> >
> > Hi Akhil,
> >
> > >
> > > Hi Anoob/Konstantin,
> > > > >
> > > > > Check that ops->get_userdata is a valid function pointer will be
> > > > > compiled
> > out.
> > > > > So PMDs that don't implement this function will crash in
> > > > > rte_security_get_userdata().
> > > > > In our particular case - ixgbe.
> > > > > Same story with rte_security_set_pkt_metadata() - see the patch.
> > > >
> > > > [Anoob] But ixgbe doesn't implement inline protocol which is the primary
> > > > consumer of this API (rte_security_get_userdata()). So what is the
> > > > trouble?
> > > >
> > > > Also, application is expected to call rte_security_set_pkt_metadata()
> > > > only on
> > > > devices with offload flag RTE_SECURITY_TX_OLOAD_NEED_MDATA. If a
> > PMD
> > > > states it needs MDATA but fails to register a function pointer for
> > > > doing the
> > same,
> > > > it is a control path problem. Checking for that in the datapath is an
> > > > overkill.
> > > >
> > > Whatever your concern is, we can resolve it later, but for now we should
> > > have
> > the same
> > > Unconditional checks that were there earlier. We need to make RC1
> > today/tomorrow.
> > > And this cannot go as an issue.
> > >
> > > These are optional APIs and every PMD may not have supported that.
> > >
> > > Konstantin,
> > > Please send an update to your patch reverting the original patch for
> > > these 2
> > functions.
> > > Currently it is adding 2 extra checks.
> > >
> >
> > I am afraid we can't do just that.
> > As in that case /app/test/test_security.c build wih -DRE_DEBUG will start
> > crashing.
> >
> > I think we have 3 alternative how to fix it:
> >
> > 1. Keep all these 3 checks for debug and non-debug mode (that what my
> > current
> > patch does).
> > 2. Have both: existed 1 check in non-debug mode, plus new checks in debug
> > mode, i.e.:
> > rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
> > {
> > void *userdata = NULL;
> >
> > +#ifdef RTE_DEBUG
> > + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, get_userdata, NULL,
> > NULL);
> > +#else
> > RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
> > +#endif
> >
> > ....
> >
> > 3. Keep only 1 existed check in non-debug mode and remove cases in
> > app/test/test_security.c
> > that would crash with -DRTE_DEBUG.
> >
> > My preference is 1), I don't think these 2 extra checks will affect
> > performance
> > greatly.
> > Also with 1) we can make these new test-case to be executed for non-debug
> > mode too.
> > 2) is probably also ok - but I think RTE_DEBUG concept should be a separate
> > patch series,
> > and I don't want to mix things.
> > What is your opinion here?
> >
> I am OK with both 1 and 2.
> Anoob may be concerned about the performance.
> But if we go with 2, it would be better to have
> rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
> {
> void *userdata = NULL;
>
> +#ifdef RTE_DEBUG
> + RTE_PTR_OR_ERR_RET(instance, NULL);
> + RTE_PTR_OR_ERR_RET(instance->ops, NULL);
> +#endif
> RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
> ....
> }
>
> And for security test, we can have a separate patch. Lukasz or you can send
> that later if not now.
Ok, then to keep everyone happy will go with your code snippet above.
