dpdk.git
5 years agonet/qede: fix stats flow as per new allocation method
Shahed Shaikh [Thu, 12 Sep 2019 15:24:15 +0000 (08:24 -0700)]
net/qede: fix stats flow as per new allocation method

As per new method, need to consider hw stats of queues from
both engines. This patch fixes the stats collection flow accordingly.

Fixes: 2af14ca79c0a ("net/qede: support 100G")
Cc: stable@dpdk.org
Signed-off-by: Shahed Shaikh <shshaikh@marvell.com>
5 years agonet/qede: fix RSS configuration as per new allocation method
Shahed Shaikh [Thu, 12 Sep 2019 15:24:14 +0000 (08:24 -0700)]
net/qede: fix RSS configuration as per new allocation method

With old design, RETA was configured in round-robin fashion since
queue allocation was distributed across both engines alternately.
Now, we need to configure RETA symmetrically on both engines since
both engines have same number of queues.

Fixes: 2af14ca79c0a ("net/qede: support 100G")
Cc: stable@dpdk.org
Signed-off-by: Shahed Shaikh <shshaikh@marvell.com>
5 years agonet/qede: fix odd number of queues usage in 100G mode
Shahed Shaikh [Thu, 12 Sep 2019 15:24:13 +0000 (08:24 -0700)]
net/qede: fix odd number of queues usage in 100G mode

As per HW design of 100Gb mode, device internally uses 2 engines
(eng0 and eng1), and both engines need to be configured symmetrically.
Based on this requirement, driver design chose an approach
to allow user to allocate only even number of queues and split
those queues on both engines equally.

This approach puts a limitation on number of queues to be allocated -
i.e. user can't configure odd number of queues on 100Gb mode.
OVS configures DPDK port with 1 rxq and 1 txq, which causes initialization
of qede port to fail.

Issue is fixed by changing the implementation of queue allocation and
assignment to hw engines only for 100Gb devices and allowing user to
configure odd number queues.

New approach works as below -
- Create 'struct qede_fastpath_cmt' to hold hw queue pair of both engines
  and provide it to rte_ethdev's Rx/Tx queues structure.
- So ethdev will see only one queue for underlying queue pair created for
  hw engine pair.
- Install separate Rx/Tx data path handlers for 100Gb mode and regular mode
- Rx/Tx handlers for 100Gb mode will split packet processing across both
  engines by providing hw queue structures from 'struct qede_fastpath_cmt'
  passed by Rx/Tx callbacks to respective engines.

Fixes: 2af14ca79c0a ("net/qede: support 100G")
Cc: stable@dpdk.org
Signed-off-by: Shahed Shaikh <shshaikh@marvell.com>
5 years agonet/qede: refactor Rx and Tx queue setup
Shahed Shaikh [Thu, 12 Sep 2019 15:24:12 +0000 (08:24 -0700)]
net/qede: refactor Rx and Tx queue setup

This patch refactors Rx and Tx queue setup flow required to allow
odd number of queues to be configured in next patch.

This is the first patch of the series required to fix an issue
where qede port initialization in ovs-dpdk fails due to 1 Rx/Tx queue
configuration. Detailed explanation is given in next patch.

Fixes: 2af14ca79c0a ("net/qede: support 100G")
Cc: stable@dpdk.org
Signed-off-by: Shahed Shaikh <shshaikh@marvell.com>
5 years agonet/mlx5: fix Rx CQ doorbell synchronization on aarch64
Phil Yang [Thu, 5 Sep 2019 10:55:07 +0000 (18:55 +0800)]
net/mlx5: fix Rx CQ doorbell synchronization on aarch64

The Rx completion queue doorbell field needs to be updated after
the last CQE decompressed. For the weaker memory model processors,
the compiler barrier is not sufficient to guarantee the order of
these operations, so use the coherent I/O memory barrier to make
sure these fields are updated in order.

Fixes: 570acdb1da8a ("net/mlx5: add vectorized Rx/Tx burst for ARM")
Cc: stable@dpdk.org
Suggested-by: Gavin Hu <gavin.hu@arm.com>
Signed-off-by: Phil Yang <phil.yang@arm.com>
Reviewed-by: Gavin Hu <gavin.hu@arm.com>
Acked-by: Matan Azrad <matan@mellanox.com>
5 years agonet/mlx5: skip table zero to improve insertion rate
Dekel Peled [Wed, 11 Sep 2019 11:03:36 +0000 (14:03 +0300)]
net/mlx5: skip table zero to improve insertion rate

E-switch tables one and above provide higher insertion rate
than table zero, as well as enhanced functionality.

This patch adds a mechanism to utilize these advantages, by creating
a default rule on port start, which directs all packets from e-switch
table zero to table one.
Other flow rules, requested for group n, will be created in
e-switch table n+1.
Jump action to e-switch group n will be created to group n+1.

Utility function mlx5_flow_group_to_table() is added to translate the
rte_flow group value to HW table value, and is called by PMD flow
engine on flow rule validation and creation.

Signed-off-by: Dekel Peled <dekelp@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
5 years agonet/i40e: downgrade error log
Eelco Chaudron [Thu, 12 Sep 2019 10:38:35 +0000 (06:38 -0400)]
net/i40e: downgrade error log

When receiving the unsupported AQ messages, it's taken as an
error. It's not appropriate and triggers too much unnecessary print.

This commit is similar to
commit e130425300b0 ("net/i40e: downgrade unnecessary error log")
which made the same change for the PF instance.

Fixes: ae19955e7c86 ("i40evf: support reporting PF reset")
Cc: stable@dpdk.org
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>
5 years agonet/e1000: fix memory barrier usage in Tx
Xiao Zhang [Tue, 10 Sep 2019 17:41:18 +0000 (01:41 +0800)]
net/e1000: fix memory barrier usage in Tx

Use rte_cio_wmb instead of rte_wmb when writing TX descriptor since it's
CIO memory.
Replace rte_io_wmb and E1000_PCI_REG_WRITE_RELAXED with
E1000_PCI_REG_WRITE since it has rte_io_wmb inside, which will be more
clear.

