dpdk.git
5 years agonet/virtio-user: support control VQ for packed
Jens Freimann [Fri, 11 Jan 2019 09:39:29 +0000 (10:39 +0100)]
net/virtio-user: support control VQ for packed

Add support to virtio-user for control virtqueues.

Signed-off-by: Jens Freimann <jfreimann@redhat.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
5 years agonet/virtio: check head desc with correct wrap counter
Jens Freimann [Fri, 11 Jan 2019 09:39:28 +0000 (10:39 +0100)]
net/virtio: check head desc with correct wrap counter

In virtio_pq_send_command() we check for a used descriptor
and wait in an idle loop until it becomes used. We can't use
vq->used_wrap_counter here to check for the first descriptor
we made available because the ring could have wrapped. Let's use
the used_wrap_counter that matches the state of the head descriptor.

Fixes: ec194c2f1895 ("net/virtio: support packed queue in send command")

Signed-off-by: Jens Freimann <jfreimann@redhat.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
5 years agonet/virtio: support platform memory ordering
Ilya Maximets [Wed, 9 Jan 2019 14:50:15 +0000 (17:50 +0300)]
net/virtio: support platform memory ordering

VIRTIO_F_ORDER_PLATFORM is required to use proper memory barriers
in case of HW vhost implementations like vDPA.

DMA barriers (rte_cio_*) are sufficent for that purpose.

Previously known as VIRTIO_F_IO_BARRIER.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
5 years agonet/virtio: update memory ordering comment for VQ notify
Ilya Maximets [Wed, 9 Jan 2019 14:50:14 +0000 (17:50 +0300)]
net/virtio: update memory ordering comment for VQ notify

We're not using IO ports in case of modern device even on IA.
Also, this comment useless for other architectures.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
5 years agonet/virtio: add barrier before reading the flags
Ilya Maximets [Wed, 9 Jan 2019 14:50:13 +0000 (17:50 +0300)]
net/virtio: add barrier before reading the flags

Reading the used->flags could be reordered with avail->idx update.
vhost in kernel disables notifications for the time of packets
receiving, like this:

    1. disable notify
    2. process packets
    3. enable notify
    4. has more packets ? goto 1

In case of reordering, virtio driver could read the flags on
step 2 while notifications disabled and update avail->idx after
the step 4, i.e. vhost will exit the loop on step 4 with
notifications enabled, but virtio will not notify.

Fixes: c1f86306a026 ("virtio: add new driver")
Cc: stable@dpdk.org
Reported-by: Shahaf Shuler <shahafs@mellanox.com>
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
5 years agoexamples/vhost: remove unnecessary method and constant
Rami Rosen [Wed, 9 Jan 2019 14:57:30 +0000 (16:57 +0200)]
examples/vhost: remove unnecessary method and constant

This cleanup patch removes a method and a constant which
are now unnecessary in the VHOST sample application, namely
the validate_num_devices() method and the MAX_DEVICES
constant.

Signed-off-by: Rami Rosen <ramirose@gmail.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
5 years agonet/ice: fix firmware version result of ethtool
Leyi Rong [Thu, 10 Jan 2019 05:22:04 +0000 (13:22 +0800)]
net/ice: fix firmware version result of ethtool

Fix the drvinfo dumped firmware-version when using dpdk ethtool,
change it to the same result as Linux ethtool shown info.

Fixes: e31cb9a36298 ("net/ice: support FW version getting")

Signed-off-by: Leyi Rong <leyi.rong@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
5 years agonet/sfc/base: fix Tx descriptor max number check
Igor Romanov [Wed, 9 Jan 2019 11:12:07 +0000 (11:12 +0000)]
net/sfc/base: fix Tx descriptor max number check

Fix check of maximum descriptor number (compare with maximum Tx
descriptor number instead of maximum EVQ events number).

Fixes: f7dc06bf35f2 ("net/sfc/base: import 5xxx/6xxx family support")
Cc: stable@dpdk.org
Signed-off-by: Igor Romanov <igor.romanov@oktetlabs.ru>
Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
5 years agonet/sfc: discard last seen VLAN TCI if Tx packet is dropped
Ivan Malov [Wed, 9 Jan 2019 11:06:39 +0000 (11:06 +0000)]
net/sfc: discard last seen VLAN TCI if Tx packet is dropped

Early processing of a packet on transmit may change last seen
VLAN TCI in the queue context. If such a packet is eventually
dropped, last seen VLAN TCI must be set to its previous value.

Fixes: 7fd636815a43 ("net/sfc: support VLAN offload on transmit path")
Cc: stable@dpdk.org
Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
5 years agonet/sfc: add missing header guard to TSO header file
Ivan Malov [Wed, 9 Jan 2019 11:05:13 +0000 (11:05 +0000)]
net/sfc: add missing header guard to TSO header file

Add missing header guard, including compiler directive for cplusplus.

Fixes: f1f575be9b76 ("net/sfc: put generalised TSO declarations in a header")
Cc: stable@dpdk.org
Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
5 years agonet/bonding: fix possible null pointer reference
Declan Doherty [Tue, 8 Jan 2019 11:17:56 +0000 (11:17 +0000)]
net/bonding: fix possible null pointer reference

In function check_for_bonded_ethdev the driver name is used without
validating the pointer references in the passed ethdev object.

Fixes: 740feaf349b1 ("ethdev: remove driver name from device private data")
Cc: stable@dpdk.org
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
5 years agoapp/testpmd: fix quit to stop all ports before close
Cristian Dumitrescu [Fri, 4 Jan 2019 12:28:33 +0000 (12:28 +0000)]
app/testpmd: fix quit to stop all ports before close

This patch proposes a slightly different test-pmd quit operation: stop
all devices before starting to close any device. Basically, stop all
moving parts before beginning to remove them. The current test-pmd quit
is stopping and closing each device before moving to the next device.

If all devices in the system are independent of each other, this
difference is usually not important. In case of Soft NIC devices, any
such virtual device typically depends on one or more physical devices
being alive, as it accesses their queues, so this difference becomes
important.

