[dpdk-dev] [PATCH v2] net/ixgbe: check if security capabilities are enabled by HW

Radu Nicolau radu.nicolau at intel.com
Wed Jan 17 12:54:48 CET 2018


Check if the security enable bits are not fused before setting
offload capabilities for security

Signed-off-by: Radu Nicolau <radu.nicolau at intel.com>
---
 drivers/net/ixgbe/ixgbe_ethdev.c | 20 +++++++++++---------
 drivers/net/ixgbe/ixgbe_ipsec.c  | 31 +++++++++++++++++++++++++------
 2 files changed, 36 insertions(+), 15 deletions(-)

diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c
index 43e0132..67ce052 100644
--- a/drivers/net/ixgbe/ixgbe_ethdev.c
+++ b/drivers/net/ixgbe/ixgbe_ethdev.c
@@ -1141,13 +1141,6 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev)
 		return 0;
 	}
 
-#ifdef RTE_LIBRTE_SECURITY
-	/* Initialize security_ctx only for primary process*/
-	eth_dev->security_ctx = ixgbe_ipsec_ctx_create(eth_dev);
-	if (eth_dev->security_ctx == NULL)
-		return -ENOMEM;
-#endif
-
 	rte_eth_copy_pci_info(eth_dev, pci_dev);
 
 	/* Vendor and Device ID need to be set before init of shared code */
@@ -1174,6 +1167,13 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev)
 	/* Unlock any pending hardware semaphore */
 	ixgbe_swfw_lock_reset(hw);
 
+#ifdef RTE_LIBRTE_SECURITY
+	/* Initialize security_ctx only for primary process*/
+	eth_dev->security_ctx = ixgbe_ipsec_ctx_create(eth_dev);
+	if (eth_dev->security_ctx == NULL)
+		return -ENOMEM;
+#endif
+
 	/* Initialize DCB configuration*/
 	memset(dcb_config, 0, sizeof(struct ixgbe_dcb_config));
 	ixgbe_dcb_init(hw, dcb_config);
@@ -3685,8 +3685,10 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
 		dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_OUTER_IPV4_CKSUM;
 
 #ifdef RTE_LIBRTE_SECURITY
-	dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
-	dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
+	if (dev->security_ctx) {
+		dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
+		dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
+	}
 #endif
 
 	dev_info->default_rxconf = (struct rte_eth_rxconf) {
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index 97f025a8..a9e501e 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -694,15 +694,34 @@ static struct rte_security_ops ixgbe_security_ops = {
 	.capabilities_get = ixgbe_crypto_capabilities_get
 };
 
+static int
+ixgbe_crypto_capable(struct rte_eth_dev *dev)
+{
+	struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+	uint32_t reg_i, reg, capable = 1;
+	/* test if rx crypto can be enabled and then write back initial value*/
+	reg_i = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
+	IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, 0);
+	reg = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
+	if (reg != 0)
+		capable = 0;
+	IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, reg_i);
+	return capable;
+}
+
 struct rte_security_ctx *
 ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev)
 {
-	struct rte_security_ctx *ctx = rte_malloc("rte_security_instances_ops",
-					sizeof(struct rte_security_ctx), 0);
-	if (ctx) {
-		ctx->device = (void *)dev;
-		ctx->ops = &ixgbe_security_ops;
-		ctx->sess_cnt = 0;
+	struct rte_security_ctx *ctx = NULL;
+
+	if (ixgbe_crypto_capable(dev)) {
+		ctx = rte_malloc("rte_security_instances_ops",
+				 sizeof(struct rte_security_ctx), 0);
+		if (ctx) {
+			ctx->device = (void *)dev;
+			ctx->ops = &ixgbe_security_ops;
+			ctx->sess_cnt = 0;
+		}
 	}
 	return ctx;
 }
-- 
2.7.5



More information about the dev mailing list