Message ID | 20211018213452.2734720-1-gakhil@marvell.com (mailing list archive) |
---|---|
Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 923A5A0C52; Mon, 18 Oct 2021 23:35:11 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2398940683; Mon, 18 Oct 2021 23:35:11 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id A846F40142 for <dev@dpdk.org>; Mon, 18 Oct 2021 23:35:09 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19IK0YBq001417; Mon, 18 Oct 2021 14:35:04 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=BinuchZW4gmMcKaA1GibFrBwZoKdZzQPXHEKC8R2Lp0=; b=TcDI3NBhM0Scss3hR3hMNHCc4ePSCYbzwLUyTMm354fRF82fF0Vd1VbLgPwIEcBBQv+a 2tOPZ0leA3/1ooW0dM0Huw90xL6tw7mEaNZeFT8hNSGPU/nQV/Y5nus/LVfWG+YEXAhU p8y1+bDroH81ucB6++uYIWHeyYb8dk2FP9OkhjasjiBXid0tGX3tQ+9/VC4Hszrx75hf G2fgTdc6+aSoZzErw2e1TsG+B4mKcZzt+LvbQi5bTo9aGZ1xHSKVNPEQxbbUlJswVity uXDn28D9rrnHqzLcEMpTF0ojnk8ZsTLXzuSBuBgzGaNR7ipzdO9AZmllyXsAeVtV/I7A gw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 3bsfk489pg-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 18 Oct 2021 14:35:04 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 18 Oct 2021 14:35:02 -0700 Received: from maili.marvell.com (10.68.76.51) by dc5-exch01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Mon, 18 Oct 2021 14:35:02 -0700 Received: from localhost.localdomain (unknown [10.28.36.185]) by maili.marvell.com (Postfix) with ESMTP id 410563F7041; Mon, 18 Oct 2021 14:34:56 -0700 (PDT) From: Akhil Goyal <gakhil@marvell.com> To: <dev@dpdk.org> CC: <thomas@monjalon.net>, <david.marchand@redhat.com>, <hemant.agrawal@nxp.com>, <anoobj@marvell.com>, <pablo.de.lara.guarch@intel.com>, <fiona.trahe@intel.com>, <declan.doherty@intel.com>, <matan@nvidia.com>, <g.singh@nxp.com>, <roy.fan.zhang@intel.com>, <jianjay.zhou@huawei.com>, <asomalap@amd.com>, <ruifeng.wang@arm.com>, <konstantin.ananyev@intel.com>, <radu.nicolau@intel.com>, <ajit.khaparde@broadcom.com>, <rnagadheeraj@marvell.com>, <adwivedi@marvell.com>, <ciara.power@intel.com>, <haiyue.wang@intel.com>, <jiawenwu@trustnetic.com>, <jianwang@trustnetic.com>, Akhil Goyal <gakhil@marvell.com> Date: Tue, 19 Oct 2021 03:04:44 +0530 Message-ID: <20211018213452.2734720-1-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211013192222.1582631-2-gakhil@marvell.com> References: <20211013192222.1582631-2-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: Zyfbop8QvxNPhMRaz-wgheOXExv7t822 X-Proofpoint-GUID: Zyfbop8QvxNPhMRaz-wgheOXExv7t822 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-18_07,2021-10-18_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions <dev.dpdk.org> List-Unsubscribe: <https://mails.dpdk.org/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://mails.dpdk.org/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <https://mails.dpdk.org/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org> |
Series |
crypto/security session framework rework
|
|
Message
Akhil Goyal
Oct. 18, 2021, 9:34 p.m. UTC
As discussed in last release deprecation notice, crypto and security session framework are reworked to reduce the need of two mempool objects and remove the requirement to expose the rte_security_session and rte_cryptodev_sym_session structures. Design methodology is explained in the patch description. Similar work will need to be done for asymmetric sessions as well. Asymmetric session need another rework and is postponed to next release. Since it is still in experimental stage, we can modify the APIs in next release as well. The patches are compilable with all affected PMDs and tested with dpdk-test and test-crypto-perf app on CN9k platform. The series is rebased over "cryptodev: hide internal structures" https://patchwork.dpdk.org/project/dpdk/list/?series=19749 Changes in v3 - rebased over next-crypto TOT - Release notes updated and deprecation notice removed. - Documentation updates. - fix session less crypto - fix asym crypto issue for qp setup - add sess_iova param to PMD session configure APIs to pass physical address of session pointer. - rework cnxk net PMD based on the new session framework. - added missing op to get size of security session private data Changes in v2: - Added new parameter iova in PMD session configure APIs for session priv pointer to be used in QAT/CNXK/etc PMDs. - Hide rte_cryptodev_sym_session and rte_security_session structs. - Added compilation workaround for net PMDs(ixgbe/txgbe) for inline ipsec. Patches with actual fix is beynd the scope of this patchset. - Added inline APIs to access the opaque data and fast metadata. - Remove commented code. TODO - Asym APIs - postponed for next release. Akhil