[PATCH v7 21/27] net/iavf: avoid rte malloc in IPsec operations

Anatoly Burakov anatoly.burakov at intel.com
Fri Feb 20 11:14:28 CET 2026
Previous message (by thread): [PATCH v7 20/27] net/iavf: avoid rte malloc in MAC address operations
Next message (by thread): [PATCH v7 22/27] net/iavf: avoid rte malloc in queue operations
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Currently, when performing IPsec security association operations and
retrieving device capabilities, we are using rte_malloc followed by
immediate rte_free. This memory does not need to be stored in hugepage
memory and the allocation size can be pretty small, so replace with stack
allocation.

Signed-off-by: Anatoly Burakov <anatoly.burakov at intel.com>
Acked-by: Bruce Richardson <bruce.richardson at intel.com>
---
 drivers/net/intel/iavf/iavf_ipsec_crypto.c | 138 +++++++++------------
 1 file changed, 56 insertions(+), 82 deletions(-)

diff --git a/drivers/net/intel/iavf/iavf_ipsec_crypto.c b/drivers/net/intel/iavf/iavf_ipsec_crypto.c
index 29609e4447..650f805f0a 100644
--- a/drivers/net/intel/iavf/iavf_ipsec_crypto.c
+++ b/drivers/net/intel/iavf/iavf_ipsec_crypto.c
@@ -3,6 +3,7 @@
  */
 
 #include <stdalign.h>
+#include <stdlib.h>
 
 #include <rte_cryptodev.h>
 #include <rte_ethdev.h>
@@ -929,28 +930,23 @@ static uint32_t
 iavf_ipsec_crypto_sa_del(struct iavf_adapter *adapter,
 	struct iavf_security_session *sess)
 {
-	struct inline_ipsec_msg *request = NULL, *response = NULL;
-	size_t request_len, response_len;
-
+	struct {
+		struct inline_ipsec_msg msg;
+		struct virtchnl_ipsec_sa_destroy sa_destroy;
+	} req;
+	struct {
+		struct inline_ipsec_msg msg;
+		struct virtchnl_ipsec_resp resp;
+	} resp;
+	struct inline_ipsec_msg *request = &req.msg, *response = &resp.msg;
 	int rc = 0;
 
-	request_len = sizeof(struct inline_ipsec_msg) +
-			sizeof(struct virtchnl_ipsec_sa_destroy);
-
-	request = rte_malloc("iavf-sa-del-request", request_len, 0);
-	if (request == NULL) {
-		rc = -ENOMEM;
-		goto update_cleanup;
-	}
-
-	response_len = sizeof(struct inline_ipsec_msg) +
-			sizeof(struct virtchnl_ipsec_resp);
-
-	response = rte_malloc("iavf-sa-del-response", response_len, 0);
-	if (response == NULL) {
-		rc = -ENOMEM;
-		goto update_cleanup;
-	}
+	/*
+	 * MSVC doesn't allow inline initialization of structs with zero-sized
+	 * membersm so we have to memset them instead.
+	 */
+	memset(&req, 0, sizeof(req));
+	memset(&resp, 0, sizeof(resp));
 
 	/* set msg header params */
 	request->ipsec_opcode = INLINE_IPSEC_OP_SA_DESTROY;
@@ -969,10 +965,10 @@ iavf_ipsec_crypto_sa_del(struct iavf_adapter *adapter,
 
 	/* send virtual channel request to add SA to hardware database */
 	rc = iavf_ipsec_crypto_request(adapter,
-			(uint8_t *)request, request_len,
-			(uint8_t *)response, response_len);
+			(uint8_t *)request, sizeof(req),
+			(uint8_t *)response, sizeof(resp));
 	if (rc)
-		goto update_cleanup;
+		return rc;
 
 	/* verify response */
 	if (response->ipsec_opcode != request->ipsec_opcode ||
@@ -987,10 +983,6 @@ iavf_ipsec_crypto_sa_del(struct iavf_adapter *adapter,
 			response->ipsec_data.ipsec_status->status)
 		rc = -EFAULT;
 
-update_cleanup:
-	rte_free(response);
-	rte_free(request);
-
 	return rc;
 }
 
@@ -1136,27 +1128,23 @@ static int
 iavf_ipsec_crypto_device_capabilities_get(struct iavf_adapter *adapter,
 		struct virtchnl_ipsec_cap *capability)
 {
+	struct {
+		struct inline_ipsec_msg msg;
+	} req;
+	struct {
+		struct inline_ipsec_msg msg;
+		struct virtchnl_ipsec_cap cap;
+	} resp;
 	/* Perform pf-vf comms */
-	struct inline_ipsec_msg *request = NULL, *response = NULL;
-	size_t request_len, response_len;
+	struct inline_ipsec_msg *request = &req.msg, *response = &resp.msg;
 	int rc;
 