Without this straightforward fix, all the Soft NIC devices need to be
manually stopped before the quit command is issued, otherwise the quit
command can sometimes crash the test-pmd application.

Fixes: d3a274ce9dee ("app/testpmd: handle SIGINT and SIGTERM")
Cc: stable@dpdk.org
Signed-off-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Acked-by: Bernard Iremonger <bernard.iremonger@intel.com>
5 years agodoc: fix a parameter name in testpmd guide
Rami Rosen [Fri, 4 Jan 2019 09:10:46 +0000 (11:10 +0200)]
doc: fix a parameter name in testpmd guide

There is no parameter called "eth-peer-configfile" in testpmd.
It should be "eth-peers-configfile". See the usage() method in
app/test-pmd/parameters.c.

Fixes: a67857e97ba8 ("doc: clarify usage of testpmd MAC forward mode")
Cc: stable@dpdk.org
Signed-off-by: Rami Rosen <ramirose@gmail.com>
Acked-by: Bernard Iremonger <bernard.iremonger@intel.com>
5 years agonet/nfp: fix device start/stop for VFs
Alejandro Lucero [Wed, 2 Jan 2019 15:21:49 +0000 (15:21 +0000)]
net/nfp: fix device start/stop for VFs

Previous commit adding multiprocess support broke VF support.
When VFs, the PMD does not set the link up or down.

Fixes: ef28aa96e53b ("net/nfp: support multiprocess")

Signed-off-by: Alejandro Lucero <alejandro.lucero@netronome.com>
5 years agodoc: fix a typo in testpmd guide
Rami Rosen [Thu, 27 Dec 2018 19:59:05 +0000 (21:59 +0200)]
doc: fix a typo in testpmd guide

This patch fixes a typo in testpmd user guide.

Fixes: aac6f11f5864 ("app/testpmd: add ethernet peer command")
Cc: stable@dpdk.org
Signed-off-by: Rami Rosen <ramirose@gmail.com>
Acked-by: Bernard Iremonger <bernard.iremonger@intel.com>
5 years agoexamples/flow_filtering: fix example documentation
Dekel Peled [Tue, 25 Dec 2018 07:42:18 +0000 (09:42 +0200)]
examples/flow_filtering: fix example documentation

Previous patch removed the VLAN item from example code.
This patch fixes the code and documentation accordingly.

Code update includes fix of comments, and removal of redundant
variables and their initialization.
Documentation update reflects the code changes done in previous
patch and in this patch.

Fixes: 9af4eb565710 ("examples/flow_filtering: remove VLAN item")
Cc: stable@dpdk.org
Signed-off-by: Dekel Peled <dekelp@mellanox.com>
Acked-by: Ori Kam <orika@mellanox.com>
5 years agonet/dpaa: update RSS offload types
Hemant Agrawal [Wed, 26 Dec 2018 11:33:57 +0000 (11:33 +0000)]
net/dpaa: update RSS offload types

Validated and tested additional offload flags for RSS
configuration.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
5 years agonet/dpaa: update supported ptypes
Hemant Agrawal [Wed, 26 Dec 2018 11:33:54 +0000 (11:33 +0000)]
net/dpaa: update supported ptypes

Validated and tested additional packet type for the DPAA
platform.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
5 years agonet/dpaa: fix secondary process
Hemant Agrawal [Wed, 26 Dec 2018 11:33:51 +0000 (11:33 +0000)]
net/dpaa: fix secondary process

In order to support I/O from secondary process, the
burst APIs and OPS APIs shall be mapped/plugged. This
patch fixes the code to remap the ops and burst apis.

Fixes: ff9e112d7870 ("net/dpaa: add NXP DPAA PMD driver skeleton")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
5 years agobus/dpaa: fix logical to physical core affine logic
Hemant Agrawal [Wed, 26 Dec 2018 11:33:47 +0000 (11:33 +0000)]
bus/dpaa: fix logical to physical core affine logic

The code was treating the lcore id as physical core id.
The code is updated to use actual physical core value
for any core affinity logic.

Note that DPAA devices are single cluster systems.

Fixes: 5d944582d028 ("bus/dpaa: check portal presence in the caller function")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
5 years agonet/fm10k: fix internal switch initial status
Julien Meunier [Wed, 2 Jan 2019 15:57:45 +0000 (17:57 +0200)]
net/fm10k: fix internal switch initial status

sm_down is a boolean in order to check if the internal switch of the
fm10k is up or down. This variable is configured though an interrupt by
fm10k_dev_interrupt_handler_pf.

If sm_down is uninitialized, we are not sure of its value at the first
bring up. For example, if FM10K_EICR_SWITCHREADY is raised, the PMD will
try to reconfigure the switch, but it does not make sense, as it's the
first startup.

The sm_down implementation has been introduced
commit 6c9f37245583 ("net/fm10k: support switch restart on PF").

Fixes: 6f22f2f67268 ("net/fm10k: redefine link status semantics")
Cc: stable@dpdk.org
Signed-off-by: Julien Meunier <julien.meunier@nokia.com>
Acked-by: Xiao Wang <xiao.w.wang@intel.com>
5 years agovhost/crypto: fix possible out of bound access
Fan Zhang [Fri, 4 Jan 2019 11:22:46 +0000 (11:22 +0000)]
vhost/crypto: fix possible out of bound access

This patch fixes a out of bound access possbility in vhost
crypto. Originally the incorrect next descriptor index may
cause the library read invalid memory content and crash
the application.

Fixes: 3bb595ecd682 ("vhost/crypto: add request handler")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
5 years agovhost/crypto: fix possible dead loop
Fan Zhang [Fri, 4 Jan 2019 11:22:45 +0000 (11:22 +0000)]
vhost/crypto: fix possible dead loop

This patch fixes a possible infinite loop caused by incorrect
descriptor chain created by the driver.

