On Thu, Dec 9, 2021 at 2:44 PM Nithin Dabilpuram
<ndabilpu...@marvell.com> wrote:
>
> Synchronize inline session create and destroy using spinlock.
> Also move security related error prints outside the spinlock.
>
> Signed-off-by: Nithin Dabilpuram <ndabilpu...@marvell.com>
Fixed the following issue
CHECK:OPEN_ENDED_LINE: Lines should not end with a '('
#159: FILE: drivers/net/cnxk/cn9k_ethdev_sec.c:195:
+ inb_sa = (struct roc_onf_ipsec_inb_sa *)roc_nix_inl_inb_sa_get(
And Series applied to dpdk-next-net-mrvl/for-next-net. Thanks.
> ---
> drivers/net/cnxk/cn10k_ethdev_sec.c | 35 ++++++++++++++++++++++++++++-------
> drivers/net/cnxk/cn9k_ethdev_sec.c | 34 +++++++++++++++++++++++++++-------
> drivers/net/cnxk/cnxk_ethdev.c | 7 +++++--
> drivers/net/cnxk/cnxk_ethdev.h | 6 ++++++
> 4 files changed, 66 insertions(+), 16 deletions(-)
>
> diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c
> b/drivers/net/cnxk/cn10k_ethdev_sec.c
> index 235c168..12cec0a 100644
> --- a/drivers/net/cnxk/cn10k_ethdev_sec.c
> +++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
> @@ -238,6 +238,8 @@ cn10k_eth_sec_session_create(void *device,
> struct rte_crypto_sym_xform *crypto;
> struct cnxk_eth_sec_sess *eth_sec;
> bool inbound, inl_dev;
> + rte_spinlock_t *lock;
> + char tbuf[128] = {0};
> int rc = 0;
>
> if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
> @@ -272,6 +274,9 @@ cn10k_eth_sec_session_create(void *device,
> memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
> sess_priv.u64 = 0;
>
> + lock = inbound ? &dev->inb.lock : &dev->outb.lock;
> + rte_spinlock_lock(lock);
> +
> /* Acquire lock on inline dev for inbound */
> if (inbound && inl_dev)
> roc_nix_inl_dev_lock();
> @@ -287,12 +292,14 @@ cn10k_eth_sec_session_create(void *device,
> /* Get Inbound SA from NIX_RX_IPSEC_SA_BASE */
> sa = roc_nix_inl_inb_sa_get(&dev->nix, inl_dev, ipsec->spi);
> if (!sa && dev->inb.inl_dev) {
> - plt_err("Failed to create ingress sa, inline dev "
> - "not found or spi not in range");
> + snprintf(tbuf, sizeof(tbuf),
> + "Failed to create ingress sa, inline dev "
> + "not found or spi not in range");
> rc = -ENOTSUP;
> goto mempool_put;
> } else if (!sa) {
> - plt_err("Failed to create ingress sa");
> + snprintf(tbuf, sizeof(tbuf),
> + "Failed to create ingress sa");
> rc = -EFAULT;
> goto mempool_put;
> }
> @@ -301,8 +308,9 @@ cn10k_eth_sec_session_create(void *device,
>
> /* Check if SA is already in use */
> if (inb_sa->w2.s.valid) {
> - plt_err("Inbound SA with SPI %u already in use",
> - ipsec->spi);
> + snprintf(tbuf, sizeof(tbuf),
> + "Inbound SA with SPI %u already in use",
> + ipsec->spi);
> rc = -EBUSY;
> goto mempool_put;
> }
> @@ -313,7 +321,8 @@ cn10k_eth_sec_session_create(void *device,
> /* Fill inbound sa params */
> rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto);
> if (rc) {
> - plt_err("Failed to init inbound sa, rc=%d", rc);
> + snprintf(tbuf, sizeof(tbuf),
> + "Failed to init inbound sa, rc=%d", rc);
> goto mempool_put;
> }
>
> @@ -371,7 +380,8 @@ cn10k_eth_sec_session_create(void *device,
> /* Fill outbound sa params */
> rc = cnxk_ot_ipsec_outb_sa_fill(outb_sa_dptr, ipsec, crypto);
> if (rc) {
> - plt_err("Failed to init outbound sa, rc=%d", rc);
> + snprintf(tbuf, sizeof(tbuf),
> + "Failed to init outbound sa, rc=%d", rc);
> rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
