Farah Smith [Mon, 20 Sep 2021 07:42:05 +0000 (13:12 +0530)]
net/bnxt: add SRAM manager model
The SRAM manager supports allocation and free of variable sized
records within SRAM memory. These record sizes are 8, 16, 32, or
64B. The SRAM manager algorithm will not fragment memory during
run time. Previous implementation only included fixed size 64B
records regardless of the size required.
Signed-off-by: Farah Smith <farah.smith@broadcom.com> Reviewed-by: Shahaji Bhosle <sbhosle@broadcom.com> Reviewed-by: Peter Spreadborough <peter.spreadborough@broadcom.com> Acked-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
common/cnxk: align NPA stack to ROC cache line size
Network Pool accelerator (NPA) is part of ROC (Rest Of Chip). So
NPA structures should be aligned to ROC Cache line size and not
CPU cache line size.
Non alignment of NPA stack to ROC cache line will result in
undefined runtime NPA behaviour.
Fixes: f765f5611240 ("common/cnxk: add NPA pool HW operations") Cc: stable@dpdk.org Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com> Acked-by: Jerin Jacob <jerinj@marvell.com>
Issue has been observed where fields of indirect buffers are
accessed after being set free by the diver. Also fixing freeing
of direct buffers to correct aura.
Fixes: 5cbe184802aa ("net/octeontx: support fast mbuf free") Cc: stable@dpdk.org Signed-off-by: David George <david.george@sophos.com> Signed-off-by: Harman Kalra <hkalra@marvell.com> Acked-by: Jerin Jacob <jerinj@marvell.com>
Avoid using stashing option of stype in NPA in cn10k-a0 stepping.
This is a workaround for a HW Errata due to which NPA stashing operations
will never result in writing the data into L2 cache. But instead, it will
be written into LLC.
Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com> Acked-by: Jerin Jacob <jerinj@marvell.com>
Made following updates to ROC (Rest of Chip) models.
- Use consistent upper/lower case in macros defining different
ROC models.
- Add API to detect cn96 Cx stepping.
- Make all current cn10k models as A0 stepping.
Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com> Acked-by: Jerin Jacob <jerinj@marvell.com>
Robin Zhang [Wed, 25 Aug 2021 08:34:35 +0000 (08:34 +0000)]
net/iavf: enable interrupt polling
For VF hosted by Intel 700 series NICs, internal Rx interrupt and adminq
interrupt share the same source, that cause a lot CPU cycles be wasted on
interrupt handler on Rx path.
The patch disable PCI interrupt and remove the interrupt handler, replace
it with a low frequency(50ms) interrupt polling daemon which is
implemented by registering an alarm callback periodically.
The virtual channel capability bit VIRTCHNL_VF_OFFLOAD_WB_ON_ITR can be
used to negotiate if iavf PMD needs to enable background alarm or not, so
ideally this change will not impact the case hosted by Intel 800 series
NICS.
This patch implements the same logic with an early i40e commit:
commit 864a800d706d ("net/i40e: remove VF interrupt handler")
net/iavf: remove support for IP fragment default RSS
To support independent IP fragment default RSS, considerable
additional work need to be done, so we decide to remove this
feature to avoid some unexpected behavior we have observed,
meanwhile user always can use rte_flow to create RSS for IP
fragment packet explicitly.
net/ice: remove support for IP fragment default RSS
To support independent IP fragment default RSS, considerable
additional work need to be done, so we decide to remove this
feature to avoid some unexpected behavior we have observed,
meanwhile user always can use rte_flow to create RSS for IP
fragment packet explicitly.
In the iavf_dev_rx_queue_start function, if the iavf_switch_queue
or iavf_switch_queue_lv function fails, the previously applied mbuf
is not released, resulting in leakage. The patch fixes the problem.
Fixes: 9cf9c02bf6ee ("net/iavf: add enable/disable queues for large VF") Cc: stable@dpdk.org Signed-off-by: Qiming Chen <chenqiming_huawei@163.com> Acked-by: Qi Zhang <qi.z.zhang@intel.com>
Simei Su [Wed, 15 Sep 2021 05:34:22 +0000 (13:34 +0800)]
net/ice: support 1PPS
The E810 supports four single-ended GPIO signals (SDP[20:23]). The 1PPS
signal outputs via SDP[20:23], which is measured by an oscilloscope.
This feature can be turned by a devargs which can select GPIO pin index
flexibly. Pin index 0 means SDP20, pin index 1 means SDP21 and so on.
