Test cases for PDCP with scattered input and output
buffers are added for both inplace and out of place scenarios.
1. input SG - output non SG
2. input and output both SG and inplace buffers
3. input and output both SG with different segment sizes
4. input SG and output non-SG
This patch add test cases for user plane PDCP
5/7/12/15/18 bit SN test cases for decapsulation of
cipher only and 12/18 bit for cipher + integrity
for all algo combinations.
Test vectors are reused from the encap cases
by swapping the input and output data.
The case are added to DPAA_SEC and DPAA2_SEC
testsuite.
test/crypto: add PDCP U-Plane encap with integrity cases
PDCP User/Data plane can optionally support integrity
along with confidentiality.
This patch add test cases and test vectors for all
supported algos combos for cipher+integrity for 12
and 18bit SN.
The test cases are added in DPAA_SEC and DPAA2_SEC
test suite as a reference.
PDCP User/Data plane can support 5/7/12/15/18 bit
sequence number. This patch add test cases and test
vectors for all supported algos for cipher only.
(NULL, AES, SNOW, ZUC ciphers)
The test cases are added in DPAA_SEC and DPAA2_SEC
test suite as a reference.
PDCP control plane can support 5 bit and 12 bit
sequence number. This patch add test cases and test
vectors for all supported algo combinations of cipher+integrity
(NULL+NULL, NULL+AES, NULL+SNOW, NULL+ZUC,
AES+NULL, AES+SNOW, AES+AES, AES+ZUC,
SNOW+NULL, SNOW+AES, SNOW+SNOW, SNOW+ZUC,
ZUC+NULL, ZUC+AES, ZUC+SNOW, ZUC+ZUC).
The test cases are added in DPAA_SEC and DPAA2_SEC
test suite as a reference.
One issue caught by Coverity 343408
*deref_parm: Directly dereferencing parameter val->val.
In writeback_tdes_hex_str(), tmp_val is initialised to null.
tmp_val.val is updated only if keys are found.
If keys are not found,it doesn't fails but continues
to invoke writeback_hex_str(),where val->val is accessed
without null check.
The fix is to return the error,
if keys are not found in writeback_tdes_hex_str().
In cases where single cryptodev is used by multiple cores
using multiple queues, there will be contention for mempool
resources and may eventually get exhausted.
Basically, mempool should be defined per core.
Now since qp is used per core, mempools are defined in qp setup.
This patch add support for ZUC Encryption and ZUC Authentication.
Before passing to CAAM, the 16-byte ZUCA IV is converted to 8-byte
format which consists of 38-bits of count||bearer|direction.
PDCP descriptors in some cases internally use commands which overwrite
memory with extra '0s' if write-safe is kept enabled. This breaks
correct functional behavior of PDCP apis and they in many cases give
incorrect crypto output. There we disable 'write-safe' bit in FLC for
PDCP cases. If there is a performance drop, then write-safe would be
enabled selectively through a separate patch.
crypto/dpaa2_sec/hw: update 12-bit SN desc for NULL auth
For sec era 8, NULL auth using protocol command does not add
4 bytes of null MAC-I and treat NULL integrity as no integrity which
is not correct.
Hence converting this particular case of null integrity on 12b SN
on SEC ERA 8 from protocol offload to non-protocol offload case.
Adding minimal support for CAAM HW era 10 (used in LX2)
Primary changes are:
1. increased shard desc length form 6 bit to 7 bits
2. support for several PDCP operations as PROTOCOL offload.
Per packet HFN override is supported in NXP PMDs
(dpaa2_sec and dpaa_sec). DPOVRD register can be
updated with the per packet value if it is enabled
in session configuration. The value is read from
the IV offset.
HFN can be given as a per packet value also.
