1 .. SPDX-License-Identifier: BSD-3-Clause
2 Copyright(c) 2015-2019 Intel Corporation.
4 Intel(R) QuickAssist (QAT) Crypto Poll Mode Driver
5 ==================================================
7 QAT documentation consists of three parts:
9 * Details of the symmetric and asymmetric crypto services below.
10 * Details of the :doc:`compression service <../compressdevs/qat_comp>`
11 in the compressdev drivers section.
12 * Details of building the common QAT infrastructure and the PMDs to support the
13 above services. See :ref:`building_qat` below.
16 Symmetric Crypto Service on QAT
17 -------------------------------
19 The QAT symmetric crypto PMD (hereafter referred to as `QAT SYM [PMD]`) provides
20 poll mode crypto driver support for the following hardware accelerator devices:
22 * ``Intel QuickAssist Technology DH895xCC``
23 * ``Intel QuickAssist Technology C62x``
24 * ``Intel QuickAssist Technology C3xxx``
25 * ``Intel QuickAssist Technology 200xx``
26 * ``Intel QuickAssist Technology D15xx``
27 * ``Intel QuickAssist Technology C4xxx``
28 * ``Intel QuickAssist Technology 4xxx``
34 The QAT SYM PMD has support for:
38 * ``RTE_CRYPTO_CIPHER_3DES_CBC``
39 * ``RTE_CRYPTO_CIPHER_3DES_CTR``
40 * ``RTE_CRYPTO_CIPHER_AES128_CBC``
41 * ``RTE_CRYPTO_CIPHER_AES192_CBC``
42 * ``RTE_CRYPTO_CIPHER_AES256_CBC``
43 * ``RTE_CRYPTO_CIPHER_AES128_CTR``
44 * ``RTE_CRYPTO_CIPHER_AES192_CTR``
45 * ``RTE_CRYPTO_CIPHER_AES256_CTR``
46 * ``RTE_CRYPTO_CIPHER_AES_XTS``
47 * ``RTE_CRYPTO_CIPHER_SNOW3G_UEA2``
48 * ``RTE_CRYPTO_CIPHER_NULL``
49 * ``RTE_CRYPTO_CIPHER_KASUMI_F8``
50 * ``RTE_CRYPTO_CIPHER_DES_CBC``
51 * ``RTE_CRYPTO_CIPHER_AES_DOCSISBPI``
52 * ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI``
53 * ``RTE_CRYPTO_CIPHER_ZUC_EEA3``
57 * ``RTE_CRYPTO_AUTH_SHA1``
58 * ``RTE_CRYPTO_AUTH_SHA1_HMAC``
59 * ``RTE_CRYPTO_AUTH_SHA224``
60 * ``RTE_CRYPTO_AUTH_SHA224_HMAC``
61 * ``RTE_CRYPTO_AUTH_SHA256``
62 * ``RTE_CRYPTO_AUTH_SHA256_HMAC``
63 * ``RTE_CRYPTO_AUTH_SHA384``
64 * ``RTE_CRYPTO_AUTH_SHA384_HMAC``
65 * ``RTE_CRYPTO_AUTH_SHA512``
66 * ``RTE_CRYPTO_AUTH_SHA512_HMAC``
67 * ``RTE_CRYPTO_AUTH_AES_XCBC_MAC``
68 * ``RTE_CRYPTO_AUTH_SNOW3G_UIA2``
69 * ``RTE_CRYPTO_AUTH_MD5_HMAC``
70 * ``RTE_CRYPTO_AUTH_NULL``
71 * ``RTE_CRYPTO_AUTH_KASUMI_F9``
72 * ``RTE_CRYPTO_AUTH_AES_GMAC``
73 * ``RTE_CRYPTO_AUTH_ZUC_EIA3``
74 * ``RTE_CRYPTO_AUTH_AES_CMAC``
76 Supported AEAD algorithms:
78 * ``RTE_CRYPTO_AEAD_AES_GCM``
79 * ``RTE_CRYPTO_AEAD_AES_CCM``
80 * ``RTE_CRYPTO_AEAD_CHACHA20_POLY1305``
84 * ``RTE_SECURITY_PROTOCOL_DOCSIS``
89 All the usual chains are supported and also some mixed chains:
91 .. table:: Supported hash-cipher chains for wireless digest-encrypted cases
93 +------------------+-----------+-------------+----------+----------+
94 | Cipher algorithm | NULL AUTH | SNOW3G UIA2 | ZUC EIA3 | AES CMAC |
95 +==================+===========+=============+==========+==========+
96 | NULL CIPHER | Y | 2&3 | 2&3 | Y |
97 +------------------+-----------+-------------+----------+----------+
98 | SNOW3G UEA2 | 2&3 | 1&2&3 | 2&3 | 2&3 |
99 +------------------+-----------+-------------+----------+----------+
100 | ZUC EEA3 | 2&3 | 2&3 | 2&3 | 2&3 |
101 +------------------+-----------+-------------+----------+----------+
102 | AES CTR | 1&2&3 | 2&3 | 2&3 | Y |
103 +------------------+-----------+-------------+----------+----------+
105 * The combinations marked as "Y" are supported on all QAT hardware versions.
