diff options
Diffstat (limited to 'src/plugins/dpdk/cryptodev/cryptodev.c')
-rw-r--r-- | src/plugins/dpdk/cryptodev/cryptodev.c | 1411 |
1 files changed, 564 insertions, 847 deletions
diff --git a/src/plugins/dpdk/cryptodev/cryptodev.c b/src/plugins/dpdk/cryptodev/cryptodev.c index cd9d104224b..a310538f064 100644 --- a/src/plugins/dpdk/cryptodev/cryptodev.c +++ b/src/plugins/dpdk/cryptodev/cryptodev.c @@ -32,121 +32,14 @@ #include <rte_cryptodev_pmd.h> #include <rte_config.h> +#include "cryptodev.h" + #if CLIB_DEBUG > 0 #define always_inline static inline #else #define always_inline static inline __attribute__ ((__always_inline__)) #endif -#define CRYPTODEV_NB_CRYPTO_OPS 1024 -#define CRYPTODEV_NB_SESSION 10240 -#define CRYPTODEV_DEF_DRIVE crypto_aesni_mb - -#define CRYPTODEV_IV_OFFSET (offsetof (cryptodev_op_t, iv)) -#define CRYPTODEV_AAD_OFFSET (offsetof (cryptodev_op_t, aad)) - -/* VNET_CRYPTO_ALGO, TYPE, DPDK_CRYPTO_ALGO, IV_LEN, TAG_LEN, AAD_LEN */ -#define foreach_vnet_aead_crypto_conversion \ - _(AES_128_GCM, AEAD, AES_GCM, 12, 16, 8) \ - _(AES_128_GCM, AEAD, AES_GCM, 12, 16, 12) \ - _(AES_192_GCM, AEAD, AES_GCM, 12, 16, 8) \ - _(AES_192_GCM, AEAD, AES_GCM, 12, 16, 12) \ - _(AES_256_GCM, AEAD, AES_GCM, 12, 16, 8) \ - _(AES_256_GCM, AEAD, AES_GCM, 12, 16, 12) - -/** - * crypto (alg, cryptodev_alg), hash (alg, digest-size) - **/ -#define foreach_cryptodev_link_async_alg \ - _ (AES_128_CBC, AES_CBC, SHA1, 12) \ - _ (AES_192_CBC, AES_CBC, SHA1, 12) \ - _ (AES_256_CBC, AES_CBC, SHA1, 12) \ - _ (AES_128_CBC, AES_CBC, SHA224, 14) \ - _ (AES_192_CBC, AES_CBC, SHA224, 14) \ - _ (AES_256_CBC, AES_CBC, SHA224, 14) \ - _ (AES_128_CBC, AES_CBC, SHA256, 16) \ - _ (AES_192_CBC, AES_CBC, SHA256, 16) \ - _ (AES_256_CBC, AES_CBC, SHA256, 16) \ - _ (AES_128_CBC, AES_CBC, SHA384, 24) \ - _ (AES_192_CBC, AES_CBC, SHA384, 24) \ - _ (AES_256_CBC, AES_CBC, SHA384, 24) \ - _ (AES_128_CBC, AES_CBC, SHA512, 32) \ - _ (AES_192_CBC, AES_CBC, SHA512, 32) \ - _ (AES_256_CBC, AES_CBC, SHA512, 32) - -#define foreach_vnet_crypto_status_conversion \ - _(SUCCESS, COMPLETED) \ - _(NOT_PROCESSED, WORK_IN_PROGRESS) \ - _(AUTH_FAILED, FAIL_BAD_HMAC) \ - _(INVALID_SESSION, FAIL_ENGINE_ERR) \ - _(INVALID_ARGS, FAIL_ENGINE_ERR) \ - _(ERROR, FAIL_ENGINE_ERR) - -static const vnet_crypto_op_status_t cryptodev_status_conversion[] = { -#define _(a, b) VNET_CRYPTO_OP_STATUS_##b, - foreach_vnet_crypto_status_conversion -#undef _ -}; - -typedef struct -{ - CLIB_CACHE_LINE_ALIGN_MARK (cacheline0); - struct rte_crypto_op op; - struct rte_crypto_sym_op sop; - u8 iv[16]; - u8 aad[16]; - vnet_crypto_async_frame_t *frame; - u32 n_elts; -} cryptodev_op_t; - -typedef enum -{ - CRYPTODEV_OP_TYPE_ENCRYPT = 0, - CRYPTODEV_OP_TYPE_DECRYPT, - CRYPTODEV_N_OP_TYPES, -} cryptodev_op_type_t; - -typedef struct -{ - struct rte_cryptodev_sym_session ***keys; -} cryptodev_key_t; - -typedef struct -{ - u32 dev_id; - u32 q_id; - char *desc; -} cryptodev_inst_t; - -typedef struct -{ - CLIB_CACHE_LINE_ALIGN_MARK (cacheline0); - struct rte_mempool *cop_pool; - struct rte_mempool *sess_pool; - struct rte_mempool *sess_priv_pool; -} cryptodev_numa_data_t; - -typedef struct -{ - CLIB_CACHE_LINE_ALIGN_MARK (cacheline0); - u16 cryptodev_id; - u16 cryptodev_q; - u32 inflight; - cryptodev_op_t **cops; - struct rte_ring *ring; -} cryptodev_engine_thread_t; - -typedef struct -{ - cryptodev_numa_data_t *per_numa_data; - cryptodev_key_t *keys; - cryptodev_engine_thread_t *per_thread_data; - enum rte_iova_mode iova_mode; - cryptodev_inst_t *cryptodev_inst; - clib_bitmap_t *active_cdev_inst_mask; - clib_spinlock_t tlock; -} cryptodev_main_t; - cryptodev_main_t cryptodev_main; static_always_inline int @@ -214,11 +107,11 @@ prepare_linked_xform (struct rte_crypto_sym_xform *xforms, switch (key->async_alg) { -#define _(a, b, c, d) \ - case VNET_CRYPTO_ALG_##a##_##c##_TAG##d:\ - cipher_algo = RTE_CRYPTO_CIPHER_##b; \ - auth_algo = RTE_CRYPTO_AUTH_##c##_HMAC; \ - digest_len = d; \ +#define _(a, b, c, d, e) \ + case VNET_CRYPTO_ALG_##a##_##d##_TAG##e: \ + cipher_algo = RTE_CRYPTO_CIPHER_##b; \ + auth_algo = RTE_CRYPTO_AUTH_##d##_HMAC; \ + digest_len = e; \ break; foreach_cryptodev_link_async_alg @@ -257,25 +150,175 @@ cryptodev_session_del (struct rte_cryptodev_sym_session *sess) rte_cryptodev_sym_session_free (sess); } +static int +check_cipher_support (enum rte_crypto_cipher_algorithm algo, u32 key_size) +{ + cryptodev_main_t *cmt = &cryptodev_main; + cryptodev_capability_t *vcap; + u32 *s; + + vec_foreach (vcap, cmt->supported_caps) + { + if (vcap->xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER) + continue; + if (vcap->cipher.algo != algo) + continue; + vec_foreach (s, vcap->cipher.key_sizes) + if (*s == key_size) + return 1; + } + + return 0; +} + +static int +check_auth_support (enum rte_crypto_auth_algorithm algo, u32 digest_size) +{ + cryptodev_main_t *cmt = &cryptodev_main; + cryptodev_capability_t *vcap; + u32 *s; + + vec_foreach (vcap, cmt->supported_caps) + { + if (vcap->xform_type != RTE_CRYPTO_SYM_XFORM_AUTH) + continue; + if (vcap->auth.algo != algo) + continue; + vec_foreach (s, vcap->auth.digest_sizes) + if (*s == digest_size) + return 1; + } + + return 0; +} + static_always_inline int -cryptodev_check_supported_vnet_alg (vnet_crypto_key_t *key) +check_aead_support (enum rte_crypto_aead_algorithm algo, u32 key_size, + u32 digest_size, u32 aad_size) { - vnet_crypto_alg_t alg; - if (key->type == VNET_CRYPTO_KEY_TYPE_LINK) - return 0; + cryptodev_main_t *cmt = &cryptodev_main; + cryptodev_capability_t *vcap; + u32 *s; + u32 key_match = 0, digest_match = 0, aad_match = 0; + + vec_foreach (vcap, cmt->supported_caps) + { + if (vcap->xform_type != RTE_CRYPTO_SYM_XFORM_AEAD) + continue; + if (vcap->aead.algo != algo) + continue; + vec_foreach (s, vcap->aead.digest_sizes) + if (*s == digest_size) + { + digest_match = 1; + break; + } + vec_foreach (s, vcap->aead.key_sizes) + if (*s == key_size) + { + key_match = 1; + break; + } + vec_foreach (s, vcap->aead.aad_sizes) + if (*s == aad_size) + { + aad_match = 1; + break; + } + } - alg = key->alg; + if (key_match == 1 && digest_match == 1 && aad_match == 1) + return 1; -#define _(a, b, c, d, e, f) \ - if (alg == VNET_CRYPTO_ALG_##a) \ - return 0; + return 0; +} +static_always_inline int +cryptodev_check_supported_vnet_alg (vnet_crypto_key_t *key) +{ + u32 matched = 0; + + if (key->type == VNET_CRYPTO_KEY_TYPE_LINK) + { + switch (key->async_alg) + { +#define _(a, b, c, d, e) \ + case VNET_CRYPTO_ALG_##a##_##d##_TAG##e: \ + if (check_cipher_support (RTE_CRYPTO_CIPHER_##b, c) && \ + check_auth_support (RTE_CRYPTO_AUTH_##d##_HMAC, e)) \ + return 1; + foreach_cryptodev_link_async_alg +#undef _ + default : return 0; + } + return 0; + } + +#define _(a, b, c, d, e, f, g) \ + if (key->alg == VNET_CRYPTO_ALG_##a) \ + { \ + if (check_aead_support (RTE_CRYPTO_AEAD_##c, g, e, f)) \ + matched++; \ + } foreach_vnet_aead_crypto_conversion #undef _ - return -1; + + if (matched < 2) return 0; + + return 1; } -static_always_inline int +void +cryptodev_sess_handler (vlib_main_t *vm, vnet_crypto_key_op_t kop, + vnet_crypto_key_index_t idx, u32 aad_len) +{ + cryptodev_main_t *cmt = &cryptodev_main; + vnet_crypto_key_t *key = vnet_crypto_get_key (idx); + cryptodev_key_t *ckey = 0; + u32 i; + + vec_validate (cmt->keys, idx); + ckey = vec_elt_at_index (cmt->keys, idx); + + if (kop == VNET_CRYPTO_KEY_OP_DEL || kop == VNET_CRYPTO_KEY_OP_MODIFY) + { + if (idx >= vec_len (cmt->keys)) + return; + + vec_foreach_index (i, cmt->per_numa_data) + { + if (ckey->keys[i][CRYPTODEV_OP_TYPE_ENCRYPT]) + { + cryptodev_session_del (ckey->keys[i][CRYPTODEV_OP_TYPE_ENCRYPT]); + cryptodev_session_del (ckey->keys[i][CRYPTODEV_OP_TYPE_DECRYPT]); + + CLIB_MEMORY_STORE_BARRIER (); + ckey->keys[i][CRYPTODEV_OP_TYPE_ENCRYPT] = 0; + ckey->keys[i][CRYPTODEV_OP_TYPE_DECRYPT] = 0; + } + } + return; + } + + /* create key */ + + /* do not create session for unsupported alg */ + if (cryptodev_check_supported_vnet_alg (key) == 0) + return; + + vec_validate (ckey->keys, idx); + vec_foreach_index (i, ckey->keys) + vec_validate (ckey->keys[i], CRYPTODEV_N_OP_TYPES - 1); +} + +/*static*/ void +cryptodev_key_handler (vlib_main_t *vm, vnet_crypto_key_op_t kop, + vnet_crypto_key_index_t idx) +{ + cryptodev_sess_handler (vm, kop, idx, 8); +} + +int cryptodev_session_create (vlib_main_t *vm, vnet_crypto_key_index_t idx, u32 aad_len) { @@ -328,13 +371,12 @@ cryptodev_session_create (vlib_main_t *vm, vnet_crypto_key_index_t idx, { u32 dev_id = dev_inst->dev_id; struct rte_cryptodev *cdev = rte_cryptodev_pmd_get_dev (dev_id); + u32 driver_id = cdev->driver_id; /* if the session is already configured for the driver type, avoid configuring it again to increase the session data's refcnt */ - if (sessions[CRYPTODEV_OP_TYPE_ENCRYPT] - ->sess_data[cdev->driver_id] - .data && - sessions[CRYPTODEV_OP_TYPE_DECRYPT]->sess_data[cdev->driver_id].data) + if (sessions[CRYPTODEV_OP_TYPE_ENCRYPT]->sess_data[driver_id].data && + sessions[CRYPTODEV_OP_TYPE_DECRYPT]->sess_data[driver_id].data) continue; ret = rte_cryptodev_sym_session_init ( @@ -365,495 +407,6 @@ clear_key: return ret; } -static_always_inline void -cryptodev_sess_handler (vlib_main_t *vm, vnet_crypto_key_op_t kop, - vnet_crypto_key_index_t idx, u32 aad_len) -{ - cryptodev_main_t *cmt = &cryptodev_main; - vnet_crypto_key_t *key = vnet_crypto_get_key (idx); - cryptodev_key_t *ckey = 0; - u32 i; - - vec_validate (cmt->keys, idx); - ckey = vec_elt_at_index (cmt->keys, idx); - - if (kop == VNET_CRYPTO_KEY_OP_DEL || kop == VNET_CRYPTO_KEY_OP_MODIFY) - { - if (idx >= vec_len (cmt->keys)) - return; - - vec_foreach_index (i, cmt->per_numa_data) - { - if (ckey->keys[i][CRYPTODEV_OP_TYPE_ENCRYPT]) - { - cryptodev_session_del (ckey->keys[i][CRYPTODEV_OP_TYPE_ENCRYPT]); - cryptodev_session_del (ckey->keys[i][CRYPTODEV_OP_TYPE_DECRYPT]); - - CLIB_MEMORY_STORE_BARRIER (); - ckey->keys[i][CRYPTODEV_OP_TYPE_ENCRYPT] = 0; - ckey->keys[i][CRYPTODEV_OP_TYPE_DECRYPT] = 0; - } - } - return; - } - - /* create key */ - - /* do not create session for unsupported alg */ - if (cryptodev_check_supported_vnet_alg (key)) - return; - - vec_validate (ckey->keys, vec_len (cmt->per_numa_data) - 1); - vec_foreach_index (i, ckey->keys) - vec_validate (ckey->keys[i], CRYPTODEV_N_OP_TYPES - 1); -} - -/*static*/ void -cryptodev_key_handler (vlib_main_t * vm, vnet_crypto_key_op_t kop, - vnet_crypto_key_index_t idx) -{ - cryptodev_sess_handler (vm, kop, idx, 8); -} - -static_always_inline void -cryptodev_mark_frame_err_status (vnet_crypto_async_frame_t * f, - vnet_crypto_op_status_t s) -{ - u32 n_elts = f->n_elts, i; - - for (i = 0; i < n_elts; i++) - f->elts[i].status = s; -} - -static_always_inline rte_iova_t -cryptodev_get_iova (clib_pmalloc_main_t * pm, enum rte_iova_mode mode, - void *data) -{ - u64 index; - if (mode == RTE_IOVA_VA) - return (rte_iova_t) pointer_to_uword (data); - - index = clib_pmalloc_get_page_index (pm, data); - return pointer_to_uword (data) - pm->lookup_table[index]; -} - -static_always_inline void -cryptodev_validate_mbuf_chain (vlib_main_t * vm, struct rte_mbuf *mb, - vlib_buffer_t * b) -{ - struct rte_mbuf *first_mb = mb, *last_mb = mb; /**< last mbuf */ - /* when input node is not dpdk, mbuf data len is not initialized, for - * single buffer it is not a problem since the data length is written - * into cryptodev operation. For