As we do not have IV in case of PDCP, and HFN is
used to generate IV. IV field can be used to get the
per packet HFN while enq/deq
If hfn_ovrd field in pdcp_xform is set,
application is expected to set the per packet HFN
in place of IV. Driver will extract the HFN and perform
operations accordingly.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Added support for 12-bit c-plane. We implement it using 'u-plane for RN'
protocol descriptors. This is because 'c-plane' protocol descriptors
assume 5-bit sequence numbers. Since the crypto processing remains same
irrespective of c-plane or u-plane, we choose 'u-plane for RN' protocol
descriptors to implement 12-bit c-plane. 'U-plane for RN' protocol
descriptors support both confidentiality and integrity (required for
c-plane) for 7/12/15 bit sequence numbers.
For little endian platforms, incorrect IV is generated if MOVE command
is used in pdcp non-proto descriptors. This is because MOVE command
treats data as word. We changed MOVE to MOVEB since we require data to
be treated as byte array. The change works on both ls1046, ls2088.
Adam Dybkowski [Tue, 24 Sep 2019 14:10:33 +0000 (16:10 +0200)]
app/compress-perf: add --external-mbufs option
This patch adds new performance measurement option --external-mbufs
that allocates and uses memzones as external buffers instead of
putting the data directly inside mbufs.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com> Acked-by: Fiona Trahe <fiona.trahe@intel.com>
When sending an encrypted packet which size after encapsulation exceeds
MTU, ipsec-secgw application tries to fragment it. If --reassemble
option has not been set it results with a segmantation fault, because
fragmentation buckets have not been initialized.
Fix crashing by adding extra check if --ressemble option has not been
set and packet exceeds MTU after encapsulation - drop it.
Fixes: b01d1cd213 ("examples/ipsec-secgw: support fragmentation and reassembly") Cc: stable@dpdk.org Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
One issue caught by Coverity 344984
*overrun-local: Overrunning array cperf_test_type_strs of 2 8-byte elements
The array cperf_test_type_strs defined in app/test-compress-perf conflicts
with the same name being defined in app/test-crypto-perf. Due to which
coverity reports error.
The fix is to rename "cperf_test_type_strs" into "comp_perf_test_type_strs"
in app/test-compress-perf to avoid name confusion.
examples/ipsec-secgw: support IPv6 tunnel for lookaside proto
IPv6 tunnels are already supported in case of inline and
lookaside none cases. In case of protocol offload, the details
for IPv6 header need to be added in session configuration
for security session create.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
crypto/dpaa2_sec: support IPv6 tunnel for protocol offload
outer IP header is formed at the time of session initialization
using the ipsec xform. This outer IP header will be appended by
hardware for each packet.
crypto/dpaa_sec: support IPv6 tunnel for protocol offload
outer IP header is formed at the time of session initialization
using the ipsec xform. This outer IP header will be appended by
hardware for each packet.
Like for Ethernet ports, the OCTEON TX crypto engines must
first be unbound from their kernel module, then rebound to
vfio-pci, before being used in DPDK.
As this capability is detected at runtime by dpdk-pmdinfo,
add the info in the PMD registering directives.
Then an external script can be used for bind and unbind.
dpaa_sec needs translations between physical and virtual addresses.
V to P translation is relatively fast, as memory is managed in
contiguous segments.
The result of each V to P translation is used to update the DPAA iova
table, which should be updated by a Mem event callback, but is not.
Then the DPAA iova table has entries for all needed memory ranges.
With this patch, dpaa_mem_ptov will always use dpaax_iova_table_get_va,
which ensures optimal performance.
Pablo de Lara [Thu, 5 Sep 2019 14:45:06 +0000 (15:45 +0100)]
crypto/aesni_mb: update chain order for AES-CCM
Up to version 0.52 of the IPSec Multi buffer library,
the chain order for AES-CCM was CIPHER_HASH when encrypting.
However, after this version, the order has been reversed in the library
since, when encrypting, hashing is done first and then ciphering.