106 * The combinations marked as "2&3" are supported on GEN2 and GEN3 QAT hardware only.
107 * The combinations marked as "1&2&3" are supported on GEN1, GEN2 and GEN3 QAT hardware only.
113 * Only supports the session-oriented API implementation (session-less APIs are not supported).
114 * SNOW 3G (UEA2), KASUMI (F8) and ZUC (EEA3) supported only if cipher length and offset fields are byte-multiple.
115 * SNOW 3G (UIA2) and ZUC (EIA3) supported only if hash length and offset fields are byte-multiple.
116 * No BSD support as BSD QAT kernel driver not available.
117 * ZUC EEA3/EIA3 is not supported by dh895xcc devices
118 * Maximum additional authenticated data (AAD) for GCM is 240 bytes long and must be passed to the device in a buffer rounded up to the nearest block-size multiple (x16) and padded with zeros.
119 * Queue-pairs are thread-safe on Intel CPUs but Queues are not (that is, within a single
120 queue-pair all enqueues to the TX queue must be done from one thread and all dequeues
121 from the RX queue must be done from one thread, but enqueues and dequeues may be done
122 in different threads.)
123 * A GCM limitation exists, but only in the case where there are multiple
124 generations of QAT devices on a single platform.
125 To optimise performance, the GCM crypto session should be initialised for the
126 device generation to which the ops will be enqueued. Specifically if a GCM
127 session is initialised on a GEN2 device, but then attached to an op enqueued
128 to a GEN3 device, it will work but cannot take advantage of hardware
129 optimisations in the GEN3 device. And if a GCM session is initialised on a
130 GEN3 device, then attached to an op sent to a GEN1/GEN2 device, it will not be
131 enqueued to the device and will be marked as failed. The simplest way to
132 mitigate this is to use the PCI allowlist to avoid mixing devices of different
133 generations in the same process if planning to use for GCM.
134 * The mixed algo feature on GEN2 is not supported by all kernel drivers. Check
135 the notes under the Available Kernel Drivers table below for specific details.
136 * Out-of-place is not supported for combined Crypto-CRC DOCSIS security
138 * ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` is not supported for combined Crypto-CRC
139 DOCSIS security protocol.
140 * Multi-segment buffers are not supported for combined Crypto-CRC DOCSIS
143 Extra notes on KASUMI F9
144 ~~~~~~~~~~~~~~~~~~~~~~~~
146 When using KASUMI F9 authentication algorithm, the input buffer must be
147 constructed according to the
148 `3GPP KASUMI specification <http://cryptome.org/3gpp/35201-900.pdf>`_
149 (section 4.4, page 13). The input buffer has to have COUNT (4 bytes),
150 FRESH (4 bytes), MESSAGE and DIRECTION (1 bit) concatenated. After the DIRECTION
151 bit, a single '1' bit is appended, followed by between 0 and 7 '0' bits, so that
152 the total length of the buffer is multiple of 8 bits. Note that the actual
153 message can be any length, specified in bits.
155 Once this buffer is passed this way, when creating the crypto operation,
156 length of data to authenticate "op.sym.auth.data.length" must be the length
157 of all the items described above, including the padding at the end.