> goto mempool_put;
> }
> @@ -409,6 +419,7 @@ cn10k_eth_sec_session_create(void *device,
> }
> if (inbound && inl_dev)
> roc_nix_inl_dev_unlock();
> + rte_spinlock_unlock(lock);
>
> plt_nix_dbg("Created %s session with spi=%u, sa_idx=%u inl_dev=%u",
> inbound ? "inbound" : "outbound", eth_sec->spi,
> @@ -422,7 +433,11 @@ cn10k_eth_sec_session_create(void *device,
> mempool_put:
> if (inbound && inl_dev)
> roc_nix_inl_dev_unlock();
> + rte_spinlock_unlock(lock);
> +
> rte_mempool_put(mempool, eth_sec);
> + if (rc)
> + plt_err("%s", tbuf);
> return rc;
> }
>
> @@ -433,12 +448,16 @@ cn10k_eth_sec_session_destroy(void *device, struct
> rte_security_session *sess)
> struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
> struct cnxk_eth_sec_sess *eth_sec;
> struct rte_mempool *mp;
> + rte_spinlock_t *lock;
> void *sa_dptr;
>
> eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
> if (!eth_sec)
> return -ENOENT;
>
> + lock = eth_sec->inb ? &dev->inb.lock : &dev->outb.lock;
> + rte_spinlock_lock(lock);
> +
> if (eth_sec->inl_dev)
> roc_nix_inl_dev_lock();
>
> @@ -468,6 +487,8 @@ cn10k_eth_sec_session_destroy(void *device, struct
> rte_security_session *sess)
> if (eth_sec->inl_dev)
> roc_nix_inl_dev_unlock();
>
> + rte_spinlock_unlock(lock);
> +
> plt_nix_dbg("Destroyed %s session with spi=%u, sa_idx=%u, inl_dev=%u",
> eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
> eth_sec->sa_idx, eth_sec->inl_dev);
> diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c
> b/drivers/net/cnxk/cn9k_ethdev_sec.c
> index b070ad5..efdce22 100644
> --- a/drivers/net/cnxk/cn9k_ethdev_sec.c
> +++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
> @@ -146,6 +146,8 @@ cn9k_eth_sec_session_create(void *device,
> struct cn9k_sec_sess_priv sess_priv;
> struct rte_crypto_sym_xform *crypto;
> struct cnxk_eth_sec_sess *eth_sec;
> + rte_spinlock_t *lock;
> + char tbuf[128] = {0};
> bool inbound;
> int rc = 0;
>
> @@ -174,6 +176,9 @@ cn9k_eth_sec_session_create(void *device,
> return -ENOMEM;
> }
>
> + lock = inbound ? &dev->inb.lock : &dev->outb.lock;
> + rte_spinlock_lock(lock);
> +
> memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
> sess_priv.u64 = 0;
>
> @@ -187,18 +192,20 @@ cn9k_eth_sec_session_create(void *device,
> /* Get Inbound SA from NIX_RX_IPSEC_SA_BASE. Assume no inline
> * device always for CN9K.
> */
> - inb_sa = (struct roc_onf_ipsec_inb_sa *)
> - roc_nix_inl_inb_sa_get(&dev->nix, false, ipsec->spi);
> + inb_sa = (struct roc_onf_ipsec_inb_sa
> *)roc_nix_inl_inb_sa_get(
> + &dev->nix, false, ipsec->spi);
> if (!inb_sa) {
> - plt_err("Failed to create ingress sa");
> + snprintf(tbuf, sizeof(tbuf),
> + "Failed to create ingress sa");
> rc = -EFAULT;
> goto mempool_put;
> }
>
> /* Check if SA is already in use */
> if (inb_sa->ctl.valid) {
> - plt_err("Inbound SA with SPI %u already in use",
> - ipsec->spi);
> + snprintf(tbuf, sizeof(tbuf),
> + "Inbound SA with SPI %u already in use",
> + ipsec->spi);
> rc = -EBUSY;
> goto mempool_put;
> }
> @@ -208,7 +215,8 @@ cn9k_eth_sec_session_create(void *device,
> /* Fill inbound sa params */
> rc = cnxk_onf_ipsec_inb_sa_fill(inb_sa, ipsec, crypto);
> if (rc) {
> - plt_err("Failed to init inbound sa, rc=%d", rc);
> + snprintf(tbuf, sizeof(tbuf),
> + "Failed to init inbound sa, rc=%d", rc);
> goto mempool_put;
> }
>