Goyal (8): security: rework session framework security: hide security session struct net/cnxk: rework security session framework security: pass session iova in PMD sess create drivers/crypto: support security session get size op cryptodev: rework session framework cryptodev: hide sym session structure cryptodev: pass session iova in configure session app/test-crypto-perf/cperf.h | 1 - app/test-crypto-perf/cperf_ops.c | 46 ++-- app/test-crypto-perf/cperf_ops.h | 6 +- app/test-crypto-perf/cperf_test_latency.c | 5 +- app/test-crypto-perf/cperf_test_latency.h | 1 - .../cperf_test_pmd_cyclecount.c | 7 +- .../cperf_test_pmd_cyclecount.h | 1 - app/test-crypto-perf/cperf_test_throughput.c | 5 +- app/test-crypto-perf/cperf_test_throughput.h | 1 - app/test-crypto-perf/cperf_test_verify.c | 5 +- app/test-crypto-perf/cperf_test_verify.h | 1 - app/test-crypto-perf/main.c | 29 +-- app/test/test_cryptodev.c | 147 ++++--------- app/test/test_cryptodev.h | 1 - app/test/test_cryptodev_asym.c | 3 +- app/test/test_cryptodev_blockcipher.c | 6 +- app/test/test_event_crypto_adapter.c | 28 +-- app/test/test_ipsec.c | 34 +-- app/test/test_ipsec_perf.c | 4 +- app/test/test_security.c | 196 ++++-------------- doc/guides/prog_guide/cryptodev_lib.rst | 10 +- doc/guides/prog_guide/rte_security.rst | 11 +- doc/guides/rel_notes/deprecation.rst | 9 - doc/guides/rel_notes/release_21_11.rst | 14 ++ drivers/crypto/armv8/armv8_pmd_private.h | 2 - drivers/crypto/armv8/rte_armv8_pmd.c | 21 +- drivers/crypto/armv8/rte_armv8_pmd_ops.c | 34 +-- drivers/crypto/bcmfs/bcmfs_sym_session.c | 36 +--- drivers/crypto/bcmfs/bcmfs_sym_session.h | 6 +- drivers/crypto/caam_jr/caam_jr.c | 71 ++----- drivers/crypto/ccp/ccp_pmd_ops.c | 32 +-- drivers/crypto/ccp/ccp_pmd_private.h | 2 - drivers/crypto/ccp/rte_ccp_pmd.c | 24 +-- drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 24 +-- drivers/crypto/cnxk/cn10k_ipsec.c | 53 +---- drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 20 +- drivers/crypto/cnxk/cn9k_ipsec.c | 75 +++---- drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 61 ++---- drivers/crypto/cnxk/cnxk_cryptodev_ops.h | 16 +- drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 76 ++----- drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c | 3 +- drivers/crypto/dpaa_sec/dpaa_sec.c | 75 ++----- drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c | 3 +- drivers/crypto/ipsec_mb/ipsec_mb_ops.c | 32 +-- drivers/crypto/ipsec_mb/ipsec_mb_private.h | 29 +-- drivers/crypto/ipsec_mb/pmd_aesni_gcm.c | 23 +- drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 40 ++-- drivers/crypto/ipsec_mb/pmd_chacha_poly.c | 1 - drivers/crypto/ipsec_mb/pmd_kasumi.c | 1 - drivers/crypto/ipsec_mb/pmd_snow3g.c | 1 - drivers/crypto/ipsec_mb/pmd_zuc.c | 1 - drivers/crypto/mlx5/mlx5_crypto.c | 25 +-- drivers/crypto/mvsam/mrvl_pmd_private.h | 3 - drivers/crypto/mvsam/rte_mrvl_pmd.c | 3 +- drivers/crypto/mvsam/rte_mrvl_pmd_ops.c | 55 ++--- drivers/crypto/nitrox/nitrox_sym.c | 33 +-- drivers/crypto/null/null_crypto_pmd.c | 20 +- drivers/crypto/null/null_crypto_pmd_ops.c | 34 +-- drivers/crypto/null/null_crypto_pmd_private.h | 2 - .../crypto/octeontx/otx_cryptodev_hw_access.h | 1 - drivers/crypto/octeontx/otx_cryptodev_ops.c | 68 +++--- drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 63 +++--- .../octeontx2/otx2_cryptodev_ops_helper.h | 16 +- drivers/crypto/octeontx2/otx2_cryptodev_qp.h | 2 - drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 77 +++---- drivers/crypto/openssl/openssl_pmd_private.h | 2 - drivers/crypto/openssl/rte_openssl_pmd.c | 18 +- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 35 +--- drivers/crypto/qat/qat_sym.c | 3 +- drivers/crypto/qat/qat_sym.h | 8 +- drivers/crypto/qat/qat_sym_pmd.c | 1 + drivers/crypto/qat/qat_sym_session.c | 72 ++----- drivers/crypto/qat/qat_sym_session.h | 17 +- drivers/crypto/scheduler/scheduler_pmd_ops.c | 10 +- drivers/crypto/virtio/virtio_cryptodev.c | 32 +-- .../octeontx2/otx2_evdev_crypto_adptr_rx.h | 3 +- drivers/net/cnxk/cn10k_ethdev_sec.c | 64 +++--- drivers/net/cnxk/cn9k_ethdev_sec.c | 59 ++---- drivers/net/cnxk/cnxk_ethdev.c | 6 +- drivers/net/cnxk/cnxk_ethdev.h | 6 - drivers/net/cnxk/cnxk_ethdev_sec.c | 21 -- drivers/net/ixgbe/ixgbe_ipsec.c | 38 +--- drivers/net/octeontx2/otx2_ethdev_sec.c | 52 ++--- drivers/net/octeontx2/otx2_ethdev_sec_tx.h | 2 +- drivers/net/txgbe/txgbe_ipsec.c | 38 +--- examples/fips_validation/fips_dev_self_test.c | 32 +-- examples/fips_validation/main.c | 20 +- examples/ipsec-secgw/ipsec-secgw.c | 40 ---- examples/ipsec-secgw/ipsec.c | 12 +- examples/ipsec-secgw/ipsec.h | 1 - examples/ipsec-secgw/ipsec_worker.c | 4 - examples/l2fwd-crypto/main.c | 41 +--- examples/vhost_crypto/main.c | 16 +- lib/cryptodev/cryptodev_pmd.h | 33 ++- lib/cryptodev/rte_crypto.h | 2 +- lib/cryptodev/rte_crypto_sym.h | 2 +- lib/cryptodev/rte_cryptodev.c | 91 ++++---- lib/cryptodev/rte_cryptodev.h | 70 +++---- lib/cryptodev/rte_cryptodev_trace.h | 16 +- lib/ipsec/rte_ipsec.h | 4 +- lib/ipsec/rte_ipsec_group.h | 13 +- lib/ipsec/ses.c | 6 +- lib/pipeline/rte_table_action.c | 8 +- lib/pipeline/rte_table_action.h | 2 +- lib/security/rte_security.c | 32 +-- lib/security/rte_security.h | 85 +++++--- lib/security/rte_security_driver.h | 31 ++- lib/vhost/rte_vhost_crypto.h | 3 - lib/vhost/vhost_crypto.c | 7 +- 109 files changed, 913 insertions(+), 1880 deletions(-)
Comments
Series- Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com> > -----Original Message----- > From: dev <dev-bounces@dpdk.org> On Behalf Of Akhil Goyal > Sent: Tuesday, October 19, 2021 3:05 AM > To: dev@dpdk.org > Cc: thomas@monjalon.net; david.marchand@redhat.com; Hemant Agrawal > <hemant.agrawal@nxp.com>; anoobj@marvell.com; > pablo.de.lara.guarch@intel.com; fiona.trahe@intel.com; > declan.doherty@intel.com; matan@nvidia.com; Gagandeep Singh > <G.Singh@nxp.com>; roy.fan.zhang@intel.com; jianjay.zhou@huawei.com; > asomalap@amd.com; ruifeng.wang@arm.com; > konstantin.ananyev@intel.com; radu.nicolau@intel.com; > ajit.khaparde@broadcom.com; rnagadheeraj@marvell.com; > adwivedi@marvell.com; ciara.power@intel.com; haiyue.wang@intel.com; > jiawenwu@trustnetic.com; jianwang@trustnetic.com; Akhil Goyal > <gakhil@marvell.com> > Subject: [dpdk-dev] [PATCH v3 0/8] crypto/security session framework > rework > Importance: High > > As discussed in last release deprecation notice, crypto and security session > framework are reworked to reduce the need of two mempool objects and > remove the requirement to expose the rte_security_session and > rte_cryptodev_sym_session structures. > Design methodology is explained in the patch description. > > Similar work will need to be done for asymmetric sessions as well. > Asymmetric session need another rework and is postponed to next release. > Since it is still in experimental stage, we can modify the APIs in next release as > well. > > The patches are compilable with all affected PMDs and tested with dpdk-test > and test-crypto-perf app on CN9k platform. > > The series is rebased over "cryptodev: hide internal structures" > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatch > work.dpdk.org%2Fproject%2Fdpdk%2Flist%2F%3Fseries%3D19749&dat > a=04%7C01%7Chemant.agrawal%40nxp.com%7C670e1914f95c49cbd24608d > 9927f2b28%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6377018 > 97169217767%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJ > QIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=KPG > ZGoNXdfucnr3yA422eGc6EO%2BdXqCj3VSo7IlbX94%3D&reserved=0 > > Changes in v3 > - rebased over next-crypto TOT > - Release notes updated and deprecation notice removed. > - Documentation updates. > - fix session less crypto > - fix asym crypto issue for qp setup > - add sess_iova param to PMD session configure APIs to pass physical address > of session pointer. > - rework cnxk net PMD based on the new session framework. > - added missing op to get size of security session private data > > Changes in v2: > - Added new parameter iova in PMD session configure APIs for > session priv pointer to be used in QAT/CNXK/etc PMDs. > - Hide rte_cryptodev_sym_session and rte_security_session structs. > - Added compilation workaround for net PMDs(ixgbe/txgbe) > for inline ipsec. > Patches with actual fix is beynd the scope of this patchset. > - Added inline APIs to access the opaque data and fast metadata. > - Remove commented code. > > TODO > - Asym APIs - postponed for next release. > > > Akhil Goyal (8): > security: rework session framework > security: hide security session struct > net/cnxk: rework security session framework > security: pass session iova in PMD sess create > drivers/crypto: support security session get size op > cryptodev: rework session framework > cryptodev: hide sym session structure > cryptodev: pass session iova in configure session > > app/test-crypto-perf/cperf.h | 1 - > app/test-crypto-perf/cperf_ops.c | 46 ++-- > app/test-crypto-perf/cperf_ops.h | 6 +- > app/test-crypto-perf/cperf_test_latency.c | 5 +- > app/test-crypto-perf/cperf_test_latency.h | 1 - > .../cperf_test_pmd_cyclecount.c | 7 +- > .../cperf_test_pmd_cyclecount.h | 1 - > app/test-crypto-perf/cperf_test_throughput.c | 5 +- > app/test-crypto-perf/cperf_test_throughput.h | 