158 Also, offset of data to authenticate "op.sym.auth.data.offset"
159 must be such that points at the start of the COUNT bytes.
161 Asymmetric Crypto Service on QAT
162 --------------------------------
164 The QAT asymmetric crypto PMD (hereafter referred to as `QAT ASYM [PMD]`) provides
165 poll mode crypto driver support for the following hardware accelerator devices:
167 * ``Intel QuickAssist Technology DH895xCC``
168 * ``Intel QuickAssist Technology C62x``
169 * ``Intel QuickAssist Technology C3xxx``
170 * ``Intel QuickAssist Technology D15xx``
171 * ``Intel QuickAssist Technology C4xxx``
172 * ``Intel QuickAssist Technology 4xxx``
174 The QAT ASYM PMD has support for:
176 * ``RTE_CRYPTO_ASYM_XFORM_MODEX``
177 * ``RTE_CRYPTO_ASYM_XFORM_MODINV``
178 * ``RTE_CRYPTO_ASYM_XFORM_RSA``
179 * ``RTE_CRYPTO_ASYM_XFORM_ECDSA``
180 * ``RTE_CRYPTO_ASYM_XFORM_ECPM``
185 * Big integers longer than 4096 bits are not supported.
186 * Queue-pairs are thread-safe on Intel CPUs but Queues are not (that is, within a single
187 queue-pair all enqueues to the TX queue must be done from one thread and all dequeues
188 from the RX queue must be done from one thread, but enqueues and dequeues may be done
189 in different threads.)
190 * RSA-2560, RSA-3584 are not supported
197 A QAT device can host multiple acceleration services:
199 * symmetric cryptography
201 * asymmetric cryptography
203 These services are provided to DPDK applications via PMDs which register to
204 implement the corresponding cryptodev and compressdev APIs. The PMDs use
205 common QAT driver code which manages the QAT PCI device. They also depend on a
206 QAT kernel driver being installed on the platform, see :ref:`qat_kernel` below.
209 Configuring and Building the DPDK QAT PMDs
210 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
213 Further information on configuring, building and installing DPDK is described
214 :doc:`here <../linux_gsg/build_dpdk>`.
216 .. _building_qat_config:
221 These are the build configuration options affecting QAT, and their default values:
223 .. code-block:: console
225 RTE_PMD_QAT_MAX_PCI_DEVICES=48
226 RTE_PMD_QAT_COMP_IM_BUFFER_SIZE=65536
228 Both QAT SYM PMD and QAT ASYM PMD have an external dependency on libcrypto, so are not
231 The QAT compressdev PMD has no external dependencies, so is built by default.
233 The number of VFs per PF varies - see table below. If multiple QAT packages are
234 installed on a platform then RTE_PMD_QAT_MAX_PCI_DEVICES should be
235 adjusted to the number of VFs which the QAT common code will need to handle.
239 There are separate config items (not QAT-specific) for max cryptodevs
240 RTE_CRYPTO_MAX_DEVS and max compressdevs RTE_COMPRESS_MAX_DEVS,
241 if necessary these should be adjusted to handle the total of QAT and other
242 devices which the process will use. In particular for crypto, where each
243 QAT VF may expose two crypto devices, sym and asym, it may happen that the
244 number of devices will be bigger than MAX_DEVS and the process will show an error
245 during PMD initialisation. To avoid this problem RTE_CRYPTO_MAX_DEVS may be
246 increased or -a, allow domain:bus:devid:func option may be used.
249 QAT compression PMD needs intermediate buffers to support Deflate compression
250 with Dynamic Huffman encoding. RTE_PMD_QAT_COMP_IM_BUFFER_SIZE
251 specifies the size of a single buffer, the PMD will allocate a multiple of these,
252 plus some extra space for associated meta-data. For GEN2 devices, 20 buffers are
253 allocated while for GEN1 devices, 12 buffers are allocated, plus 1472 bytes overhead.
257 If the compressed output of a Deflate operation using Dynamic Huffman
258 Encoding is too big to fit in an intermediate buffer, then the
259 operation will be split into smaller operations and their results will
260 be merged afterwards.
261 This is not possible if any checksum calculation was requested - in such
262 case the code falls back to fixed compression.
