diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index 1d7a9e2952..2942617615 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -72,7 +72,6 @@ cpt_sec_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, struct cn10k_sec_session *sess, struct cpt_inst_s *inst) { struct rte_crypto_sym_op *sym_op = op->sym; - struct cn10k_ipsec_sa *sa; int ret; if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) { @@ -85,12 +84,10 @@ cpt_sec_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, return -ENOTSUP; } - sa = &sess->sa; - - if (sa->is_outbound) - ret = process_outb_sa(&qp->lf, op, sa, inst); + if (sess->is_outbound) + ret = process_outb_sa(&qp->lf, op, sess, inst); else - ret = process_inb_sa(op, sa, inst); + ret = process_inb_sa(op, sess, inst); return ret; } @@ -122,11 +119,11 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - sec_sess = SECURITY_GET_SESS_PRIV(sym_op->session); + sec_sess = (struct cn10k_sec_session *)(sym_op->session); ret = cpt_sec_inst_fill(qp, op, sec_sess, &inst[0]); if (unlikely(ret)) return 0; - w7 = sec_sess->sa.inst.w7; + w7 = sec_sess->inst.w7; } else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { sess = CRYPTODEV_GET_SYM_SESS_PRIV(sym_op->session); ret = cpt_sym_inst_fill(qp, op, sess, infl_req, @@ -298,13 +295,10 @@ cn10k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused, /* Set meta according to session type */ if (op_type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - struct cn10k_sec_session *priv; - struct cn10k_ipsec_sa *sa; + struct cn10k_sec_session *sec_sess = (struct cn10k_sec_session *)sess; - priv = SECURITY_GET_SESS_PRIV(sess); - sa = &priv->sa; - sa->qp = qp; - sa->inst.w2 = w2; + sec_sess->qp = qp; + sec_sess->inst.w2 = w2; } else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) { struct cnxk_se_sess *priv; @@ -335,13 +329,12 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op, { if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - struct cn10k_sec_session *priv; - struct cn10k_ipsec_sa *sa; + struct cn10k_sec_session *sec_sess; - priv = SECURITY_GET_SESS_PRIV(op->sym->session); - sa = &priv->sa; - *qp = sa->qp; - *w2 = sa->inst.w2; + sec_sess = (struct cn10k_sec_session *)op->sym->session; + + *qp = sec_sess->qp; + *w2 = sec_sess->inst.w2; } else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { struct cnxk_se_sess *priv; diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 1ebdf7793a..ef013c8bae 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -36,19 +36,17 @@ static int cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, struct rte_security_ipsec_xform *ipsec_xfrm, struct rte_crypto_sym_xform *crypto_xfrm, - struct rte_security_session *sec_sess) + struct cn10k_sec_session *sec_sess) { union roc_ot_ipsec_outb_param1 param1; struct roc_ot_ipsec_outb_sa *sa_dptr; struct cnxk_ipsec_outb_rlens rlens; - struct cn10k_sec_session *sess; struct cn10k_ipsec_sa *sa; union cpt_inst_w4 inst_w4; void *out_sa; int ret = 0; - sess = SECURITY_GET_SESS_PRIV(sec_sess); - sa = &sess->sa; + sa = &sec_sess->sa; out_sa = &sa->out_sa; /* Allocate memory to be used as dptr for CPT ucode WRITE_SA op */ @@ -65,21 +63,21 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, goto sa_dptr_free; } - sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, out_sa); + sec_sess->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, out_sa); #ifdef LA_IPSEC_DEBUG /* Use IV