1 - > app/test-crypto-perf/cperf_test_verify.c | 5 +- > app/test-crypto-perf/cperf_test_verify.h | 1 - > app/test-crypto-perf/main.c | 29 +-- > app/test/test_cryptodev.c | 147 ++++--------- > app/test/test_cryptodev.h | 1 - > app/test/test_cryptodev_asym.c | 3 +- > app/test/test_cryptodev_blockcipher.c | 6 +- > app/test/test_event_crypto_adapter.c | 28 +-- > app/test/test_ipsec.c | 34 +-- > app/test/test_ipsec_perf.c | 4 +- > app/test/test_security.c | 196 ++++-------------- > doc/guides/prog_guide/cryptodev_lib.rst | 10 +- > doc/guides/prog_guide/rte_security.rst | 11 +- > doc/guides/rel_notes/deprecation.rst | 9 - > doc/guides/rel_notes/release_21_11.rst | 14 ++ > drivers/crypto/armv8/armv8_pmd_private.h | 2 - > drivers/crypto/armv8/rte_armv8_pmd.c | 21 +- > drivers/crypto/armv8/rte_armv8_pmd_ops.c | 34 +-- > drivers/crypto/bcmfs/bcmfs_sym_session.c | 36 +--- > drivers/crypto/bcmfs/bcmfs_sym_session.h | 6 +- > drivers/crypto/caam_jr/caam_jr.c | 71 ++----- > drivers/crypto/ccp/ccp_pmd_ops.c | 32 +-- > drivers/crypto/ccp/ccp_pmd_private.h | 2 - > drivers/crypto/ccp/rte_ccp_pmd.c | 24 +-- > drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 24 +-- > drivers/crypto/cnxk/cn10k_ipsec.c | 53 +---- > drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 20 +- > drivers/crypto/cnxk/cn9k_ipsec.c | 75 +++---- > drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 61 ++---- > drivers/crypto/cnxk/cnxk_cryptodev_ops.h | 16 +- > drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 76 ++----- > drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c | 3 +- > drivers/crypto/dpaa_sec/dpaa_sec.c | 75 ++----- > drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c | 3 +- > drivers/crypto/ipsec_mb/ipsec_mb_ops.c | 32 +-- > drivers/crypto/ipsec_mb/ipsec_mb_private.h | 29 +-- > drivers/crypto/ipsec_mb/pmd_aesni_gcm.c | 23 +- > drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 40 ++-- > drivers/crypto/ipsec_mb/pmd_chacha_poly.c | 1 - > drivers/crypto/ipsec_mb/pmd_kasumi.c | 1 - > drivers/crypto/ipsec_mb/pmd_snow3g.c | 1 - > drivers/crypto/ipsec_mb/pmd_zuc.c | 1 - > drivers/crypto/mlx5/mlx5_crypto.c | 25 +-- > drivers/crypto/mvsam/mrvl_pmd_private.h | 3 - > drivers/crypto/mvsam/rte_mrvl_pmd.c | 3 +- > drivers/crypto/mvsam/rte_mrvl_pmd_ops.c | 55 ++--- > drivers/crypto/nitrox/nitrox_sym.c | 33 +-- > drivers/crypto/null/null_crypto_pmd.c | 20 +- > drivers/crypto/null/null_crypto_pmd_ops.c | 34 +-- > drivers/crypto/null/null_crypto_pmd_private.h | 2 - > .../crypto/octeontx/otx_cryptodev_hw_access.h | 1 - > drivers/crypto/octeontx/otx_cryptodev_ops.c | 68 +++--- > drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 63 +++--- > .../octeontx2/otx2_cryptodev_ops_helper.h | 16 +- > drivers/crypto/octeontx2/otx2_cryptodev_qp.h | 2 - > drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 77 +++---- > drivers/crypto/openssl/openssl_pmd_private.h | 2 - > drivers/crypto/openssl/rte_openssl_pmd.c | 18 +- > drivers/crypto/openssl/rte_openssl_pmd_ops.c | 35 +--- > drivers/crypto/qat/qat_sym.c | 3 +- > drivers/crypto/qat/qat_sym.h | 8 +- > drivers/crypto/qat/qat_sym_pmd.c | 1 + > drivers/crypto/qat/qat_sym_session.c | 72 ++----- > drivers/crypto/qat/qat_sym_session.h | 17 +- > drivers/crypto/scheduler/scheduler_pmd_ops.c | 10 +- > drivers/crypto/virtio/virtio_cryptodev.c | 32 +-- > .../octeontx2/otx2_evdev_crypto_adptr_rx.h | 3 +- > drivers/net/cnxk/cn10k_ethdev_sec.c | 64 +++--- > drivers/net/cnxk/cn9k_ethdev_sec.c | 59 ++---- > drivers/net/cnxk/cnxk_ethdev.c | 6 +- > drivers/net/cnxk/cnxk_ethdev.h | 6 - > drivers/net/cnxk/cnxk_ethdev_sec.c | 21 -- > drivers/net/ixgbe/ixgbe_ipsec.c | 38 +--- > drivers/net/octeontx2/otx2_ethdev_sec.c | 52 ++--- > drivers/net/octeontx2/otx2_ethdev_sec_tx.h | 2 +- > drivers/net/txgbe/txgbe_ipsec.c | 38 +--- > examples/fips_validation/fips_dev_self_test.c | 32 +-- > examples/fips_validation/main.c | 20 +- > examples/ipsec-secgw/ipsec-secgw.c | 40 ---- > examples/ipsec-secgw/ipsec.c | 12 +- > examples/ipsec-secgw/ipsec.h | 1 - > examples/ipsec-secgw/ipsec_worker.c | 4 - > examples/l2fwd-crypto/main.c | 41 +--- > examples/vhost_crypto/main.c | 16 +- > lib/cryptodev/cryptodev_pmd.h | 33 ++- > lib/cryptodev/rte_crypto.h | 2 +- > lib/cryptodev/rte_crypto_sym.h | 2 +- > lib/cryptodev/rte_cryptodev.c | 91 ++++---- > lib/cryptodev/rte_cryptodev.h | 70 +++---- > lib/cryptodev/rte_cryptodev_trace.h | 16 +- > lib/ipsec/rte_ipsec.h | 4 +- > lib/ipsec/rte_ipsec_group.h | 13 +- > lib/ipsec/ses.c | 6 +- > lib/pipeline/rte_table_action.c | 8 +- > lib/pipeline/rte_table_action.h | 2 +- > lib/security/rte_security.c | 32 +-- > lib/security/rte_security.h | 85 +++++--- > lib/security/rte_security_driver.h | 31 ++- > lib/vhost/rte_vhost_crypto.h | 3 - > lib/vhost/vhost_crypto.c | 7 +- > 109 files changed, 913 insertions(+), 1880 deletions(-) > > -- > 2.25.1