Therefore, order is changed to be compatible with newer versions
of the library.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Ruifeng Wang [Thu, 5 Sep 2019 08:10:44 +0000 (16:10 +0800)]
test/crypto: fix armv8 virtual PMD autotest
armv8 cryptodev virtual PMD autotest failed with output:
CRYPTODEV: [CRYPTODEV_NAME_ARMV8_CRYPTO_PMD]
armv8_crypto_pmd_qp_create_processed_ops_ring() line 210:
Unable to reuse existing ring armv8_crypto_pmd_0_qp_0 for processed ops
CRYPTODEV: rte_cryptodev_stop() line 942:
Device with dev_id=0 already stopped
+ TestCase [ 0] : test_AES_chain_armv8_all failed
This is due to the ring size used in ut_setup is bigger than that used
in testsuite_setup.
Fix this issue by enlarge ring size used in testsuite_setup accordingly.
Fixes: 24054e3640a2 ("test/crypto: use separate session mempools") Cc: stable@dpdk.org Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com> Reviewed-by: Gavin Hu <gavin.hu@arm.com>
Adam Dybkowski [Tue, 6 Aug 2019 10:37:38 +0000 (12:37 +0200)]
app/compress-perf: fix floating point exception
This patch fixes the floating point exception that happened
when the number of cores to be used during the benchmark
was zero. After the fix such situation is detected, the error
message is printed and the benchmark application exits.
Fixes: 424dd6c8c1a8 ("app/compress-perf: add weak functions for multicore test") Cc: stable@dpdk.org Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com> Acked-by: Artur Trybula <arturx.trybula@intel.com>
Adam Dybkowski [Tue, 6 Aug 2019 09:40:53 +0000 (11:40 +0200)]
app/compress-perf: fix memory deallocation
This patch fixes the memory deallocation issue which happened
after unsuccessful allocation (e.g. due to the out of memory)
and produced the segmentation fault.
Fixes: 424dd6c8c1 ("app/compress-perf: add weak functions for multicore test") Cc: stable@dpdk.org Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com> Acked-by: Artur Trybula <arturx.trybula@intel.com>
Just open the sysfs file and handle failure, rather than using access().
This eliminates Coverity warnings about TOCTOU
"time of check versus time of use"; although for this sysfs file that is
not really an issue anyway.
Coverity issue: 347276 Fixes: 54a328f552ff ("bus/pci: forbid IOVA mode if IOMMU address width too small") Cc: stable@dpdk.org Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Reviewed-by: David Marchand <david.marchand@redhat.com>
Thomas Monjalon [Sat, 14 Sep 2019 08:56:32 +0000 (10:56 +0200)]
devtools: fix test of ninja install
When trying to compile some examples with libdpdk.pc,
the right environment (for default target) was not loaded.
The consequence is to not detect some dependencies because
of missing directories in PKG_CONFIG_PATH.
The environment preparation is moved to a dedicate function,
and called for the default target (cc),
before testing the install output of the default build.
Thomas Monjalon [Fri, 13 Sep 2019 21:03:30 +0000 (23:03 +0200)]
devtools: test nfb and AF_XDP build with make
The nfb PMD is disabled by default because of its dependency
on netcope-common package.
The variable DPDK_DEP_NFB was introduced but not used to notify
the dependency availability in the build test script.
The AF_XDP PMD is disabled by default because of its dependency
on libbpf on Linux.
An option was missing to notify the dependency availability
in the build test script.
Fixes: 6435f9a0ac22 ("net/nfb: add new netcope driver") Fixes: f1debd77efaf ("net/af_xdp: introduce AF_XDP PMD") Cc: stable@dpdk.org Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Aaron Conole [Thu, 8 Aug 2019 17:38:35 +0000 (13:38 -0400)]
test/interrupt: account for race with callback
Because the eal interrupt framework can race when invoking the callback
and a separate unregister call, the test needs to accommodate the chance
that the two collide. Do this by checking the return value of unregister
against the race-condition flag (EAGAIN).
David Marchand [Thu, 8 Aug 2019 12:22:17 +0000 (14:22 +0200)]
ci: exit setup on any error
-e is preferrable so that we can catch errors in the middle of this
script.
An example is this Travis job [1] that should have errored at the meson
install step rather than go to the build step.
David Marchand [Tue, 13 Aug 2019 13:22:16 +0000 (15:22 +0200)]
ci: add missing dependencies for documentation
Install missing dependencies so that doc can be generated.