263 To avoid this less performant case, applications should configure
264 the intermediate buffer size to be larger than the expected input data size
265 (compressed output size is usually unknown, so the only option is to make
266 larger than the input size).
269 Running QAT PMD with minimum threshold for burst size
270 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
272 If only a small number or packets can be enqueued. Each enqueue causes an expensive MMIO write.
273 These MMIO write occurrences can be optimised by setting any of the following parameters:
275 - qat_sym_enq_threshold
276 - qat_asym_enq_threshold
277 - qat_comp_enq_threshold
279 When any of these parameters is set rte_cryptodev_enqueue_burst function will
280 return 0 (thereby avoiding an MMIO) if the device is congested and number of packets
281 possible to enqueue is smaller.
282 To use this feature the user must set the parameter on process start as a device additional parameter::
284 -a 03:01.1,qat_sym_enq_threshold=32,qat_comp_enq_threshold=16
286 All parameters can be used with the same device regardless of order. Parameters are separated
287 by comma. When the same parameter is used more than once first occurrence of the parameter
289 Maximum threshold that can be set is 32.
291 Running QAT PMD with Intel IPSEC MB library for symmetric precomputes function
292 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
294 The QAT PMD use Openssl library for partial hash calculation in symmetirc precomputes function by
295 default, the following parameter is allow QAT PMD switch over to multi-buffer job API if Intel
296 IPSEC MB library installed on system.
300 To use this feature the user must set the parameter on process start as a device additional parameter::
302 -a 03:01.1,qat_ipsec_mb_lib=1
305 Device and driver naming
306 ~~~~~~~~~~~~~~~~~~~~~~~~
308 * The qat cryptodev symmetric crypto driver name is "crypto_qat".
309 * The qat cryptodev asymmetric crypto driver name is "crypto_qat_asym".
311 The "rte_cryptodev_devices_get()" returns the devices exposed by either of these drivers.
313 * Each qat sym crypto device has a unique name, in format
314 "<pci bdf>_<service>", e.g. "0000:41:01.0_qat_sym".
315 * Each qat asym crypto device has a unique name, in format
316 "<pci bdf>_<service>", e.g. "0000:41:01.0_qat_asym".
317 This name can be passed to "rte_cryptodev_get_dev_id()" to get the device_id.
321 The cryptodev driver name is passed to the dpdk-test-crypto-perf tool in the "-devtype" parameter.
323 The qat crypto device name is in the format of the worker parameter passed to the crypto scheduler.
325 * The qat compressdev driver name is "compress_qat".
326 The rte_compressdev_devices_get() returns the devices exposed by this driver.
328 * Each qat compression device has a unique name, in format
329 <pci bdf>_<service>, e.g. "0000:41:01.0_qat_comp".
330 This name can be passed to rte_compressdev_get_dev_id() to get the device_id.
334 Dependency on the QAT kernel driver
335 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
337 To use QAT an SRIOV-enabled QAT kernel driver is required. The VF
338 devices created and initialised by this driver will be used by the QAT PMDs.
340 Instructions for installation are below, but first an explanation of the
341 relationships between the PF/VF devices and the PMDs visible to
344 Each QuickAssist PF device exposes a number of VF devices. Each VF device can
345 enable one symmetric cryptodev PMD and/or one asymmetric cryptodev PMD and/or
347 These QAT PMDs share the same underlying device and pci-mgmt code, but are
348 enumerated independently on their respective APIs and appear as independent
349 devices to applications.
353 Each VF can only be used by one DPDK process. It is not possible to share
354 the same VF across multiple processes, even if these processes are using
355 different acceleration services.
357 Conversely one DPDK process can use one or more QAT VFs and can expose both
358 cryptodev and compressdev instances on each of those VFs.
