrm,
(struct cn10k_sec_session *)sess);
else
return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, ipsec_xfrm,
crypto_xfrm, sess);
return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, ipsec_xfrm, crypto_xfrm,
(struct cn10k_sec_session *)sess);
}
static int
@ -314,13 +310,14 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
void *sa_dptr = NULL;
int ret;
sess = SECURITY_GET_SESS_PRIV(sec_sess);
if (sess == NULL)
return 0;
if (unlikely(sec_sess == NULL))
return -EINVAL;
sess = (struct cn10k_sec_session *)sec_sess;
qp = crypto_dev->data->queue_pairs[0];
if (qp == NULL)
return 0;
if (unlikely(qp == NULL))
return -ENOTSUP;
lf = &qp->lf;
@ -331,7 +328,7 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
ret = -1;
if (sa->is_outbound) {
if (sess->is_outbound) {
sa_dptr = plt_zmalloc(sizeof(struct roc_ot_ipsec_outb_sa), 8);
if (sa_dptr != NULL) {
roc_ot_ipsec_outb_sa_init(sa_dptr);
@ -374,7 +371,7 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
static unsigned int
cn10k_sec_session_get_size(void *device __rte_unused)
{
return sizeof(struct cn10k_sec_session);
return sizeof(struct cn10k_sec_session) - sizeof(struct rte_security_session);
}
static int
@ -384,25 +381,23 @@ cn10k_sec_session_stats_get(void *device, struct rte_security_session *sess,
struct rte_cryptodev *crypto_dev = device;
struct roc_ot_ipsec_outb_sa *out_sa;
struct roc_ot_ipsec_inb_sa *in_sa;
union roc_ot_ipsec_sa_word2 *w2;
struct cn10k_sec_session *priv;
struct cn10k_ipsec_sa *sa;
struct cnxk_cpt_qp *qp;
priv = SECURITY_GET_SESS_PRIV(sess);
if (priv == NULL)
if (unlikely(sess == NULL))
return -EINVAL;
priv = (struct cn10k_sec_session *)sess;
qp = crypto_dev->data->queue_pairs[0];
if (qp == NULL)
return -EINVAL;
sa = &priv->sa;
w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2;
stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC;
sa = &priv->sa;
if (w2->s.dir == ROC_IE_SA_DIR_OUTBOUND) {
if (priv->is_outbound) {
out_sa = &sa->out_sa;
roc_cpt_lf_ctx_flush(&qp->lf, out_sa, false);
rte_delay_ms(1);
@ -448,8 +443,8 @@ cn10k_sec_session_update(void *device, struct rte_security_session *sess,
vf = crypto_dev->data->dev_private;
roc_cpt = &vf->cpt;
return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, &conf->ipsec,
conf->crypto_xform, sess);
return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, &conf->ipsec, conf->crypto_xform,
(struct cn10k_sec_session *)sess);
}
/* Update platform specific security ops */

25
drivers/crypto/cnxk/cn10k_ipsec.h
View File

@ -6,6 +6,7 @@
#define __CN10K_IPSEC_H__
#include <rte_security.h>
#include <rte_security_driver.h>
#include "roc_api.h"
@ -14,6 +15,19 @@
typedef void *CN10K_SA_CONTEXT_MARKER[0];
struct cn10k_ipsec_sa {
union {
/** Inbound SA */
struct roc_ot_ipsec_inb_sa in_sa;
/** Outbound SA */
struct roc_ot_ipsec_outb_sa out_sa;
};
} __rte_aligned(ROC_ALIGN);
struct cn10k_sec_session {
struct rte_security_session rte_sess;
/** PMD private space */
/** Pre-populated CPT inst words */
struct cnxk_cpt_inst_tmpl inst;
uint16_t max_extended_len;
@ -26,17 +40,6 @@ struct cn10k_ipsec_sa {
/**
* End of SW mutable area
*/
CN10K_SA_CONTEXT_MARKER sw_area_end __rte_aligned(ROC_ALIGN);
union {
/** Inbound SA */
struct roc_ot_ipsec_inb_sa in_sa;
/** Outbound SA */
struct roc_ot_ipsec_outb_sa out_sa;
};
} __rte_aligned(ROC_ALIGN);
struct cn10k_sec_session {
struct cn10k_ipsec_sa sa;
} __rte_aligned(ROC_ALIGN);

