net/octeontx2: clear SA valid during session destroy

SA table entry would be reserved for inline inbound operations. Clear
valid bit of the SA so that CPT would treat SA entry as invalid. Also,
move setting of valid bit to the end in case of session_create() to
eliminate possibility of hardware seeing partial data.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

diff --git a/drivers/crypto/octeontx2/otx2_ipsec_fp.h b/drivers/crypto/octeontx2/otx2_ipsec_fp.h
index 4be22d48c128cd1b8c4802be0e9412d4c5c076a7..2461e7462b8f7dcd1f89080a6f7c79a8ba77906e 100644 (file)
--- a/drivers/crypto/octeontx2/otx2_ipsec_fp.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_fp.h
@@ -364,7 +364,6 @@ ipsec_fp_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
                ctl->esn_en = 1;
 
        ctl->spi = rte_cpu_to_be_32(ipsec->spi);
-       ctl->valid = 1;
 
        return 0;
 }

diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index 72298cfd54228a3938b39add547a2370919e7c1f..c2a36883cbf2eae682adb5a886b84046c0e084b0 100644 (file)
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -455,6 +455,9 @@ eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
                        goto cpt_put;
        }
 
+       rte_io_wmb();
+       ctl->valid = 1;
+
        return 0;
 cpt_put:
        otx2_sec_idev_tx_cpt_qp_put(sess->qp);
@@ -595,6 +598,9 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,
                sa->esn_hi = 0;
        }
 
+       rte_io_wmb();
+       ctl->valid = 1;
+
        rte_spinlock_unlock(&dev->ipsec_tbl_lock);
        return 0;
 
@@ -682,10 +688,12 @@ otx2_eth_sec_free_anti_replay(struct otx2_ipsec_fp_in_sa *sa)
 }
 
 static int
-otx2_eth_sec_session_destroy(void *device __rte_unused,
+otx2_eth_sec_session_destroy(void *device,
                             struct rte_security_session *sess)
 {
+       struct otx2_eth_dev *dev = otx2_eth_pmd_priv(device);
        struct otx2_sec_session_ipsec_ip *sess_ip;
+       struct otx2_ipsec_fp_in_sa *sa;
        struct otx2_sec_session *priv;
        struct rte_mempool *sess_mp;
        int ret;
@@ -696,9 +704,21 @@ otx2_eth_sec_session_destroy(void *device __rte_unused,
 
        sess_ip = &priv->ipsec.ip;
 
-       /* Release the anti replay window */
-       if (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
-               otx2_eth_sec_free_anti_replay(sess_ip->in_sa);
+       if (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
+               rte_spinlock_lock(&dev->ipsec_tbl_lock);
+               sa = sess_ip->in_sa;
+
+               /* Release the anti replay window */
+               otx2_eth_sec_free_anti_replay(sa);
+
+               /* Clear SA table entry */
+               if (sa != NULL) {
+                       sa->ctl.valid = 0;
+                       rte_io_wmb();
+               }
+
+               rte_spinlock_unlock(&dev->ipsec_tbl_lock);
+       }
 
        /* Release CPT LF used for this session */
        if (sess_ip->qp != NULL) {