361 Available kernel drivers
362 ~~~~~~~~~~~~~~~~~~~~~~~~
364 Kernel drivers for each device for each service are listed in the following table. (Scroll right
365 to see the full table)
368 .. _table_qat_pmds_drivers:
370 .. table:: QAT device generations, devices and drivers
372 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
373 | S | A | C | Gen | Device | Driver/ver | Kernel Module | Pci Driver | PF Did | #PFs | VF Did | VFs/PF |
374 +=====+=====+=====+=====+==========+===============+===============+============+========+======+========+========+
375 | Yes | No | No | 1 | DH895xCC | linux/4.4+ | qat_dh895xcc | dh895xcc | 435 | 1 | 443 | 32 |
376 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
377 | Yes | Yes | No | " | " | 01.org/4.2.0+ | " | " | " | " | " | " |
378 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
379 | Yes | Yes | Yes | " | " | 01.org/4.3.0+ | " | " | " | " | " | " |
380 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
381 | Yes | No | No | 2 | C62x | linux/4.5+ | qat_c62x | c6xx | 37c8 | 3 | 37c9 | 16 |
382 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
383 | Yes | Yes | Yes | " | " | 01.org/4.2.0+ | " | " | " | " | " | " |
384 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
385 | Yes | No | No | 2 | C3xxx | linux/4.5+ | qat_c3xxx | c3xxx | 19e2 | 1 | 19e3 | 16 |
386 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
387 | Yes | Yes | Yes | " | " | 01.org/4.2.0+ | " | " | " | " | " | " |
388 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
389 | Yes | No | No | 2 | 200xx | p | qat_200xx | 200xx | 18ee | 1 | 18ef | 16 |
390 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
391 | Yes | No | No | 2 | D15xx | 01.org/4.2.0+ | qat_d15xx | d15xx | 6f54 | 1 | 6f55 | 16 |
392 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
393 | Yes | No | No | 3 | C4xxx | p | qat_c4xxx | c4xxx | 18a0 | 1 | 18a1 | 128 |
394 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
395 | Yes | No | No | 4 | 4xxx | N/A | qat_4xxx | 4xxx | 4940 | 4 | 4941 | 16 |
396 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
397 | Yes | No | No | 4 | 401xxx | N/A | qat_401xxx | 4xxx | 4942 | 2 | 4943 | 16 |
398 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
400 * Note: Symmetric mixed crypto algorithms feature on Gen 2 works only with 01.org driver version 4.9.0+
402 The first 3 columns indicate the service:
404 * S = Symmetric crypto service (via cryptodev API)
405 * A = Asymmetric crypto service (via cryptodev API)
406 * C = Compression service (via compressdev API)
408 The ``Driver`` column indicates either the Linux kernel version in which
409 support for this device was introduced or a driver available on Intel's 01.org
410 website. There are both linux in-tree and 01.org kernel drivers available for some
411 devices. p = release pending.
413 If you are running on a kernel which includes a driver for your device, see
414 `Installation using kernel.org driver`_ below. Otherwise see
415 `Installation using 01.org QAT driver`_.
418 Installation using kernel.org driver
419 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
421 The examples below are based on the C62x device, if you have a different device
422 use the corresponding values in the above table.
424 In BIOS ensure that SRIOV is enabled and either:
427 * Enable VT-d and set ``"intel_iommu=on iommu=pt"`` in the grub file.
429 Check that the QAT driver is loaded on your system, by executing::
433 You should see the kernel module for your device listed, e.g.::
436 intel_qat 82336 1 qat_c62x
438 Next, you need to expose the Virtual Functions (VFs) using the sysfs file system.
440 First find the BDFs (Bus-Device-Function) of the physical functions (PFs) of
445 You should see output similar to::
447 1a:00.0 Co-processor: Intel Corporation Device 37c8
448 3d:00.0 Co-processor: Intel Corporation Device 37c8
449 3f:00.0 Co-processor: Intel Corporation Device 37c8
451 Enable the VFs for each PF by echoing the number of VFs per PF to the pci driver::
453 echo 16 > /sys/bus/pci/drivers/c6xx/0000:1a:00.0/sriov_numvfs
454 echo 16 > /sys/bus/pci/drivers/c6xx/0000:3d:00.0/sriov_numvfs
455 echo 16 > /sys/bus/pci/drivers/c6xx/0000:3f:00.0/sriov_numvfs
457 Check that the VFs are available for use. For example ``lspci -d:37c9`` should
458 list 48 VF devices available for a ``C62x`` device.
460 To complete the installation follow the instructions in
461 `Binding the available VFs to the vfio-pci driver`_.
