From patchwork Thu Jul 16 15:32:17 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Coyle, David" <david.coyle@intel.com>
X-Patchwork-Id: 74261
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id EDA76A0546;
	Thu, 16 Jul 2020 17:56:34 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id D0C521BED8;
	Thu, 16 Jul 2020 17:56:30 +0200 (CEST)
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by dpdk.org (Postfix) with ESMTP id 81D9F1BE9C
 for <dev@dpdk.org>; Thu, 16 Jul 2020 17:56:28 +0200 (CEST)
IronPort-SDR: 
 8ZdwEHZzOYd41ZovMnYXJCR23dyNTVbPDN9+cBxv422XWcET5x04VtsOWRc9QRUmHeCFWmGL6D
 Cw+Sc4wIXRYw==
X-IronPort-AV: E=McAfee;i="6000,8403,9684"; a="150794673"
X-IronPort-AV: E=Sophos;i="5.75,359,1589266800"; d="scan'208";a="150794673"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
 by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 16 Jul 2020 08:56:28 -0700
IronPort-SDR: 
 P7a7Dg2cDmYQjFml2wYPzVulorgKup7q4qnW8eDjnU4TjDAwsQJ1DM5OkExbw2dnkwXrvkGhiY
 rK59XUCdlEwA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.75,359,1589266800"; d="scan'208";a="325181564"
Received: from silpixa00399912.ir.intel.com (HELO
 silpixa00399912.ger.corp.intel.com) ([10.237.223.64])
 by FMSMGA003.fm.intel.com with ESMTP; 16 Jul 2020 08:56:26 -0700
From: David Coyle <david.coyle@intel.com>
To: akhil.goyal@nxp.com, declan.doherty@intel.com,
 pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com
Cc: dev@dpdk.org, brendan.ryan@intel.com, mairtin.oloingsigh@intel.com,
 David Coyle <david.coyle@intel.com>
Date: Thu, 16 Jul 2020 16:32:17 +0100
Message-Id: <20200716153218.65491-2-david.coyle@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200716153218.65491-1-david.coyle@intel.com>
References: <20200716153218.65491-1-david.coyle@intel.com>
Subject: [dpdk-dev] [PATCH v1 1/2] crypto/qat: improve DOCSIS session
	creation
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

This patch improves the DOCSIS session creation as follows:
- it validates the security action type as well as the protocol before
  creating a session and now does this validation before allocating the
  session from the mempool
- it clears the entire private session struct before populating it with
  DOCSIS session info, in case any data was left over from the last time
  it was used
- it simplifies the DOCSIS parameter setting, which was overly
  complicated

Fixes: 6f0ef237404b ("crypto/qat: support DOCSIS protocol")

Signed-off-by: David Coyle <david.coyle@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 drivers/crypto/qat/qat_sym_session.c | 32 +++++++++++++---------------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 717893c78..ed4d00159 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2162,6 +2162,9 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 	struct rte_crypto_sym_xform *xform = NULL;
 	struct qat_sym_session *session = session_private;
 
+	/* Clear the session */
+	memset(session, 0, qat_sym_session_get_private_size(dev));
+
 	ret = qat_sec_session_check_docsis(conf);
 	if (ret) {
 		QAT_LOG(ERR, "Unsupported DOCSIS security configuration");
@@ -2184,23 +2187,17 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 
 	session->min_qat_dev_gen = QAT_GEN1;
 
-	/* Get requested QAT command id */
+	/* Get requested QAT command id - should be cipher */
 	qat_cmd_id = qat_get_cmd_id(xform);
-	if (qat_cmd_id < 0 || qat_cmd_id >= ICP_QAT_FW_LA_CMD_DELIMITER) {
+	if (qat_cmd_id != ICP_QAT_FW_LA_CMD_CIPHER) {
 		QAT_LOG(ERR, "Unsupported xform chain requested");
 		return -ENOTSUP;
 	}
 	session->qat_cmd = (enum icp_qat_fw_la_cmd_id)qat_cmd_id;
-	switch (session->qat_cmd) {
-	case ICP_QAT_FW_LA_CMD_CIPHER:
-		ret = qat_sym_session_configure_cipher(dev, xform, session);
-		if (ret < 0)
-			return ret;
-		break;
-	default:
-		QAT_LOG(ERR, "Unsupported Service %u", session->qat_cmd);
-		return -ENOTSUP;
-	}
+
+	ret = qat_sym_session_configure_cipher(dev, xform, session);
+	if (ret < 0)
+		return ret;
 
