d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

net/cnxk: synchronize inline session create and destroy

Browse Source 
Synchronize inline session create and destroy using spinlock.
Also move security related error prints outside the spinlock.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
This commit is contained in:
Nithin Dabilpuram 2022-01-21 17:34:24 +05:30 committed by Jerin Jacob
parent 07618e267b
commit fd7d681c0c
4 changed files with 65 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
drivers/net/cnxk/cn10k_ethdev_sec.c
View File

@ -238,6 +238,8 @@ cn10k_eth_sec_session_create(void *device,
struct rte_crypto_sym_xform *crypto; struct rte_crypto_sym_xform *crypto;
struct cnxk_eth_sec_sess *eth_sec; struct cnxk_eth_sec_sess *eth_sec;
bool inbound, inl_dev; bool inbound, inl_dev;
rte_spinlock_t *lock;
char tbuf[128] = {0};
int rc = 0; int rc = 0;
if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
@ -272,6 +274,9 @@ cn10k_eth_sec_session_create(void *device,
memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess)); memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
sess_priv.u64 = 0; sess_priv.u64 = 0;
lock = inbound ? &dev->inb.lock : &dev->outb.lock;
rte_spinlock_lock(lock);
/* Acquire lock on inline dev for inbound */ /* Acquire lock on inline dev for inbound */
if (inbound && inl_dev) if (inbound && inl_dev)
roc_nix_inl_dev_lock(); roc_nix_inl_dev_lock();
@ -287,12 +292,14 @@ cn10k_eth_sec_session_create(void *device,
/* Get Inbound SA from NIX_RX_IPSEC_SA_BASE */ /* Get Inbound SA from NIX_RX_IPSEC_SA_BASE */
sa = roc_nix_inl_inb_sa_get(&dev->nix, inl_dev, ipsec->spi); sa = roc_nix_inl_inb_sa_get(&dev->nix, inl_dev, ipsec->spi);
if (!sa && dev->inb.inl_dev) { if (!sa && dev->inb.inl_dev) {
plt_err("Failed to create ingress sa, inline dev " snprintf(tbuf, sizeof(tbuf),
"not found or spi not in range"); "Failed to create ingress sa, inline dev "
"not found or spi not in range");
rc = -ENOTSUP; rc = -ENOTSUP;
goto mempool_put; goto mempool_put;
} else if (!sa) { } else if (!sa) {
plt_err("Failed to create ingress sa"); snprintf(tbuf, sizeof(tbuf),
"Failed to create ingress sa");
rc = -EFAULT; rc = -EFAULT;
goto mempool_put; goto mempool_put;
} }
@ -301,8 +308,9 @@ cn10k_eth_sec_session_create(void *device,
/* Check if SA is already in use */ /* Check if SA is already in use */
if (inb_sa->w2.s.valid) { if (inb_sa->w2.s.valid) {
plt_err("Inbound SA with SPI %u already in use", snprintf(tbuf, sizeof(tbuf),
ipsec->spi); "Inbound SA with SPI %u already in use",
ipsec->spi);
rc = -EBUSY; rc = -EBUSY;
goto mempool_put; goto mempool_put;
} }
@ -313,7 +321,8 @@ cn10k_eth_sec_session_create(void *device,
/* Fill inbound sa params */ /* Fill inbound sa params */
rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto); rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto);
if (rc) { if (rc) {
plt_err("Failed to init inbound sa, rc=%d", rc); snprintf(tbuf, sizeof(tbuf),
"Failed to init inbound sa, rc=%d", rc);
goto mempool_put; goto mempool_put;
} }
@ -371,7 +380,8 @@ cn10k_eth_sec_session_create(void *device,
/* Fill outbound sa params */ /* Fill outbound sa params */
rc = cnxk_ot_ipsec_outb_sa_fill(outb_sa_dptr, ipsec, crypto); rc = cnxk_ot_ipsec_outb_sa_fill(outb_sa_dptr, ipsec, crypto);
if (rc) { if (rc) {
plt_err("Failed to init outbound sa, rc=%d", rc); snprintf(tbuf, sizeof(tbuf),
"Failed to init outbound sa, rc=%d", rc);
rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx); rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
goto mempool_put; goto mempool_put;
} }
@ -409,6 +419,7 @@ cn10k_eth_sec_session_create(void *device,
} }
if (inbound && inl_dev) if (inbound && inl_dev)
roc_nix_inl_dev_unlock(); roc_nix_inl_dev_unlock();
rte_spinlock_unlock(lock);
plt_nix_dbg("Created %s session with spi=%u, sa_idx=%u inl_dev=%u", plt_nix_dbg("Created %s session with spi=%u, sa_idx=%u inl_dev=%u",
inbound ? "inbound" : "outbound", eth_sec->spi, inbound ? "inbound" : "outbound", eth_sec->spi,
@ -422,7 +433,11 @@ cn10k_eth_sec_session_create(void *device,
mempool_put: mempool_put:
if (inbound && inl_dev) if (inbound && inl_dev)
roc_nix_inl_dev_unlock(); roc_nix_inl_dev_unlock();
rte_spinlock_unlock(lock);
rte_mempool_put(mempool, eth_sec); rte_mempool_put(mempool, eth_sec);
if (rc)
plt_err("%s", tbuf);
return rc; return rc;
} }
@ -433,12 +448,16 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
struct cnxk_eth_sec_sess *eth_sec; struct cnxk_eth_sec_sess *eth_sec;
struct rte_mempool *mp; struct rte_mempool *mp;
rte_spinlock_t *lock;
void *sa_dptr; void *sa_dptr;
eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess); eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
if (!eth_sec) if (!eth_sec)
return -ENOENT; return -ENOENT;
lock = eth_sec->inb ? &dev->inb.lock : &dev->outb.lock;
rte_spinlock_lock(lock);
if (eth_sec->inl_dev) if (eth_sec->inl_dev)
roc_nix_inl_dev_lock(); roc_nix_inl_dev_lock();
@ -468,6 +487,8 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
if (eth_sec->inl_dev) if (eth_sec->inl_dev)
roc_nix_inl_dev_unlock(); roc_nix_inl_dev_unlock();
rte_spinlock_unlock(lock);
plt_nix_dbg("Destroyed %s session with spi=%u, sa_idx=%u, inl_dev=%u", plt_nix_dbg("Destroyed %s session with spi=%u, sa_idx=%u, inl_dev=%u",
eth_sec->inb ? "inbound" : "outbound", eth_sec->spi, eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
eth_sec->sa_idx, eth_sec->inl_dev); eth_sec->sa_idx, eth_sec->inl_dev);