chained buffer a reference data length - * has to be computed through vlib_buffer. - * - * even when input node is dpdk, it is possible chained vlib_buffers - * are updated (either added or removed a buffer) but not not mbuf fields. - * we have to re-link every mbuf in the chain. - */ - u16 data_len = b->current_length + (b->data + b->current_data - - rte_pktmbuf_mtod (mb, u8 *)); - - first_mb->nb_segs = 1; - first_mb->pkt_len = first_mb->data_len = data_len; - - while (b->flags & VLIB_BUFFER_NEXT_PRESENT) - { - b = vlib_get_buffer (vm, b->next_buffer); - mb = rte_mbuf_from_vlib_buffer (b); - if (PREDICT_FALSE ((b->flags & VLIB_BUFFER_EXT_HDR_VALID) == 0)) - rte_pktmbuf_reset (mb); - last_mb->next = mb; - last_mb = mb; - mb->data_len = b->current_length; - mb->pkt_len = b->current_length; - mb->data_off = VLIB_BUFFER_PRE_DATA_SIZE + b->current_data; - first_mb->nb_segs++; - if (PREDICT_FALSE (b->ref_count > 1)) - mb->pool = - dpdk_no_cache_mempool_by_buffer_pool_index[b->buffer_pool_index]; - } -} - -static_always_inline int -cryptodev_frame_linked_algs_enqueue (vlib_main_t * vm, - vnet_crypto_async_frame_t * frame, - cryptodev_op_type_t op_type) -{ - cryptodev_main_t *cmt = &cryptodev_main; - clib_pmalloc_main_t *pm = vm->physmem_main.pmalloc_main; - cryptodev_numa_data_t *numa = cmt->per_numa_data + vm->numa_node; - cryptodev_engine_thread_t *cet = cmt->per_thread_data + vm->thread_index; - vnet_crypto_async_frame_elt_t *fe; - struct rte_cryptodev_sym_session *sess = 0; - cryptodev_op_t **cop; - u32 *bi; - u32 n_enqueue, n_elts; - u32 last_key_index = ~0; - - if (PREDICT_FALSE (frame == 0 || frame->n_elts == 0)) - return -1; - n_elts = frame->n_elts; - - if (PREDICT_FALSE (CRYPTODEV_NB_CRYPTO_OPS - cet->inflight < n_elts)) - { - cryptodev_mark_frame_err_status (frame, - VNET_CRYPTO_OP_STATUS_FAIL_ENGINE_ERR); - return -1; - } - - if (PREDICT_FALSE (rte_mempool_get_bulk (numa->cop_pool, - (void **) cet->cops, n_elts) < 0)) - { - cryptodev_mark_frame_err_status (frame, - VNET_CRYPTO_OP_STATUS_FAIL_ENGINE_ERR); - return -1; - } - - cop = cet->cops; - fe = frame->elts; - bi = frame->buffer_indices; - cop[0]->frame = frame; - cop[0]->n_elts = n_elts; - - while (n_elts) - { - vlib_buffer_t *b = vlib_get_buffer (vm, bi[0]); - struct rte_crypto_sym_op *sop = &cop[0]->sop; - i16 crypto_offset = fe->crypto_start_offset; - i16 integ_offset = fe->integ_start_offset; - u32 offset_diff = crypto_offset - integ_offset; - - if (n_elts > 2) - { - CLIB_PREFETCH (cop[1], CLIB_CACHE_LINE_BYTES * 3, STORE); - CLIB_PREFETCH (cop[2], CLIB_CACHE_LINE_BYTES * 3, STORE); - CLIB_PREFETCH (&fe[1], CLIB_CACHE_LINE_BYTES, LOAD); - CLIB_PREFETCH (&fe[2], CLIB_CACHE_LINE_BYTES, LOAD); - } - if (last_key_index != fe->key_index) - { - cryptodev_key_t *key = vec_elt_at_index (cmt->keys, fe->key_index); - last_key_index = fe->key_index; - - if (key->keys[vm->numa_node][op_type] == 0) - { - if (PREDICT_FALSE ( - cryptodev_session_create (vm, last_key_index, 0) < 0)) - { - cryptodev_mark_frame_err_status ( - frame, VNET_CRYPTO_OP_STATUS_FAIL_ENGINE_ERR); - return -1; - } - } - sess = key->keys[vm->numa_node][op_type]; - } - - sop->m_src = rte_mbuf_from_vlib_buffer (b); - sop->m_src->data_off = VLIB_BUFFER_PRE_DATA_SIZE; - sop->m_dst = 0; - /* mbuf prepend happens in the tx, but vlib_buffer happens in the nodes, - * so we have to manually adjust mbuf data_off here so cryptodev can - * correctly compute the data pointer. The prepend here will be later - * rewritten by tx. */ - if (PREDICT_TRUE (fe->integ_start_offset < 0)) - { - sop->m_src->data_off += fe->integ_start_offset; - integ_offset = 0; - crypto_offset = offset_diff; - } - sop->session = sess; - sop->cipher.data.offset = crypto_offset; - sop->cipher.data.length = fe->crypto_total_length; - sop->auth.data.offset = integ_offset; - sop->auth.data.length = fe->crypto_total_length + fe->integ_length_adj; - sop->auth.digest.data = fe->digest; - sop->auth.digest.phys_addr = cryptodev_get_iova (pm, cmt->iova_mode, - fe->digest); - if (PREDICT_FALSE (fe->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS)) - cryptodev_validate_mbuf_chain (vm, sop->m_src, b); - else - /* for input nodes that are not dpdk-input, it is possible the mbuf - * was updated before as one of the chained mbufs. Setting nb_segs - * to 1 here to prevent the cryptodev PMD to access potentially - * invalid m_src->next pointers. - */ - sop->m_src->nb_segs = 1; - clib_memcpy_fast (cop[0]->iv, fe->iv, 16); - cop++; - bi++; - fe++; - n_elts--; - } - - n_enqueue = rte_cryptodev_enqueue_burst (cet->cryptodev_id, - cet->cryptodev_q, - (struct rte_crypto_op **) - cet->cops, frame->n_elts); - ASSERT (n_enqueue == frame->n_elts); - cet->inflight += n_enqueue; - - return 0; -} - -static_always_inline int -cryptodev_frame_gcm_enqueue (vlib_main_t * vm, - vnet_crypto_async_frame_t * frame, - cryptodev_op_type_t op_type, u8 aad_len) -{ - cryptodev_main_t *cmt = &cryptodev_main; - clib_pmalloc_main_t *pm = vm->physmem_main.pmalloc_main; - cryptodev_numa_data_t *numa = cmt->per_numa_data + vm->numa_node; - cryptodev_engine_thread_t *cet = cmt->per_thread_data + vm->thread_index; - vnet_crypto_async_frame_elt_t *fe; - struct rte_cryptodev_sym_session *sess = 0; - cryptodev_op_t **cop; - u32 *bi; - u32 n_enqueue = 0, n_elts; - u32 last_key_index = ~0; - - if (PREDICT_FALSE (frame == 0 || frame->n_elts == 0)) - return -1; - n_elts = frame->n_elts; - - if (PREDICT_FALSE (CRYPTODEV_NB_CRYPTO_OPS - cet->inflight < n_elts)) - { - cryptodev_mark_frame_err_status (frame, - VNET_CRYPTO_OP_STATUS_FAIL_ENGINE_ERR); - return -1; - } - - if (PREDICT_FALSE (rte_mempool_get_bulk (numa->cop_pool, - (void **) cet->cops, n_elts) < 