 	return 0;
 }
@@ -2215,16 +2212,17 @@ qat_security_session_create(void *dev,
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
+	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL ||
+			conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
+		QAT_LOG(ERR, "Invalid security protocol");
+		return -EINVAL;
+	}
+
 	if (rte_mempool_get(mempool, &sess_private_data)) {
 		QAT_LOG(ERR, "Couldn't get object from session mempool");
 		return -ENOMEM;
 	}
 
-	if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
-		QAT_LOG(ERR, "Invalid security protocol");
-		return -EINVAL;
-	}
-
 	ret = qat_sec_session_set_docsis_parameters(cdev, conf,
 			sess_private_data);
 	if (ret != 0) {

From patchwork Thu Jul 16 15:32:18 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Coyle, David" <david.coyle@intel.com>
X-Patchwork-Id: 74262
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 1EA8AA0546;
	Thu, 16 Jul 2020 17:56:44 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 07F4E1BF6D;
	Thu, 16 Jul 2020 17:56:34 +0200 (CEST)
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by dpdk.org (Postfix) with ESMTP id 5E0511BED0
 for <dev@dpdk.org>; Thu, 16 Jul 2020 17:56:30 +0200 (CEST)
IronPort-SDR: 
 7CSsO46nEZRXkw1IgF3LCw8fsVX3kPmRZYDU0o2ZsHhBmixTDdoQuogSDNex2t9gjGi9qArXuZ
 kHyio6slGJmw==
X-IronPort-AV: E=McAfee;i="6000,8403,9684"; a="150794685"
X-IronPort-AV: E=Sophos;i="5.75,359,1589266800"; d="scan'208";a="150794685"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
 by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 16 Jul 2020 08:56:30 -0700
IronPort-SDR: 
 So1rdouu7koI3O0iCg0bP5rzh4lmR2hI/bRXBgY7A2D5lsShlcECpHJtgS9W6vRJIqmHwPheeF
 dsKWk9gBqLtA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.75,359,1589266800"; d="scan'208";a="325181579"
Received: from silpixa00399912.ir.intel.com (HELO
 silpixa00399912.ger.corp.intel.com) ([10.237.223.64])
 by FMSMGA003.fm.intel.com with ESMTP; 16 Jul 2020 08:56:28 -0700
From: David Coyle <david.coyle@intel.com>
To: akhil.goyal@nxp.com, declan.doherty@intel.com,
 pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com
Cc: dev@dpdk.org, brendan.ryan@intel.com, mairtin.oloingsigh@intel.com,
 David Coyle <david.coyle@intel.com>
Date: Thu, 16 Jul 2020 16:32:18 +0100
Message-Id: <20200716153218.65491-3-david.coyle@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200716153218.65491-1-david.coyle@intel.com>
References: <20200716153218.65491-1-david.coyle@intel.com>
Subject: [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: improve DOCSIS session
	creation
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

This patch improves the DOCSIS session creation as follows:
- it validates the security action type as well as the protocol before
  creating a session and now does this validation before allocating the
  session from the mempool

Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")

Signed-off-by: David Coyle <david.coyle@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index ed93daec7..2362f0c3c 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -875,16 +875,17 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
+	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL ||
+			conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
+		AESNI_MB_LOG(ERR, "Invalid security protocol");
+		return -EINVAL;
+	}
+
 	if (rte_mempool_get(mempool, &sess_private_data)) {
 		AESNI_MB_LOG(ERR, "Couldn't get object from session mempool");
 		return -ENOMEM;
 	}
 
-	if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
-		AESNI_MB_LOG(ERR, "Invalid security protocol");
-		return -EINVAL;
-	}
-
 	ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
 			sess_private_data);