32
drivers/net/cnxk/cn9k_ethdev_sec.c
View File

@ -146,6 +146,8 @@ cn9k_eth_sec_session_create(void *device,
struct cn9k_sec_sess_priv sess_priv; struct cn9k_sec_sess_priv sess_priv;
struct rte_crypto_sym_xform *crypto; struct rte_crypto_sym_xform *crypto;
struct cnxk_eth_sec_sess *eth_sec; struct cnxk_eth_sec_sess *eth_sec;
rte_spinlock_t *lock;
char tbuf[128] = {0};
bool inbound; bool inbound;
int rc = 0; int rc = 0;
@ -174,6 +176,9 @@ cn9k_eth_sec_session_create(void *device,
return -ENOMEM; return -ENOMEM;
} }
lock = inbound ? &dev->inb.lock : &dev->outb.lock;
rte_spinlock_lock(lock);
memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess)); memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
sess_priv.u64 = 0; sess_priv.u64 = 0;
@ -188,17 +193,19 @@ cn9k_eth_sec_session_create(void *device,
* device always for CN9K. * device always for CN9K.
*/ */
inb_sa = (struct roc_onf_ipsec_inb_sa *) inb_sa = (struct roc_onf_ipsec_inb_sa *)
roc_nix_inl_inb_sa_get(&dev->nix, false, ipsec->spi); roc_nix_inl_inb_sa_get(&dev->nix, false, ipsec->spi);
if (!inb_sa) { if (!inb_sa) {
plt_err("Failed to create ingress sa"); snprintf(tbuf, sizeof(tbuf),
"Failed to create ingress sa");
rc = -EFAULT; rc = -EFAULT;
goto mempool_put; goto mempool_put;
} }
/* Check if SA is already in use */ /* Check if SA is already in use */
if (inb_sa->ctl.valid) { if (inb_sa->ctl.valid) {
plt_err("Inbound SA with SPI %u already in use", snprintf(tbuf, sizeof(tbuf),
ipsec->spi); "Inbound SA with SPI %u already in use",
ipsec->spi);
rc = -EBUSY; rc = -EBUSY;
goto mempool_put; goto mempool_put;
} }
@ -208,7 +215,8 @@ cn9k_eth_sec_session_create(void *device,
/* Fill inbound sa params */ /* Fill inbound sa params */
rc = cnxk_onf_ipsec_inb_sa_fill(inb_sa, ipsec, crypto); rc = cnxk_onf_ipsec_inb_sa_fill(inb_sa, ipsec, crypto);
if (rc) { if (rc) {
plt_err("Failed to init inbound sa, rc=%d", rc); snprintf(tbuf, sizeof(tbuf),
"Failed to init inbound sa, rc=%d", rc);
goto mempool_put; goto mempool_put;
} }
@ -263,7 +271,8 @@ cn9k_eth_sec_session_create(void *device,
/* Fill outbound sa params */ /* Fill outbound sa params */
rc = cnxk_onf_ipsec_outb_sa_fill(outb_sa, ipsec, crypto); rc = cnxk_onf_ipsec_outb_sa_fill(outb_sa, ipsec, crypto);
if (rc) { if (rc) {
plt_err("Failed to init outbound sa, rc=%d", rc); snprintf(tbuf, sizeof(tbuf),
"Failed to init outbound sa, rc=%d", rc);
rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx); rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
goto mempool_put; goto mempool_put;
} }
@ -300,6 +309,8 @@ cn9k_eth_sec_session_create(void *device,
/* Sync SA content */ /* Sync SA content */
plt_atomic_thread_fence(__ATOMIC_ACQ_REL); plt_atomic_thread_fence(__ATOMIC_ACQ_REL);
rte_spinlock_unlock(lock);
plt_nix_dbg("Created %s session with spi=%u, sa_idx=%u", plt_nix_dbg("Created %s session with spi=%u, sa_idx=%u",
inbound ? "inbound" : "outbound", eth_sec->spi, inbound ? "inbound" : "outbound", eth_sec->spi,
eth_sec->sa_idx); eth_sec->sa_idx);
@ -310,7 +321,10 @@ cn9k_eth_sec_session_create(void *device,
return 0; return 0;
mempool_put: mempool_put:
rte_spinlock_unlock(lock);
rte_mempool_put(mempool, eth_sec); rte_mempool_put(mempool, eth_sec);
if (rc)
plt_err("%s", tbuf);
return rc; return rc;
} }
@ -323,11 +337,15 @@ cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
struct roc_onf_ipsec_inb_sa *inb_sa; struct roc_onf_ipsec_inb_sa *inb_sa;
struct cnxk_eth_sec_sess *eth_sec; struct cnxk_eth_sec_sess *eth_sec;
struct rte_mempool *mp; struct rte_mempool *mp;
rte_spinlock_t *lock;
eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess); eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
if (!eth_sec) if (!eth_sec)
return -ENOENT; return -ENOENT;
lock = eth_sec->inb ? &dev->inb.lock : &dev->outb.lock;
rte_spinlock_lock(lock);
if (eth_sec->inb) { if (eth_sec->inb) {
inb_sa = eth_sec->sa; inb_sa = eth_sec->sa;
/* Disable SA */ /* Disable SA */
@ -349,6 +367,8 @@ cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
/* Sync SA content */ /* Sync SA content */
plt_atomic_thread_fence(__ATOMIC_ACQ_REL); plt_atomic_thread_fence(__ATOMIC_ACQ_REL);
rte_spinlock_unlock(lock);
plt_nix_dbg("Destroyed %s session with spi=%u, sa_idx=%u", plt_nix_dbg("Destroyed %s session with spi=%u, sa_idx=%u",
eth_sec->inb ? "inbound" : "outbound", eth_sec->spi, eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
eth_sec->sa_idx); eth_sec->sa_idx);