Fixes: 1fc9701238ed ("net/e1000: fix i219 hang on reset/close")
Cc: stable@dpdk.org
Signed-off-by: Xiao Zhang <xiao.zhang@intel.com>
Reviewed-by: Gavin Hu <gavin.hu@arm.com>
Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>
5 years agonet/e1000: fix MAC type checking
Xiao Zhang [Tue, 10 Sep 2019 17:40:55 +0000 (01:40 +0800)]
net/e1000: fix MAC type checking

The mac types of i219 are e1000_pch_spt and e1000_pch_cnp, correct the
checking code of mac type when flushing i219 descriptor rings.

Fixes: 1fc9701238ed ("net/e1000: fix i219 hang on reset/close")
Cc: stable@dpdk.org
Reported-by: Kevin Traynor <ktraynor@redhat.com>
Signed-off-by: Xiao Zhang <xiao.zhang@intel.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>
5 years agonet/mlx5: fix netlink RDMA socket callback routine
Viacheslav Ovsiienko [Tue, 10 Sep 2019 13:51:51 +0000 (13:51 +0000)]
net/mlx5: fix netlink RDMA socket callback routine

The mlx5 PMD uses Netlink socket to communicate with Infiniband
devices kernel drivers to perform some control and setup operations.
The kernel drivers send the information back to the user mode
with Netlink messages which are processed in libnl callback routine.
This routine perform reply message (or set of messages) processing
and returned the processing result in ibindex field of provided
context structure (of mlx5_nl_ifindex_data type). The zero ibindex
value meant an error of reply message processing. It was found in
some configurations the zero is valid value for ibindex and error
was wrongly raised. To avoid this the new flags field is provided
in context structure, attribute processing flags are introduced
and these flags are used to decide whether no error occurred and
valid queried values are returned.

Fixes: e505508a3858 ("net/mlx5: modify get ifindex routine for multiport IB")
Cc: stable@dpdk.org
Signed-off-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
5 years agonet/mlx5: support reading module EEPROM data
Dekel Peled [Mon, 9 Sep 2019 11:04:35 +0000 (14:04 +0300)]
net/mlx5: support reading module EEPROM data

This patch implements ethdev operations get_module_info and
get_module_eeprom, to support ethtool commands ETHTOOL_GMODULEINFO
and ETHTOOL_GMODULEEEPROM.

New functions mlx5_get_module_info() and mlx5_get_module_eeprom()
added in mlx5_ethdev.c.

Signed-off-by: Dekel Peled <dekelp@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
5 years agonet/mlx5: support modify VLAN ID on existing VLAN header
Moti Haimovsky [Mon, 9 Sep 2019 15:56:49 +0000 (18:56 +0300)]
net/mlx5: support modify VLAN ID on existing VLAN header

This commit adds support for modifying the VID of the outermost VLAN
header already present in the packet.

Signed-off-by: Moti Haimovsky <motih@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
5 years agonet/mlx5: support modify VLAN ID on new VLAN header
Moti Haimovsky [Mon, 9 Sep 2019 15:56:48 +0000 (18:56 +0300)]
net/mlx5: support modify VLAN ID on new VLAN header

This commit adds support for modifying the VLAN ID (VID) field
in an about-to-be-pushed VLAN header.
This feature can only modify the VID field of a new VLAN header yet
to be pushed. It does not support modifying an existing or already
pushed VLAN headers.

Signed-off-by: Moti Haimovsky <motih@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
5 years agonet/mlx5: support modifying VLAN priority on VLAN header
Moti Haimovsky [Mon, 9 Sep 2019 15:56:47 +0000 (18:56 +0300)]
net/mlx5: support modifying VLAN priority on VLAN header

This commit adds support for modifying the VLAN priority (PCP) field
in about-to-be-pushed VLAN header.
This feature can only modify the PCP field of a new VLAN header yet
to be pushed. It does not support modifying an existing or already
pushed VLAN headers.

Signed-off-by: Moti Haimovsky <motih@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
5 years agonet/mlx5: support push flow action on VLAN header
Moti Haimovsky [Mon, 9 Sep 2019 15:56:46 +0000 (18:56 +0300)]
net/mlx5: support push flow action on VLAN header

This commit adds support for RTE_FLOW_ACTION_TYPE_OF_PUSH_VLAN using
direct verbs flow rules.
If present in the flow, The VLAN default values are taken from the
VLAN item configuration.
In this commit only the VLAN TPID value can be set since VLAN
modification actions are not supported yet.

Signed-off-by: Moti Haimovsky <motih@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
5 years agonet/mlx5: support pop flow action on VLAN header
Moti Haimovsky [Mon, 9 Sep 2019 15:56:45 +0000 (18:56 +0300)]
net/mlx5: support pop flow action on VLAN header

This commit adds support for RTE_FLOW_ACTION_TYPE_OF_POP_VLAN via
direct verbs flow rules.

Signed-off-by: Moti Haimovsky <motih@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
5 years agonet/mlx5: add VLAN push/pop DR commands to glue
Moti Haimovsky [Mon, 9 Sep 2019 15:56:44 +0000 (18:56 +0300)]
net/mlx5: add VLAN push/pop DR commands to glue

This commit adds the mlx5dv VLAN push and pop commands to mlx5_glue
interface.

Signed-off-by: Moti Haimovsky <motih@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
5 years agonet/mlx5: support flow action search in a list
Moti Haimovsky [Mon, 9 Sep 2019 15:56:43 +0000 (18:56 +0300)]
net/mlx5: support flow action search in a list

This commit adds a helper routine that supports searching for a
specific action in a list of actions.