0)) - { - cryptodev_mark_frame_err_status (frame, - VNET_CRYPTO_OP_STATUS_FAIL_ENGINE_ERR); - return -1; - } - - cop = cet->cops; - fe = frame->elts; - bi = frame->buffer_indices; - cop[0]->frame = frame; - cop[0]->n_elts = n_elts; - - while (n_elts) - { - vlib_buffer_t *b = vlib_get_buffer (vm, bi[0]); - struct rte_crypto_sym_op *sop = &cop[0]->sop; - u16 crypto_offset = fe->crypto_start_offset; - - if (n_elts > 2) - { - CLIB_PREFETCH (cop[1], CLIB_CACHE_LINE_BYTES * 3, STORE); - CLIB_PREFETCH (cop[2], CLIB_CACHE_LINE_BYTES * 3, STORE); - CLIB_PREFETCH (&fe[1], CLIB_CACHE_LINE_BYTES, LOAD); - CLIB_PREFETCH (&fe[2], CLIB_CACHE_LINE_BYTES, LOAD); - } - if (last_key_index != fe->key_index) - { - cryptodev_key_t *key = vec_elt_at_index (cmt->keys, fe->key_index); - - last_key_index = fe->key_index; - if (key->keys[vm->numa_node][op_type] == 0) - { - if (PREDICT_FALSE (cryptodev_session_create (vm, last_key_index, - aad_len) < 0)) - { - cryptodev_mark_frame_err_status ( - frame, VNET_CRYPTO_OP_STATUS_FAIL_ENGINE_ERR); - return -1; - } - } - else if (PREDICT_FALSE ( - key->keys[vm->numa_node][op_type]->opaque_data != - aad_len)) - { - cryptodev_sess_handler (vm, VNET_CRYPTO_KEY_OP_DEL, - fe->key_index, aad_len); - if (PREDICT_FALSE (cryptodev_session_create (vm, last_key_index, - aad_len) < 0)) - { - cryptodev_mark_frame_err_status ( - frame, VNET_CRYPTO_OP_STATUS_FAIL_ENGINE_ERR); - return -1; - } - } - - sess = key->keys[vm->numa_node][op_type]; - } - - sop->m_src = rte_mbuf_from_vlib_buffer (b); - sop->m_src->data_off = VLIB_BUFFER_PRE_DATA_SIZE; - sop->m_dst = 0; - /* mbuf prepend happens in the tx, but vlib_buffer happens in the nodes, - * so we have to manually adjust mbuf data_off here so cryptodev can - * correctly compute the data pointer. The prepend here will be later - * rewritten by tx. */ - if (PREDICT_FALSE (fe->crypto_start_offset < 0)) - { - rte_pktmbuf_prepend (sop->m_src, -fe->crypto_start_offset); - crypto_offset = 0; - } - - sop->session = sess; - sop->aead.aad.data = cop[0]->aad; - sop->aead.aad.phys_addr = cop[0]->op.phys_addr + CRYPTODEV_AAD_OFFSET; - sop->aead.data.length = fe->crypto_total_length; - sop->aead.data.offset = crypto_offset; - sop->aead.digest.data = fe->tag; - sop->aead.digest.phys_addr = cryptodev_get_iova (pm, cmt->iova_mode, - fe->tag); - if (PREDICT_FALSE (fe->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS)) - cryptodev_validate_mbuf_chain (vm, sop->m_src, b); - else - /* for input nodes that are not dpdk-input, it is possible the mbuf - * was updated before as one of the chained mbufs. Setting nb_segs - * to 1 here to prevent the cryptodev PMD to access potentially - * invalid m_src->next pointers. - */ - sop->m_src->nb_segs = 1; - clib_memcpy_fast (cop[0]->iv, fe->iv, 12); - clib_memcpy_fast (cop[0]->aad, fe->aad, aad_len); - cop++; - bi++; - fe++; - n_elts--; - } - - n_enqueue = rte_cryptodev_enqueue_burst (cet->cryptodev_id, - cet->cryptodev_q, - (struct rte_crypto_op **) - cet->cops, frame->n_elts); - ASSERT (n_enqueue == frame->n_elts); - cet->inflight += n_enqueue; - - return 0; -} - -static_always_inline cryptodev_op_t * -cryptodev_get_ring_head (struct rte_ring * ring) -{ - cryptodev_op_t **r = (void *) &ring[1]; - return r[ring->cons.head & ring->mask]; -} - -static_always_inline vnet_crypto_async_frame_t * -cryptodev_frame_dequeue (vlib_main_t * vm, u32 * nb_elts_processed, - u32 * enqueue_thread_idx) -{ - cryptodev_main_t *cmt = &cryptodev_main; - cryptodev_numa_data_t *numa = cmt->per_numa_data + vm->numa_node; - cryptodev_engine_thread_t *cet = cmt->per_thread_data + vm->thread_index; - cryptodev_op_t *cop0, **cop = cet->cops; - vnet_crypto_async_frame_elt_t *fe; - vnet_crypto_async_frame_t *frame; - u32 n_elts, n_completed_ops = rte_ring_count (cet->ring); - u32 ss0 = 0, ss1 = 0, ss2 = 0, ss3 = 0; /* sum of status */ - - if (cet->inflight) - { - n_elts = clib_min (CRYPTODEV_NB_CRYPTO_OPS - n_completed_ops, - VNET_CRYPTO_FRAME_SIZE); - n_elts = rte_cryptodev_dequeue_burst - (cet->cryptodev_id, cet->cryptodev_q, - (struct rte_crypto_op **) cet->cops, n_elts); - cet->inflight -= n_elts; - n_completed_ops += n_elts; - - rte_ring_sp_enqueue_burst (cet->ring, (void *) cet->cops, n_elts, NULL); - } - - if (PREDICT_FALSE (n_completed_ops == 0)) - return 0; - - cop0 = cryptodev_get_ring_head (cet->ring); - /* not a single frame is finished */ - if (PREDICT_FALSE (cop0->n_elts > rte_ring_count (cet->ring))) - return 0; - - frame = cop0->frame; - n_elts = cop0->n_elts; - n_elts = rte_ring_sc_dequeue_bulk (cet->ring, (void **) cet->cops, - n_elts, 0); - fe = frame->elts; - - while (n_elts > 4) - { - ss0 |= fe[0].status = cryptodev_status_conversion[cop[0]->op.status]; - ss1 |= fe[1].status = cryptodev_status_conversion[cop[1]->op.status]; - ss2 |= fe[2].status = cryptodev_status_conversion[cop[2]->op.status]; - ss3 |= fe[3].status = cryptodev_status_conversion[cop[3]->op.status]; - - cop += 4; - fe += 4; - n_elts -= 4; - } - - while (n_elts) - { - ss0 |= fe[0].status = cryptodev_status_conversion[cop[0]->op.status]; - fe++; - cop++; - n_elts--; - } - - frame->state = (ss0 | ss1 | ss2 | ss3) == VNET_CRYPTO_OP_STATUS_COMPLETED ? - VNET_CRYPTO_FRAME_STATE_SUCCESS : VNET_CRYPTO_FRAME_STATE_ELT_ERROR; - - rte_mempool_put_bulk (numa->cop_pool, (void **) cet->cops, frame->n_elts); - *nb_elts_processed = frame->n_elts; - *enqueue_thread_idx = frame->enqueue_thread_index; - return frame; -} - -/* *INDENT-OFF* */ -static_always_inline int -cryptodev_enqueue_gcm_aad_8_enc (vlib_main_t * vm, - vnet_crypto_async_frame_t * frame) -{ - return cryptodev_frame_gcm_enqueue (vm, frame, - CRYPTODEV_OP_TYPE_ENCRYPT, 8); -} -static_always_inline int -cryptodev_enqueue_gcm_aad_12_enc (vlib_main_t * vm, - vnet_crypto_async_frame_t * frame) -{ - return cryptodev_frame_gcm_enqueue (vm, frame, - CRYPTODEV_OP_TYPE_ENCRYPT, 12); -} - -static_always_inline int -cryptodev_enqueue_gcm_aad_8_dec (vlib_main_t * vm, - vnet_crypto_async_frame_t * frame) -{ - return cryptodev_frame_gcm_enqueue (vm, frame, - CRYPTODEV_OP_TYPE_DECRYPT, 8); -} -static_always_inline int -cryptodev_enqueue_gcm_aad_12_dec (vlib_main_t * vm, - vnet_crypto_async_frame_t * frame) -{ - return cryptodev_frame_gcm_enqueue (vm, frame, - CRYPTODEV_OP_TYPE_DECRYPT, 12); -} - -static_always_inline int -cryptodev_enqueue_linked_alg_enc (vlib_main_t * vm, - vnet_crypto_async_frame_t * frame) -{ - return cryptodev_frame_linked_algs_enqueue (vm, frame, - CRYPTODEV_OP_TYPE_ENCRYPT); -} - -static_always_inline int -cryptodev_enqueue_linked_alg_dec (vlib_main_t * vm, - vnet_crypto_async_frame_t * frame) -{ - return cryptodev_frame_linked_algs_enqueue (vm, frame, - CRYPTODEV_OP_TYPE_DECRYPT); -} - typedef enum { CRYPTODEV_RESOURCE_ASSIGN_AUTO = 0, @@ -900,6 +453,7 @@ cryptodev_assign_resource (cryptodev_engine_thread_t * cet, if (clib_bitmap_get (cmt->active_cdev_inst_mask, cryptodev_inst_index) == 1) return -EBUSY; + vec_foreach_index (idx, cmt->cryptodev_inst) { cinst = cmt->cryptodev_inst + idx; @@ -975,6 +529,10 @@ cryptodev_show_assignment_fn (vlib_main_t * vm, unformat_input_t * input, vec_foreach_index (inst, cmt->cryptodev_inst) vlib_cli_output (vm, "%-5u%U", inst, format_cryptodev_inst, inst); + if (cmt->is_raw_api) + vlib_cli_output (vm, "Cryptodev Data Path API used: RAW Data Path API"); + else + vlib_cli_output (vm, "Cryptodev Data Path API used: crypto operation API"); return 0; } @@ -1039,8 +597,8 @@ cryptodev_set_assignment_fn (vlib_main_t * vm, unformat_input_t * input, CRYPTODEV_RESOURCE_ASSIGN_UPDATE); if (ret) { - error = clib_error_return (0, "cryptodev_assign_resource returned %i", - ret); + error = + clib_error_return (0, "cryptodev_assign_resource returned %d", ret); return error; } @@ -1054,48 +612,6 @@ VLIB_CLI_COMMAND (set_cryptodev_assignment, static) = { .function = cryptodev_set_assignment_fn, }; -static int -check_cryptodev_alg_support (u32 dev_id) -{ - const struct rte_cryptodev_symmetric_capability *cap; - struct rte_cryptodev_sym_capability_idx cap_idx; - -#define _(a, b, c, d, e, f) \ - cap_idx.type = RTE_CRYPTO_SYM_XFORM_##b; \ - cap_idx.algo.aead = RTE_CRYPTO_##b##_##c; \ - cap = rte_cryptodev_sym_capability_get (dev_id, &cap_idx); \ - if (!cap) \ - return -RTE_CRYPTO_##b##_##c; \ - else \ - { \ - if (cap->aead.digest_size.min > e || cap->aead.digest_size.max < e) \ - return -RTE_CRYPTO_##b##_##c; \ - if (cap->aead.aad_size.min > f || cap->aead.aad_size.max < f) \ - return -RTE_CRYPTO_##b##_##c; \ - if (cap->aead.iv_size.min > d || cap->aead.iv_size.max < d) \ - return -RTE_CRYPTO_##b##_##c; \ - } - - foreach_vnet_aead_crypto_conversion -#undef _ - -#define _(a, b, c, d) \ - cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER; \ - cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_##b; \ - cap = rte_cryptodev_sym_capability_get (dev_id, &cap_idx); \ - if (!cap) \ - return -RTE_CRYPTO_CIPHER_##b; \ - cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH; \ - cap_idx.algo.auth = RTE_CRYPTO_AUTH_##c##_HMAC; \ - cap = rte_cryptodev_sym_capability_get (dev_id, &cap_idx); \ - if (!cap) \ - return -RTE_CRYPTO_AUTH_##c; - - foreach_cryptodev_link_async_alg -#undef _ - return 0; -} - static u32 cryptodev_count_queue (u32 numa) { @@ -1106,10 +622,6 @@ cryptodev_count_queue (u32 numa) for (i = 0; i < n_cryptodev; i++) { rte_cryptodev_info_get (i, &info); - - /* only device support symmetric crypto is used */ - if (!(info.feature_flags & RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO)) - continue; q_count += info.max_nb_queue_pairs; } @@ -1117,59 +629,49 @@ cryptodev_count_queue (u32 numa) } static int -cryptodev_configure (vlib_main_t *vm, uint32_t cryptodev_id) +cryptodev_configure (vlib_main_t *vm, u32 cryptodev_id) { + struct rte_cryptodev_config cfg; struct rte_cryptodev_info info; - struct rte_cryptodev *cdev; cryptodev_main_t *cmt = &cryptodev_main; u32 i; int ret; rte_cryptodev_info_get (cryptodev_id, &info); - /* do not configure the device that does not support symmetric crypto */ if (!(info.feature_flags & RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO)) - return 0; + return -1; - ret = check_cryptodev_alg_support (cryptodev_id); - if (ret != 0) - return ret; + cfg.socket_id = info.device->numa_node; + cfg.nb_queue_pairs = info.max_nb_queue_pairs; - cdev = rte_cryptodev_pmd_get_dev (cryptodev_id); - /** If the device is already started, we reuse it, otherwise configure - * both the device and queue pair. - **/ - if (!cdev->data->dev_started) - { - struct rte_cryptodev_config cfg; + rte_cryptodev_configure (cryptodev_id, &cfg); - cfg.socket_id = info.device->numa_node; - cfg.nb_queue_pairs = info.max_nb_queue_pairs; + for (i = 0; i < info.max_nb_queue_pairs; i++) + { + struct rte_cryptodev_qp_conf qp_cfg; - rte_cryptodev_configure (cryptodev_id, &cfg); + qp_cfg.mp_session = 0; + qp_cfg.mp_session_private = 0; + qp_cfg.nb_descriptors = CRYPTODEV_NB_CRYPTO_OPS; - for (i = 0; i < info.max_nb_queue_pairs; i++) + ret = rte_cryptodev_queue_pair_setup (cryptodev_id, i, &qp_cfg, + info.device->numa_node); + if (ret) { - struct rte_cryptodev_qp_conf qp_cfg; - - int ret; - - qp_cfg.mp_session = 0; - qp_cfg.mp_session_private = 0; - qp_cfg.nb_descriptors = CRYPTODEV_NB_CRYPTO_OPS; - - ret = rte_cryptodev_queue_pair_setup (cryptodev_id, i, &qp_cfg, - info.device->numa_node); - if (ret) - break; + clib_warning ("Cryptodev: Configure device %u queue %u