7
drivers/net/cnxk/cnxk_ethdev.c
View File

@ -1611,8 +1611,6 @@ cnxk_eth_dev_init(struct rte_eth_dev *eth_dev)
sec_ctx->flags = sec_ctx->flags =
(RTE_SEC_CTX_F_FAST_SET_MDATA | RTE_SEC_CTX_F_FAST_GET_UDATA); (RTE_SEC_CTX_F_FAST_SET_MDATA | RTE_SEC_CTX_F_FAST_GET_UDATA);
eth_dev->security_ctx = sec_ctx; eth_dev->security_ctx = sec_ctx;
TAILQ_INIT(&dev->inb.list);
TAILQ_INIT(&dev->outb.list);
/* For secondary processes, the primary has done all the work */ /* For secondary processes, the primary has done all the work */
if (rte_eal_process_type() != RTE_PROC_PRIMARY) if (rte_eal_process_type() != RTE_PROC_PRIMARY)
@ -1648,6 +1646,11 @@ cnxk_eth_dev_init(struct rte_eth_dev *eth_dev)
dev->configured = 0; dev->configured = 0;
dev->ptype_disable = 0; dev->ptype_disable = 0;
TAILQ_INIT(&dev->inb.list);
TAILQ_INIT(&dev->outb.list);
rte_spinlock_init(&dev->inb.lock);
rte_spinlock_init(&dev->outb.lock);
/* For vfs, returned max_entries will be 0. but to keep default mac /* For vfs, returned max_entries will be 0. but to keep default mac
* address, one entry must be allocated. so setting up to 1. * address, one entry must be allocated. so setting up to 1.
*/ */

6
drivers/net/cnxk/cnxk_ethdev.h
View File

@ -271,6 +271,9 @@ struct cnxk_eth_dev_sec_inb {
/* DPTR for WRITE_SA microcode op */ /* DPTR for WRITE_SA microcode op */
void *sa_dptr; void *sa_dptr;
/* Lock to synchronize sa setup/release */
rte_spinlock_t lock;
}; };
/* Outbound security data */ /* Outbound security data */
@ -304,6 +307,9 @@ struct cnxk_eth_dev_sec_outb {
/* DPTR for WRITE_SA microcode op */ /* DPTR for WRITE_SA microcode op */
void *sa_dptr; void *sa_dptr;
/* Lock to synchronize sa setup/release */
rte_spinlock_t lock;
}; };
struct cnxk_eth_dev { struct cnxk_eth_dev {