Hi Akhil, >-----Original Message----- >From: Akhil Goyal <gakhil@marvell.com> >Sent: Monday 18 October 2021 22:35 >To: dev@dpdk.org >Cc: thomas@monjalon.net; david.marchand@redhat.com; >hemant.agrawal@nxp.com; anoobj@marvell.com; De Lara Guarch, Pablo ><pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>; >Doherty, Declan <declan.doherty@intel.com>; matan@nvidia.com; >g.singh@nxp.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>; >jianjay.zhou@huawei.com; asomalap@amd.com; ruifeng.wang@arm.com; >Ananyev, Konstantin <konstantin.ananyev@intel.com>; Nicolau, Radu ><radu.nicolau@intel.com>; ajit.khaparde@broadcom.com; >rnagadheeraj@marvell.com; adwivedi@marvell.com; Power, Ciara ><ciara.power@intel.com>; Wang, Haiyue <haiyue.wang@intel.com>; >jiawenwu@trustnetic.com; jianwang@trustnetic.com; Akhil Goyal ><gakhil@marvell.com> >Subject: [PATCH v3 0/8] crypto/security session framework rework > >As discussed in last release deprecation notice, crypto and security session >framework are reworked to reduce the need of two mempool objects and >remove the requirement to expose the rte_security_session and >rte_cryptodev_sym_session structures. >Design methodology is explained in the patch description. > >Similar work will need to be done for asymmetric sessions as well. Asymmetric >session need another rework and is postponed to next release. Since it is still >in experimental stage, we can modify the APIs in next release as well. > >The patches are compilable with all affected PMDs and tested with dpdk-test >and test-crypto-perf app on CN9k platform. <snip> I am seeing test failures for cryptodev_scheduler_autotest: + Tests Total : 638 + Tests Skipped : 280 + Tests Executed : 638 + Tests Unsupported: 0 + Tests Passed : 18 + Tests Failed : 340 The error showing for each testcase: scheduler_pmd_sym_session_configure() line 487: unable to config sym session CRYPTODEV: rte_cryptodev_sym_session_init() line 1743: dev_id 2 failed to configure session details I believe the problem happens in scheduler_pmd_sym_session_configure. The full sess object is no longer accessible in here, but it is required to be passed to rte_cryptodev_sym_session_init. The init function expects access to sess rather than the private data, and now fails as a result. static int scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev, struct rte_crypto_sym_xform *xform, void *sess, rte_iova_t sess_iova __rte_unused) { struct scheduler_ctx *sched_ctx = dev->data->dev_private; uint32_t i; int ret; for (i = 0; i < sched_ctx->nb_workers; i++) { struct scheduler_worker *worker = &sched_ctx->workers[i]; ret = rte_cryptodev_sym_session_init(worker->dev_id, sess, xform); if (ret < 0) { CR_SCHED_LOG(ERR, "unable to config sym session"); return ret; } } return 0; } Thanks, Ciara
> Hi Akhil, > > >Subject: [PATCH v3 0/8] crypto/security session framework rework > > > >As discussed in last release deprecation notice, crypto and security session > >framework are reworked to reduce the need of two mempool objects and > >remove the requirement to expose the rte_security_session and > >rte_cryptodev_sym_session structures. > >Design methodology is explained in the patch description. > > > >Similar work will need to be done for asymmetric sessions as well. > Asymmetric > >session need another rework and is postponed to next release. Since it is > still > >in experimental stage, we can modify the APIs in next release as well. > > > >The patches are compilable with all affected PMDs and tested with dpdk- > test > >and test-crypto-perf app on CN9k platform. > <snip> > > I am seeing test failures for cryptodev_scheduler_autotest: > + Tests Total : 638 > + Tests Skipped : 280 > + Tests Executed : 638 > + Tests Unsupported: 0 > + Tests Passed : 18 > + Tests Failed : 340 > > The error showing for each testcase: > scheduler_pmd_sym_session_configure() line 487: unable to config sym > session > CRYPTODEV: rte_cryptodev_sym_session_init() line 1743: dev_id 2 failed to > configure session details > > I believe the problem happens in scheduler_pmd_sym_session_configure. > The full sess object is no longer accessible in here, but it is required to be > passed to rte_cryptodev_sym_session_init. > The init function expects access to sess rather than the private data, and now > fails as a result. > > static int > scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev, > struct