465 If the QAT kernel modules are not loaded and you see an error like ``Failed
466 to load MMP firmware qat_895xcc_mmp.bin`` in kernel logs, this may be as a
467 result of not using a distribution, but just updating the kernel directly.
469 Download firmware from the `kernel firmware repo
470 <http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree/>`_.
472 Copy qat binaries to ``/lib/firmware``::
474 cp qat_895xcc.bin /lib/firmware
475 cp qat_895xcc_mmp.bin /lib/firmware
477 Change to your linux source root directory and start the qat kernel modules::
479 insmod ./drivers/crypto/qat/qat_common/intel_qat.ko
480 insmod ./drivers/crypto/qat/qat_dh895xcc/qat_dh895xcc.ko
484 If you see the following warning in ``/var/log/messages`` it can be ignored:
485 ``IOMMU should be enabled for SR-IOV to work correctly``.
488 Installation using 01.org QAT driver
489 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
491 Download the latest QuickAssist Technology Driver from `01.org
492 <https://01.org/packet-processing/intel%C2%AE-quickassist-technology-drivers-and-patches>`_.
493 Consult the *Getting Started Guide* at the same URL for further information.
495 The steps below assume you are:
497 * Building on a platform with one ``C62x`` device.
498 * Using package ``qat1.7.l.4.2.0-000xx.tar.gz``.
499 * On Fedora26 kernel ``4.11.11-300.fc26.x86_64``.
501 In the BIOS ensure that SRIOV is enabled and VT-d is disabled.
503 Uninstall any existing QAT driver, for example by running:
505 * ``./installer.sh uninstall`` in the directory where originally installed.
508 Build and install the SRIOV-enabled QAT driver::
513 # Copy the package to this location and unpack
514 tar zxof qat1.7.l.4.2.0-000xx.tar.gz
516 ./configure --enable-icp-sriov=host
519 You can use ``cat /sys/kernel/debug/qat<your device type and bdf>/version/fw`` to confirm the driver is correctly installed and is using firmware version 4.2.0.
520 You can use ``lspci -d:37c9`` to confirm the presence of the 16 VF devices available per ``C62x`` PF.
522 Confirm the driver is correctly installed and is using firmware version 4.2.0::
524 cat /sys/kernel/debug/qat<your device type and bdf>/version/fw
527 Confirm the presence of 48 VF devices - 16 per PF::
532 To complete the installation - follow instructions in
533 `Binding the available VFs to the vfio-pci driver`_.
537 If using a later kernel and the build fails with an error relating to
538 ``strict_stroul`` not being available apply the following patch:
542 /QAT/QAT1.6/quickassist/utilities/downloader/Target_CoreLibs/uclo/include/linux/uclo_platform.h
543 + #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,18,5)
544 + #define STR_TO_64(str, base, num, endPtr) {endPtr=NULL; if (kstrtoul((str), (base), (num))) printk("Error strtoull convert %s\n", str); }
546 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,38)
547 #define STR_TO_64(str, base, num, endPtr) {endPtr=NULL; if (strict_strtoull((str), (base), (num))) printk("Error strtoull convert %s\n", str); }
549 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
550 #define STR_TO_64(str, base, num, endPtr) {endPtr=NULL; strict_strtoll((str), (base), (num));}
552 #define STR_TO_64(str, base, num, endPtr) \
556 *(num) = -(simple_strtoull((str+1), &(endPtr), (base))); \
558 *(num) = simple_strtoull((str), &(endPtr), (base)); \
568 If the build fails due to missing header files you may need to do following::
570 sudo yum install zlib-devel
571 sudo yum install openssl-devel
572 sudo yum install libudev-devel
576 If the build or install fails due to mismatching kernel sources you may need to do the following::
578 sudo yum install kernel-headers-`uname -r`
579 sudo yum install kernel-src-`uname -r`
580 sudo yum install kernel-devel-`uname -r`
583 Binding the available VFs to the vfio-pci driver
584 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
588 * Please note that due to security issues, the usage of older DPDK igb_uio
589 driver is not recommended. This document shows how to use the more secure
591 * If QAT fails to bind to vfio-pci on Linux kernel 5.9+, please see the
592 QATE-39220 and QATE-7495 issues in
593 `01.org doc <https://01.org/sites/default/files/downloads/336211-015-qatsoftwareforlinux-rn-hwv1.7-final.pdf>`_
594 which details the constraint about trusted guests and add `disable_denylist=1`
595 to the vfio-pci params to use QAT. See also `this patch description <https://lkml.org/lkml/2020/7/23/1155>`_.