from application in debug mode */ if (ipsec_xfrm->options.iv_gen_disable == 1) { sa_dptr->w2.s.iv_src = ROC_IE_OT_SA_IV_SRC_FROM_SA; if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) { - sa->iv_offset = crypto_xfrm->aead.iv.offset; - sa->iv_length = crypto_xfrm->aead.iv.length; + sec_sess->iv_offset = crypto_xfrm->aead.iv.offset; + sec_sess->iv_length = crypto_xfrm->aead.iv.length; } else if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { - sa->iv_offset = crypto_xfrm->cipher.iv.offset; - sa->iv_length = crypto_xfrm->cipher.iv.length; + sec_sess->iv_offset = crypto_xfrm->cipher.iv.offset; + sec_sess->iv_length = crypto_xfrm->cipher.iv.length; } else { - sa->iv_offset = crypto_xfrm->auth.iv.offset; - sa->iv_length = crypto_xfrm->auth.iv.length; + sec_sess->iv_offset = crypto_xfrm->auth.iv.offset; + sec_sess->iv_length = crypto_xfrm->auth.iv.length; } } #else @@ -90,14 +88,14 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, } #endif - sa->is_outbound = true; + sec_sess->is_outbound = true; /* Get Rlen calculation data */ ret = cnxk_ipsec_outb_rlens_get(&rlens, ipsec_xfrm, crypto_xfrm); if (ret) goto sa_dptr_free; - sa->max_extended_len = rlens.max_extended_len; + sec_sess->max_extended_len = rlens.max_extended_len; /* pre-populate CPT INST word 4 */ inst_w4.u64 = 0; @@ -125,7 +123,7 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, inst_w4.s.param1 = param1.u16; - sa->inst.w4 = inst_w4.u64; + sec_sess->inst.w4 = inst_w4.u64; if (ipsec_xfrm->options.stats == 1) { /* Enable mib counters */ @@ -163,18 +161,16 @@ static int cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, struct rte_security_ipsec_xform *ipsec_xfrm, struct rte_crypto_sym_xform *crypto_xfrm, - struct rte_security_session *sec_sess) + struct cn10k_sec_session *sec_sess) { union roc_ot_ipsec_inb_param1 param1; struct roc_ot_ipsec_inb_sa *sa_dptr; - struct cn10k_sec_session *sess; struct cn10k_ipsec_sa *sa; union cpt_inst_w4 inst_w4; void *in_sa; int ret = 0; - sess = SECURITY_GET_SESS_PRIV(sec_sess); - sa = &sess->sa; + sa = &sec_sess->sa; in_sa = &sa->in_sa; /* Allocate memory to be used as dptr for CPT ucode WRITE_SA op */ @@ -192,8 +188,8 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, goto sa_dptr_free; } - sa->is_outbound = false; - sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, in_sa); + sec_sess->is_outbound = false; + sec_sess->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, in_sa); /* pre-populate CPT INST word 4 */ inst_w4.u64 = 0; @@ -221,7 +217,7 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, inst_w4.s.param1 = param1.u16; - sa->inst.w4 = inst_w4.u64; + sec_sess->inst.w4 = inst_w4.u64; if (ipsec_xfrm->options.stats == 1) { /* Enable mib counters */ @@ -281,11 +277,11 @@ cn10k_ipsec_session_create(void *dev, roc_cpt = &vf->cpt; if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) - return cn10k_ipsec_inb_sa_create(roc_cpt, &qp->lf, ipsec_xfrm, - crypto_xfrm, sess); + return cn10k_ipsec_inb_sa_create(roc_cpt, &qp->lf, ipsec_xfrm, crypto_xfrm, + (struct cn10k_sec_session *)sess); else - return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, ipsec_xfrm, - crypto_xfrm, sess); + return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, ipsec_xfrm, crypto_xfrm, + (struct cn10k_sec_session *)sess); } static int @@ -314,13 +310,14 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess) void *sa_dptr = NULL; int