40
drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
View File

@ -13,13 +13,12 @@
#include "cnxk_cryptodev.h"
static inline void
ipsec_po_sa_iv_set(struct cn10k_ipsec_sa *sess, struct rte_crypto_op *cop)
ipsec_po_sa_iv_set(struct cn10k_sec_session *sess, struct rte_crypto_op *cop)
{
uint64_t *iv = &sess->out_sa.iv.u64[0];
uint64_t *iv = &sess->sa.out_sa.iv.u64[0];
uint64_t *tmp_iv;
memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset),
16);
memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), 16);
tmp_iv = (uint64_t *)iv;
*tmp_iv = rte_be_to_cpu_64(*tmp_iv);
@ -28,28 +27,24 @@ ipsec_po_sa_iv_set(struct cn10k_ipsec_sa *sess, struct rte_crypto_op *cop)
}
static inline void
ipsec_po_sa_aes_gcm_iv_set(struct cn10k_ipsec_sa *sess,
struct rte_crypto_op *cop)
ipsec_po_sa_aes_gcm_iv_set(struct cn10k_sec_session *sess, struct rte_crypto_op *cop)
{
uint8_t *iv = &sess->out_sa.iv.s.iv_dbg1[0];
uint8_t *iv = &sess->sa.out_sa.iv.s.iv_dbg1[0];
uint32_t *tmp_iv;
memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset),
4);
memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), 4);
tmp_iv = (uint32_t *)iv;
*tmp_iv = rte_be_to_cpu_32(*tmp_iv);
iv = &sess->out_sa.iv.s.iv_dbg2[0];
memcpy(iv,
rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset + 4),
4);
iv = &sess->sa.out_sa.iv.s.iv_dbg2[0];
memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset + 4), 4);
tmp_iv = (uint32_t *)iv;
*tmp_iv = rte_be_to_cpu_32(*tmp_iv);
}
static __rte_always_inline int
process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop,
struct cn10k_ipsec_sa *sess, struct cpt_inst_s *inst)
process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop, struct cn10k_sec_session *sess,
struct cpt_inst_s *inst)
{
struct rte_crypto_sym_op *sym_op = cop->sym;
struct rte_mbuf *m_src = sym_op->m_src;
@ -64,17 +59,17 @@ process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop,
RTE_SET_USED(lf);
#ifdef LA_IPSEC_DEBUG
if (sess->out_sa.w2.s.iv_src == ROC_IE_OT_SA_IV_SRC_FROM_SA) {
if (sess->out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM ||
sess->out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_CCM ||
sess->out_sa.w2.s.auth_type == ROC_IE_OT_SA_AUTH_AES_GMAC)
if (sess->sa.out_sa.w2.s.iv_src == ROC_IE_OT_SA_IV_SRC_FROM_SA) {
if (sess->sa.out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM ||
sess->sa.out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_CCM ||
sess->sa.out_sa.w2.s.auth_type == ROC_IE_OT_SA_AUTH_AES_GMAC)
ipsec_po_sa_aes_gcm_iv_set(sess, cop);
else
ipsec_po_sa_iv_set(sess, cop);
}
/* Trigger CTX reload to fetch new data from DRAM */
roc_cpt_lf_ctx_reload(lf, &sess->out_sa);
roc_cpt_lf_ctx_reload(lf, &sess->sa.out_sa);
rte_delay_ms(1);
#endif
@ -94,15 +89,14 @@ process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop,
}
static __rte_always_inline int
process_inb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sa,
struct cpt_inst_s *inst)
process_inb_sa(struct rte_crypto_op *cop, struct cn10k_sec_session *sess, struct cpt_inst_s *inst)
{
struct rte_crypto_sym_op *sym_op = cop->sym;
struct rte_mbuf *m_src = sym_op->m_src;
uint64_t dptr;
/* Prepare CPT instruction */
inst->w4.u64 = sa->inst.w4 | rte_pktmbuf_pkt_len(m_src);
inst->w4.u64 = sess->inst.w4 | rte_pktmbuf_pkt_len(m_src);
dptr = rte_pktmbuf_mtod(m_src, uint64_t);
inst->dptr = dptr;
inst->rptr = dptr;