Signed-off-by: Moti Haimovsky <motih@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
5 years agonet/mlx5: fix Tx descriptor with VLAN insertions
Viacheslav Ovsiienko [Tue, 3 Sep 2019 12:35:05 +0000 (12:35 +0000)]
net/mlx5: fix Tx descriptor with VLAN insertions

If VLAN tag insertion transmit offload is engaged
(DEV_TX_OFFLOAD_VLAN_INSERT in tx queue configuration is set)
the transmit descriptor may be built with wrong format, due to
packet length is not adjusted. Also, the ring buffer wrap up
is not handled correctly.

Fixes: 18a1c20044c0 ("net/mlx5: implement Tx burst template")
Cc: stable@dpdk.org
Signed-off-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
5 years agoevent/dpaa: support crypto adapter
Akhil Goyal [Fri, 4 Oct 2019 11:26:59 +0000 (16:56 +0530)]
event/dpaa: support crypto adapter

event dpaa device support both ethernet as well as
crypto queues to be attached to it. eth_rx_adapter
provide infrastructure to attach ethernet queues and
crypto_adapter provide support for crypto queues.

This patch add support for dpaa_eventdev to attach
dpaa_sec queues.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa_sec: support event crypto adapter
Akhil Goyal [Fri, 4 Oct 2019 11:26:58 +0000 (16:56 +0530)]
crypto/dpaa_sec: support event crypto adapter

dpaa_sec hw queues can be attached to a hw dpaa event
device and the application can configure the event
crypto adapter to access the dpaa_sec packets using
hardware events.
This patch defines APIs which can be used by the
dpaa event device to attach/detach dpaa_sec queues.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/octeontx: fix global log variable definition
Anoob Joseph [Fri, 4 Oct 2019 09:44:35 +0000 (15:14 +0530)]
crypto/octeontx: fix global log variable definition

'cpt_logtype' & 'otx_cryptodev_driver_id' global variables are defined
in a header file which was causing multiple definitions of the
variables. Fixed it by moving the required vars to the .c file and
introducing a new macro so the CPT_LOG macros in common/cpt would use
the associated PMD log var.

Issue has been detected by '-fno-common' gcc flag.

Fixes: bfe2ae495ee2 ("crypto/octeontx: add PMD skeleton")
Cc: stable@dpdk.org
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Reported-by: Ferruh Yigit <ferruh.yigit@intel.com>
5 years agocrypto/virtio: allocate private data by NUMA affinity
Xiao Wang [Wed, 4 Sep 2019 13:21:51 +0000 (21:21 +0800)]
crypto/virtio: allocate private data by NUMA affinity

It's better to allocate device private data on the same NUMA node with
device, rather than with the main thread. This helps avoid cross-NUMA
access for worker thread.

Signed-off-by: Xiao Wang <xiao.w.wang@intel.com>
Reviewed-by: Jay Zhou <jianjay.zhou@huawei.com>
5 years agoapp/bbdev: enable fpga_lte_fec support in shared builds
Bruce Richardson [Fri, 4 Oct 2019 17:19:13 +0000 (18:19 +0100)]
app/bbdev: enable fpga_lte_fec support in shared builds

Now that the necessary function is exported from the fpga_lte_fec driver,
we can enable the code paths using it in shared-library builds.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Nicolas Chautru <nicolas.chautru@intel.com>
5 years agobaseband/fpga_lte_fec: add public API to map file
Bruce Richardson [Fri, 4 Oct 2019 17:19:12 +0000 (18:19 +0100)]
baseband/fpga_lte_fec: add public API to map file

To allow shared library builds of e.g. test-bbdev app, we need to export
the configure function. Since this needs to be exported as experimental by
default, we update the header file to add the experimental tag there too.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
5 years agodrivers/baseband: remove override of driver names
Bruce Richardson [Fri, 4 Oct 2019 17:19:11 +0000 (18:19 +0100)]
drivers/baseband: remove override of driver names

Now that all driver names follow a consistent pattern, remove the override
of the name in each driver which adds the prefix. Instead we can just add
the prefix at a higher level.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
5 years agobaseband/fpga_lte_fec: align naming to other bbdevs
Bruce Richardson [Fri, 4 Oct 2019 17:19:10 +0000 (18:19 +0100)]
baseband/fpga_lte_fec: align naming to other bbdevs

The fpga_lte_fec is the only bbdev driver that does not use bbdev in the
name, so modify it to keep consistency with the other bbdev drivers. This
will then allow later simplification due to all drivers using the same
basic naming format.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
5 years agodrivers/baseband: align meson defines with make
Bruce Richardson [Fri, 4 Oct 2019 17:19:09 +0000 (18:19 +0100)]
drivers/baseband: align meson defines with make

For baseband drivers, the macros used to indicate the presence of a
particular driver were subtly different from that used in make. The make
values hand "PMD" before the individual driver name, while in meson it came
afterwards. Update meson to put the "PMD" part first.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
5 years agocrypto/qat: handle Single Pass Crypto Requests on GEN3
Adam Dybkowski [Tue, 8 Oct 2019 12:44:33 +0000 (14:44 +0200)]
crypto/qat: handle Single Pass Crypto Requests on GEN3

This patch improves the performance of AES GCM by using
the Single Pass Crypto Request functionality when running
on GEN3 QAT. Falls back to the classic 2-pass mode on older
hardware.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
5 years agocommon/qat: add GEN3 definitions
Adam Dybkowski [Tue, 8 Oct 2019 12:44:32 +0000 (14:44 +0200)]
common/qat: add GEN3 definitions

This patch adds few definitions specific to GEN3 QAT.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
5 years agotest/crypto: add more AES-GCM cases for QAT
Adam Dybkowski [Tue, 8 Oct 2019 12:44:31 +0000 (14:44 +0200)]
test/crypto: add more AES-GCM cases for QAT