While at it, explicitly configure that we want the doc to be generated.
Missing dependencies are then reported as an error rather than silently
ignored.
Because of these extra dependencies, only build them in dedicated travis
jobs.
Fixes: ad2b2cfb1ea3 ("ci: enable unit tests with Travis") Cc: stable@dpdk.org Signed-off-by: David Marchand <david.marchand@redhat.com> Acked-by: Aaron Conole <aconole@redhat.com>
In order to re-use the same test environment as with
test-build.sh, the configuration file is loaded at each build,
after adjusting the variable DPDK_TARGET.
This is especially useful to set the variable PKG_CONFIG_PATH,
or define some meson options (without -D) in DPDK_MESON_OPTIONS.
The DPDK_TARGET values can be
aarch64-*, powerpc64-*, x86_64-*.
The matching DPDK_TARGET values for test-build.sh are
arm64-*, ppc_64-*, x86_64-*.
The advised expressions to use in the common configuration file are:
if echo $DPDK_TARGET | grep -q '^a.*64-' ; then
elif echo $DPDK_TARGET | grep -q '^p.*pc.*64' ; then
elif echo $DPDK_TARGET | grep -q '^x86_64' ; then
fi
Signed-off-by: Thomas Monjalon <thomas@monjalon.net> Acked-by: Luca Boccassi <bluca@debian.org>
Thomas Monjalon [Mon, 12 Aug 2019 23:03:57 +0000 (01:03 +0200)]
devtools: test compiler availability only once
The compilation test is skipped if the compiler is not available.
In the case of gcc/arm, it was tested both in the generic function
"build" and in the cross-compilation section.
By passing the compiler as argument of the generic function,
the test with "command" is done only once.
This small clean-up has the benefit of introducing the compiler
parameter to be used later in another improvement.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net> Acked-by: Luca Boccassi <bluca@debian.org>
Thomas Monjalon [Mon, 12 Aug 2019 23:03:56 +0000 (01:03 +0200)]
net/mlx: fix build with make and recent gcc
With VERBOSE=1, this error was seen in debug mode with gcc 9.1:
In file included from /tmp/dpdk.auto-config-h.sh.c.w0VWMi:1:
In file included from rdma-core/build/include/infiniband/mlx5dv.h:47:
In file included from rdma-core/build/include/infiniband/verbs.h:46:
In file included from rdma-core/build/include/infiniband/verbs_api.h:66:
In file included from rdma-core/build/include/infiniband/ib_user_ioctl_verbs.h:38:
include/rdma/ib_user_verbs.h:161:28: fatal error:
zero size arrays are an extension [-Wzero-length-array]
__aligned_u64 driver_data0;
^
1 error generated.
As a result, buildtools/auto-config-h.sh was not generating
a correct autoconf file, so the compilation was generating such error:
fatal error: redefinition of 'mlx5_ib_uapi_flow_action_packet_reformat_type'
It is fixed by disabling -pedantic option when calling auto-config-h.sh
from the makefile-based system.
Thomas Monjalon [Mon, 12 Aug 2019 23:03:55 +0000 (01:03 +0200)]
net/mlx: fix meson build with custom dependency path
If rdma-core is not installed in a standard directory of the system,
it is possible to specify the location of the pkgconfig file via
an environment variable:
PKG_CONFIG_PATH=$PKG_CONFIG_PATH:~/rdma-core/build/lib/pkgconfig
In this case, the dependency may become mandatory to specify
for the configuration tests (checking dependency symbols or fields).
Some spacing is also fixed around.
Fixes: 8e4937640022 ("net/mlx4: add external allocator for Verbs object") Fixes: 1dd7c7e38c19 ("net/mlx4: support meson build") Fixes: 96d7c62a70c7 ("net/mlx5: support meson build") Cc: stable@dpdk.org Suggested-by: Luca Boccassi <bluca@debian.org> Signed-off-by: Thomas Monjalon <thomas@monjalon.net> Acked-by: Luca Boccassi <bluca@debian.org> Acked-by: Matan Azrad <matan@mellanox.com>
Thomas Monjalon [Mon, 12 Aug 2019 23:03:53 +0000 (01:03 +0200)]
build: remove redundant libs from pkgconfig
As explained in drivers/meson.build,
"
For the find_library() case (but not with dependency()) we also
need to specify the "-l" flags in pkgconfig_extra_libs variable
too, so that it can be reflected in the pkgconfig output for
static builds.
