On 2/26/2026 3:53 PM, Burakov, Anatoly wrote:
> On 2/26/2026 2:57 PM, Piotr Krzewinski wrote:
>> When secondary process runs with --no-pci, it skips hardware device
>> probing, causing different cryptodev dev_id assignments than in primary.
>> Since memzone lookup is based on dev_id, it leads to secondary
>> attaching to wrong memzone and corrupting primary's device
>> data structures.
>
> This probably would be the case even if you didn't use `--no-pci` but instead
> were using block-lists/allow-lists to only probe different devices in
> secondary processes? Maybe the problem is more general than that.
>
Most probably yes, I focused on --no-pci as it is where it hit me.
Current memzone naming scheme forces all applications to have same dev_id
assignment so any changes in the list in secondary would be a problem.
Another solution could be to store the cryptodev data for all devices in single
memzone, similar to ethdev "rte_eth_dev_data". But it seemed more complex and
had other drawbacks.
>>
>> Fix by making secondary process search for devices by name in existing
>> memzones instead of using local dev_id allocation.
>>
>> Signed-off-by: Piotr Krzewinski <[email protected]>
>> ---
>> lib/cryptodev/rte_cryptodev.c | 37 +++++++++++++++++++++++++++++++----
>> 1 file changed, 33 insertions(+), 4 deletions(-)
>>
>> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
>> index 7bddb154c2..50071935c2 100644
>> --- a/lib/cryptodev/rte_cryptodev.c
>> +++ b/lib/cryptodev/rte_cryptodev.c
>> @@ -1177,6 +1177,27 @@ rte_cryptodev_find_free_device_index(void)
>> return RTE_CRYPTO_MAX_DEVS;
>> }
>> +static uint8_t
>> +rte_cryptodev_find_device_by_name(const char *name)
>> +{
>> + char mz_name[RTE_MEMZONE_NAMESIZE];
>> + const struct rte_memzone *mz;
>> + struct rte_cryptodev_data *data;
>> + uint8_t dev_id;
>> +
>> + for (dev_id = 0; dev_id < RTE_CRYPTO_MAX_DEVS; dev_id++) {
>> + snprintf(mz_name, sizeof(mz_name), "rte_cryptodev_data_%u", dev_id);
>> + mz = rte_memzone_lookup(mz_name);
>> + if (mz == NULL)
>> + continue;
>> +
>> + data = mz->addr;
>> + if (strncmp(data->name, name, RTE_CRYPTODEV_NAME_MAX_LEN) == 0)
>> + return dev_id;
>> + }
>> + return RTE_CRYPTO_MAX_DEVS;
>> +}
>
> Nitpicking, but why not return `int` and -1? Returning RTE_CRYPTO_MAX_DEVS
> seems like an odd choice here. You can always cast the valid value to uint8_t
> at the caller.
Aligned with rte_cryptodev_get_dev_id and rte_cryptodev_find_device_by_name.
Both are returning RTE_CRYPTO_MAX_DEVS when the device or free index is not
found (though the first one also has -1 as an error condition in some cases).
>
> That said,
>
> Acked-by: Anatoly Burakov <[email protected]>
>
Thanks for quick review!
Best Regards,
Piotr
>> +
>> RTE_EXPORT_INTERNAL_SYMBOL(rte_cryptodev_pmd_allocate)
>> struct rte_cryptodev *
>> rte_cryptodev_pmd_allocate(const char *name, int socket_id)
>> @@ -1190,10 +1211,18 @@ rte_cryptodev_pmd_allocate(const char *name, int
>> socket_id)
>> return NULL;
>> }
>> - dev_id = rte_cryptodev_find_free_device_index();
>> - if (dev_id == RTE_CRYPTO_MAX_DEVS) {
>> - CDEV_LOG_ERR("Reached maximum number of crypto devices");
>> - return NULL;
>> + if (rte_eal_process_type() == RTE_PROC_SECONDARY) {
>> + dev_id = rte_cryptodev_find_device_by_name(name);
>> + if (dev_id == RTE_CRYPTO_MAX_DEVS) {
>> + CDEV_LOG_ERR("Device %s does not exist in primary process",
>> name);
>> + return NULL;
>> + }
>> + } else {
>> + dev_id = rte_cryptodev_find_free_device_index();
>> + if (dev_id == RTE_CRYPTO_MAX_DEVS) {
>> + CDEV_LOG_ERR("Reached maximum number of crypto devices");
>> + return NULL;
>> + }
>> }
>> cryptodev = rte_cryptodev_pmd_get_dev(dev_id);
>
>