This patch adds 256-bit AES GCM tests for QAT PMD
(which already existed for AESNI and OpenSSL) and also adds
a number of negative unit tests for AES GCM for QAT PMD, in order
to verify authenticated encryption and decryption with modified data.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
5 years agodrivers/crypto: remove some invalid comments
Thierry Herbelot [Mon, 30 Sep 2019 07:51:44 +0000 (09:51 +0200)]
drivers/crypto: remove some invalid comments

A comment valid in AESNI PMD was copied and pasted in other code

Fixes: 8a61c83af2fa ("crypto/mrvl: add mrvl crypto driver")
Fixes: 169ca3db550c ("crypto/armv8: add PMD optimized for ARMv8 processors")
Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org
Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agotest/crypto: add cases for Nitrox
Nagadheeraj Rottela [Tue, 1 Oct 2019 06:41:36 +0000 (06:41 +0000)]
test/crypto: add cases for Nitrox

Add aes chain test cases for Nitrox in-pace and
out-of-place operations.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/nitrox: add cipher auth chain processing
Nagadheeraj Rottela [Tue, 1 Oct 2019 06:41:33 +0000 (06:41 +0000)]
crypto/nitrox: add cipher auth chain processing

Add cipher auth crypto chain processing functionality in symmetric
request manager. Update the release notes.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/nitrox: add burst enqueue and dequeue ops
Nagadheeraj Rottela [Tue, 1 Oct 2019 06:41:31 +0000 (06:41 +0000)]
crypto/nitrox: add burst enqueue and dequeue ops

Add burst enqueue and dequeue operations along with interface for
symmetric request manager.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/nitrox: add session management
Nagadheeraj Rottela [Tue, 1 Oct 2019 06:41:29 +0000 (06:41 +0000)]
crypto/nitrox: add session management

Add all the session management operations.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/nitrox: add hardware queue management
Nagadheeraj Rottela [Tue, 1 Oct 2019 06:41:27 +0000 (06:41 +0000)]
crypto/nitrox: add hardware queue management

Add hardware queue management code corresponding to
queue pair setup and release functions.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/nitrox: add software queue management
Nagadheeraj Rottela [Tue, 1 Oct 2019 06:41:25 +0000 (06:41 +0000)]
crypto/nitrox: add software queue management

Add software queue management code corresponding to
queue pair setup and release functions.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/nitrox: create symmetric cryptodev
Nagadheeraj Rottela [Tue, 1 Oct 2019 06:41:23 +0000 (06:41 +0000)]
crypto/nitrox: create symmetric cryptodev

Add Nitrox symmetric cryptodev with following operations,
- dev_configure
- dev_start
- dev_stop
- dev_close
- dev_infos_get

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/nitrox: introduce Nitrox driver
Nagadheeraj Rottela [Tue, 1 Oct 2019 06:41:20 +0000 (06:41 +0000)]
crypto/nitrox: introduce Nitrox driver

Add bare minimum Nitrox PMD library which handles pci probe, remove and
hardware initialization. Add logs, documentation and update maintainers
file.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoapp/crypto-perf: add check for out-of-place case
Hemant Agrawal [Fri, 27 Sep 2019 08:03:15 +0000 (13:33 +0530)]
app/crypto-perf: add check for out-of-place case

Segmented frames not supported for out-of-place case.
This patch returns err if such config is requested.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocommon/cpt: support new firmware
Ankur Dwivedi [Wed, 14 Aug 2019 09:40:31 +0000 (15:10 +0530)]
common/cpt: support new firmware

With the latest firmware, there are few changes for zuc and snow3g.

1. The iv_source is present in bitfield 7 of minor opcode. In the
old firmware this was present in bitfield 6.

2. Algorithm type is a 2 bit field in new firmware. In the old
firmware it was named as cipher type and it was a 1 bit field.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
5 years agocryptodev: fix initialization on multi-process
Julien Meunier [Wed, 7 Aug 2019 08:39:23 +0000 (11:39 +0300)]
cryptodev: fix initialization on multi-process

Primary process is responsible to initialize the data struct of each
crypto devices.

Secondary process should not override this data during the
initialization.

Fixes: d11b0f30df88 ("cryptodev: introduce API and framework for crypto devices")
Cc: stable@dpdk.org
Signed-off-by: Julien Meunier <julien.meunier@nokia.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agotest/crypto: add negative cases for NXP drivers
Hemant Agrawal [Tue, 1 Oct 2019 11:41:19 +0000 (17:11 +0530)]
test/crypto: add negative cases for NXP drivers

Negative cases with wrong cipher/auth text added
to dpaa_sec and dpaa2_sec PMD test suites.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agotest/crypto: change failure condition check
Hemant Agrawal [Tue, 1 Oct 2019 11:41:18 +0000 (17:11 +0530)]
test/crypto: change failure condition check

In some of the cases, the test is looking for a specific
failure returned from the CryptoDev. Not all cryptodev
support returning specific errors.
This patch changes such checks to NOT-SUCCESS

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoexamples/ipsec-secgw: update required Scapy version
Marcin Smoczynski [Wed, 2 Oct 2019 08:50:15 +0000 (10:50 +0200)]
examples/ipsec-secgw: update required Scapy version

Update Scapy version requirement from 2.4.3rc1 to 2.4.3, which has been
used because 2.4.2 had a bug which made this version unable to install.
Accept future versions of Scapy too.

Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
5 years agotest/crypto: support wireless algos for dpaa2-sec
Akhil Goyal [Mon, 30 Sep 2019 19:27:46 +0000 (00:57 +0530)]
test/crypto: support wireless algos for dpaa2-sec

SNOW and ZUC plain crypto operations for cipher only
and auth only are now supported in dpaa2_sec.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
5 years agotest/crypto: add PDCP cases for scatter gather
Akhil Goyal [Mon, 30 Sep 2019 19:27:45 +0000 (00:57 +0530)]
test/crypto: add PDCP cases for scatter gather

Test cases for PDCP with scattered input and output
buffers are added for both inplace and out of place scenarios.
1. input SG - output non SG
2. input and output both SG and inplace buffers
3. input and output both SG with different segment sizes
4. input SG and output non-SG

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
5 years agotest/crypto: add PDCP U-Plane decap cases
Akhil Goyal [Mon, 30 Sep 2019 19:27:44 +0000 (00:57 +0530)]
test/crypto: add PDCP U-Plane decap cases

This patch add test cases for user plane PDCP
5/7/12/15/18 bit SN test cases for decapsulation of
cipher only and 12/18 bit for cipher + integrity
for all algo combinations.