Fixes: 3bb595ecd682 ("vhost/crypto: add request handler")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
5 years agovhost: ensure event idx is mapped when negotiated
Tiwei Bie [Fri, 4 Jan 2019 04:06:42 +0000 (12:06 +0800)]
vhost: ensure event idx is mapped when negotiated

Fixes: 30920b1e2b15 ("vhost: ensure all range is mapped when translating QVAs")
Cc: stable@dpdk.org
Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
5 years agovhost: fix possible dead loop in vector filling
Tiwei Bie [Fri, 4 Jan 2019 04:06:41 +0000 (12:06 +0800)]
vhost: fix possible dead loop in vector filling

Fix a possible dead loop which may happen, e.g. when driver
created a loop in the desc list and lens in descs are zero.

Fixes: fd68b4739d2c ("vhost: use buffer vectors in dequeue path")
Fixes: 2f3225a7d69b ("vhost: add vector filling support for packed ring")
Cc: stable@dpdk.org
Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
5 years agovhost: fix possible out of bound access in vector filling
Tiwei Bie [Fri, 4 Jan 2019 04:06:40 +0000 (12:06 +0800)]
vhost: fix possible out of bound access in vector filling

Fixes: 7f74b95c444f ("vhost: pre update used ring for Tx and Rx")
Cc: stable@dpdk.org
Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
5 years agovhost: fix possible dead loop in relay helpers
Tiwei Bie [Fri, 4 Jan 2019 04:06:39 +0000 (12:06 +0800)]
vhost: fix possible dead loop in relay helpers

Fix a possible dead loop which may happen, e.g. when
driver created a loop in the desc list.

Fixes: b13ad2decc83 ("vhost: provide helpers for virtio ring relay")

Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
5 years agovhost: fix possible out of bound access in relay helpers
Tiwei Bie [Fri, 4 Jan 2019 04:06:38 +0000 (12:06 +0800)]
vhost: fix possible out of bound access in relay helpers

Fixes: b13ad2decc83 ("vhost: provide helpers for virtio ring relay")

Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
5 years agovhost: fix desc access in relay helpers
Tiwei Bie [Fri, 4 Jan 2019 04:06:37 +0000 (12:06 +0800)]
vhost: fix desc access in relay helpers

Descs in desc table should be indexed using the desc idx
instead of the idx of avail ring and used ring.

Fixes: b13ad2decc83 ("vhost: provide helpers for virtio ring relay")

Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
5 years agonet/virtio-user: fix supported features list
Tiwei Bie [Thu, 3 Jan 2019 02:40:07 +0000 (10:40 +0800)]
net/virtio-user: fix supported features list

Currently virtio-user doesn't support event idx.

Fixes: aea29aa5d37b ("net/virtio: enable packed virtqueues by default")

Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
5 years agonet/virtio-user: fix packed vq option parsing
Tiwei Bie [Thu, 3 Jan 2019 02:40:06 +0000 (10:40 +0800)]
net/virtio-user: fix packed vq option parsing

Add the RING_PACKED feature to dev->unsupported_features
when it's disabled, and add the missing packed vq param
string. And also revert the unexpected change to MAC option
introduced when adding packed vq option.

Fixes: 34f3966c7f81 ("net/virtio-user: add option to use packed queues")

Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
5 years agonet/ixgbe: fix over using multicast table for VF
Wei Zhao [Mon, 7 Jan 2019 07:22:56 +0000 (15:22 +0800)]
net/ixgbe: fix over using multicast table for VF

According to the current implementation, all VFs will set bit
IXGBE_VMOLR_ROMPE during initialization, this cause any VF
will accept packets that match the MTA table. Since the MTA
table is shared by all VFs which means if one VF update MTA
table in function ixgbe_vf_set_multicast, then all other VFs
will receive multicast packets which cause unnecessary
performance overhead.

So it's better to set VF's ROPE bit of register VMOLR only
if multicast address filter is required on that VF.
Also, the ROPE bit should be reset when multicast address
filter is requested to clean.

This patch also aligns to the related fix on ixgbe
kernel driver 5.3.7.

Fixes: 00e30184daa0 ("ixgbe: add PF support")
Cc: stable@dpdk.org
Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
5 years agonet/mlx5: support flow counters using devx
Moti Haimovsky [Thu, 3 Jan 2019 15:06:37 +0000 (15:06 +0000)]
net/mlx5: support flow counters using devx

This commit adds counters support when creating flows via direct
verbs. The implementation uses devx interface in order to create
query and delete the counters.
This support requires MLNX_OFED_LINUX-4.5-0.1.0.1 installation.

Signed-off-by: Moti Haimovsky <motih@mellanox.com>
Acked-by: Shahaf Shuler <shahafs@mellanox.com>
5 years agonet/mlx5: add devx functions to glue
Moti Haimovsky [Thu, 3 Jan 2019 15:06:36 +0000 (15:06 +0000)]
net/mlx5: add devx functions to glue

This patch adds glue functions for operations:
  - dv_open_device.
  - devx object create, destroy, query and modify.
  - devx general command
The new operations depend on HAVE_IBV_DEVX_OBJ.

Signed-off-by: Moti Haimovsky <motih@mellanox.com>
Acked-by: Shahaf Shuler <shahafs@mellanox.com>
5 years agonet/mlx5: fix shared counter allocation logic
Moti Haimovsky [Thu, 3 Jan 2019 15:06:36 +0000 (15:06 +0000)]
net/mlx5: fix shared counter allocation logic

This commit fixes the logic for searching and allocating a shared
counter in mlx5_flow_verbs.
Now only the shared counters in the counters list are checked for
a match and not all the counters as before.