failed %d", + cryptodev_id, i, ret); + break; } - if (i != info.max_nb_queue_pairs) - return -1; - /* start the device */ - rte_cryptodev_start (i); } - for (i = 0; i < cdev->data->nb_queue_pairs; i++) + if (i != info.max_nb_queue_pairs) + return -1; + + /* start the device */ + rte_cryptodev_start (cryptodev_id); + + for (i = 0; i < info.max_nb_queue_pairs; i++) { cryptodev_inst_t *cdev_inst; vec_add2(cmt->cryptodev_inst, cdev_inst, 1); @@ -1198,109 +700,378 @@ cryptodev_cmp (void *v1, void *v2) } static int -cryptodev_probe (vlib_main_t *vm, u32 n_workers) +cryptodev_supports_param_value (u32 *params, u32 param_value) +{ + u32 *value; + vec_foreach (value, params) + { + if (*value == param_value) + return 1; + } + return 0; +} + +int +cryptodev_check_cap_support (struct rte_cryptodev_sym_capability_idx *idx, + u32 key_size, u32 digest_size, u32 aad_size) { cryptodev_main_t *cmt = &cryptodev_main; - u32 n_queues = cryptodev_count_queue (vm->numa_node); - u32 i; - int ret; + cryptodev_capability_t *cap; + vec_foreach (cap, cmt->supported_caps) + { - /* If there is not enough queues, exit */ - if (n_queues < n_workers) - return -1; + if (cap->xform_type != idx->type) + continue; - for (i = 0; i < rte_cryptodev_count (); i++) + if (idx->type == RTE_CRYPTO_SYM_XFORM_AUTH && + cap->auth.algo == idx->algo.auth && + cryptodev_supports_param_value (cap->auth.digest_sizes, digest_size)) + return 1; + + if (idx->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + cap->cipher.algo == idx->algo.cipher && + cryptodev_supports_param_value (cap->cipher.key_sizes, key_size)) + return 1; + + if (idx->type == RTE_CRYPTO_SYM_XFORM_AEAD && + cap->aead.algo == idx->algo.aead && + cryptodev_supports_param_value (cap->aead.key_sizes, key_size) && + cryptodev_supports_param_value (cap->aead.digest_sizes, + digest_size) && + cryptodev_supports_param_value (cap->aead.aad_sizes, aad_size)) + return 1; + } + return 0; +} + +static void +remove_unsupported_param_size (u32 **param_sizes, u32 param_size_min, + u32 param_size_max, u32 increment) +{ + u32 i = 0; + u32 cap_param_size; + + while (i < vec_len (*param_sizes)) { - ret = cryptodev_configure (vm, i); - if (ret) - return ret; + u32 found_param = 0; + for (cap_param_size = param_size_min; cap_param_size <= param_size_max; + cap_param_size += increment) + { + if ((*param_sizes)[i] == cap_param_size) + { + found_param = 1; + break; + } + if (increment == 0) + break; + } + if (!found_param) + /* no such param_size in cap so delete this size in temp_cap params */ + vec_delete (*param_sizes, 1, i); + else + i++; } +} - vec_sort_with_function(cmt->cryptodev_inst, cryptodev_cmp); +static void +cryptodev_delete_cap (cryptodev_capability_t **temp_caps, u32 temp_cap_id) +{ + cryptodev_capability_t temp_cap = (*temp_caps)[temp_cap_id]; - return 0; + switch (temp_cap.xform_type) + { + case RTE_CRYPTO_SYM_XFORM_AUTH: + vec_free (temp_cap.auth.digest_sizes); + break; + case RTE_CRYPTO_SYM_XFORM_CIPHER: + vec_free (temp_cap.cipher.key_sizes); + break; + case RTE_CRYPTO_SYM_XFORM_AEAD: + vec_free (temp_cap.aead.key_sizes); + vec_free (temp_cap.aead.aad_sizes); + vec_free (temp_cap.aead.digest_sizes); + break; + default: + break; + } + vec_delete (*temp_caps, 1, temp_cap_id); +} + +static u32 +cryptodev_remove_unsupported_param_sizes ( + cryptodev_capability_t *temp_cap, + const struct rte_cryptodev_capabilities *dev_caps) +{ + u32 cap_found = 0; + const struct rte_cryptodev_capabilities *cap = &dev_caps[0]; + + while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) + { + if (cap->sym.xform_type == temp_cap->xform_type) + switch (cap->sym.xform_type) + { + case RTE_CRYPTO_SYM_XFORM_CIPHER: + if (cap->sym.cipher.algo == temp_cap->cipher.algo) + { + remove_unsupported_param_size ( + &temp_cap->cipher.key_sizes, cap->sym.cipher.key_size.min, + cap->sym.cipher.key_size.max, + cap->sym.cipher.key_size.increment); + if (vec_len (temp_cap->cipher.key_sizes) > 0) + cap_found = 1; + } + break; + case RTE_CRYPTO_SYM_XFORM_AUTH: + if (cap->sym.auth.algo == temp_cap->auth.algo) + { + remove_unsupported_param_size ( + &temp_cap->auth.digest_sizes, cap->sym.auth.digest_size.min, + cap->sym.auth.digest_size.max, + cap->sym.auth.digest_size.increment); + if (vec_len (temp_cap->auth.digest_sizes) > 0) + cap_found = 1; + } + break; + case RTE_CRYPTO_SYM_XFORM_AEAD: + if (cap->sym.aead.algo == temp_cap->aead.algo) + { + remove_unsupported_param_size ( + &temp_cap->aead.key_sizes, cap->sym.aead.key_size.min, + cap->sym.aead.key_size.max, + cap->sym.aead.key_size.increment); + remove_unsupported_param_size ( + &temp_cap->aead.aad_sizes, cap->sym.aead.aad_size.min, + cap->sym.aead.aad_size.max, + cap->sym.aead.aad_size.increment); + remove_unsupported_param_size ( + &temp_cap->aead.digest_sizes, cap->sym.aead.digest_size.min, + cap->sym.aead.digest_size.max, + cap->sym.aead.digest_size.increment); + if (vec_len (temp_cap->aead.key_sizes) > 0 && + vec_len (temp_cap->aead.aad_sizes) > 0 && + vec_len (temp_cap->aead.digest_sizes) > 0) + cap_found = 1; + } + break; + default: + break; + } + if (cap_found) + break; + cap++; + } + + return cap_found; +} + +static void +cryptodev_get_common_capabilities () +{ + cryptodev_main_t *cmt = &cryptodev_main; + cryptodev_inst_t *dev_inst; + struct rte_cryptodev_info dev_info; + u32 previous_dev_id, dev_id; + u32 cap_id = 0; + u32 param; + cryptodev_capability_t tmp_cap; + const struct rte_cryptodev_capabilities *cap; + const struct rte_cryptodev_capabilities *dev_caps; + + if (vec_len (cmt->cryptodev_inst) == 0) + return; + dev_inst = vec_elt_at_index (cmt->cryptodev_inst, 0); + rte_cryptodev_info_get (dev_inst->dev_id, &dev_info); + cap = &dev_info.capabilities[0]; + + /*init capabilities vector*/ + while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) + { + if (cap->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC) + { + cap++; + continue; + } + + tmp_cap.xform_type = cap->sym.xform_type; + switch (cap->sym.xform_type) + { + case RTE_CRYPTO_SYM_XFORM_CIPHER: + tmp_cap.cipher.key_sizes = 0; + tmp_cap.cipher.algo = cap->sym.cipher.algo; + for (param = cap->sym.cipher.key_size.min; + param <= cap->sym.cipher.key_size.max; + param += cap->sym.cipher.key_size.increment) + { + vec_add1 (tmp_cap.cipher.key_sizes, param); + if (cap->sym.cipher.key_size.increment == 0) + break; + } + break; + case RTE_CRYPTO_SYM_XFORM_AUTH: + tmp_cap.auth.algo = cap->sym.auth.algo; + tmp_cap.auth.digest_sizes = 0; + for (param = cap->sym.auth.digest_size.min; + param <= cap->sym.auth.digest_size.max; + param += cap->sym.auth.digest_size.increment) + { + vec_add1 (tmp_cap.auth.digest_sizes, param); + if (cap->sym.auth.digest_size.increment == 0) + break; + } + break; + case RTE_CRYPTO_SYM_XFORM_AEAD: + tmp_cap.aead.key_sizes = 0; + tmp_cap.aead.aad_sizes = 0; + tmp_cap.aead.digest_sizes = 0; + tmp_cap.aead.algo = cap->sym.aead.algo; + for (param = cap->sym.aead.key_size.min; + param <= cap->sym.aead.key_size.max; + param += cap->sym.aead.key_size.increment) + { + vec_add1 (tmp_cap.aead.key_sizes, param); + if (cap->sym.aead.key_size.increment == 0) + break; + } + for (param = cap->sym.aead.aad_size.min; + param <= cap->sym.aead.aad_size.max; + param += cap->sym.aead.aad_size.increment) + { + vec_add1 (tmp_cap.aead.aad_sizes, param); + if (cap->sym.aead.aad_size.increment == 0) + break; + } + for (param = cap->sym.aead.digest_size.min; + param <= cap->sym.aead.digest_size.max; + param += cap->sym.aead.digest_size.increment) + { + vec_add1 (tmp_cap.aead.digest_sizes, param); + if (cap->sym.aead.digest_size.increment == 0) + break; + } + break; + default: + break; + } + + vec_add1 (cmt->supported_caps, tmp_cap); + cap++; + } + + while (cap_id < vec_len (cmt->supported_caps)) + { + u32 cap_is_supported = 1; + previous_dev_id = cmt->cryptodev_inst->dev_id; + + vec_foreach (dev_inst, cmt->cryptodev_inst) + { + dev_id = dev_inst->dev_id; + if (previous_dev_id != dev_id) + { + previous_dev_id = dev_id; + rte_cryptodev_info_get (dev_id, &dev_info); + dev_caps = &dev_info.capabilities[0]; + cap_is_supported = cryptodev_remove_unsupported_param_sizes ( + &cmt->supported_caps[cap_id], dev_caps); + if (!cap_is_supported) + { + cryptodev_delete_cap (&cmt->supported_caps, cap_id); + /*no need to check other devices as this one doesn't support + * this temp_cap*/ + break; + } + } + } + if (cap_is_supported) + cap_id++; + } } static int -cryptodev_get_session_sz (vlib_main_t *vm, uint32_t n_workers) +cryptodev_probe (vlib_main_t *vm, u32 n_workers) { - u32 sess_data_sz = 0, i; + cryptodev_main_t *cmt = &cryptodev_main; + u32 n_queues = cryptodev_count_queue (vm->numa_node); + u32 i; - if (rte_cryptodev_count () == 0) + if (n_queues < n_workers) return -1; for (i = 0; i < rte_cryptodev_count (); i++) - { - u32 dev_sess_sz = rte_cryptodev_sym_get_private_session_size (i); + cryptodev_configure (vm, i); - sess_data_sz = dev_sess_sz > sess_data_sz ? dev_sess_sz : sess_data_sz; - } + if (vec_len (cmt->cryptodev_inst) == 0) + return -1; + cryptodev_get_common_capabilities (); + vec_sort_with_function (cmt->cryptodev_inst, cryptodev_cmp); + + /* if there is not enough device stop cryptodev */ + if (vec_len (cmt->cryptodev_inst) < n_workers) + return -1; - return sess_data_sz; + return 0; } static void -dpdk_disable_cryptodev_engine (vlib_main_t * vm) +cryptodev_get_max_sz (u32 *max_sess_sz, u32 *max_dp_sz) { cryptodev_main_t *cmt = &cryptodev_main; - cryptodev_numa_data_t *numa_data; + cryptodev_inst_t *cinst; + u32 max_sess = 0, max_dp = 0; - vec_validate (cmt->per_numa_data, vm->numa_node); - numa_data = vec_elt_at_index (cmt->per_numa_data, vm->numa_node); - - if (numa_data->sess_pool) - rte_mempool_free (numa_data->sess_pool); - if (numa_data->sess_priv_pool) - rte_mempool_free (numa_data->sess_priv_pool); - if (numa_data->cop_pool) - rte_mempool_free (numa_data->cop_pool); + vec_foreach (cinst, cmt->cryptodev_inst) + { + u32 sess_sz = rte_cryptodev_sym_get_private_session_size (cinst->dev_id); + u32 dp_sz = rte_cryptodev_get_raw_dp_ctx_size (cinst->dev_id); + + max_sess = clib_max (sess_sz, max_sess); + max_dp = clib_max (dp_sz, max_dp); + } + + *max_sess_sz = max_sess; + *max_dp_sz = max_dp; } static void -crypto_op_init (struct rte_mempool *mempool, - void *_arg __attribute__ ((unused)), - void *_obj, unsigned i __attribute__ ((unused))) +dpdk_disable_cryptodev_engine (vlib_main_t *vm) { - struct rte_crypto_op *op = _obj; + vlib_thread_main_t *tm = vlib_get_thread_main (); + cryptodev_main_t *cmt = &cryptodev_main; + u32 i; - op->sess_type = RTE_CRYPTO_OP_WITH_SESSION; - op->type = RTE_CRYPTO_OP_TYPE_SYMMETRIC; - op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; - op->phys_addr = rte_mempool_virt2iova (_obj); - op->mempool = mempool; -} + for (i = (vlib_num_workers () > 0); i < tm->n_vlib_mains; i++) + { + u32 numa = vlib_get_main_by_index (i)->numa_node; + cryptodev_numa_data_t *numa_data; + vec_validate (cmt->per_numa_data, numa); + numa_data = cmt->per_numa_data + numa; + if (numa_data->sess_pool) + rte_mempool_free (numa_data->sess_pool); + if (numa_data->sess_priv_pool) + rte_mempool_free (numa_data->sess_priv_pool); + } +} clib_error_t * dpdk_cryptodev_init (vlib_main_t * vm) { cryptodev_main_t *cmt = &cryptodev_main; vlib_thread_main_t *tm = vlib_get_thread_main (); - cryptodev_engine_thread_t *ptd; + cryptodev_engine_thread_t *cet; cryptodev_numa_data_t *numa_data; struct rte_mempool *mp; u32 skip_master = vlib_num_workers () > 0; u32 n_workers = tm->n_vlib_mains - skip_master; u32 numa = vm->numa_node; - i32 sess_sz; - u64 n_cop_elts; + u32 sess_sz, dp_sz; u32 eidx; u32 i; u8 *name = 0; clib_error_t *error; - struct rte_crypto_op_pool_private *priv; cmt->iova_mode = rte_eal_iova_mode (); - sess_sz = cryptodev_get_session_sz(vm, n_workers); - if (sess_sz < 0) - { - error = clib_error_return (0, "Not enough cryptodevs"); - return error; - } - - /* A total of 4 times n_worker threads * frame size as crypto ops */ - n_cop_elts = max_pow2 ((u64)n_workers * CRYPTODEV_NB_CRYPTO_OPS); + vec_validate (cmt->per_numa_data, vm->numa_node); /* probe all cryptodev devices and get queue info */ if (cryptodev_probe (vm, n_workers) < 0) @@ -1309,6 +1080,8 @@ dpdk_cryptodev_init (vlib_main_t * vm) goto err_handling; } + cryptodev_get_max_sz (&sess_sz, &dp_sz); + clib_bitmap_vec_validate (cmt->active_cdev_inst_mask, tm->n_vlib_mains); clib_spinlock_init (&cmt->tlock); @@ -1316,109 +1089,62 @@ dpdk_cryptodev_init (vlib_main_t * vm) CLIB_CACHE_LINE_BYTES); for (i = skip_master; i < tm->n_vlib_mains; i++) { - ptd = cmt->per_thread_data + i; - - cryptodev_assign_resource (ptd, 0, CRYPTODEV_RESOURCE_ASSIGN_AUTO); - name = format (0, "frames_ring_%u%c", i, 0); - ptd->ring = rte_ring_create((char *) name, CRYPTODEV_NB_CRYPTO_OPS, - vm->numa_node, RING_F_SP_ENQ|RING_F_SC_DEQ); - if (!ptd->ring) - { - error = clib_error_return (0, "Not enough memory for mp %s", name); - vec_free (name); - goto err_handling; - } - vec_validate (ptd->cops, VNET_CRYPTO_FRAME_SIZE - 1); - vec_free(name); - - numa = vlib_mains[i]->numa_node; + cet = cmt->per_thread_data + i; + numa = vlib_get_main_by_index (i)->numa_node; vec_validate (cmt->per_numa_data, numa); numa_data = vec_elt_at_index (cmt->per_numa_data, numa); - if (numa_data->sess_pool) - continue; - - /* create session pool for the numa node */ - name = format (0, "vcryptodev_sess_pool_%u%c", numa, 0); - mp = rte_cryptodev_sym_session_pool_create ( - (char *) name, CRYPTODEV_NB_SESSION, 0, 0, 0, numa); - if (!mp) + if (!numa_data->sess_pool) { - error = clib_error_return (0, "Not enough memory for mp %s", name); - goto err_handling; - } - vec_free (name); - - numa_data->sess_pool = mp; - - /* create session private pool for the numa node */ - name = format (0, "cryptodev_sess_pool_%u%c", numa, 0); - mp = rte_mempool_create ((char *) name, CRYPTODEV_NB_SESSION, sess_sz, 0, - 0, NULL, NULL, NULL, NULL, numa, 0); - if (!mp) - { - error = clib_error_return (0, "Not enough memory for mp %s", name); + /* create session pool for the numa node */ + name = format (0, "vcryptodev_sess_pool_%u%c", numa, 0); + mp = rte_cryptodev_sym_session_pool_create ( + (char *) name, CRYPTODEV_NB_SESSION, 0, 0, 0, numa); + if (!mp) + { + error = + clib_error_return (0, "Not enough memory for mp %s", name); + goto err_handling; + } vec_free (name); - goto err_handling; - } - - vec_free (name); - numa_data->sess_priv_pool = mp; + numa_data->sess_pool = mp; - /* create cryptodev op pool */ - name = format (0, "cryptodev_op_pool_%u%c", numa, 0); + /* create session private pool for the numa node */ + name = format (0, "cryptodev_sess_pool_%u%c", numa, 0); + mp = + rte_mempool_create ((char *) name, CRYPTODEV_NB_SESSION, sess_sz, + 0, 0, NULL, NULL, NULL, NULL, numa, 0); + if (!mp) + { + error = + clib_error_return (0, "Not enough memory for mp %s", name); + vec_free (name); + goto err_handling; + } - mp = rte_mempool_create ((char *) name, n_cop_elts, - sizeof (cryptodev_op_t), VLIB_FRAME_SIZE * 2, - sizeof (struct rte_crypto_op_pool_private), - NULL, NULL, crypto_op_init, NULL, numa, 0); - if (!mp) - { - error = clib_error_return (0, "Not enough memory for mp %s", name); vec_free (name); - goto err_handling; + + numa_data->sess_priv_pool = mp; } - priv = rte_mempool_get_priv (mp); - priv->priv_size = sizeof (struct rte_crypto_op_pool_private); - priv->type = RTE_CRYPTO_OP_TYPE_SYMMETRIC; - vec_free (name); - numa_data->cop_pool = mp; + cryptodev_assign_resource (cet, 0, CRYPTODEV_RESOURCE_ASSIGN_AUTO); } /* register handler */ eidx = vnet_crypto_register_engine (vm, "dpdk_cryptodev", 100, "DPDK Cryptodev Engine"); -#define _(a, b, c, d, e, f) \ - vnet_crypto_register_async_handler \ - (vm, eidx, VNET_CRYPTO_OP_##a##_TAG##e##_AAD##f##_ENC, \ - cryptodev_enqueue_gcm_aad_##f##_enc,\ - cryptodev_frame_dequeue); \ - vnet_crypto_register_async_handler \ - (vm, eidx, VNET_CRYPTO_OP_##a##_TAG##e##_AAD##f##_DEC, \ - cryptodev_enqueue_gcm_aad_##f##_dec, \ - cryptodev_frame_dequeue); - - foreach_vnet_aead_crypto_conversion -#undef _ + vnet_crypto_register_key_handler (vm, eidx, cryptodev_key_handler); -#define _(a, b, c, d) \ - vnet_crypto_register_async_handler \ - (vm, eidx, VNET_CRYPTO_OP_##a##_##c##_TAG##d##_ENC, \ - cryptodev_enqueue_linked_alg_enc, \ - cryptodev_frame_dequeue); \ - vnet_crypto_register_async_handler \ - (vm, eidx, VNET_CRYPTO_OP_##a##_##c##_TAG##d##_DEC, \ - cryptodev_enqueue_linked_alg_dec, \ - cryptodev_frame_dequeue); - - foreach_cryptodev_link_async_alg -#undef _ + if (cryptodev_register_raw_hdl) + error = cryptodev_register_raw_hdl (vm, eidx); + else + error = cryptodev_register_cop_hdl (vm, eidx); - vnet_crypto_register_key_handler (vm, eidx, cryptodev_key_handler); + if (error) + goto err_handling; /* this engine is only enabled when cryptodev device(s) are presented in * startup.conf. Assume it is wanted to be used, turn on async mode here. @@ -1433,12 +1159,3 @@ err_handling: return error; } -/* *INDENT-On* */ - -/* - * fd.io coding-style-patch-verification: ON - * - * Local Variables: - * eval: (c-set-style "gnu") - * End: - */ |