[PATCH 6/8] net/cnxk: update SA context push size
Rahul Bhansali
rbhansali at marvell.com
Thu Feb 19 10:08:45 CET 2026
Reduce SA context push size to 128 byte for AES_GCM encryption
for CPT performance improvement on CN20k platform.
Also, corrects few macros for cn20k specific.
Signed-off-by: Rahul Bhansali <rbhansali at marvell.com>
---
drivers/net/cnxk/cn20k_ethdev_sec.c | 96 ++++++++++++++++++++++++++---
1 file changed, 87 insertions(+), 9 deletions(-)
diff --git a/drivers/net/cnxk/cn20k_ethdev_sec.c b/drivers/net/cnxk/cn20k_ethdev_sec.c
index e406f0e879..5553aed1b1 100644
--- a/drivers/net/cnxk/cn20k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn20k_ethdev_sec.c
@@ -655,16 +655,71 @@ outb_dbg_iv_update(struct roc_ow_ipsec_outb_sa *outb_sa, const char *__iv_str)
}
/* Update source of IV */
- outb_sa->w2.s.iv_src = ROC_IE_OT_SA_IV_SRC_FROM_SA;
+ outb_sa->w2.s.iv_src = ROC_IE_OW_SA_IV_SRC_FROM_SA;
free(iv_str);
}
+static void
+cn20k_eth_sec_inb_sa_misc_fill(struct roc_ow_ipsec_inb_sa *sa,
+ struct rte_security_ipsec_xform *ipsec_xfrm)
+{
+ struct roc_ow_ipsec_inb_ctx_update_reg *ctx;
+ size_t offset;
+
+ if (sa->w2.s.enc_type != ROC_IE_SA_ENC_AES_GCM)
+ return;
+
+ /* Update ctx push size for AES GCM */
+ offset = offsetof(struct roc_ow_ipsec_inb_sa, hmac_opad_ipad);
+ ctx = (struct roc_ow_ipsec_inb_ctx_update_reg *)((uint8_t *)sa + offset);
+ sa->w0.s.hw_ctx_off = offset / 8;
+ sa->w0.s.ctx_push_size = sa->w0.s.hw_ctx_off + 1;
+
+ if (ipsec_xfrm->life.bytes_soft_limit)
+ ctx->soft_life = ipsec_xfrm->life.bytes_soft_limit + 1;
+
+ if (ipsec_xfrm->life.packets_soft_limit)
+ ctx->soft_life = ipsec_xfrm->life.packets_soft_limit + 1;
+
+ if (ipsec_xfrm->life.bytes_hard_limit)
+ ctx->hard_life = ipsec_xfrm->life.bytes_hard_limit + 1;
+
+ if (ipsec_xfrm->life.packets_hard_limit)
+ ctx->hard_life = ipsec_xfrm->life.packets_hard_limit + 1;
+}
+
static int
cn20k_eth_sec_outb_sa_misc_fill(struct roc_nix *roc_nix, struct roc_ow_ipsec_outb_sa *sa,
void *sa_cptr, struct rte_security_ipsec_xform *ipsec_xfrm,
uint32_t sa_idx)
{
+ struct roc_ow_ipsec_outb_ctx_update_reg *ctx;
uint64_t *ring_base, ring_addr;
+ size_t offset;
+
+ if (sa->w2.s.enc_type == ROC_IE_SA_ENC_AES_GCM) {
+ offset = offsetof(struct roc_ow_ipsec_outb_sa, hmac_opad_ipad);
+ ctx = (struct roc_ow_ipsec_outb_ctx_update_reg *)((uint8_t *)sa + offset);
+ sa->w0.s.hw_ctx_off = offset / 8;
+ sa->w0.s.ctx_push_size = sa->w0.s.hw_ctx_off + 1;
+
+ if (ipsec_xfrm->esn.value)
+ ctx->esn_val = ipsec_xfrm->esn.value - 1;
+
+ if (ipsec_xfrm->life.bytes_soft_limit)
+ ctx->soft_life = ipsec_xfrm->life.bytes_soft_limit + 1;
+
+ if (ipsec_xfrm->life.packets_soft_limit)
+ ctx->soft_life = ipsec_xfrm->life.packets_soft_limit + 1;
+
+ if (ipsec_xfrm->life.bytes_hard_limit)
+ ctx->hard_life = ipsec_xfrm->life.bytes_hard_limit + 1;
+
+ if (ipsec_xfrm->life.packets_hard_limit)
+ ctx->hard_life = ipsec_xfrm->life.packets_hard_limit + 1;
+ } else {
+ ctx = &sa->ctx;
+ }
if (roc_nix_inl_is_cq_ena(roc_nix))
goto done;