Fixes: 84c406e74524 ("net/mlx5: add flow translate function")
Cc: stable@dpdk.org
Signed-off-by: Moti Haimovsky <motih@mellanox.com>
Acked-by: Shahaf Shuler <shahafs@mellanox.com>
5 years agoconfig: remove NFP PMD from 32-bit builds
Alejandro Lucero [Mon, 14 Jan 2019 18:12:54 +0000 (18:12 +0000)]
config: remove NFP PMD from 32-bit builds

Signed-off-by: Alejandro Lucero <alejandro.lucero@netronome.com>
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
5 years agoeal: fix build of external app with clang on armv8
Ilya Maximets [Mon, 14 Jan 2019 16:14:42 +0000 (19:14 +0300)]
eal: fix build of external app with clang on armv8

In case DPDK built using GCC, RTE_TOOLCHAIN_CLANG is not defined.
But 'rte_atomic.h' is a generic header that included to the
external apps like OVS while building with DPDK. As a result,
clang build of OVS fails on armv8 if DPDK built using gcc:

    include/generic/rte_atomic.h:215:9: error:
            implicit declaration of function '__atomic_exchange_2'
            is invalid in C99
    include/generic/rte_atomic.h:494:9: error:
            implicit declaration of function '__atomic_exchange_4'
            is invalid in C99
    include/generic/rte_atomic.h:772:9: error:
            implicit declaration of function '__atomic_exchange_8'
            is invalid in C99

We need to check for current compiler, not the compiler used for
DPDK build.

Fixes: 7bdccb93078e ("eal: fix ARM build with clang")
Cc: stable@dpdk.org
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
5 years agomk: fix scope of disabling AVX512F support
Ferruh Yigit [Mon, 14 Jan 2019 15:49:35 +0000 (15:49 +0000)]
mk: fix scope of disabling AVX512F support

AVX512 was disabled for GCC because of Bugzilla issue 97 [1],
the GCC defect submitted for the issue [2] highlighted that this is
a known binutils version 2.30 issue.

Narrowed the scope of no-avx512 to the this specific binutils version.

[1]
https://bugs.dpdk.org/show_bug.cgi?id=97

[2]
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88096

Fixes: 8d07c82b239f ("mk: disable gcc AVX512F support")
Cc: stable@dpdk.org
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
5 years agombuf: remove experimental tag for external attachment
Yongseok Koh [Mon, 14 Jan 2019 05:20:55 +0000 (21:20 -0800)]
mbuf: remove experimental tag for external attachment

Remove the experimental tag of rte_pktmbuf_attach_extbuf() which was
introduced in 18.05.

Signed-off-by: Yongseok Koh <yskoh@mellanox.com>
Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
5 years agombuf: remove deprecated macro
Yongseok Koh [Mon, 14 Jan 2019 05:20:54 +0000 (21:20 -0800)]
mbuf: remove deprecated macro

RTE_MBUF_INDIRECT() is replaced with RTE_MBUF_CLONED() and removed.
This macro was deprecated in release 18.05 when EXT_ATTACHED_MBUF was
introduced.

Signed-off-by: Yongseok Koh <yskoh@mellanox.com>
Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
5 years agombuf: fix C++ compatibility by making sched struct visible
Harry van Haaren [Fri, 11 Jan 2019 11:32:39 +0000 (11:32 +0000)]
mbuf: fix C++ compatibility by making sched struct visible

Although C compilation works with the struct rte_mbuf_sched
declared inside the struct rte_mbuf namespace, C++ fails to
compile. This fix moves the rte_mbuf_sched struct up to the
global namespace, instead of declaring it inside the struct
mbuf namespace.

The struct rte_mbuf_sched is being used on the stack in
rte_mbuf_sched_get() and as a cast in _set(). For this
reason, it must be exposed as an available type.

Fixes: 5d3f72100904 ("mbuf: implement generic format for sched field")

Signed-off-by: Harry van Haaren <harry.van.haaren@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
5 years agomem: fix storing old policy
Anatoly Burakov [Tue, 8 Jan 2019 16:46:28 +0000 (16:46 +0000)]
mem: fix storing old policy

The original code was supposed to overwrite the value pointed to
by the pointer, but the new one is instead overwriting the
pointer value itself, which has no effect outside that function.
Fix it by adding a pointer dereference.

Fixes: 582bed1e1d1d ("mem: support mapping hugepages at runtime")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
5 years agomem: fix variable shadowing
Anatoly Burakov [Tue, 8 Jan 2019 16:33:59 +0000 (16:33 +0000)]
mem: fix variable shadowing

A local variable ``flags`` was shadowing another variable from outer
scope. Fix this by renaming the variable and make it const.

Fixes: c127be93f619 ("mem: support using memfd segments for in-memory mode")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
5 years agovfio: do not unregister callback in secondary process
Anatoly Burakov [Thu, 10 Jan 2019 16:33:39 +0000 (16:33 +0000)]
vfio: do not unregister callback in secondary process

Callbacks are only registered in the primary, so do not attempt to
unregister callbacks in secondary processes.

Fixes: 43e463137154 ("vfio: support memory event callbacks")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
5 years agoeal/bsd: remove clean up of files at startup
Anatoly Burakov [Thu, 10 Jan 2019 11:34:08 +0000 (11:34 +0000)]
eal/bsd: remove clean up of files at startup

On FreeBSD, closing the file descriptor drops the lock even if the
file descriptor was mmap'ed. This leads to the cleanup at the end
of EAL init to remove fbarray files that are still in use by the
process itself.

However, instead of working around this issue, we can take advantage
of the fact that FreeBSD doesn't really create any per-process
files in the first place, so no cleanup is actually needed.

Fixes: 0a529578f162 ("eal: clean up unused files on initialization")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
5 years agoeal: fix strdup usages in internal config
Anatoly Burakov [Thu, 10 Jan 2019 13:38:59 +0000 (13:38 +0000)]
eal: fix strdup usages in internal config

Currently, we use strdup in a few places to store command-line
parameter values for certain internal config values. There are
several issues with that.

First of all, they're never freed, so memory ends up leaking
either after EAL exit, or when these command-line options are
supplied multiple times.

Second of all, they're defined as `const char *`, so they
*cannot* be freed even if we wanted to.

Finally, strdup may return NULL, which will be stored in the
config. For most fields, NULL is a valid value, but for the
default prefix, the value is always expected to be valid.

To fix all of this, three things are done. First, we change
the definitions of these values to `char *` as opposed to
`const char *`. This does not break the ABI, and previous
code assumes constness (which is more restrictive), so it's
safe to do so.