-	request_len = sizeof(struct inline_ipsec_msg);
-
-	request = rte_malloc("iavf-device-capability-request", request_len, 0);
-	if (request == NULL) {
-		rc = -ENOMEM;
-		goto update_cleanup;
-	}
-
-	response_len = sizeof(struct inline_ipsec_msg) +
-			sizeof(struct virtchnl_ipsec_cap);
-	response = rte_malloc("iavf-device-capability-response",
-			response_len, 0);
-	if (response == NULL) {
-		rc = -ENOMEM;
-		goto update_cleanup;
-	}
+	/*
+	 * MSVC doesn't allow inline initialization of structs with zero-sized
+	 * membersm so we have to memset them instead.
+	 */
+	memset(&req, 0, sizeof(req));
+	memset(&resp, 0, sizeof(resp));
 
 	/* set msg header params */
 	request->ipsec_opcode = INLINE_IPSEC_OP_GET_CAP;
@@ -1164,23 +1152,18 @@ iavf_ipsec_crypto_device_capabilities_get(struct iavf_adapter *adapter,
 
 	/* send virtual channel request to add SA to hardware database */
 	rc = iavf_ipsec_crypto_request(adapter,
-			(uint8_t *)request, request_len,
-			(uint8_t *)response, response_len);
+			(uint8_t *)request, sizeof(req),
+			(uint8_t *)response, sizeof(resp));
 	if (rc)
-		goto update_cleanup;
+		return rc;
 
 	/* verify response id */
 	if (response->ipsec_opcode != request->ipsec_opcode ||
 		response->req_id != request->req_id){
-		rc = -EFAULT;
-		goto update_cleanup;
+		return -EFAULT;
 	}
 	memcpy(capability, response->ipsec_data.ipsec_cap, sizeof(*capability));
 
-update_cleanup:
-	rte_free(response);
-	rte_free(request);
-
 	return rc;
 }
 
@@ -1562,26 +1545,22 @@ iavf_ipsec_crypto_status_get(struct iavf_adapter *adapter,
 		struct virtchnl_ipsec_status *status)
 {
 	/* Perform pf-vf comms */
-	struct inline_ipsec_msg *request = NULL, *response = NULL;
-	size_t request_len, response_len;
+	struct {
+		struct inline_ipsec_msg msg;
+	} req;
+	struct {
+		struct inline_ipsec_msg msg;
+		struct virtchnl_ipsec_status status;
+	} resp;
+	struct inline_ipsec_msg *request = &req.msg, *response = &resp.msg;
 	int rc;
 
-	request_len = sizeof(struct inline_ipsec_msg);
-
-	request = rte_malloc("iavf-device-status-request", request_len, 0);
-	if (request == NULL) {
-		rc = -ENOMEM;
-		goto update_cleanup;
-	}
-
-	response_len = sizeof(struct inline_ipsec_msg) +
-			sizeof(struct virtchnl_ipsec_status);
-	response = rte_malloc("iavf-device-status-response",
-			response_len, 0);
-	if (response == NULL) {
-		rc = -ENOMEM;
-		goto update_cleanup;
-	}
+	/*
+	 * MSVC doesn't allow inline initialization of structs with zero-sized
+	 * membersm so we have to memset them instead.
+	 */
+	memset(&req, 0, sizeof(req));
+	memset(&resp, 0, sizeof(resp));
 
 	/* set msg header params */
 	request->ipsec_opcode = INLINE_IPSEC_OP_GET_STATUS;
@@ -1589,23 +1568,18 @@ iavf_ipsec_crypto_status_get(struct iavf_adapter *adapter,
 
 	/* send virtual channel request to add SA to hardware database */
 	rc = iavf_ipsec_crypto_request(adapter,
-			(uint8_t *)request, request_len,
-			(uint8_t *)response, response_len);
+			(uint8_t *)request, sizeof(req),
+			(uint8_t *)response, sizeof(resp));
 	if (rc)
-		goto update_cleanup;
+		return rc;
 
 	/* verify response id */
 	if (response->ipsec_opcode != request->ipsec_opcode ||
-		response->req_id != request->req_id){
-		rc = -EFAULT;
-		goto update_cleanup;
+			response->req_id != request->req_id){
+		return -EFAULT;
 	}
 	memcpy(status, response->ipsec_data.ipsec_status, sizeof(*status));
 
-update_cleanup:
-	rte_free(response);
-	rte_free(request);
-
 	return rc;
 }
 
-- 
2.47.3
Previous message (by thread): [PATCH v7 20/27] net/iavf: avoid rte malloc in MAC address operations
Next message (by thread): [PATCH v7 22/27] net/iavf: avoid rte malloc in queue operations
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the dev mailing list