Test vectors are reused from the encap cases
by swapping the input and output data.

The case are added to DPAA_SEC and DPAA2_SEC
testsuite.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
5 years agotest/crypto: add PDCP U-Plane encap with integrity cases
Akhil Goyal [Mon, 30 Sep 2019 19:27:43 +0000 (00:57 +0530)]
test/crypto: add PDCP U-Plane encap with integrity cases

PDCP User/Data plane can optionally support integrity
along with confidentiality.
This patch add test cases and test vectors for all
supported algos combos for cipher+integrity for 12
and 18bit SN.

The test cases are added in DPAA_SEC and DPAA2_SEC
test suite as a reference.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
5 years agotest/crypto: add PDCP U-Plane encap cases
Akhil Goyal [Mon, 30 Sep 2019 19:27:42 +0000 (00:57 +0530)]
test/crypto: add PDCP U-Plane encap cases

PDCP User/Data plane can support 5/7/12/15/18 bit
sequence number. This patch add test cases and test
vectors for all supported algos for cipher only.
(NULL, AES, SNOW, ZUC ciphers)

The test cases are added in DPAA_SEC and DPAA2_SEC
test suite as a reference.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
5 years agotest/crypto: add PDCP C-Plane decap cases
Akhil Goyal [Mon, 30 Sep 2019 19:27:41 +0000 (00:57 +0530)]
test/crypto: add PDCP C-Plane decap cases

This patch add test cases for control plane PDCP
5 and 12 bit SN test cases for decapsulation of
cipher+integrity for all algo combinations

Test vectors are reused from the encap cases
by swapping the input and output data.

The case are added to DPAA_SEC and DPAA2_SEC testsuite.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
5 years agotest/crypto: add PDCP C-Plane encap cases
Akhil Goyal [Mon, 30 Sep 2019 19:27:40 +0000 (00:57 +0530)]
test/crypto: add PDCP C-Plane encap cases

PDCP control plane can support 5 bit and 12 bit
sequence number. This patch add test cases and test
vectors for all supported algo combinations of cipher+integrity
(NULL+NULL, NULL+AES, NULL+SNOW, NULL+ZUC,
 AES+NULL,  AES+SNOW, AES+AES,   AES+ZUC,
 SNOW+NULL, SNOW+AES, SNOW+SNOW, SNOW+ZUC,
 ZUC+NULL,  ZUC+AES,  ZUC+SNOW,  ZUC+ZUC).

The test cases are added in DPAA_SEC and DPAA2_SEC
test suite as a reference.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
5 years agoexamples/fips_validation: fix null dereferences
Chaitanya Babu Talluri [Wed, 25 Sep 2019 06:31:34 +0000 (07:31 +0100)]
examples/fips_validation: fix null dereferences

One issue caught by Coverity 343408
*deref_parm: Directly dereferencing parameter val->val.

In writeback_tdes_hex_str(), tmp_val is initialised to null.
tmp_val.val is updated only if keys are found.
If keys are not found,it doesn't fails but continues
to invoke writeback_hex_str(),where val->val is accessed
without null check.

The fix is to return the error,
if keys are not found in writeback_tdes_hex_str().

Coverity issue: 343408
Fixes: 527cbf3d5e ("examples/fips_validation: support TDES parsing")
Cc: stable@dpdk.org
Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa2_sec: improve debug logging
Hemant Agrawal [Mon, 30 Sep 2019 14:41:04 +0000 (20:11 +0530)]
crypto/dpaa2_sec: improve debug logging

unnecessary debug logs in data path are removed
and hardware debug logs are compiled off.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa_sec: change per device pool to per qp
Akhil Goyal [Mon, 30 Sep 2019 14:41:03 +0000 (20:11 +0530)]
crypto/dpaa_sec: change per device pool to per qp

In cases where single cryptodev is used by multiple cores
using multiple queues, there will be contention for mempool
resources and may eventually get exhausted.
Basically, mempool should be defined per core.
Now since qp is used per core, mempools are defined in qp setup.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa_sec: allocate context dynamically for SG
Hemant Agrawal [Mon, 30 Sep 2019 14:41:02 +0000 (20:11 +0530)]
crypto/dpaa_sec: allocate context dynamically for SG

This patch allocate/clean the SEC context dynamically
based on the number of SG entries in the buffer.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa2_sec: allocate context as per num segs
Hemant Agrawal [Mon, 30 Sep 2019 14:41:01 +0000 (20:11 +0530)]
crypto/dpaa2_sec: allocate context as per num segs

DPAA2_SEC hardware can support any number of SG entries.
This patch allocate as many SG entries as are required.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa2_sec: support ZUC ciphering/integrity
Hemant Agrawal [Mon, 30 Sep 2019 14:41:00 +0000 (20:11 +0530)]
crypto/dpaa2_sec: support ZUC ciphering/integrity

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa2_sec/hw: support ZUCE and ZUCA
Vakul Garg [Mon, 30 Sep 2019 14:40:59 +0000 (20:10 +0530)]
crypto/dpaa2_sec/hw: support ZUCE and ZUCA

This patch add support for ZUC Encryption and ZUC Authentication.
Before passing to CAAM, the 16-byte ZUCA IV is converted to 8-byte
format which consists of 38-bits of count||bearer|direction.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa2_sec/hw: support KASUMI
Vakul Garg [Mon, 30 Sep 2019 14:40:58 +0000 (20:10 +0530)]
crypto/dpaa2_sec/hw: support KASUMI