Then, fix all usages of strdup to check return value, and add
a cleanup function that will free the memory occupied by
these strings, as well as freeing them before assigning a new
value to prevent leaks when parameter is specified multiple
times.

And finally, add an internal API to query hugefile prefix, so
that, absent of a valid value, a default value will be
returned, and also fix up all usages of hugefile prefix to
use this API instead of accessing hugefile prefix directly.

Bugzilla ID: 108

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
5 years agoipsec: fix assert condition
Konstantin Ananyev [Mon, 14 Jan 2019 12:07:39 +0000 (12:07 +0000)]
ipsec: fix assert condition

fix invalid RTE_ASSERT condition in rsn_update_finish()

Fixes: c0308cd89554 ("ipsec: rework SA replay window/SQN for MT environment")

Reported-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
5 years agokni: fix build on RHEL8 for arm and Power9
David Zeng [Fri, 21 Dec 2018 16:27:33 +0000 (00:27 +0800)]
kni: fix build on RHEL8 for arm and Power9

Signed-off-by: David Zeng <zengxhsh@cn.ibm.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
5 years agokni: fix build on RHEL 8
Xiao Liang [Wed, 19 Dec 2018 07:07:58 +0000 (15:07 +0800)]
kni: fix build on RHEL 8

'ndo_change_mtu_rh74' was changed to 'ndo_change_mtu' in RHEL8.

Build error log:
/home/dpdk-18.11/kernel/linux/kni/compat.h:107:24: error: â€˜const struct
net_device_ops’ has no member named â€˜ndo_change_mtu_rh74’; did you mean
‘ndo_change_mtu’?
 #define ndo_change_mtu ndo_change_mtu_rh74
                        ^~~~~~~~~~~~~~~~~~~

Cc: stable@dpdk.org
Signed-off-by: Xiao Liang <xiliang@redhat.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
5 years agomaintainers: claim maintainership of hash library
Yipeng Wang [Tue, 8 Jan 2019 15:08:34 +0000 (07:08 -0800)]
maintainers: claim maintainership of hash library

Add Yipeng and Sameh as additional maintainers.

Signed-off-by: Yipeng Wang <yipeng1.wang@intel.com>
Signed-off-by: Sameh Gobriel <sameh.gobriel@intel.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
5 years agomaintainers: resign from maintainership of distributor lib
Bruce Richardson [Fri, 11 Jan 2019 11:48:34 +0000 (11:48 +0000)]
maintainers: resign from maintainership of distributor lib

The distributor library doesn't see much in the way of changes, and Dave
is well able to manage the library on his own, so remove my name against
it in the MAINTAINERS file.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
5 years agoconfig: add Mellanox BlueField armv8 SoC
Yongseok Koh [Thu, 10 Jan 2019 18:39:19 +0000 (10:39 -0800)]
config: add Mellanox BlueField armv8 SoC

BlueField is Mellanox's new SoC based on armv8. BlueField integrates
Mellanox ConnectX-5 interconnect and Cortex-A72 cores into a single device.

http://www.mellanox.com/page/products_dyn?product_family=256&mtag=soc_overview

Signed-off-by: Yongseok Koh <yskoh@mellanox.com>
5 years agodevtools: fix build check for whether meson has run
Bruce Richardson [Thu, 10 Jan 2019 10:37:26 +0000 (10:37 +0000)]
devtools: fix build check for whether meson has run

The current check to see whether we need to call meson or just ninja
simply checked if the build directory existed. However, if meson was run
but failed, the build directory would still exist. We can fix this by
instead checking for the build.ninja file inside the directory. Once that
is present, we can use ninja safely and let it worry about rerunning
meson if necessary.

Fixes: a55277a788df ("devtools: add test script for meson builds")
Cc: stable@dpdk.org
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
5 years agobuild: fix variable name in dependency error message
Bruce Richardson [Thu, 10 Jan 2019 10:29:19 +0000 (10:29 +0000)]
build: fix variable name in dependency error message

The variable name in the error message had an extra '_' which caused
an actual meson error when the message would otherwise be printed to
give meaningful information about what was going wrong.

Fixes: 203b61dc5e18 ("build: improve error message for missing dependency")
Cc: stable@dpdk.org
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
5 years agobuild: use static deps for pkg-config libs.private
Luca Boccassi [Fri, 11 Jan 2019 16:12:44 +0000 (16:12 +0000)]
build: use static deps for pkg-config libs.private

Dependencies of the RTE libraries were not being added to the
Requires.private field of the pc file since the variable used for
dynamic linking was passed to the related field of pkg.generate.
Use the static one so that dependencies are included.

Fixes: 57ae0ec62620 ("build: add dependency on telemetry to apps with meson")
Cc: stable@dpdk.org
Signed-off-by: Luca Boccassi <bluca@debian.org>
5 years agotest/crypto: remove unsupported SGL tests on AESNI_MB PMD
Fiona Trahe [Fri, 21 Dec 2018 00:02:19 +0000 (00:02 +0000)]
test/crypto: remove unsupported SGL tests on AESNI_MB PMD

Remove AESNI_MB flag from SGL test cases which it doesn't support.

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
5 years agocrypto/dpaa2_sec: fix FLC address for physical mode
Akhil Goyal [Wed, 9 Jan 2019 15:14:21 +0000 (15:14 +0000)]
crypto/dpaa2_sec: fix FLC address for physical mode

Fixes: 547a4d40e7bf ("crypto/dpaa2_sec: support out of place protocol offload")
Fixes: 0a23d4b6f4c2 ("crypto/dpaa2_sec: support protocol offload IPsec")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa_sec: support same session flows on multi-cores
Akhil Goyal [Wed, 9 Jan 2019 15:14:17 +0000 (15:14 +0000)]
crypto/dpaa_sec: support same session flows on multi-cores

In dpaa_sec, each session should have a separate in-queue,
and each in-queue should be mapped to an outq.
So if multiple flows of same SA comes to different cores
due to rss distribution of NIC, enqueue from any core will
try to do re-assignment of inq - outq mapping which will fail.