The example for test command is as below:
./build/app/dpdk-testpmd -a af:00.0,pps_out='[pin:2]' -c f -n 4 -- -i
Signed-off-by: Simei Su <simei.su@intel.com> Acked-by: Qi Zhang <qi.z.zhang@intel.com>
net/ice/base: add API for parser profile initialization
Add API ice_parser_profile_init to init a parser profile base on
a parser result and a mask buffer. The ice_parser_profile can feed to
low level FXP engine to create HW profile / field vector directly.
UDP tunnel can be added/deleted for vxlan, geneve, ecpri through
below APIs:
ice_parser_vxlan_tunnel_set
ice_parser_geneve_tunnel_set
ice_parser_ecpri_tunnel_set
net/ice/base: init parse graph CAM table for parser
Parse DDP section ICE_SID_RXPARSER_CAM or ICE_SID_RXPARSER_PG_SPILL
into an array of struct ice_pg_cam_item.
Parse DDP section ICE_SID_RXPARSER_NOMATCH_CAM or
ICE_SID_RXPARSER_NOMATCH_SPILL into an array of struct ice_pg_nm_cam_item.
Parse DDP section ICE_SID_RXPARSER_IMEM into an array of
struct ice_imem_item.
The Instruction Memory (IMEM) section contains three VLIW instructions
for the ALUs, a key extraction instruction for the Parse Graph CAM, and
several other fields.
net/ice/base: add parser create and destroy skeleton
Add new parser module which can parse a packet in binary
and generate information like ptype, protocol/offset pairs
and flags which can be used to feed the FXP profile creation
directly.
The patch added skeleton of the parser instance create and
destroy APIs:
ice_parser_create
ice_parser_destroy
net/ice/base: add get/set functions for shared parameters
Add functions used by the driver for setting and getting the shared
driver parameters. These will be used by the driver in order to share
the PTP clock index identifier between PF drivers.
net/ice/base: allow tool access to manageability register
E810-T supports signed netlists and to support this, the NVM update
tool needs to be able to read the GL_MNG_DEF_DEVID register. Add
said register to the allowlist in ice_validate_nvm_rw_reg.
Change one of the input parameter (addr) in ice_read_cgu_reg_e822 and
ice_write_cgu_reg_e822 functions. This will avoid the shrink down
conversion from addr to cgu_msg.msg_addr_low.
Signed-off-by: Chinh T Cao <chinh.t.cao@intel.com> Signed-off-by: Qi Zhang <qi.z.zhang@intel.com> Acked-by: Junfeng Guo <junfeng.guo@intel.com>
net/ice/base: allow to enable LAN and loopback in switch
Currently shared code API does not allow to set/unset lb_en
and lan_en flags for advanced rules during their creation.
Because of that we have to use a workaround in switchdev
which is to update rule immediately after its creation.
This change will allow us to set/unset those flags right
away.
net/ice/base: use macro instead of open-coded division
For some operating systems, 64-bit division requires using specific
implementations. Use the DIV_64BIT macro to replace open-coded division
so that the driver may convert this to the appropriate operating-system
specific implementation when necessary.
In some devices, the function numbers used are non-contiguous. For
example, some two port devices will report as functions 0 and 2.
When distributing RSS and FDIR masks, which are global resources across
the active devices, it is required to have a contiguous PF id, which can
be described as a logical PF id. In the case above, function 0 would
have a logical PF id of 0, and function 2 would have a logical PF id of
1.
Using logical PF id can properly describe which slice of resources can
be used by a particular PF.
ethdev: add IPv4 and L4 checksum RSS offload types
This patch defines new RSS offload types for IPv4 and
L4(TCP/UDP/SCTP) checksum, which are required when users want
to distribute packets based on the IPv4 or L4 checksum field.
For example "flow create 0 ingress pattern eth / ipv4 / end
actions rss types ipv4-chksum end queues end / end", this flow
causes all matching packets to be distributed to queues on
basis of IPv4 checksum.
security: add option to configure tunnel header verification
Add option to indicate whether outer header verification
need to be done as part of inbound IPsec processing.
With inline IPsec processing, SA lookup would be happening
in the Rx path of rte_ethdev. When rte_flow is configured to
support more than one SA, SPI would be used to lookup SA.
In such cases, additional verification would be required to
ensure duplicate SPIs are not getting processed in the inline path.
