Currently, when calling down into the VF mailbox, IPsec code will use rte_malloc to allocate VF message structures. This memory does not need to be stored in hugepage memory and the allocation size is pretty small, so replace it with stack allocation.
Signed-off-by: Anatoly Burakov <[email protected]> Acked-by: Bruce Richardson <[email protected]> --- drivers/net/intel/iavf/iavf_ipsec_crypto.c | 160 +++++++-------------- 1 file changed, 54 insertions(+), 106 deletions(-) diff --git a/drivers/net/intel/iavf/iavf_ipsec_crypto.c b/drivers/net/intel/iavf/iavf_ipsec_crypto.c index 66eaea8715..aa4cf1d96d 100644 --- a/drivers/net/intel/iavf/iavf_ipsec_crypto.c +++ b/drivers/net/intel/iavf/iavf_ipsec_crypto.c @@ -458,36 +458,25 @@ static uint32_t iavf_ipsec_crypto_security_association_add(struct iavf_adapter *adapter, struct rte_security_session_conf *conf) { - struct inline_ipsec_msg *request = NULL, *response = NULL; - struct virtchnl_ipsec_sa_cfg *sa_cfg; - size_t request_len, response_len; + struct { + struct inline_ipsec_msg msg; + struct virtchnl_ipsec_sa_cfg sa_cfg; + } sa_req = {0}; + struct { + struct inline_ipsec_msg msg; + struct virtchnl_ipsec_sa_cfg_resp sa_cfg_resp; + } sa_resp = {0}; + struct inline_ipsec_msg *request = &sa_req.msg; + struct inline_ipsec_msg *response = &sa_resp.msg; + struct virtchnl_ipsec_sa_cfg *sa_cfg = &sa_req.sa_cfg; int rc; - request_len = sizeof(struct inline_ipsec_msg) + - sizeof(struct virtchnl_ipsec_sa_cfg); - - request = rte_malloc("iavf-sad-add-request", request_len, 0); - if (request == NULL) { - rc = -ENOMEM; - goto update_cleanup; - } - - response_len = sizeof(struct inline_ipsec_msg) + - sizeof(struct virtchnl_ipsec_sa_cfg_resp); - response = rte_malloc("iavf-sad-add-response", response_len, 0); - if (response == NULL) { - rc = -ENOMEM; - goto update_cleanup; - } - /* set msg header params */ request->ipsec_opcode = INLINE_IPSEC_OP_SA_CREATE; request->req_id = (uint16_t)0xDEADBEEF; /* set SA configuration params */ - sa_cfg = (struct virtchnl_ipsec_sa_cfg *)(request + 1); - sa_cfg->spi = conf->ipsec.spi; sa_cfg->virtchnl_protocol_type = VIRTCHNL_PROTO_ESP; sa_cfg->virtchnl_direction = @@ -541,10 +530,10 @@ iavf_ipsec_crypto_security_association_add(struct iavf_adapter *adapter, /* send virtual channel request to add SA to hardware database */ rc = iavf_ipsec_crypto_request(adapter, - (uint8_t *)request, request_len, - (uint8_t *)response, response_len); + (uint8_t *)request, sizeof(sa_req), + (uint8_t *)response, sizeof(sa_resp)); if (rc) - goto update_cleanup; + return rc; /* verify response id */ if (response->ipsec_opcode != request->ipsec_opcode || @@ -552,9 +541,6 @@ iavf_ipsec_crypto_security_association_add(struct iavf_adapter *adapter, rc = -EFAULT; else rc = response->ipsec_data.sa_cfg_resp->sa_handle; -update_cleanup: - rte_free(response); - rte_free(request); return rc; } @@ -722,19 +708,18 @@ iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter, bool is_udp, uint16_t udp_port) { - struct inline_ipsec_msg *request = NULL, *response = NULL; - size_t request_len, response_len; + struct { + struct inline_ipsec_msg msg; + struct virtchnl_ipsec_sp_cfg sp_cfg; + } sp_req = {0}; + struct { + struct inline_ipsec_msg msg; + struct virtchnl_ipsec_sp_cfg_resp sp_cfg_resp; + } sp_resp = {0}; + struct inline_ipsec_msg *request = &sp_req.msg; + struct inline_ipsec_msg *response = &sp_resp.msg; int rc = 0; - request_len = sizeof(struct inline_ipsec_msg) + - sizeof(struct virtchnl_ipsec_sp_cfg); - request = rte_malloc("iavf-inbound-security-policy-add-request", - request_len, 0); - if (request == NULL) { - rc = -ENOMEM; - goto update_cleanup; - } - /* set msg header params */ request->ipsec_opcode = INLINE_IPSEC_OP_SP_CREATE; request->req_id = (uint16_t)0xDEADBEEF; @@ -768,21 +753,12 @@ iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter, request->ipsec_data.sp_cfg->is_udp = is_udp; request->ipsec_data.sp_cfg->udp_port = htons(udp_port); - response_len = sizeof(struct inline_ipsec_msg) + - sizeof(struct virtchnl_ipsec_sp_cfg_resp); - response = rte_malloc("iavf-inbound-security-policy-add-response", - response_len, 0); - if (response == NULL) { - rc = -ENOMEM; - goto update_cleanup; - } - /* send