"
The commit e30b4e566f47 ("build: improve dependency handling")
must be followed up with this one in order to remove more
occurences of pkgconfig_extra_libs redundant with use of dependency().
Pablo de Lara [Wed, 11 Sep 2019 08:06:26 +0000 (09:06 +0100)]
maintainers: step down from various components
I have not been active in a year, due to job position change.
Therefore, I cannot remain a maintainer any longer for most
components I used to maintain (various people will take over
on the components where I am the sole maintainer).
I will only remain maintainer of the crypto PMDs that I currently maintain.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tiwei Bie [Tue, 13 Aug 2019 02:07:28 +0000 (10:07 +0800)]
doc: add devargs for virtio-user
Document the devargs for virtio-user and also make it clear
that these devargs are only available in virtio-user, i.e. not
supported by the PCI virtio driver.
Signed-off-by: Tiwei Bie <tiwei.bie@intel.com> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Tiwei Bie [Tue, 13 Aug 2019 02:07:25 +0000 (10:07 +0800)]
net/virtio: remove remaining simple Tx related stuff
The simple Tx path in virtio has been removed in below commit.
This patch removes an undefined function declaration of simple
Tx and all related descriptions in the doc.
Dekel Peled [Thu, 15 Aug 2019 09:26:51 +0000 (12:26 +0300)]
net/mlx5: fix jump action validation
This patch updates the validation function of jump action.
It adds check of conflicting fate actions in flow rule.
It also removes check of action->type which is not needed.
Dekel Peled [Thu, 15 Aug 2019 09:26:50 +0000 (12:26 +0300)]
net/mlx5: fix drop action validation
Function mlx5_flow_validate_action_drop() checks if another fate
action is already present in this flow rule, using defined value
MLX5_FLOW_FATE_ACTIONS.
This patch enhances the check using value
(MLX5_FLOW_FATE_ACTIONS | MLX5_FLOW_FATE_ESWITCH_ACTIONS)
to make sure all relevant fate actions are checked.
Dekel Peled [Tue, 13 Aug 2019 14:07:24 +0000 (17:07 +0300)]
net/mlx5: fix comment
In struct mlx5_ibv_shared, member esw_drop_action was added between
existing member tx_tbl and the comment line describing it.
This patch moves the comment line to its original location, and fixes
a typo in the comment.
Fixes: 34fa7c0268e7 ("net/mlx5: add drop action to Direct Verbs E-Switch") Cc: stable@dpdk.org Signed-off-by: Dekel Peled <dekelp@mellanox.com> Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
Maxime Leroy [Tue, 13 Aug 2019 13:29:47 +0000 (15:29 +0200)]
net/vmxnet3: remove IP checksum from capabilities
The vmxnet3_prep_pkts function set rte_errno to ENOTSUP for any packets
having PKT_TX_IP_CHECKSUM set in ol_flags. But the vmxnet3 has
DEV_TX_OFFLOAD_IPV4_CKSUM set in this tx offload capa.
This issue has been introduced with the new Rx offload
API. DEV_TX_OFFLOAD_IPV4_CKSUM and DEV_RX_OFFLOAD_IPV4_CKSUM has been
added to the tx/rx offloads capa, but the vmxnet3 driver doesn't support
it.
To fix the issue, DEV_TX/RX_OFFLOAD_IPV4_CKSUM needs to be removed from
tx/rx offload capa.
Fixes: 95e4a96ccbf1 ("net/vmxnet3: convert to new Rx offload API") Cc: stable@dpdk.org Signed-off-by: Maxime Leroy <maxime.leroy@6wind.com> Acked-by: Yong Wang <yongwang@vmware.com>
git.droids-corp.org / dpdk.git / log