rte_crypto_sym_xform *xform, void *sess, > rte_iova_t sess_iova __rte_unused) > { > struct scheduler_ctx *sched_ctx = dev->data->dev_private; > uint32_t i; > int ret; > for (i = 0; i < sched_ctx->nb_workers; i++) { > struct scheduler_worker *worker = &sched_ctx->workers[i]; > ret = rte_cryptodev_sym_session_init(worker->dev_id, sess, > xform); > if (ret < 0) { > CR_SCHED_LOG(ERR, "unable to config sym session"); > return ret; > } > } > return 0; > } > It looks like scheduler PMD is managing the stuff on its own for other PMDs. The APIs are designed such that the app can call session_init multiple times With different dev_id on same sess. But here scheduler PMD internally want to configure other PMDs sess_priv By calling session_init. I wonder, why we have this 2 step session_create and session_init? Why can't we have it similar to security session create and let the scheduler PMD have its big session private data which can hold priv_data of as many PMDs as it want to schedule. Konstantin/Fan/Pablo what are your thoughts on this issue? Can we resolve this issue at priority in RC1(or probably RC2) for this release or else we defer it for next ABI break release? Thomas, Can we defer this for RC2? It does not seem to be fixed in 1 day.
> > Hi Akhil, > > > > >Subject: [PATCH v3 0/8] crypto/security session framework rework > > > > > >As discussed in last release deprecation notice, crypto and security session > > >framework are reworked to reduce the need of two mempool objects and > > >remove the requirement to expose the rte_security_session and > > >rte_cryptodev_sym_session structures. > > >Design methodology is explained in the patch description. > > > > > >Similar work will need to be done for asymmetric sessions as well. > > Asymmetric > > >session need another rework and is postponed to next release. Since it is > > still > > >in experimental stage, we can modify the APIs in next release as well. > > > > > >The patches are compilable with all affected PMDs and tested with dpdk- > > test > > >and test-crypto-perf app on CN9k platform. > > <snip> > > > > I am seeing test failures for cryptodev_scheduler_autotest: > > + Tests Total : 638 > > + Tests Skipped : 280 > > + Tests Executed : 638 > > + Tests Unsupported: 0 > > + Tests Passed : 18 > > + Tests Failed : 340 > > > > The error showing for each testcase: > > scheduler_pmd_sym_session_configure() line 487: unable to config sym > > session > > CRYPTODEV: rte_cryptodev_sym_session_init() line 1743: dev_id 2 failed to > > configure session details > > > > I believe the problem happens in scheduler_pmd_sym_session_configure. > > The full sess object is no longer accessible in here, but it is required to be > > passed to rte_cryptodev_sym_session_init. > > The init function expects access to sess rather than the private data, and > now > > fails as a result. > > > > static int > > scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev, > > struct rte_crypto_sym_xform *xform, void *sess, > > rte_iova_t sess_iova __rte_unused) > > { > > struct scheduler_ctx *sched_ctx = dev->data->dev_private; > > uint32_t i; > > int ret; > > for (i = 0; i < sched_ctx->nb_workers; i++) { > > struct scheduler_worker *worker = &sched_ctx->workers[i]; > > ret = rte_cryptodev_sym_session_init(worker->dev_id, sess, > > xform); > > if (ret < 0) { > > CR_SCHED_LOG(ERR, "unable to config sym session"); > > return ret; > > } > > } > > return 0; > > } > > > It looks like scheduler PMD is managing the stuff on its own for other PMDs. > The APIs are designed such that the app can call session_init multiple times > With different dev_id on same sess. > But here scheduler PMD internally want to configure other PMDs sess_priv > By calling session_init. > > I wonder, why we have this 2 step session_create and session_init? > Why can't we have it similar to security session create and let the scheduler > PMD have its big session private data which can hold priv_data of as many > PMDs > as it want to schedule. > > Konstantin/Fan/Pablo what are your thoughts on this issue? > Can we resolve this issue at priority in RC1(or probably RC2) for this release > or > else we defer it for next ABI break release? > > Thomas, > Can we defer this for RC2? It does not seem to be fixed in 1 day. On another thought, this can be fixed with current patch also by having a big session Private data for scheduler PMD which is big enough to hold all other PMDs data which it want to schedule and then call the sess_configure function pointer of dev directly. What say? And this PMD change can be done in RC2. And this patchset go as is in RC1.