In this patch, for each core a separate inq is allocated and
used from each of the core. But the number of outq will remain
the same and we save the pointer to outq in session for each
of the cores.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/dpaa_sec: support PDCP offload
Hemant Agrawal [Wed, 9 Jan 2019 15:13:16 +0000 (15:13 +0000)]
crypto/dpaa_sec: support PDCP offload

PDCP session configuration for lookaside protocol offload
and data path is added.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/octeontx: remove usage of DEPDIRS
Anoob Joseph [Thu, 10 Jan 2019 08:52:59 +0000 (08:52 +0000)]
crypto/octeontx: remove usage of DEPDIRS

DEPDIRS is no longer used in DPDK driver makefiles. Removing it.

Suggested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
5 years agoapp/bbdev: fix return value check
Amr Mokhtar [Wed, 2 Jan 2019 14:09:02 +0000 (14:09 +0000)]
app/bbdev: fix return value check

Added assert check for rte_bbdev_*_op_alloc_bulk in bbdev test app

Coverity issue: 328516, 328525
Fixes: f714a18885a6 ("app/testbbdev: add test application for bbdev")
Cc: stable@dpdk.org
Signed-off-by: Amr Mokhtar <amr.mokhtar@intel.com>
5 years agodoc: update ipsec-secgw guide and release notes
Konstantin Ananyev [Thu, 10 Jan 2019 21:09:13 +0000 (21:09 +0000)]
doc: update ipsec-secgw guide and release notes

Update ipsec-secgw guide and release notes to reflect latest changes.

Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoexamples/ipsec-secgw: add scripts for functional test
Konstantin Ananyev [Thu, 10 Jan 2019 21:09:12 +0000 (21:09 +0000)]
examples/ipsec-secgw: add scripts for functional test

The purpose of these scripts is to automate ipsec-secgw functional testing.
The scripts require two machines (SUT and DUT) connected through
at least 2 NICs and running linux (so far tested only on Ubuntu 18.04).
Introduced test-cases for the following scenarios:
- Transport/Tunnel modes
- AES-CBC SHA1
- AES-GCM
- ESN on/off
- legacy/librte_ipsec code path

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoexamples/ipsec-secgw: make data-path to use IPsec library
Konstantin Ananyev [Thu, 10 Jan 2019 21:09:11 +0000 (21:09 +0000)]
examples/ipsec-secgw: make data-path to use IPsec library

Changes to make ipsec-secgw data-path code to utilize librte_ipsec library.
Note that right now by default current (non-librte_ipsec) code-path will
be used. User has to run application with new command-line option ('-l')
to enable new codepath.

Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoexamples/ipsec-secgw: make app to use IPsec library
Konstantin Ananyev [Thu, 10 Jan 2019 21:09:10 +0000 (21:09 +0000)]
examples/ipsec-secgw: make app to use IPsec library

Changes to make ipsec-secgw to utilize librte_ipsec library.
That patch provides:
 - changes in the related data structures.
 - changes in the initialization code.
 - new command-line parameters to enable librte_ipsec codepath
   and related features.

Note that right now by default current (non-librte_ipsec) code-path will
be used. User has to run application with new command-line option ('-l')
to enable new codepath.
The main reason for that:
 - current librte_ipsec doesn't support all ipsec algorithms
   and features that the app does.
 - allow users to run both versions in parallel for some time
   to figure out any functional or performance degradation with the
   new code.

It is planned to deprecate and remove non-librte_ipsec code path
in future releases.

Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoexamples/ipsec-secgw: fix inbound SA checking
Konstantin Ananyev [Thu, 10 Jan 2019 21:09:09 +0000 (21:09 +0000)]
examples/ipsec-secgw: fix inbound SA checking

In the inbound_sa_check() make sure that sa pointer stored
inside mbuf private area is not NULL.

Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Cc: stable@dpdk.org
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
5 years agoexamples/ipsec-secgw: make local variables static
Konstantin Ananyev [Thu, 10 Jan 2019 21:09:08 +0000 (21:09 +0000)]
examples/ipsec-secgw: make local variables static

in sp4.c and sp6.c there are few globals that used only locally.
Define them as static ones.

Cc: stable@dpdk.org
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoexamples/ipsec-secgw: fix outbound codepath for single SA
Konstantin Ananyev [Thu, 10 Jan 2019 21:09:07 +0000 (21:09 +0000)]
examples/ipsec-secgw: fix outbound codepath for single SA

Looking at process_pkts_outbound_nosp() there seems few issues:
- accessing mbuf after it was freed
- invoking ipsec_outbound() for ipv4 packets only
- copying number of packets, but not the mbuf pointers itself

that patch provides fixes for that issues.

Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")
Cc: stable@dpdk.org
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoexamples/ipsec-secgw: fix crypto-op might never get dequeued
Konstantin Ananyev [Thu, 10 Jan 2019 21:09:06 +0000 (21:09 +0000)]
examples/ipsec-secgw: fix crypto-op might never get dequeued

In some cases crypto-ops could never be dequeued from the crypto-device.
The easiest way to reproduce:
start ipsec-secgw with crypto-dev and send to it less then 32 packets.
none packets will be forwarded.
Reason for that is that the application does dequeue() from crypto-queues
only when new packets arrive.
This patch makes the app to call dequeue() on a regular basis.
Also to make code cleaner and easier to understand,
it separates crypto-dev enqueue() and dequeue() code paths.
pkt_process() now only enqueues packets into crypto device,
dequeuing and final processing is done by drain_crypto_queues().

Fixes: c64278c0c18b ("examples/ipsec-secgw: rework processing loop")
Cc: stable@dpdk.org
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoexamples/ipsec-secgw: allow to specify neighbour MAC address
Konstantin Ananyev [Thu, 10 Jan 2019 21:09:05 +0000 (21:09 +0000)]
examples/ipsec-secgw: allow to specify neighbour MAC address

In some cases it is useful to allow user to specify destination
ether address for outgoing packets.
This patch adds such ability by introducing new 'neigh' config
file option.