@@ -675,8 +730,8 @@ cn20k_eth_sec_outb_sa_misc_fill(struct roc_nix *roc_nix, struct roc_ow_ipsec_out
return -ENOTSUP;
ring_addr = ring_base[sa_idx >> ROC_NIX_SOFT_EXP_ERR_RING_MAX_ENTRY_LOG2];
- sa->ctx.err_ctl.s.mode = ROC_IE_OT_ERR_CTL_MODE_RING;
- sa->ctx.err_ctl.s.address = ring_addr >> 3;
+ ctx->err_ctl.s.mode = ROC_IE_OW_ERR_CTL_MODE_RING;
+ ctx->err_ctl.s.address = ring_addr >> 3;
sa->w0.s.ctx_id = ((uintptr_t)sa_cptr >> 51) & 0x1ff;
}
done:
@@ -751,7 +806,7 @@ cn20k_eth_sec_session_create(void *device, struct rte_security_session_conf *con
uintptr_t sa;
PLT_STATIC_ASSERT(sizeof(struct cn20k_inb_priv_data) <
- ROC_NIX_INL_OT_IPSEC_INB_SW_RSVD);
+ ROC_NIX_INL_OW_IPSEC_INB_SW_RSVD);
spi_mask = roc_nix_inl_inb_spi_range(nix, inl_dev, NULL, NULL);
@@ -796,6 +851,8 @@ cn20k_eth_sec_session_create(void *device, struct rte_security_session_conf *con
goto err;
}
+ cn20k_eth_sec_inb_sa_misc_fill(inb_sa_dptr, ipsec);
+
inb_priv = roc_nix_inl_ow_ipsec_inb_sa_sw_rsvd(inb_sa);
/* Back pointer to get eth_sec */
inb_priv->eth_sec = eth_sec;
@@ -856,7 +913,7 @@ cn20k_eth_sec_session_create(void *device, struct rte_security_session_conf *con
uint32_t sa_idx;
PLT_STATIC_ASSERT(sizeof(struct cn20k_outb_priv_data) <
- ROC_NIX_INL_OT_IPSEC_OUTB_SW_RSVD);
+ ROC_NIX_INL_OW_IPSEC_OUTB_SW_RSVD);
/* Alloc an sa index */
rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, ipsec->spi);
@@ -1138,6 +1195,7 @@ cn20k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess,
struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
struct cnxk_eth_sec_sess *eth_sec;
+ size_t offset;
int rc;
eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
@@ -1152,11 +1210,31 @@ cn20k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess,
stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC;
if (eth_sec->inb) {
- stats->ipsec.ipackets = ((struct roc_ow_ipsec_inb_sa *)eth_sec->sa)->ctx.mib_pkts;
- stats->ipsec.ibytes = ((struct roc_ow_ipsec_inb_sa *)eth_sec->sa)->ctx.mib_octs;
+ struct roc_ow_ipsec_inb_sa *sa = (struct roc_ow_ipsec_inb_sa *)eth_sec->sa;
+ struct roc_ow_ipsec_inb_ctx_update_reg *ctx;
+
+ if (sa->w2.s.enc_type == ROC_IE_SA_ENC_AES_GCM) {
+ offset = offsetof(struct roc_ow_ipsec_inb_sa, hmac_opad_ipad);
+ ctx = (struct roc_ow_ipsec_inb_ctx_update_reg *)((uint8_t *)sa + offset);
+ } else {
+ ctx = &sa->ctx;
+ }
+
+ stats->ipsec.ipackets = ctx->mib_pkts;
+ stats->ipsec.ibytes = ctx->mib_octs;
} else {
- stats->ipsec.opackets = ((struct roc_ow_ipsec_outb_sa *)eth_sec->sa)->ctx.mib_pkts;
- stats->ipsec.obytes = ((struct roc_ow_ipsec_outb_sa *)eth_sec->sa)->ctx.mib_octs;
+ struct roc_ow_ipsec_outb_sa *sa = (struct roc_ow_ipsec_outb_sa *)eth_sec->sa;
+ struct roc_ow_ipsec_outb_ctx_update_reg *ctx;
+
+ if (sa->w2.s.enc_type == ROC_IE_SA_ENC_AES_GCM) {
+ offset = offsetof(struct roc_ow_ipsec_outb_sa, hmac_opad_ipad);
+ ctx = (struct roc_ow_ipsec_outb_ctx_update_reg *)((uint8_t *)sa + offset);
+ } else {
+ ctx = &sa->ctx;
+ }
+
+ stats->ipsec.opackets = ctx->mib_pkts;
+ stats->ipsec.obytes = ctx->mib_octs;
}
return 0;
--
2.34.1
More information about the dev
mailing list