Add Kasumi processing for non PDCP proto offload cases.
Also add support for pre-computed IV in Kasumi-f9

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa2_sec: support SNOW3G cipher/integrity
Hemant Agrawal [Mon, 30 Sep 2019 14:40:57 +0000 (20:10 +0530)]
crypto/dpaa2_sec: support SNOW3G cipher/integrity

Adding basic framework to use snow3g f8 and f9 based
ciphering or integrity with direct crypto apis.
This patch does not support any combo usages yet.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa2_sec/hw: support SNOW-f9
Vakul Garg [Mon, 30 Sep 2019 14:40:56 +0000 (20:10 +0530)]
crypto/dpaa2_sec/hw: support SNOW-f9

Add support for snow-f9 in non pdcp protocol offload mode.
This essentially add support to pass pre-computed IV to SEC.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa2_sec/hw: support SNOW-f8
Vakul Garg [Mon, 30 Sep 2019 14:40:55 +0000 (20:10 +0530)]
crypto/dpaa2_sec/hw: support SNOW-f8

This patch add support for non-protocol offload mode
of snow-f8 algo

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa2_sec/hw: support SNOW-SNOW 18-bit PDCP
Vakul Garg [Mon, 30 Sep 2019 14:40:54 +0000 (20:10 +0530)]
crypto/dpaa2_sec/hw: support SNOW-SNOW 18-bit PDCP

This patch support SNOW-SNOW (enc-auth) 18bit PDCP case
for devices which do not support PROTOCOL command

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa2_sec/hw: support ZUC-ZUC 18-bit PDCP
Vakul Garg [Mon, 30 Sep 2019 14:40:53 +0000 (20:10 +0530)]
crypto/dpaa2_sec/hw: support ZUC-ZUC 18-bit PDCP

This patch support ZUC-ZUC PDCP enc-auth case for
devices which do not support PROTOCOL command for 18bit.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa2_sec/hw: support AES-AES 18-bit PDCP
Vakul Garg [Mon, 30 Sep 2019 14:40:52 +0000 (20:10 +0530)]
crypto/dpaa2_sec/hw: support AES-AES 18-bit PDCP

This patch support AES-AES PDCP enc-auth case for
devices which do not support PROTOCOL command for 18bit

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa2_sec/hw: support 18-bit PDCP enc-auth
Vakul Garg [Mon, 30 Sep 2019 14:40:51 +0000 (20:10 +0530)]
crypto/dpaa2_sec/hw: support 18-bit PDCP enc-auth

This patch support following algo combinations(ENC-AUTH).
- AES-SNOW
- SNOW-AES
- AES-ZUC
- ZUC-AES
- SNOW-ZUC
- ZUC-SNOW

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa2_sec: disable write-safe for PDCP
Vakul Garg [Mon, 30 Sep 2019 14:40:50 +0000 (20:10 +0530)]
crypto/dpaa2_sec: disable write-safe for PDCP

PDCP descriptors in some cases internally use commands which overwrite
memory with extra '0s' if write-safe is kept enabled. This breaks
correct functional behavior of PDCP apis and they in many cases give
incorrect crypto output. There we disable 'write-safe' bit in FLC for
PDCP cases. If there is a performance drop, then write-safe would be
enabled selectively through a separate patch.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa2_sec: support scatter gather for proto offloads
Hemant Agrawal [Mon, 30 Sep 2019 14:40:49 +0000 (20:10 +0530)]
crypto/dpaa2_sec: support scatter gather for proto offloads

This patch add support for chained input or output
mbufs for PDCP and ipsec protocol offload cases.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa_sec: support scatter gather for PDCP
Akhil Goyal [Mon, 30 Sep 2019 14:40:48 +0000 (20:10 +0530)]
crypto/dpaa_sec: support scatter gather for PDCP

This patch add support for chained input or output
mbufs for PDCP operations.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa2_sec/hw: update 12-bit SN desc for NULL auth
Akhil Goyal [Mon, 30 Sep 2019 14:40:47 +0000 (20:10 +0530)]
crypto/dpaa2_sec/hw: update 12-bit SN desc for NULL auth

For sec era 8, NULL auth using protocol command does not add
4 bytes of null MAC-I and treat NULL integrity as no integrity which
is not correct.
Hence converting this particular case of null integrity on 12b SN
on SEC ERA 8 from protocol offload to non-protocol offload case.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
5 years agocrypto/dpaa2_sec: support CAAM HW era 10
Hemant Agrawal [Mon, 30 Sep 2019 14:40:46 +0000 (20:10 +0530)]
crypto/dpaa2_sec: support CAAM HW era 10

Adding minimal support for CAAM HW era 10  (used in LX2)
Primary changes are:
1. increased shard desc length form 6 bit to 7 bits
2. support for several PDCP operations as PROTOCOL offload.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa2_sec: update desc for PDCP 18-bit enc-auth
Akhil Goyal [Mon, 30 Sep 2019 14:40:45 +0000 (20:10 +0530)]
crypto/dpaa2_sec: update desc for PDCP 18-bit enc-auth

Support following cases
int-only (NULL-NULL, NULL-SNOW, NULL-AES, NULL-ZUC)
enc-only (SNOW-NULL, AES-NULL, ZUC-NULL)

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaax_sec: support HFN override
Akhil Goyal [Mon, 30 Sep 2019 14:40:44 +0000 (20:10 +0530)]
crypto/dpaax_sec: support HFN override

Per packet HFN override is supported in NXP PMDs
(dpaa2_sec and dpaa_sec). DPOVRD register can be
updated with the per packet value if it is enabled
in session configuration. The value is read from
the IV offset.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agosecurity: add HFN override option in PDCP
Akhil Goyal [Mon, 30 Sep 2019 14:40:43 +0000 (20:10 +0530)]
security: add HFN override option in PDCP