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoexamples/ipsec-secgw: allow disabling some Rx/Tx offloads
Konstantin Ananyev [Thu, 10 Jan 2019 21:09:04 +0000 (21:09 +0000)]
examples/ipsec-secgw: allow disabling some Rx/Tx offloads

Right now ipsec-secgw always enables TX offloads
(DEV_TX_OFFLOAD_MULTI_SEGS, DEV_TX_OFFLOAD_SECURITY),
even when they are not requested by the config.
That causes many PMD to choose full-featured TX function,
which in many cases is much slower then one without offloads.
That patch adds ability for the user to disable unneeded HW offloads.
If DEV_TX_OFFLOAD_IPV4_CKSUM is disabled by user, then
SW version of ip cksum calculation is used.
That allows to use vector TX function, when inline-ipsec is not
requested.

Signed-off-by: Remy Horton <remy.horton@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agodoc: add IPsec library guide
Konstantin Ananyev [Thu, 10 Jan 2019 21:06:34 +0000 (21:06 +0000)]
doc: add IPsec library guide

Add IPsec library guide and update release notes.

Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agotest/ipsec: introduce functional test
Konstantin Ananyev [Thu, 10 Jan 2019 21:06:33 +0000 (21:06 +0000)]
test/ipsec: introduce functional test

Create functional test for librte_ipsec.
Note that the test requires null crypto pmd to pass successfully.

Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoipsec: add helpers to group completed crypto-ops
Konstantin Ananyev [Thu, 10 Jan 2019 21:06:32 +0000 (21:06 +0000)]
ipsec: add helpers to group completed crypto-ops

Introduce helper functions to process completed crypto-ops
and group related packets by sessions they belong to.

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoipsec: rework SA replay window/SQN for MT environment
Konstantin Ananyev [Thu, 10 Jan 2019 21:06:31 +0000 (21:06 +0000)]
ipsec: rework SA replay window/SQN for MT environment

With these changes functions:
  - rte_ipsec_pkt_crypto_prepare
  - rte_ipsec_pkt_process
 can be safely used in MT environment, as long as the user can guarantee
 that they obey multiple readers/single writer model for SQN+replay_window
 operations.
 To be more specific:
 for outbound SA there are no restrictions.
 for inbound SA the caller has to guarantee that at any given moment
 only one thread is executing rte_ipsec_pkt_process() for given SA.
 Note that it is caller responsibility to maintain correct order
 of packets to be processed.

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoipsec: implement SA data-path API
Konstantin Ananyev [Thu, 10 Jan 2019 21:06:30 +0000 (21:06 +0000)]
ipsec: implement SA data-path API

Provide implementation for rte_ipsec_pkt_crypto_prepare() and
rte_ipsec_pkt_process().
Current implementation:
 - supports ESP protocol tunnel mode.
 - supports ESP protocol transport mode.
 - supports ESN and replay window.
 - supports algorithms: AES-CBC, AES-GCM, HMAC-SHA1, NULL.
 - covers all currently defined security session types:
        - RTE_SECURITY_ACTION_TYPE_NONE
        - RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO
        - RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL
        - RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL

For first two types SQN check/update is done by SW (inside the library).
For last two type it is HW/PMD responsibility.

Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoipsec: add SA data-path API
Konstantin Ananyev [Thu, 10 Jan 2019 21:06:29 +0000 (21:06 +0000)]
ipsec: add SA data-path API

Introduce Security Association (SA-level) data-path API
Operates at SA level, provides functions to:
    - initialize/teardown SA object
    - process inbound/outbound ESP/AH packets associated with the given SA
      (decrypt/encrypt, authenticate, check integrity,
      add/remove ESP/AH related headers and data, etc.).

Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agolib: introduce IPsec library
Konstantin Ananyev [Thu, 10 Jan 2019 21:06:28 +0000 (21:06 +0000)]
lib: introduce IPsec library

Introduce librte_ipsec library.
The library is supposed to utilize existing DPDK crypto-dev and
security API to provide application with transparent IPsec processing API.
That initial commit provides some base API to manage
IPsec Security Association (SA) object.

Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agonet: add ESP trailer structure definition
Konstantin Ananyev [Thu, 10 Jan 2019 21:06:27 +0000 (21:06 +0000)]
net: add ESP trailer structure definition

define esp_tail structure.

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agosecurity: add opaque userdata pointer into security session
Konstantin Ananyev [Thu, 10 Jan 2019 21:06:26 +0000 (21:06 +0000)]
security: add opaque userdata pointer into security session

Add 'uint64_t opaque_data' inside struct rte_security_session.
That allows upper layer to easily associate some user defined
data with the session.

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoexamples/fips_validation: add power on self test
Fan Zhang [Wed, 19 Dec 2018 23:39:04 +0000 (23:39 +0000)]
examples/fips_validation: add power on self test

This patch adds a sample power on self-test to fips_validate
sample application.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
5 years agocryptodev: add opaque data field to symmetric session
Fan Zhang [Thu, 10 Jan 2019 14:50:22 +0000 (14:50 +0000)]
cryptodev: add opaque data field to symmetric session

This patch adds a opaque data field to cryptodev symmetric session.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocryptodev: add reference count to session private data
Fan Zhang [Thu, 10 Jan 2019 14:50:21 +0000 (14:50 +0000)]
cryptodev: add reference count to session private data

This patch adds a refcnt field to every session private data in the
cryptodev symmetric session. The counter is used to prevent freeing
symmetric session blindly before it is not cleared by every type of
crypto device in use.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocryptodev: add user data size to symmetric session
Fan Zhang [Thu, 10 Jan 2019 14:50:20 +0000 (14:50 +0000)]
cryptodev: add user data size to symmetric session

This patch adds a user_data_sz field to cryptodev symmetric session.
The field is used to check if reading or writing the session's user
data field is eligible.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocryptodev: update symmetric session structure
Fan Zhang [Thu, 10 Jan 2019 14:50:19 +0000 (14:50 +0000)]
cryptodev: update symmetric session structure