virtual channel request to add SA to hardware database */ rc = iavf_ipsec_crypto_request(adapter, - (uint8_t *)request, request_len, - (uint8_t *)response, response_len); + (uint8_t *)request, sizeof(sp_req), + (uint8_t *)response, sizeof(sp_resp)); if (rc) - goto update_cleanup; + return rc; /* verify response */ if (response->ipsec_opcode != request->ipsec_opcode || @@ -791,10 +767,6 @@ iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter, else rc = response->ipsec_data.sp_cfg_resp->rule_id; -update_cleanup: - rte_free(request); - rte_free(response); - return rc; } @@ -802,26 +774,18 @@ static uint32_t iavf_ipsec_crypto_sa_update_esn(struct iavf_adapter *adapter, struct iavf_security_session *sess) { - struct inline_ipsec_msg *request = NULL, *response = NULL; - size_t request_len, response_len; + struct { + struct inline_ipsec_msg msg; + struct virtchnl_ipsec_sa_update sa_update; + } sp_req = {0}; + struct { + struct inline_ipsec_msg msg; + struct virtchnl_ipsec_resp ipsec_resp; + } sp_resp = {0}; + struct inline_ipsec_msg *request = &sp_req.msg; + struct inline_ipsec_msg *response = &sp_resp.msg; int rc = 0; - request_len = sizeof(struct inline_ipsec_msg) + - sizeof(struct virtchnl_ipsec_sa_update); - request = rte_malloc("iavf-sa-update-request", request_len, 0); - if (request == NULL) { - rc = -ENOMEM; - goto update_cleanup; - } - - response_len = sizeof(struct inline_ipsec_msg) + - sizeof(struct virtchnl_ipsec_resp); - response = rte_malloc("iavf-sa-update-response", response_len, 0); - if (response == NULL) { - rc = -ENOMEM; - goto update_cleanup; - } - /* set msg header params */ request->ipsec_opcode = INLINE_IPSEC_OP_SA_UPDATE; request->req_id = (uint16_t)0xDEADBEEF; @@ -833,10 +797,10 @@ iavf_ipsec_crypto_sa_update_esn(struct iavf_adapter *adapter, /* send virtual channel request to add SA to hardware database */ rc = iavf_ipsec_crypto_request(adapter, - (uint8_t *)request, request_len, - (uint8_t *)response, response_len); + (uint8_t *)request, sizeof(sp_req), + (uint8_t *)response, sizeof(sp_resp)); if (rc) - goto update_cleanup; + return rc; /* verify response */ if (response->ipsec_opcode != request->ipsec_opcode || @@ -845,10 +809,6 @@ iavf_ipsec_crypto_sa_update_esn(struct iavf_adapter *adapter, else rc = response->ipsec_data.ipsec_resp->resp; -update_cleanup: - rte_free(request); - rte_free(response); - return rc; } @@ -899,26 +859,18 @@ int iavf_ipsec_crypto_security_policy_delete(struct iavf_adapter *adapter, uint8_t is_v4, uint32_t flow_id) { - struct inline_ipsec_msg *request = NULL, *response = NULL; - size_t request_len, response_len; + struct { + struct inline_ipsec_msg msg; + struct virtchnl_ipsec_sp_destroy sp_destroy; + } sp_req = {0}; + struct { + struct inline_ipsec_msg msg; + struct virtchnl_ipsec_resp resp; + } sp_resp = {0}; + struct inline_ipsec_msg *request = &sp_req.msg; + struct inline_ipsec_msg *response = &sp_resp.msg; int rc = 0; - request_len = sizeof(struct inline_ipsec_msg) + - sizeof(struct virtchnl_ipsec_sp_destroy); - request = rte_malloc("iavf-sp-del-request", request_len, 0); - if (request == NULL) { - rc = -ENOMEM; - goto update_cleanup; - } - - response_len = sizeof(struct inline_ipsec_msg) + - sizeof(struct virtchnl_ipsec_resp); - response = rte_malloc("iavf-sp-del-response", response_len, 0); - if (response == NULL) { - rc = -ENOMEM; - goto update_cleanup; - } - /* set msg header params */ request->ipsec_opcode = INLINE_IPSEC_OP_SP_DESTROY; request->req_id = (uint16_t)0xDEADBEEF; @@ -931,21 +883,17 @@ iavf_ipsec_crypto_security_policy_delete(struct iavf_adapter *adapter, /* send virtual channel request to add SA to hardware database */ rc = iavf_ipsec_crypto_request(adapter, - (uint8_t *)request, request_len, - (uint8_t *)response, response_len); + (uint8_t *)request, sizeof(sp_req), + (uint8_t *)response, sizeof(sp_resp)); if (rc) - goto update_cleanup; + return rc; /* verify response */ if (response->ipsec_opcode != request->ipsec_opcode || response->req_id != request->req_id) rc = -EFAULT; else - return response->ipsec_data.ipsec_status->status; - -update_cleanup: - rte_free(request); - rte_free(response); + rc = response->ipsec_data.ipsec_status->status; return rc; } -- 2.47.3