HFN can be given as a per packet value also.
As we do not have IV in case of PDCP, and HFN is
used to generate IV. IV field can be used to get the
per packet HFN while enq/deq
If hfn_ovrd field in pdcp_xform is set,
application is expected to set the per packet HFN
in place of IV. Driver will extract the HFN and perform
operations accordingly.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
5 years agocrypto/dpaax_sec: support PDCP U-Plane with integrity
Vakul Garg [Mon, 30 Sep 2019 14:40:42 +0000 (20:10 +0530)]
crypto/dpaax_sec: support PDCP U-Plane with integrity

PDCP u-plane may optionally support integrity as well.
This patch add support for supporting integrity along with
confidentiality.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaax_sec: support PDCP 12-bit C-Plane
Vakul Garg [Mon, 30 Sep 2019 14:40:41 +0000 (20:10 +0530)]
crypto/dpaax_sec: support PDCP 12-bit C-Plane

Added support for 12-bit c-plane. We implement it using 'u-plane for RN'
protocol descriptors. This is because 'c-plane' protocol descriptors
assume 5-bit sequence numbers. Since the crypto processing remains same
irrespective of c-plane or u-plane, we choose 'u-plane for RN' protocol
descriptors to implement 12-bit c-plane. 'U-plane for RN' protocol
descriptors support both confidentiality and integrity (required for
c-plane) for 7/12/15 bit sequence numbers.

For little endian platforms, incorrect IV is generated if MOVE command
is used in pdcp non-proto descriptors. This is because MOVE command
treats data as word. We changed MOVE to MOVEB since we require data to
be treated as byte array. The change works on both ls1046, ls2088.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoapp/compress-perf: add --external-mbufs option
Adam Dybkowski [Tue, 24 Sep 2019 14:10:33 +0000 (16:10 +0200)]
app/compress-perf: add --external-mbufs option

This patch adds new performance measurement option --external-mbufs
that allocates and uses memzones as external buffers instead of
putting the data directly inside mbufs.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
5 years agotest/compress: add external buffer case
Adam Dybkowski [Tue, 24 Sep 2019 14:10:32 +0000 (16:10 +0200)]
test/compress: add external buffer case

Adds a new test to verify external buffer in mbuf APIs.
Initialize fields in test_data_params structures by name
for better readability.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
5 years agotest/compress: add stateful decompression
Adam Dybkowski [Fri, 20 Sep 2019 20:06:28 +0000 (22:06 +0200)]
test/compress: add stateful decompression

This patch adds two new tests that cover the stateful
decompression feature.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
5 years agocompress/qat: add stateful decompression
Adam Dybkowski [Fri, 20 Sep 2019 20:06:27 +0000 (22:06 +0200)]
compress/qat: add stateful decompression

This patch adds the stateful decompression feature
to the DPDK QAT PMD.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
5 years agocommon/qat: add RAM bank definitions
Adam Dybkowski [Fri, 20 Sep 2019 20:06:26 +0000 (22:06 +0200)]
common/qat: add RAM bank definitions

This patch adds QAT RAM bank definitions and related macros.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
5 years agoexamples/ipsec-secgw: fix over MTU packet crash
Marcin Smoczynski [Tue, 24 Sep 2019 10:55:08 +0000 (12:55 +0200)]
examples/ipsec-secgw: fix over MTU packet crash

When sending an encrypted packet which size after encapsulation exceeds
MTU, ipsec-secgw application tries to fragment it. If --reassemble
option has not been set it results with a segmantation fault, because
fragmentation buckets have not been initialized.

Fix crashing by adding extra check if --ressemble option has not been
set and packet exceeds MTU after encapsulation - drop it.

Fixes: b01d1cd213 ("examples/ipsec-secgw: support fragmentation and reassembly")
Cc: stable@dpdk.org
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agodoc: fix AESNI-GCM limitations in crypto guide
Fan Zhang [Tue, 17 Sep 2019 12:06:46 +0000 (13:06 +0100)]
doc: fix AESNI-GCM limitations in crypto guide

This patch fixes the aesni-gcm cryptodev documentation by
filling the lacked unsupported chained mbuf description.

Fixes: 6f16aab09a91 ("crypto/aesni_gcm: migrate to Multi-buffer library")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
5 years agoapp/compress-perf: fix out-of-bounds read
Lavanya Govindarajan [Thu, 26 Sep 2019 13:30:05 +0000 (14:30 +0100)]
app/compress-perf: fix out-of-bounds read

One issue caught by Coverity 344984
*overrun-local: Overrunning array cperf_test_type_strs of 2 8-byte elements

The array cperf_test_type_strs defined in app/test-compress-perf conflicts
with the same name being defined in app/test-crypto-perf. Due to which
coverity reports error.

The fix is to rename "cperf_test_type_strs" into "comp_perf_test_type_strs"
in app/test-compress-perf to avoid name confusion.

Coverity issue: 344984
Fixes: 424dd6c8c1 ("app/compress-perf: add weak functions for multicore test")
Fixes: 1a9b0f3504 ("app/compress-perf: add --ptest option")
Fixes: 424dd6c8c1 ("app/compress-perf: add weak functions for multicore test")
Cc: stable@dpdk.org
Signed-off-by: Lavanya Govindarajan <lavanyax.govindarajan@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoexamples/ipsec-secgw: support IPv6 tunnel for lookaside proto
Akhil Goyal [Thu, 5 Sep 2019 12:48:07 +0000 (18:18 +0530)]
examples/ipsec-secgw: support IPv6 tunnel for lookaside proto