For lookaside cases, the same option can be used by application
to offload tunnel verification to the PMD.
These verifications would help in averting possible DoS attacks.
Soft expiry is not a mandatory IPsec feature. It is verified separately
with IPsec unit tests. So configuration of the same is not required.
Also, soft expiry tracking can cause perf degradation with some PMDs.
Since a separate UT is available and the same setting in ipsec-secgw is
not verifying the functionality, remove the same by clearing life
configuration.
Signed-off-by: Anoob Joseph <anoobj@marvell.com> Acked-by: Akhil Goyal <gakhil@marvell.com>
Anoob Joseph [Tue, 28 Sep 2021 10:59:54 +0000 (16:29 +0530)]
security: add SA lifetime configuration
Add SA lifetime configuration to register soft and hard expiry limits.
Expiry can be in units of number of packets or bytes. Crypto op
status is also updated to include new field, aux_flags, which can be
used to indicate cases such as soft expiry in case of lookaside
protocol operations.
In case of soft expiry, the packets are successfully IPsec processed but
the soft expiry would indicate that SA needs to be reconfigured. For
inline protocol capable ethdev, this would result in an eth event while
for lookaside protocol capable cryptodev, this can be communicated via
`rte_crypto_op.aux_flags` field.
In case of hard expiry, the packets will not be IPsec processed and
would result in error.
Signed-off-by: Anoob Joseph <anoobj@marvell.com> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com> Acked-by: Akhil Goyal <gakhil@marvell.com>
Added tests to verify UDP encapsulation with IPsec.
The tests have IPsec packets generated from plain packets
and verifies that UDP header is added. Subsequently, the
packets are decapsulated and then resultant packet is
verified by comparing against original packet.
Signed-off-by: Anoob Joseph <anoobj@marvell.com> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com> Acked-by: Akhil Goyal <gakhil@marvell.com> Acked-by: Ciara Power <ciara.power@intel.com>
Add negative test to validate IPsec inbound processing failure with ICV
corruption. The tests would first do IPsec encapsulation and corrupt
ICV of the generated IPsec packet. Then the packet is submitted to IPsec
outbound processing for decapsulation. Test case would validate that PMD
returns an error in such cases.
Signed-off-by: Anoob Joseph <anoobj@marvell.com> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com> Acked-by: Akhil Goyal <gakhil@marvell.com> Acked-by: Ciara Power <ciara.power@intel.com> Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Anoob Joseph [Sat, 25 Sep 2021 15:35:29 +0000 (21:05 +0530)]
test/crypto: add combined mode IPsec cases
Add framework to test IPsec features with all supported
combinations of ciphers.
Combined mode tests are used to test all IPsec features against all
ciphers supported by the PMD. The framework is introduced to avoid
testing with any specific algo, thereby making it mandatory to be
supported. Also, testing with all supported combinations will help with
increasing coverage as well.
The tests would first do IPsec encapsulation and do sanity checks. Based
on flags, packet would be updated or additional checks are done,
followed by IPsec decapsulation. Since the encrypted packet is generated
by the test, known vectors are not required.
Signed-off-by: Anoob Joseph <anoobj@marvell.com> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com> Acked-by: Akhil Goyal <gakhil@marvell.com> Acked-by: Ciara Power <ciara.power@intel.com>
Fixes stack buffer overflow bug in compressdev autotest, which
was caused by the use of buf_idx in the debug logs. Originally, buf_idx
was treated as an array instead of the reference of an integer.
This was fixed by replacing the use of buf_idx[priv_data->orig_idx] with
the variable i.
Tal Shnaiderman [Mon, 13 Sep 2021 14:02:24 +0000 (17:02 +0300)]
crypto/mlx5: fix queue indexing
The crypto QP consumer (ci) and producer (pi) indexes are increased
with each successful enqueue/dequeue operations.
However the QP pi index is calculated with a wraparound the number
of elements while the QP ci does not.
This is causing incorrect engine calculation for encqueued WQ values
(wq->pi - wq->ci) and eventually the device stops accepting new enqueue
operations.
Fixed by removing the wraparound on QP pi and using a temp calculation
where wraparound values are needed.
Fixes: 8e196c08ab53 ("crypto/mlx5: support enqueue/dequeue operations") Cc: stable@dpdk.org Signed-off-by: Tal Shnaiderman <talshn@nvidia.com> Acked-by: Matan Azrad <matan@nvidia.com>
David George [Fri, 24 Sep 2021 11:20:36 +0000 (16:50 +0530)]
common/cpt: rework pending queue
Replace pending queue with one that allows concurrent single producer and
single consumer. This relaxes the restriction of only allowing a single
lcore to operate on a given queue pair.