> > > I am seeing test failures for cryptodev_scheduler_autotest: > > > + Tests Total : 638 > > > + Tests Skipped : 280 > > > + Tests Executed : 638 > > > + Tests Unsupported: 0 > > > + Tests Passed : 18 > > > + Tests Failed : 340 > > > > > > The error showing for each testcase: > > > scheduler_pmd_sym_session_configure() line 487: unable to config sym > > > session > > > CRYPTODEV: rte_cryptodev_sym_session_init() line 1743: dev_id 2 failed > to > > > configure session details > > > > > > I believe the problem happens in > scheduler_pmd_sym_session_configure. > > > The full sess object is no longer accessible in here, but it is required to be > > > passed to rte_cryptodev_sym_session_init. > > > The init function expects access to sess rather than the private data, and > > now > > > fails as a result. > > > > > > static int > > > scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev, > > > struct rte_crypto_sym_xform *xform, void *sess, > > > rte_iova_t sess_iova __rte_unused) > > > { > > > struct scheduler_ctx *sched_ctx = dev->data->dev_private; > > > uint32_t i; > > > int ret; > > > for (i = 0; i < sched_ctx->nb_workers; i++) { > > > struct scheduler_worker *worker = &sched_ctx->workers[i]; > > > ret = rte_cryptodev_sym_session_init(worker->dev_id, sess, > > > xform); > > > if (ret < 0) { > > > CR_SCHED_LOG(ERR, "unable to config sym session"); > > > return ret; > > > } > > > } > > > return 0; > > > } > > > > > It looks like scheduler PMD is managing the stuff on its own for other > PMDs. > > The APIs are designed such that the app can call session_init multiple times > > With different dev_id on same sess. > > But here scheduler PMD internally want to configure other PMDs sess_priv > > By calling session_init. > > > > I wonder, why we have this 2 step session_create and session_init? > > Why can't we have it similar to security session create and let the scheduler > > PMD have its big session private data which can hold priv_data of as many > > PMDs > > as it want to schedule. > > > > Konstantin/Fan/Pablo what are your thoughts on this issue? > > Can we resolve this issue at priority in RC1(or probably RC2) for this release > > or > > else we defer it for next ABI break release? > > > > Thomas, > > Can we defer this for RC2? It does not seem to be fixed in 1 day. > > On another thought, this can be fixed with current patch also by having a big > session > Private data for scheduler PMD which is big enough to hold all other PMDs > data which > it want to schedule and then call the sess_configure function pointer of dev > directly. > What say? And this PMD change can be done in RC2. And this patchset go as > is in RC1. Here is the diff in scheduler PMD which should fix this issue in current patchset. diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c b/drivers/crypto/scheduler/scheduler_pmd_ops.c index b92ffd6026..0611ea2c6a 100644 --- a/drivers/crypto/scheduler/scheduler_pmd_ops.c +++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c @@ -450,9 +450,8 @@ scheduler_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, } static uint32_t -scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused) +get_max_session_priv_size(struct scheduler_ctx *sched_ctx) { - struct scheduler_ctx *sched_ctx = dev->data->dev_private; uint8_t i = 0; uint32_t max_priv_sess_size = 0; @@ -469,20 +468,35 @@ scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused) return max_priv_sess_size; } +static uint32_t +scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev) +{ + struct scheduler_ctx *sched_ctx = dev->data->dev_private; + + return get_max_session_priv_size(sched_ctx) * sched_ctx->nb_workers; +} + static int scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev, struct rte_crypto_sym_xform *xform, void *sess, rte_iova_t sess_iova __rte_unused) { struct scheduler_ctx *sched_ctx = dev->data->dev_private; + uint32_t worker_sess_priv_sz = get_max_session_priv_size(sched_ctx); uint32_t i; int ret; for (i = 0; i < sched_ctx->nb_workers; i++) { struct scheduler_worker *worker = &sched_ctx->workers[i]; + struct rte_cryptodev *worker_dev = + rte_cryptodev_pmd_get_dev(worker->dev_id); + uint8_t index = worker_dev->driver_id; - ret = rte_cryptodev_sym_session_init(worker->dev_id, sess, - xform); + ret = worker_dev->dev_ops->sym_session_configure( + worker_dev, + xform, + (uint8_t *)sess + (index * worker_sess_priv_sz), + sess_iova + (index * worker_sess_priv_sz)); if (ret < 0) { CR_SCHED_LOG(ERR, "unable to config sym session"); return ret;
Hi Akhil, > -----Original Message----- > From: Akhil Goyal <gakhil@marvell.com> > Sent: Wednesday, October 20, 2021 7:05 PM > To: Power, Ciara <ciara.power@intel.com>; dev@dpdk.org; Ananyev, > Konstantin <konstantin.ananyev@intel.com>; thomas@monjalon.net; Zhang, > Roy Fan <roy.fan.zhang@intel.com>; De Lara Guarch, Pablo > <pablo.de.lara.guarch@intel.com> > Cc: david.marchand@redhat.com; hemant.agrawal@nxp.com; Anoob Joseph > <anoobj@marvell.com>; Trahe, Fiona <fiona.trahe@intel.com>; Doherty, > Declan <declan.doherty@intel.com>; matan@nvidia.com; g.singh@nxp.com; > jianjay.zhou@huawei.com; asomalap@amd.com; ruifeng.wang@arm.com; > Nicolau, Radu <radu.nicolau@intel.com>; ajit.khaparde@broadcom.com; > Nagadheeraj Rottela <rnagadheeraj@marvell.com>; Ankur Dwivedi > <adwivedi@marvell.com>; Wang, Haiyue <haiyue.wang@intel.com>; > jiawenwu@trustnetic.com; jianwang@trustnetic.com; Jerin Jacob > Kollanukkaran <jerinj@marvell.com>; Nithin Kumar Dabilpuram > <ndabilpuram@marvell.com> > Subject: RE: [PATCH v3 0/8] crypto/security session framework rework > > > > > I am seeing test failures for cryptodev_scheduler_autotest: > > > > + Tests Total : 638 > > > > + Tests Skipped : 280 > > > > + Tests Executed : 638 > > > > + Tests Unsupported: 0 > > > > + Tests Passed : 18 > > > > + Tests Failed : 340 > > > > > > > > The error showing for each testcase: > > > > scheduler_pmd_sym_session_configure() line 487: unable to config > sym > > > > session > > > > CRYPTODEV: rte_cryptodev_sym_session_init() line 1743: dev_id 2 > failed > > to > > > > configure session details > > > > > > > > I believe the problem happens in > > scheduler_pmd_sym_session_configure. > > > > The full sess object is no longer accessible in here, but it is required to > be > > > > passed to rte_cryptodev_sym_session_init. > > > > The init function expects access to sess rather than the private data, > and > > > now > > > > fails as a result. > > > > > > > > static int > > > > scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev, > > > > struct rte_crypto_sym_xform *xform, void *sess, > > > > rte_iova_t sess_iova __rte_unused) > > > > { > > > > struct scheduler_ctx *sched_ctx = dev->data->dev_private; > > > > uint32_t i; > > > > int ret; > > > > for (i = 0; i < sched_ctx->nb_workers; i++) { > > > > struct scheduler_worker *worker = &sched_ctx->workers[i]; > > > > ret = rte_cryptodev_sym_session_init(worker->dev_id, sess, > > > > xform); > > > > if (ret < 0) { > > > > CR_SCHED_LOG(ERR, "unable to config sym session"); > > > > return ret; > > > > } > > > > } > > > > return 0; > > > > } > > > > > > > It looks like scheduler PMD is managing the stuff on its own for other > > PMDs. > > > The APIs are designed such that the app can call session_init multiple > times > > > With different dev_id on same sess. > > > But here scheduler PMD internally want to configure other PMDs > sess_priv > > > By calling session_init. > > > > > > I wonder, why we have this 2 step session_create and session_init? > > > Why can't we have it similar to security session create and let the > scheduler > > > PMD have its big session private data which can hold priv_data of as many > > > PMDs > > > as it want to schedule. > > > > > > Konstantin/Fan/Pablo what are your thoughts on this issue? > > > Can we resolve this issue at priority in RC1(or probably RC2) for this > release > > > or > > > else we defer it for next ABI break release? > > > > > > Thomas, > > > Can we defer this for RC2? It does not seem to be fixed in 1 day. > > > > On another thought, this can be fixed with current patch also by having a > big > > session > > Private data for scheduler PMD which is big enough to hold all other PMDs > > data which > > it want to schedule and then call the sess_configure function pointer of dev > > directly. > > What say? And this PMD change can be done in RC2. And this patchset go > as > > is in RC1. > Here is the diff in scheduler PMD which should fix this issue in current > patchset. > > diff --git a/drivers/crypto/scheduler/scheduler_pmd_ops.c > b/drivers/crypto/scheduler/scheduler_pmd_ops.c > index b92ffd6026..0611ea2c6a 100644 > --- a/drivers/crypto/scheduler/scheduler_pmd_ops.c > +++ b/drivers/crypto/scheduler/scheduler_pmd_ops.c > @@ -450,9 +450,8 @@ scheduler_pmd_qp_setup(struct rte_cryptodev *dev, > uint16_t qp_id, > } > > static uint32_t > -scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev > __rte_unused) > +get_max_session_priv_size(struct scheduler_ctx *sched_ctx) > { > - struct scheduler_ctx *sched_ctx = dev->data->dev_private; > uint8_t i = 0; > uint32_t max_priv_sess_size = 0; > > @@ -469,20 +468,35 @@ scheduler_pmd_sym_session_get_size(struct > rte_cryptodev *dev __rte_unused) > return max_priv_sess_size; > } > > +static uint32_t > +scheduler_pmd_sym_session_get_size(struct rte_cryptodev *dev) > +{ > + struct scheduler_ctx *sched_ctx = dev->data->dev_private; > + > + return get_max_session_priv_size(sched_ctx) * sched_ctx- > >nb_workers; > +} > + > static int > scheduler_pmd_sym_session_configure(struct rte_cryptodev *dev, > struct rte_crypto_sym_xform *xform, void *sess, > rte_iova_t sess_iova __rte_unused) > { > struct scheduler_ctx *sched_ctx = dev->data->dev_private; > + uint32_t worker_sess_priv_sz = get_max_session_priv_size(sched_ctx); > uint32_t i; > int ret; > > for (i = 0; i < sched_ctx->nb_workers; i++) { > struct scheduler_worker *worker = &sched_ctx->workers[i]; > + struct rte_cryptodev *worker_dev = > + rte_cryptodev_pmd_get_dev(worker->dev_id); > + uint8_t index = worker_dev->driver_id; > > - ret = rte_cryptodev_sym_session_init(worker->dev_id, sess, > - xform); > + ret = worker_dev->dev_ops->sym_session_configure( > + worker_dev, > + xform, > + (uint8_t *)sess + (index * worker_sess_priv_sz), > + sess_iova + (index * worker_sess_priv_sz)); This won't work. This will make the session configuration finish successfully but the private data the worker initialized is not the private data the worker will use during enqueue/dequeue (workers only uses the session private data based on its driver id). > if (ret < 0) { > CR_SCHED_LOG(ERR, "unable to config sym session"); > return ret;