> @@ -263,7 +271,8 @@ cn9k_eth_sec_session_create(void *device,
> /* Fill outbound sa params */
> rc = cnxk_onf_ipsec_outb_sa_fill(outb_sa, ipsec, crypto);
> if (rc) {
> - plt_err("Failed to init outbound sa, rc=%d", rc);
> + snprintf(tbuf, sizeof(tbuf),
> + "Failed to init outbound sa, rc=%d", rc);
> rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
> goto mempool_put;
> }
> @@ -300,6 +309,8 @@ cn9k_eth_sec_session_create(void *device,
> /* Sync SA content */
> plt_atomic_thread_fence(__ATOMIC_ACQ_REL);
>
> + rte_spinlock_unlock(lock);
> +
> plt_nix_dbg("Created %s session with spi=%u, sa_idx=%u",
> inbound ? "inbound" : "outbound", eth_sec->spi,
> eth_sec->sa_idx);
> @@ -310,7 +321,10 @@ cn9k_eth_sec_session_create(void *device,
>
> return 0;
> mempool_put:
> + rte_spinlock_unlock(lock);
> rte_mempool_put(mempool, eth_sec);
> + if (rc)
> + plt_err("%s", tbuf);
> return rc;
> }
>
> @@ -323,11 +337,15 @@ cn9k_eth_sec_session_destroy(void *device, struct
> rte_security_session *sess)
> struct roc_onf_ipsec_inb_sa *inb_sa;
> struct cnxk_eth_sec_sess *eth_sec;
> struct rte_mempool *mp;
> + rte_spinlock_t *lock;
>
> eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
> if (!eth_sec)
> return -ENOENT;
>
> + lock = eth_sec->inb ? &dev->inb.lock : &dev->outb.lock;
> + rte_spinlock_lock(lock);
> +
> if (eth_sec->inb) {
> inb_sa = eth_sec->sa;
> /* Disable SA */
> @@ -349,6 +367,8 @@ cn9k_eth_sec_session_destroy(void *device, struct
> rte_security_session *sess)
> /* Sync SA content */
> plt_atomic_thread_fence(__ATOMIC_ACQ_REL);
>
> + rte_spinlock_unlock(lock);
> +
> plt_nix_dbg("Destroyed %s session with spi=%u, sa_idx=%u",
> eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
> eth_sec->sa_idx);
> diff --git a/drivers/net/cnxk/cnxk_ethdev.c b/drivers/net/cnxk/cnxk_ethdev.c
> index 74f6255..c2e7f2f 100644
> --- a/drivers/net/cnxk/cnxk_ethdev.c
> +++ b/drivers/net/cnxk/cnxk_ethdev.c
> @@ -1605,8 +1605,6 @@ cnxk_eth_dev_init(struct rte_eth_dev *eth_dev)
> sec_ctx->flags =
> (RTE_SEC_CTX_F_FAST_SET_MDATA | RTE_SEC_CTX_F_FAST_GET_UDATA);
> eth_dev->security_ctx = sec_ctx;
> - TAILQ_INIT(&dev->inb.list);
> - TAILQ_INIT(&dev->outb.list);
>
> /* For secondary processes, the primary has done all the work */
> if (rte_eal_process_type() != RTE_PROC_PRIMARY)
> @@ -1642,6 +1640,11 @@ cnxk_eth_dev_init(struct rte_eth_dev *eth_dev)
> dev->configured = 0;
> dev->ptype_disable = 0;
>
> + TAILQ_INIT(&dev->inb.list);
> + TAILQ_INIT(&dev->outb.list);
> + rte_spinlock_init(&dev->inb.lock);
> + rte_spinlock_init(&dev->outb.lock);
> +
> /* For vfs, returned max_entries will be 0. but to keep default mac
> * address, one entry must be allocated. so setting up to 1.
> */
> diff --git a/drivers/net/cnxk/cnxk_ethdev.h b/drivers/net/cnxk/cnxk_ethdev.h
> index 5bfda3d..db1fb4b 100644
> --- a/drivers/net/cnxk/cnxk_ethdev.h
> +++ b/drivers/net/cnxk/cnxk_ethdev.h
> @@ -271,6 +271,9 @@ struct cnxk_eth_dev_sec_inb {
>
> /* DPTR for WRITE_SA microcode op */
> void *sa_dptr;
> +
> + /* Lock to synchronize sa setup/release */
> + rte_spinlock_t lock;
> };
>
> /* Outbound security data */
> @@ -304,6 +307,9 @@ struct cnxk_eth_dev_sec_outb {
>
> /* DPTR for WRITE_SA microcode op */
> void *sa_dptr;
> +
> + /* Lock to synchronize sa setup/release */
> + rte_spinlock_t lock;
> };
>
> struct cnxk_eth_dev {
> --
> 2.8.4
>