This patch updates the rte_cryptodev_sym_session structure for
cryptodev library. The updates include a changed session private
data array and an added nb_drivers field. They are used to
calculate the correct session header size and ensure safe access
of the session private data.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocryptodev: add sym session header size function
Fan Zhang [Thu, 10 Jan 2019 14:50:18 +0000 (14:50 +0000)]
cryptodev: add sym session header size function

This patch adds a new API in Cryptodev Framework. The API is used
to get the header size for the created symmetric Cryptodev session.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agotest/crypto: use separate session mempools
Fan Zhang [Thu, 10 Jan 2019 14:50:17 +0000 (14:50 +0000)]
test/crypto: use separate session mempools

This patch uses the two session mempool approach to crypto unit
test. One mempool is for session header objects, and the other is
for session private data.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agovhost/crypto: use separate session mempools
Fan Zhang [Thu, 10 Jan 2019 14:50:16 +0000 (14:50 +0000)]
vhost/crypto: use separate session mempools

This patch uses the two session mempool approach to vhost crypto.
One mempool is for session header objects, and the other is for
session private data.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoexamples: use separate crypto session mempools
Fan Zhang [Thu, 10 Jan 2019 14:50:15 +0000 (14:50 +0000)]
examples: use separate crypto session mempools

This patch uses the two session mempool approach to all cryptodev
sample applications. One mempool is for session header objects, and
the other is for session private data.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agonet/softnic: use separate session mempools
Fan Zhang [Thu, 10 Jan 2019 14:50:14 +0000 (14:50 +0000)]
net/softnic: use separate session mempools

This patch uses the two session mempool approach to softnic PMD.
One mempool is for session header objects, and the other is for
session private data.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agoapp/crypto-perf: use separate session mempools
Fan Zhang [Thu, 10 Jan 2019 14:50:13 +0000 (14:50 +0000)]
app/crypto-perf: use separate session mempools

This patch uses the two session mempool approach to crypto perf
application. One mempool is for session header objects, and the other
is for session private data.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocryptodev: add sym session mempool create
Fan Zhang [Thu, 10 Jan 2019 14:50:12 +0000 (14:50 +0000)]
cryptodev: add sym session mempool create

This patch adds a new API "rte_cryptodev_sym_session_pool_create()" to
cryptodev library. All applications are required to use this API to
create sym session mempool as it adds private data and nb_drivers
information to the mempool private data.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocryptodev: change queue pair configure structure
Fan Zhang [Thu, 10 Jan 2019 14:50:11 +0000 (14:50 +0000)]
cryptodev: change queue pair configure structure

This patch changes the cryptodev queue pair configure structure
to enable two mempool passed into cryptodev PMD simutaneously.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
5 years agocrypto/aesni_mb: support plain SHA
Fan Zhang [Thu, 20 Dec 2018 12:22:15 +0000 (12:22 +0000)]
crypto/aesni_mb: support plain SHA

This patch adds the plain SHA1, SHA224, SHA256, SHA384, and SHA512
algorithms support to AESNI-MB PMD. The cryptodev unit test and
documentation are updated accordingly.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
5 years agotest/crypto: fix misleading trace message
Fiona Trahe [Fri, 21 Dec 2018 00:01:25 +0000 (00:01 +0000)]
test/crypto: fix misleading trace message

Test was reporting digest verification failed for all operation errors.
Fixed so it only reports this if the PMD actually reports an auth failure.

Fixes: 9c0eed2f06ae ("app/test: rework crypto AES unit test")
Cc: stable@dpdk.org
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
5 years agocompress/qat: fix returned status on overflow
Tomasz Jozwiak [Thu, 27 Dec 2018 10:42:19 +0000 (11:42 +0100)]
compress/qat: fix returned status on overflow

This patch fixes correct status in case of overflow on
QAT is detected.
In that case RTE_COMP_OP_STATUS_OUT_OF_SPACE_TERMINATED value is set in
rte_comp_op.status field instead of RTE_COMP_OP_STATUS_ERROR

Fixes: 32842f2a6d7d ("compress/qat: create FW request and process response")
Cc: stable@dpdk.org
Signed-off-by: Tomasz Jozwiak <tomaszx.jozwiak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
5 years agocompress/qat: add compression on DH895x
Tomasz Jozwiak [Fri, 21 Dec 2018 09:15:22 +0000 (10:15 +0100)]
compress/qat: add compression on DH895x

This patch enables compression on DH895x HW series
and updates supported hardware accelerator devices list.

Signed-off-by: Tomasz Jozwiak <tomaszx.jozwiak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
5 years agocrypto/aesni_mb: support AES-GMAC
Fan Zhang [Thu, 20 Dec 2018 12:07:55 +0000 (12:07 +0000)]
crypto/aesni_mb: support AES-GMAC

This patch adds the AES-GMAC authentication only support to AESNI-MB
PMD, including the driver code, cryptodev unit test, and documentation
updates.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
5 years agodoc: update AESNI_MB guide
Fan Zhang [Thu, 20 Dec 2018 11:56:45 +0000 (11:56 +0000)]
doc: update AESNI_MB guide

This patch updates the AESNI-MB PMD document with the new intel-ipsec-mb
version number, the release note with new library version support, and
the deprecation notice for removing some library version support in
19.05 release.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
5 years agocrypto/aesni_mb: use architecture independent macros
Fan Zhang [Thu, 20 Dec 2018 11:56:44 +0000 (11:56 +0000)]
crypto/aesni_mb: use architecture independent macros

This patch duplicates the original rte_aesni_mb_pmd*.c files and replaces
the function calls provided by intel-ipsec-mb library into
architecture-independent macros. The build systems are updated to choose
compiling either rte_aesni_mb_pmd*.c or rte_aesni_mb_pmd*_compat.c based
on the installed intel-ipsec-mb version. For the intel-ipsec-mb older
than 0.52.0 rte_aesni_mb_pmd*_compat.c will be compiled, otherwise
rte_aesni_mb_pmd*.c will be compiled.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>