X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=drivers%2Fcrypto%2Fcnxk%2Fcn10k_ipsec.c;h=0c9e24468ab5bea59fd08e96afa2ec7bbdfee647;hb=b4409f2b3f3efaacc58c71ea0ddcb798731460a3;hp=a11a6b7d4caa7048955de4b2aa3adef9c9a7f9b6;hpb=c59311e11e9fab0db9c522194ba939e49137ef83;p=dpdk.git diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index a11a6b7d4c..0c9e24468a 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -52,14 +52,12 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, out_sa = &sa->out_sa; /* Allocate memory to be used as dptr for CPT ucode WRITE_SA op */ - sa_dptr = plt_zmalloc(ROC_NIX_INL_OT_IPSEC_OUTB_HW_SZ, 0); + sa_dptr = plt_zmalloc(sizeof(struct roc_ot_ipsec_outb_sa), 8); if (sa_dptr == NULL) { plt_err("Couldn't allocate memory for SA dptr"); return -ENOMEM; } - memset(sa_dptr, 0, sizeof(struct roc_ot_ipsec_outb_sa)); - /* Translate security parameters to SA */ ret = cnxk_ot_ipsec_outb_sa_fill(sa_dptr, ipsec_xfrm, crypto_xfrm); if (ret) { @@ -67,7 +65,7 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, goto sa_dptr_free; } - sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa); + sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, out_sa); #ifdef LA_IPSEC_DEBUG /* Use IV from application in debug mode */ @@ -76,7 +74,7 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) { sa->iv_offset = crypto_xfrm->aead.iv.offset; sa->iv_length = crypto_xfrm->aead.iv.length; - } else { + } else if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { sa->iv_offset = crypto_xfrm->cipher.iv.offset; sa->iv_length = crypto_xfrm->cipher.iv.length; } @@ -89,6 +87,8 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, } #endif + sa->is_outbound = true; + /* Get Rlen calculation data */ ret = cnxk_ipsec_outb_rlens_get(&rlens, ipsec_xfrm, crypto_xfrm); if (ret) @@ -102,6 +102,8 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, param1.u16 = 0; + param1.s.ttl_or_hop_limit = ipsec_xfrm->options.dec_ttl; + /* Disable IP checksum computation by default */ param1.s.ip_csum_disable = ROC_IE_OT_SA_INNER_PKT_IP_CSUM_DISABLE; @@ -122,22 +124,32 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, sa->inst.w4 = inst_w4.u64; + if (ipsec_xfrm->options.stats == 1) { + /* Enable mib counters */ + sa_dptr->w0.s.count_mib_bytes = 1; + sa_dptr->w0.s.count_mib_pkts = 1; + } + memset(out_sa, 0, sizeof(struct roc_ot_ipsec_outb_sa)); /* Copy word0 from sa_dptr to populate ctx_push_sz ctx_size fields */ memcpy(out_sa, sa_dptr, 8); + plt_atomic_thread_fence(__ATOMIC_SEQ_CST); + /* Write session using microcode opcode */ ret = roc_cpt_ctx_write(lf, sa_dptr, out_sa, - ROC_NIX_INL_OT_IPSEC_OUTB_HW_SZ); + sizeof(struct roc_ot_ipsec_outb_sa)); if (ret) { plt_err("Could not write outbound session to hardware"); goto sa_dptr_free; } - /* Trigger CTX flush to write dirty data back to DRAM */ + /* Trigger CTX flush so that data is written back to DRAM */ roc_cpt_lf_ctx_flush(lf, out_sa, false); + plt_atomic_thread_fence(__ATOMIC_SEQ_CST); + sa_dptr_free: plt_free(sa_dptr); @@ -163,22 +175,22 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, in_sa = &sa->in_sa; /* Allocate memory to be used as dptr for CPT ucode WRITE_SA op */ - sa_dptr = plt_zmalloc(ROC_NIX_INL_OT_IPSEC_INB_HW_SZ, 0); + sa_dptr = plt_zmalloc(sizeof(struct roc_ot_ipsec_inb_sa), 8); if (sa_dptr == NULL) { plt_err("Couldn't allocate memory for SA dptr"); return -ENOMEM; } - memset(sa_dptr, 0, sizeof(struct roc_ot_ipsec_inb_sa)); - /* Translate security parameters to SA */ - ret = cnxk_ot_ipsec_inb_sa_fill(sa_dptr, ipsec_xfrm, crypto_xfrm); + ret = cnxk_ot_ipsec_inb_sa_fill(sa_dptr, ipsec_xfrm, crypto_xfrm, + false); if (ret) { plt_err("Could not fill inbound session parameters"); goto sa_dptr_free; } - sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa); + sa->is_outbound = false; + sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, in_sa); /* pre-populate CPT INST word 4 */ inst_w4.u64 = 0; @@ -192,7 +204,6 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, if (ipsec_xfrm->options.ip_csum_enable) { param1.s.ip_csum_disable = ROC_IE_OT_SA_INNER_PKT_IP_CSUM_ENABLE; - sa->ip_csum_enable = true; } /* Disable L4 checksum verification by default */ @@ -209,21 +220,31 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, sa->inst.w4 = inst_w4.u64; + if (ipsec_xfrm->options.stats == 1) { + /* Enable mib counters */ + sa_dptr->w0.s.count_mib_bytes = 1; + sa_dptr->w0.s.count_mib_pkts = 1; + } + memset(in_sa, 0, sizeof(struct roc_ot_ipsec_inb_sa)); /* Copy word0 