[dpdk-dev] [PATCH v5 2/3] security: add option for faster udata or mdata access

Ananyev, Konstantin konstantin.ananyev at intel.com
Wed Sep 15 16:33:04 CEST 2021
Previous message (by thread): [dpdk-dev] [PATCH v5 2/3] security: add option for faster udata or mdata access
Next message (by thread): [dpdk-dev] [PATCH v5 3/3] examples/ipsec-secgw: update event mode inline path
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> 
> Currently rte_security_set_pkt_metadata() and rte_security_get_userdata()
> methods to set pkt metadata on Inline outbound and get userdata
> after Inline inbound processing is always driver specific callbacks.
> 
> For drivers that do not have much to do in the callbacks but just
> to update metadata in rte_security dynamic field and get userdata
> from rte_security dynamic field, having to just to PMD specific
> callback is costly per packet operation. This patch provides
> a mechanism to do the same in inline function and avoid function
> pointer jump if a driver supports the same.
> 
> Signed-off-by: Nithin Dabilpuram <ndabilpuram at marvell.com>
> Acked-by: Akhil Goyal <gakhil at marvell.com>
> ---
>  doc/guides/rel_notes/deprecation.rst   |  4 ---
>  doc/guides/rel_notes/release_21_08.rst |  6 +++++
>  lib/security/rte_security.c            |  8 +++---
>  lib/security/rte_security.h            | 48 +++++++++++++++++++++++++++++++---
>  lib/security/version.map               |  2 ++
>  5 files changed, 56 insertions(+), 12 deletions(-)
> 
> diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst
> index 59445a6..70ef45e 100644
> --- a/doc/guides/rel_notes/deprecation.rst
> +++ b/doc/guides/rel_notes/deprecation.rst
> @@ -276,10 +276,6 @@ Deprecation Notices
>    content. On Linux and FreeBSD, supported prior to DPDK 20.11,
>    original structure will be kept until DPDK 21.11.
> 
> -* security: The functions ``rte_security_set_pkt_metadata`` and
> -  ``rte_security_get_userdata`` will be made inline functions and additional
> -  flags will be added in structure ``rte_security_ctx`` in DPDK 21.11.
> -
>  * cryptodev: The structure ``rte_crypto_op`` would be updated to reduce
>    reserved bytes to 2 (from 3), and use 1 byte to indicate warnings and other
>    information from the crypto/security operation. This field will be used to
> diff --git a/doc/guides/rel_notes/release_21_08.rst b/doc/guides/rel_notes/release_21_08.rst
> index b4cbf2d..59ff15a 100644
> --- a/doc/guides/rel_notes/release_21_08.rst
> +++ b/doc/guides/rel_notes/release_21_08.rst
> @@ -223,6 +223,12 @@ ABI Changes
> 
>  * No ABI change that would break compatibility with 20.11.
> 
> +* security: ``rte_security_set_pkt_metadata`` and ``rte_security_get_userdata``
> +  routines used by Inline outbound and Inline inbound security processing are
> +  made inline and enhanced to do simple 64-bit set/get for PMD's that donot
> +  have much processing in PMD specific callbacks but just 64-bit set/get.
> +  This avoids a per-pkt function pointer jump overhead for such PMD's.
> +
> 
>  Known Issues
>  ------------
> diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
> index e8116d5..fe81ed3 100644
> --- a/lib/security/rte_security.c
> +++ b/lib/security/rte_security.c
> @@ -122,9 +122,9 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
>  }
> 
>  int
> -rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
> -			      struct rte_security_session *sess,
> -			      struct rte_mbuf *m, void *params)
> +__rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
> +				struct rte_security_session *sess,
> +				struct rte_mbuf *m, void *params)
>  {
>  #ifdef RTE_DEBUG
>  	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
> @@ -137,7 +137,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>  }
> 
>  void *
> -rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
> +__rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
>  {
>  	void *userdata = NULL;
> 
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 2e136d7..3124134 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -71,8 +71,18 @@ struct rte_security_ctx {
>  	/**< Pointer to security ops for the device */
>  	uint16_t sess_cnt;
>  	/**< Number of sessions attached to this context */
> +	uint32_t flags;
> +	/**< Flags for security context */
>  };
> 
> +#define RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001
> +/**< Driver uses fast metadata update without using driver specific callback */

Probably worth to mention somewhere that it is driver responsibility to call 
rte_security_dynfield_register() to expose that flag.

> +
> +#define RTE_SEC_CTX_F_FAST_GET_UDATA 0x00000002
> +/**< Driver provides udata using fast method without using driver specific
> + * callback.
> + */
> +
>  /**
>   * IPSEC tunnel parameters
>   *
> @@ -494,6 +504,12 @@ static inline bool rte_security_dynfield_is_registered(void)
>  	return rte_security_dynfield_offset >= 0;
>  }
> 
> +/** Function to call PMD specific function pointer set_pkt_metadata() */
> +__rte_experimental
> +extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
> +					   struct rte_security_session *sess,
> +					   struct rte_mbuf *m, void *params);
> +
>  /**
>   *  Updates the buffer with device-specific defined metadata
>   *
> @@ -507,10 +523,26 @@ static inline bool rte_security_dynfield_is_registered(void)
>   *  - On success, zero.
>   *  - On failure, a negative value.
>   */
> -int
> +static inline int
>  rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>  			      struct rte_security_session *sess,
> -			      struct rte_mbuf *mb, void *params);
> +			      struct rte_mbuf *mb, void *params)
> +{
> +	/* Fast Path */
> +	if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
> +		*rte_security_dynfield(mb) =
> +			(rte_security_dynfield_t)(sess->sess_private_data);
> +		return 0;
> +	}
> +
> +	/* Jump to PMD specific function pointer */
> +	return __rte_security_set_pkt_metadata(instance, sess, mb, params);
> +}
> +
> +/** Function to call PMD specific function pointer get_userdata() */
> +__rte_experimental
> +extern void *__rte_security_get_userdata(struct rte_security_ctx *instance,
> +					 uint64_t md);
> 
>  /**
>   * Get userdata associated with the security session. Device specific metadata
> @@ -530,8 +562,16 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>   *  - On failure, NULL
>   */
>  __rte_experimental
> -void *
> -rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
> +static inline void *
> +rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
> +{
> +	/* Fast Path */
> +	if (instance->flags & RTE_SEC_CTX_F_FAST_GET_UDATA)
> +		return (void *)(uintptr_t)md;
> +
> +	/* Jump to PMD specific function pointer */
> +	return __rte_security_get_userdata(instance, md);
> +}
> 
>  /**
>   * Attach a session to a symmetric crypto operation
> diff --git a/lib/security/version.map b/lib/security/version.map
> index c44c7f5..45ace9c 100644
> --- a/lib/security/version.map
> +++ b/lib/security/version.map
> @@ -20,4 +20,6 @@ EXPERIMENTAL {
>  	rte_security_get_userdata;
>  	rte_security_session_stats_get;
>  	rte_security_session_update;
> +	__rte_security_set_pkt_metadata;
> +	__rte_security_get_userdata;
>  };
> --
> 2.8.4

Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
Previous message (by thread): [dpdk-dev] [PATCH v5 2/3] security: add option for faster udata or mdata access
Next message (by thread): [dpdk-dev] [PATCH v5 3/3] examples/ipsec-secgw: update event mode inline path
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the dev mailing list