Reduce SA context push size to 128 byte for AES_GCM encryption for CPT performance improvement on CN20k platform. Also, corrects few macros for cn20k specific.
Signed-off-by: Rahul Bhansali <[email protected]> --- drivers/net/cnxk/cn20k_ethdev_sec.c | 96 ++++++++++++++++++++++++++--- 1 file changed, 87 insertions(+), 9 deletions(-) diff --git a/drivers/net/cnxk/cn20k_ethdev_sec.c b/drivers/net/cnxk/cn20k_ethdev_sec.c index e406f0e879..5553aed1b1 100644 --- a/drivers/net/cnxk/cn20k_ethdev_sec.c +++ b/drivers/net/cnxk/cn20k_ethdev_sec.c @@ -655,16 +655,71 @@ outb_dbg_iv_update(struct roc_ow_ipsec_outb_sa *outb_sa, const char *__iv_str) } /* Update source of IV */ - outb_sa->w2.s.iv_src = ROC_IE_OT_SA_IV_SRC_FROM_SA; + outb_sa->w2.s.iv_src = ROC_IE_OW_SA_IV_SRC_FROM_SA; free(iv_str); } +static void +cn20k_eth_sec_inb_sa_misc_fill(struct roc_ow_ipsec_inb_sa *sa, + struct rte_security_ipsec_xform *ipsec_xfrm) +{ + struct roc_ow_ipsec_inb_ctx_update_reg *ctx; + size_t offset; + + if (sa->w2.s.enc_type != ROC_IE_SA_ENC_AES_GCM) + return; + + /* Update ctx push size for AES GCM */ + offset = offsetof(struct roc_ow_ipsec_inb_sa, hmac_opad_ipad); + ctx = (struct roc_ow_ipsec_inb_ctx_update_reg *)((uint8_t *)sa + offset); + sa->w0.s.hw_ctx_off = offset / 8; + sa->w0.s.ctx_push_size = sa->w0.s.hw_ctx_off + 1; + + if (ipsec_xfrm->life.bytes_soft_limit) + ctx->soft_life = ipsec_xfrm->life.bytes_soft_limit + 1; + + if (ipsec_xfrm->life.packets_soft_limit) + ctx->soft_life = ipsec_xfrm->life.packets_soft_limit + 1; + + if (ipsec_xfrm->life.bytes_hard_limit) + ctx->hard_life = ipsec_xfrm->life.bytes_hard_limit + 1; + + if (ipsec_xfrm->life.packets_hard_limit) + ctx->hard_life = ipsec_xfrm->life.packets_hard_limit + 1; +} + static int cn20k_eth_sec_outb_sa_misc_fill(struct roc_nix *roc_nix, struct roc_ow_ipsec_outb_sa *sa, void *sa_cptr, struct rte_security_ipsec_xform *ipsec_xfrm, uint32_t sa_idx) { + struct roc_ow_ipsec_outb_ctx_update_reg *ctx; uint64_t *ring_base, ring_addr; + size_t offset; + + if (sa->w2.s.enc_type == ROC_IE_SA_ENC_AES_GCM) { + offset = offsetof(struct roc_ow_ipsec_outb_sa, hmac_opad_ipad); + ctx = (struct roc_ow_ipsec_outb_ctx_update_reg *)((uint8_t *)sa + offset); + sa->w0.s.hw_ctx_off = offset / 8; + sa->w0.s.ctx_push_size = sa->w0.s.hw_ctx_off + 1; + + if (ipsec_xfrm->esn.value) + ctx->esn_val = ipsec_xfrm->esn.value - 1; + + if (ipsec_xfrm->life.bytes_soft_limit) + ctx->soft_life = ipsec_xfrm->life.bytes_soft_limit + 1; + + if (ipsec_xfrm->life.packets_soft_limit) + ctx->soft_life = ipsec_xfrm->life.packets_soft_limit + 1; + + if (ipsec_xfrm->life.bytes_hard_limit) + ctx->hard_life = ipsec_xfrm->life.bytes_hard_limit + 1; + + if (ipsec_xfrm->life.packets_hard_limit) + ctx->hard_life = ipsec_xfrm->life.packets_hard_limit + 1; + } else { + ctx = &sa->ctx; + } if (roc_nix_inl_is_cq_ena(roc_nix)) goto done; @@ -675,8 +730,8 @@ cn20k_eth_sec_outb_sa_misc_fill(struct roc_nix *roc_nix, struct roc_ow_ipsec_out