from sa_dptr to populate ctx_push_sz ctx_size fields */ memcpy(in_sa, sa_dptr, 8); + plt_atomic_thread_fence(__ATOMIC_SEQ_CST); + /* Write session using microcode opcode */ ret = roc_cpt_ctx_write(lf, sa_dptr, in_sa, - ROC_NIX_INL_OT_IPSEC_INB_HW_SZ); + sizeof(struct roc_ot_ipsec_inb_sa)); if (ret) { plt_err("Could not write inbound session to hardware"); goto sa_dptr_free; } - /* Trigger CTX flush to write dirty data back to DRAM */ - roc_cpt_lf_ctx_flush(lf, in_sa, false); + /* Trigger CTX flush so that data is written back to DRAM */ + roc_cpt_lf_ctx_flush(lf, in_sa, true); + + plt_atomic_thread_fence(__ATOMIC_SEQ_CST); sa_dptr_free: plt_free(sa_dptr); @@ -300,21 +321,46 @@ mempool_put: } static int -cn10k_sec_session_destroy(void *device __rte_unused, - struct rte_security_session *sess) +cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess) { - struct cn10k_sec_session *priv; + struct rte_cryptodev *crypto_dev = dev; + union roc_ot_ipsec_sa_word2 *w2; + struct cn10k_sec_session *sess; struct rte_mempool *sess_mp; + struct cn10k_ipsec_sa *sa; + struct cnxk_cpt_qp *qp; + struct roc_cpt_lf *lf; - priv = get_sec_session_private_data(sess); + sess = get_sec_session_private_data(sec_sess); + if (sess == NULL) + return 0; - if (priv == NULL) + qp = crypto_dev->data->queue_pairs[0]; + if (qp == NULL) return 0; - sess_mp = rte_mempool_from_obj(priv); + lf = &qp->lf; - set_sec_session_private_data(sess, NULL); - rte_mempool_put(sess_mp, priv); + sa = &sess->sa; + + /* Trigger CTX flush to write dirty data back to DRAM */ + roc_cpt_lf_ctx_flush(lf, &sa->in_sa, false); + + /* Wait for 1 ms so that flush is complete */ + rte_delay_ms(1); + + w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2; + w2->s.valid = 0; + + plt_atomic_thread_fence(__ATOMIC_SEQ_CST); + + /* Trigger CTX reload to fetch new data from DRAM */ + roc_cpt_lf_ctx_reload(lf, &sa->in_sa); + + sess_mp = rte_mempool_from_obj(sess); + + set_sec_session_private_data(sec_sess, NULL); + rte_mempool_put(sess_mp, sess); return 0; } @@ -325,6 +371,81 @@ cn10k_sec_session_get_size(void *device __rte_unused) return sizeof(struct cn10k_sec_session); } +static int +cn10k_sec_session_stats_get(void *device, struct rte_security_session *sess, + struct rte_security_stats *stats) +{ + struct rte_cryptodev *crypto_dev = device; + struct roc_ot_ipsec_outb_sa *out_sa; + struct roc_ot_ipsec_inb_sa *in_sa; + union roc_ot_ipsec_sa_word2 *w2; + struct cn10k_sec_session *priv; + struct cn10k_ipsec_sa *sa; + struct cnxk_cpt_qp *qp; + + priv = get_sec_session_private_data(sess); + if (priv == NULL) + return -EINVAL; + + qp = crypto_dev->data->queue_pairs[0]; + if (qp == NULL) + return -EINVAL; + + sa = &priv->sa; + w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2; + + stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC; + + if (w2->s.dir == ROC_IE_SA_DIR_OUTBOUND) { + out_sa = &sa->out_sa; + roc_cpt_lf_ctx_flush(&qp->lf, out_sa, false); + rte_delay_ms(1); + stats->ipsec.opackets = out_sa->ctx.mib_pkts; + stats->ipsec.obytes = out_sa->ctx.mib_octs; + } else { + in_sa = &sa->in_sa; + roc_cpt_lf_ctx_flush(&qp->lf, in_sa, false); + rte_delay_ms(1); + stats->ipsec.ipackets = in_sa->ctx.mib_pkts; + stats->ipsec.ibytes = in_sa->ctx.mib_octs; + } + + return 0; +} + +static int +cn10k_sec_session_update(void *device, struct rte_security_session *sess, + struct rte_security_session_conf *conf) +{ + struct rte_cryptodev *crypto_dev = device; + struct cn10k_sec_session *priv; + struct roc_cpt *roc_cpt; + struct cnxk_cpt_qp *qp; + struct cnxk_cpt_vf *vf; + int ret; + + priv = get_sec_session_private_data(sess); + if (priv == NULL) + return -EINVAL; + + qp = crypto_dev->data->queue_pairs[0]; + if (qp == NULL) + return -EINVAL; + + if (conf->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + return -ENOTSUP; + + ret = cnxk_ipsec_xform_verify(&conf->ipsec, conf->crypto_xform); + if (ret) + return ret; + + vf = crypto_dev->data->dev_private; + roc_cpt = &vf->cpt; + + return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, &conf->ipsec, + conf->crypto_xform, sess); +} + /* Update platform specific security ops */ void cn10k_sec_ops_override(void) @@ -333,4 +454,6 @@ cn10k_sec_ops_override(void) cnxk_sec_ops.session_create = cn10k_sec_session_create; cnxk_sec_ops.session_destroy = cn10k_sec_session_destroy; cnxk_sec_ops.session_get_size = cn10k_sec_session_get_size; + cnxk_sec_ops.session_stats_get = cn10k_sec_session_stats_get; + cnxk_sec_ops.session_update = cn10k_sec_session_update; }