Signed-off-by: David George <david.george@sophos.com> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Fan Zhang [Thu, 16 Sep 2021 13:02:42 +0000 (14:02 +0100)]
test/crypto: fix PDCP short MAC-I case
This patch fixes the PDCP short MAC-I test by removing them
from snow3g and kasumi test suite and move to PDCP test suite.
This is to prevent incorrect failure for crypto device not
support PDCP.
Fixes: c24489e479fd ("test/crypto: support PDCP short MAC-I") Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Anoob Joseph <anoobj@marvell.com>
security: add option for faster user/meta data access
Currently rte_security_set_pkt_metadata() and rte_security_get_userdata()
methods to set pkt metadata on Inline outbound and get userdata
after Inline inbound processing is always driver specific callbacks.
For drivers that do not have much to do in the callbacks but just
to update metadata in rte_security dynamic field and get userdata
from rte_security dynamic field, having to just to PMD specific
callback is costly per packet operation. This patch provides
a mechanism to do the same in inline function and avoid function
pointer jump if a driver supports the same.
mbuf: enforce semantics for Tx inline IPsec processing
Not all net PMD's/HW can parse packet and identify L2 header and
L3 header locations on Tx. This is inline with other Tx offloads
requirements such as L3 checksum, L4 checksum offload, etc,
where mbuf.l2_len, mbuf.l3_len etc, needs to be set for HW to be
able to generate checksum. Since Inline IPsec is also such a Tx
offload, some PMD's at least need mbuf.l2_len to be valid to
find L3 header and perform Outbound IPSec processing.
Hence, this patch updates documentation to enforce setting
mbuf.l2_len while setting PKT_TX_SEC_OFFLOAD in mbuf.ol_flags
for Inline IPsec Crypto / Protocol offload processing to
work on Tx.
The previous commit 18effad9cfa7 ("stack: reload head when pop fails")
only changed C11 implementation, not generic implementation.
List head must be loaded right before continue (when failed to find the
new head). Without this, one thread might keep trying and failing to pop
items without ever loading the new correct head.
Xueming Li [Thu, 23 Sep 2021 08:11:22 +0000 (16:11 +0800)]
vdpa/mlx5: fix large VM memory region registration
When VM size is larger than 4G (u32) and memory region is larger than 4G,
the 32-bit GCD function overflowed and returned wrong value
that resulted in memory registration failure.
This patch calls 64-bit GCD function to avoid overflow.
Xueming Li [Thu, 23 Sep 2021 08:11:21 +0000 (16:11 +0800)]
sched: get 64-bit greatest common divisor
This patch adds new function that compute the greatest common
divisor of 64 bits, also changes the original 32 bits function
to call this new 64-bit version.
Cc: stable@dpdk.org Signed-off-by: Xueming Li <xuemingl@nvidia.com> Acked-by: Kevin Traynor <ktraynor@redhat.com>
pipeline: improve handling of learner action arguments
The arguments of actions that are learned are now specified as part of
the learn instruction as opposed to being statically specified as part
of the learner table configuration.
Commit the pipeline changes when the compilation process is
successful: change the table lookup instructions to execute the action
function for each action, replace the regular pipeline instructions
with the custom instructions.
Generate a C function for each custom instruction, which essentially
consolidate multiple regular instructions into a single function call.
The pipeline program is split into groups of instructions, and a
custom instruction is generated for each group that has more than one
instruction. Special care is taken the instructions that can do thread
yield (RX, extern) and for those that can change the instruction
pointer (TX, near/far jump).
Generate a C function for each action. For most instructions, the
associated inline function is called directly. Special care is taken
for TX, jump and return instructions.
Lay the foundation to generate C code for the pipeline: C functions
for actions and custom instructions are generated, built as shared
object library and loaded into the pipeline.
For better performance, the option to create custom instructions when
the program is translated and add them on-the-fly to the pipeline is
now provided. Multiple regular instructions can now be consolidated
into a single C function optimized by the C compiler directly.
For better performance, the option to run a single function per action
is now provided, which requires a single function call per action that
can be better optimized by the C compiler, as opposed to one function
call per instruction. Special table lookup instructions are added to
to support this feature.
git.droids-corp.org / dpdk.git / log