597 Unbind the VFs from the stock driver so they can be bound to the vfio-pci driver.
599 For an Intel(R) QuickAssist Technology DH895xCC device
600 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
602 The unbind command below assumes ``BDFs`` of ``03:01.00-03:04.07``, if your
603 VFs are different adjust the unbind command below::
605 cd to the top-level DPDK directory
606 for device in $(seq 1 4); do \
607 for fn in $(seq 0 7); do \
608 usertools/dpdk-devbind.py -u 0000:03:0${device}.${fn}; \
612 For an Intel(R) QuickAssist Technology C62x device
613 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
615 The unbind command below assumes ``BDFs`` of ``1a:01.00-1a:02.07``,
616 ``3d:01.00-3d:02.07`` and ``3f:01.00-3f:02.07``, if your VFs are different
617 adjust the unbind command below::
619 cd to the top-level DPDK directory
620 for device in $(seq 1 2); do \
621 for fn in $(seq 0 7); do \
622 usertools/dpdk-devbind.py -u 0000:1a:0${device}.${fn}; \
623 usertools/dpdk-devbind.py -u 0000:3d:0${device}.${fn}; \
624 usertools/dpdk-devbind.py -u 0000:3f:0${device}.${fn}; \
628 For Intel(R) QuickAssist Technology C3xxx or 200xx or D15xx device
629 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
631 The unbind command below assumes ``BDFs`` of ``01:01.00-01:02.07``, if your
632 VFs are different adjust the unbind command below::
634 cd to the top-level DPDK directory
635 for device in $(seq 1 2); do \
636 for fn in $(seq 0 7); do \
637 usertools/dpdk-devbind.py -u 0000:01:0${device}.${fn}; \
641 Bind to the vfio-pci driver
642 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
644 Load the vfio-pci driver, bind the VF PCI Device id to it using the
645 ``dpdk-devbind.py`` script then use the ``--status`` option
646 to confirm the VF devices are now in use by vfio-pci kernel driver,
647 e.g. for the C62x device::
649 cd to the top-level DPDK directory
651 usertools/dpdk-devbind.py -b vfio-pci 0000:03:01.1
652 usertools/dpdk-devbind.py --status
654 Use ``modprobe vfio-pci disable_denylist=1`` from kernel 5.9 onwards.
655 See note in the section `Binding the available VFs to the vfio-pci driver`_
661 QAT SYM crypto PMD can be tested by running the test application::
663 cd ./<build_dir>/app/test
664 ./dpdk-test -l1 -n1 -a <your qat bdf>
665 RTE>>cryptodev_qat_autotest
667 QAT ASYM crypto PMD can be tested by running the test application::
669 cd ./<build_dir>/app/test
670 ./dpdk-test -l1 -n1 -a <your qat bdf>
671 RTE>>cryptodev_qat_asym_autotest
673 QAT compression PMD can be tested by running the test application::
675 cd ./<build_dir>/app/test
676 ./dpdk-test -l1 -n1 -a <your qat bdf>
677 RTE>>compressdev_autotest
683 There are 2 sets of trace available via the dynamic logging feature:
685 * pmd.qat.dp exposes trace on the data-path.
686 * pmd.qat.general exposes all other trace.
688 pmd.qat exposes both sets of traces.
689 They can be enabled using the log-level option (where 8=maximum log level) on
690 the process cmdline, e.g. using any of the following::
692 --log-level="pmd.qat.general,8"
693 --log-level="pmd.qat.dp,8"
694 --log-level="pmd.qat,8"
698 The global RTE_LOG_DP_LEVEL overrides data-path trace so must be set to
699 RTE_LOG_DEBUG to see all the trace. This variable is in config/rte_config.h
701 Also the dynamic global log level overrides both sets of trace, so e.g. no
702 QAT trace would display in this case::
704 --log-level="7" --log-level="pmd.qat.general,8"