IPv6 tunnels are already supported in case of inline and
lookaside none cases. In case of protocol offload, the details
for IPv6 header need to be added in session configuration
for security session create.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
5 years agocrypto/dpaa2_sec: support IPv6 tunnel for protocol offload
Akhil Goyal [Thu, 5 Sep 2019 12:48:06 +0000 (18:18 +0530)]
crypto/dpaa2_sec: support IPv6 tunnel for protocol offload

outer IP header is formed at the time of session initialization
using the ipsec xform. This outer IP header will be appended by
hardware for each packet.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa_sec: support IPv6 tunnel for protocol offload
Akhil Goyal [Thu, 5 Sep 2019 12:48:05 +0000 (18:18 +0530)]
crypto/dpaa_sec: support IPv6 tunnel for protocol offload

outer IP header is formed at the time of session initialization
using the ipsec xform. This outer IP header will be appended by
hardware for each packet.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/octeontx: enable unbinding
Thierry Herbelot [Fri, 13 Sep 2019 06:40:03 +0000 (08:40 +0200)]
crypto/octeontx: enable unbinding

Like for Ethernet ports, the OCTEON TX crypto engines must
first be unbound from their kernel module, then rebound to
vfio-pci, before being used in DPDK.

As this capability is detected at runtime by dpdk-pmdinfo,
add the info in the PMD registering directives.

Then an external script can be used for bind and unbind.

Fixes: bfe2ae495ee2 ("crypto/octeontx: add PMD skeleton")
Cc: stable@dpdk.org
Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
5 years agocrypto/dpaa_sec: fix IOVA table
Thierry Herbelot [Thu, 12 Sep 2019 08:38:21 +0000 (10:38 +0200)]
crypto/dpaa_sec: fix IOVA table

dpaa_sec needs translations between physical and virtual addresses.
V to P translation is relatively fast, as memory is managed in
contiguous segments.

The result of each V to P translation is used to update the DPAA iova
table, which should be updated by a Mem event callback, but is not.
Then the DPAA iova table has entries for all needed memory ranges.

With this patch, dpaa_mem_ptov will always use dpaax_iova_table_get_va,
which ensures optimal performance.

Fixes: 5a7dbb934d75 ("dpaa: enable dpaax library")
Cc: stable@dpdk.org
Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
5 years agocrypto/qat: fix digest length in XCBC capability
Fiona Trahe [Tue, 10 Sep 2019 16:32:10 +0000 (17:32 +0100)]
crypto/qat: fix digest length in XCBC capability

Digest length in RTE_CRYPTO_AUTH_AES_XCBC_MAC capability
was incorrectly marked 16 bytes, should be 12.

Fixes: 6a3c87bc6a6c ("crypto/qat: refactor capabilities infrastructure")
Cc: stable@dpdk.org
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
5 years agocrypto/aesni_mb: update chain order for AES-CCM
Pablo de Lara [Thu, 5 Sep 2019 14:45:06 +0000 (15:45 +0100)]
crypto/aesni_mb: update chain order for AES-CCM

Up to version 0.52 of the IPSec Multi buffer library,
the chain order for AES-CCM was CIPHER_HASH when encrypting.
However, after this version, the order has been reversed in the library
since, when encrypting, hashing is done first and then ciphering.

Therefore, order is changed to be compatible with newer versions
of the library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
5 years agotest/crypto: fix armv8 virtual PMD autotest
Ruifeng Wang [Thu, 5 Sep 2019 08:10:44 +0000 (16:10 +0800)]
test/crypto: fix armv8 virtual PMD autotest

armv8 cryptodev virtual PMD autotest failed with output:
CRYPTODEV: [CRYPTODEV_NAME_ARMV8_CRYPTO_PMD]
armv8_crypto_pmd_qp_create_processed_ops_ring() line 210:
Unable to reuse existing ring armv8_crypto_pmd_0_qp_0 for processed ops
CRYPTODEV: rte_cryptodev_stop() line 942:
Device with dev_id=0 already stopped
+ TestCase [ 0] : test_AES_chain_armv8_all failed

This is due to the ring size used in ut_setup is bigger than that used
in testsuite_setup.
Fix this issue by enlarge ring size used in testsuite_setup accordingly.

Fixes: 24054e3640a2 ("test/crypto: use separate session mempools")
Cc: stable@dpdk.org
Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Reviewed-by: Gavin Hu <gavin.hu@arm.com>
5 years agosecurity: fix doxygen fields
Radu Nicolau [Wed, 4 Sep 2019 11:03:11 +0000 (12:03 +0100)]
security: fix doxygen fields

Replace /**< with /** for multiline doxygen comments.

Fixes: c261d1431bd8 ("security: introduce security API and framework")
Cc: stable@dpdk.org
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
5 years agosecurity: add IPsec statistics
Radu Nicolau [Tue, 3 Sep 2019 13:06:03 +0000 (14:06 +0100)]
security: add IPsec statistics

Update IPsec statistics struct definition, add per SA
statistics collection enable flag.

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
5 years agodrivers/crypto: enable ESN in NXP drivers
Akhil Goyal [Mon, 2 Sep 2019 12:27:00 +0000 (17:57 +0530)]
drivers/crypto: enable ESN in NXP drivers

If the application enables the use of ESN in the
ipsec_xform for security session create, pdb options
are set for enabling ESN.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa_sec: detach queues in session destroy
Akhil Goyal [Mon, 2 Sep 2019 12:26:03 +0000 (17:56 +0530)]
crypto/dpaa_sec: detach queues in session destroy

crypto queues need to be detached while session destroy
so that they can be reused.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/caam_jr: integrate DPAAX table
Gagandeep Singh [Mon, 2 Sep 2019 12:27:47 +0000 (17:57 +0530)]
crypto/caam_jr: integrate DPAAX table

Virtual to physical conversions are optimized using the
DPAAX tables. This patch integrates DPAAX with caam_jr PMD.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/caam_jr: reduce function traces in critical path
Hemant Agrawal [Mon, 2 Sep 2019 12:27:46 +0000 (17:57 +0530)]
crypto/caam_jr: reduce function traces in critical path

Reducing the functional traces from data path and critical session path

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>