ret; - sess = SECURITY_GET_SESS_PRIV(sec_sess); - if (sess == NULL) - return 0; + if (unlikely(sec_sess == NULL)) + return -EINVAL; + + sess = (struct cn10k_sec_session *)sec_sess; qp = crypto_dev->data->queue_pairs[0]; - if (qp == NULL) - return 0; + if (unlikely(qp == NULL)) + return -ENOTSUP; lf = &qp->lf; @@ -331,7 +328,7 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess) ret = -1; - if (sa->is_outbound) { + if (sess->is_outbound) { sa_dptr = plt_zmalloc(sizeof(struct roc_ot_ipsec_outb_sa), 8); if (sa_dptr != NULL) { roc_ot_ipsec_outb_sa_init(sa_dptr); @@ -374,7 +371,7 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess) static unsigned int cn10k_sec_session_get_size(void *device __rte_unused) { - return sizeof(struct cn10k_sec_session); + return sizeof(struct cn10k_sec_session) - sizeof(struct rte_security_session); } static int @@ -384,25 +381,23 @@ cn10k_sec_session_stats_get(void *device, struct rte_security_session *sess, struct rte_cryptodev *crypto_dev = device; struct roc_ot_ipsec_outb_sa *out_sa; struct roc_ot_ipsec_inb_sa *in_sa; - union roc_ot_ipsec_sa_word2 *w2; struct cn10k_sec_session *priv; struct cn10k_ipsec_sa *sa; struct cnxk_cpt_qp *qp; - priv = SECURITY_GET_SESS_PRIV(sess); - if (priv == NULL) + if (unlikely(sess == NULL)) return -EINVAL; + priv = (struct cn10k_sec_session *)sess; + qp = crypto_dev->data->queue_pairs[0]; if (qp == NULL) return -EINVAL; - sa = &priv->sa; - w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2; - stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC; + sa = &priv->sa; - if (w2->s.dir == ROC_IE_SA_DIR_OUTBOUND) { + if (priv->is_outbound) { out_sa = &sa->out_sa; roc_cpt_lf_ctx_flush(&qp->lf, out_sa, false); rte_delay_ms(1); @@ -448,8 +443,8 @@ cn10k_sec_session_update(void *device, struct rte_security_session *sess, vf = crypto_dev->data->dev_private; roc_cpt = &vf->cpt; - return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, &conf->ipsec, - conf->crypto_xform, sess); + return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, &conf->ipsec, conf->crypto_xform, + (struct cn10k_sec_session *)sess); } /* Update platform specific security ops */ diff --git a/drivers/crypto/cnxk/cn10k_ipsec.h b/drivers/crypto/cnxk/cn10k_ipsec.h index 1c1d904799..044fe33046 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.h +++ b/drivers/crypto/cnxk/cn10k_ipsec.h @@ -6,6 +6,7 @@ #define __CN10K_IPSEC_H__ #include +#include #include "roc_api.h" @@ -14,6 +15,19 @@ typedef void *CN10K_SA_CONTEXT_MARKER[0]; struct cn10k_ipsec_sa { + union { + /** Inbound SA */ + struct roc_ot_ipsec_inb_sa in_sa; + /** Outbound SA */ + struct roc_ot_ipsec_outb_sa out_sa; + }; +} __rte_aligned(ROC_ALIGN); + +struct cn10k_sec_session { + struct rte_security_session rte_sess; + + /** PMD private space */ + /** Pre-populated CPT inst words */ struct cnxk_cpt_inst_tmpl inst; uint16_t max_extended_len; @@ -26,17 +40,6 @@ struct cn10k_ipsec_sa { /** * End of SW mutable area */ - CN10K_SA_CONTEXT_MARKER sw_area_end __rte_aligned(ROC_ALIGN); - - union { - /** Inbound SA */ - struct roc_ot_ipsec_inb_sa in_sa; - /** Outbound SA */ - struct roc_ot_ipsec_outb_sa out_sa; - }; -} __rte_aligned(ROC_ALIGN); - -struct cn10k_sec_session { struct cn10k_ipsec_sa sa; } __rte_aligned(ROC_ALIGN); diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h index 21502e0eb2..a75e88cb28 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h +++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h @@ -13,13 +13,12 @@ #include "cnxk_cryptodev.h" static inline void -ipsec_po_sa_iv_set(struct cn10k_ipsec_sa *sess, struct rte_crypto_op *cop) +ipsec_po_sa_iv_set(struct cn10k_sec_session *sess, struct rte_crypto_op *cop) { - uint64_t *iv = &sess->out_sa.iv.u64[0]; + uint64_t *iv = &sess->sa.out_sa.iv.u64[0]; uint64_t *tmp_iv; - memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), - 16); + memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), 16); tmp_iv = (uint64_t *)iv; *tmp_iv = rte_be_to_cpu_64(*tmp_iv); @@ -28,28 +27,24 @@ ipsec_po_sa_iv_set(struct cn10k_ipsec_sa *sess, struct rte_crypto_op *cop) } static inline void -ipsec_po_sa_aes_gcm_iv_set(struct cn10k_ipsec_sa *sess, - struct rte_crypto_op *cop) +ipsec_po_sa_aes_gcm_iv_set(struct cn10k_sec_session *sess, struct rte_crypto_op *cop) { - uint8_t *iv = &sess->out_sa.iv.s.iv_dbg1[0]; + uint8_t *iv = &sess->sa.out_sa.iv.s.iv_dbg1[0]; uint32_t *tmp_iv; - memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), - 4); + memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), 4); tmp_iv = (uint32_t *)iv; *tmp_iv = rte_be_to_cpu_32(*tmp_iv); - iv = &sess->out_sa.iv.s.iv_dbg2[0]; - memcpy(iv, - rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset + 4), - 4); + iv = &sess->sa.out_sa.iv.s.iv_dbg2[0]; + memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset + 4), 4); tmp_iv = (uint32_t *)iv; *tmp_iv = rte_be_to_cpu_32(*tmp_iv); } static __rte_always_inline int -process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop, - struct cn10k_ipsec_sa *sess, struct cpt_inst_s *inst) +process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop, struct cn10k_sec_session *sess, + struct cpt_inst_s *inst) { struct rte_crypto_sym_op *sym_op = cop->sym; struct rte_mbuf *m_src = sym_op->m_src; @@ -64,17 +59,17 @@ process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop, RTE_SET_USED(lf); #ifdef LA_IPSEC_DEBUG - if (sess->out_sa.w2.s.iv_src == ROC_IE_OT_SA_IV_SRC_FROM_SA) { - if (sess->out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM || - sess->out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_CCM || - sess->out_sa.w2.s.auth_type == ROC_IE_OT_SA_AUTH_AES_GMAC) + if (sess->sa.out_sa.w2.s.iv_src == ROC_IE_OT_SA_IV_SRC_FROM_SA) { + if (sess->sa.out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM || + sess->sa.out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_CCM || + sess->sa.out_sa.w2.s.auth_type == ROC_IE_OT_SA_AUTH_AES_GMAC) ipsec_po_sa_aes_gcm_iv_set(sess, cop); else ipsec_po_sa_iv_set(sess, cop); } /* Trigger CTX reload to fetch new data from DRAM */ - roc_cpt_lf_ctx_reload(lf, &sess->out_sa); + roc_cpt_lf_ctx_reload(lf, &sess->sa.out_sa); rte_delay_ms(1); #endif @@ -94,15 +89,14 @@ process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop, } static __rte_always_inline int -process_inb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sa, - struct cpt_inst_s *inst) +process_inb_sa(struct rte_crypto_op *cop, struct cn10k_sec_session *sess, struct cpt_inst_s *inst) { struct rte_crypto_sym_op *sym_op = cop->sym; struct rte_mbuf *m_src = sym_op->m_src; uint64_t dptr; /* Prepare CPT instruction */ - inst->w4.u64 = sa->inst.w4 | rte_pktmbuf_pkt_len(m_src); + inst->w4.u64 = sess->inst.w4 | rte_pktmbuf_pkt_len(m_src); dptr = rte_pktmbuf_mtod(m_src, uint64_t); inst->dptr = dptr; inst->rptr = dptr;