return -ENOTSUP; ring_addr = ring_base[sa_idx >> ROC_NIX_SOFT_EXP_ERR_RING_MAX_ENTRY_LOG2]; - sa->ctx.err_ctl.s.mode = ROC_IE_OT_ERR_CTL_MODE_RING; - sa->ctx.err_ctl.s.address = ring_addr >> 3; + ctx->err_ctl.s.mode = ROC_IE_OW_ERR_CTL_MODE_RING; + ctx->err_ctl.s.address = ring_addr >> 3; sa->w0.s.ctx_id = ((uintptr_t)sa_cptr >> 51) & 0x1ff; } done: @@ -751,7 +806,7 @@ cn20k_eth_sec_session_create(void *device, struct rte_security_session_conf *con uintptr_t sa; PLT_STATIC_ASSERT(sizeof(struct cn20k_inb_priv_data) < - ROC_NIX_INL_OT_IPSEC_INB_SW_RSVD); + ROC_NIX_INL_OW_IPSEC_INB_SW_RSVD); spi_mask = roc_nix_inl_inb_spi_range(nix, inl_dev, NULL, NULL); @@ -796,6 +851,8 @@ cn20k_eth_sec_session_create(void *device, struct rte_security_session_conf *con goto err; } + cn20k_eth_sec_inb_sa_misc_fill(inb_sa_dptr, ipsec); + inb_priv = roc_nix_inl_ow_ipsec_inb_sa_sw_rsvd(inb_sa); /* Back pointer to get eth_sec */ inb_priv->eth_sec = eth_sec; @@ -856,7 +913,7 @@ cn20k_eth_sec_session_create(void *device, struct rte_security_session_conf *con uint32_t sa_idx; PLT_STATIC_ASSERT(sizeof(struct cn20k_outb_priv_data) < - ROC_NIX_INL_OT_IPSEC_OUTB_SW_RSVD); + ROC_NIX_INL_OW_IPSEC_OUTB_SW_RSVD); /* Alloc an sa index */ rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, ipsec->spi); @@ -1138,6 +1195,7 @@ cn20k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess, struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); struct cnxk_eth_sec_sess *eth_sec; + size_t offset; int rc; eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess); @@ -1152,11 +1210,31 @@ cn20k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess, stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC; if (eth_sec->inb) { - stats->ipsec.ipackets = ((struct roc_ow_ipsec_inb_sa *)eth_sec->sa)->ctx.mib_pkts; - stats->ipsec.ibytes = ((struct roc_ow_ipsec_inb_sa *)eth_sec->sa)->ctx.mib_octs; + struct roc_ow_ipsec_inb_sa *sa = (struct roc_ow_ipsec_inb_sa *)eth_sec->sa; + struct roc_ow_ipsec_inb_ctx_update_reg *ctx; + + if (sa->w2.s.enc_type == ROC_IE_SA_ENC_AES_GCM) { + offset = offsetof(struct roc_ow_ipsec_inb_sa, hmac_opad_ipad); + ctx = (struct roc_ow_ipsec_inb_ctx_update_reg *)((uint8_t *)sa + offset); + } else { + ctx = &sa->ctx; + } + + stats->ipsec.ipackets = ctx->mib_pkts; + stats->ipsec.ibytes = ctx->mib_octs; } else { - stats->ipsec.opackets = ((struct roc_ow_ipsec_outb_sa *)eth_sec->sa)->ctx.mib_pkts; - stats->ipsec.obytes = ((struct roc_ow_ipsec_outb_sa *)eth_sec->sa)->ctx.mib_octs; + struct roc_ow_ipsec_outb_sa *sa = (struct roc_ow_ipsec_outb_sa *)eth_sec->sa; + struct roc_ow_ipsec_outb_ctx_update_reg *ctx; + + if (sa->w2.s.enc_type == ROC_IE_SA_ENC_AES_GCM) { + offset = offsetof(struct roc_ow_ipsec_outb_sa, hmac_opad_ipad); + ctx = (struct roc_ow_ipsec_outb_ctx_update_reg *)((uint8_t *)sa + offset); + } else { + ctx = &sa->ctx; + } + + stats->ipsec.opackets = ctx->mib_pkts; + stats->ipsec.obytes = ctx->mib_octs; } return 0; -- 2.34.1
