git.droids-corp.org - dpdk.git/log

net/nfp: fix disabling VLAN stripping

"vlan set strip off 0" can't work, due to the incorrect usage
of the mask, it just represent that the status is changed or not,
not represent offloaded or not, so that the driver send the
error control message to the nic.

Now, by first inspect the mask of things that changed, and then
change the requested state if VLAN stripping according the
requested offload status. So this change can fix this bug.

Fixes: d4a27a3b092a ("nfp: add basic features")
Cc: stable@dpdk.org
Signed-off-by: Peng Zhang <peng.zhang@corigine.com>
Signed-off-by: Yong Xu <yong.xu@corigine.com>
Signed-off-by: Chaoyong He <chaoyong.he@corigine.com>
Signed-off-by: Niklas Söderlund <niklas.soderlund@corigine.com>

net/txgbe: fix max number of queues for SR-IOV

Hardware restrictions require a maximum of 4 queues for every pool.

Fixes: a6712cd029a4 ("net/txgbe: add PF module init and uninit for SRIOV")
Cc: stable@dpdk.org
Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>

net/txgbe: fix SGMII mode to link up

Fix SGMII mode to link up.

Fixes: 01c3cf5c85a7 ("net/txgbe: add autoneg control read and write")
Cc: stable@dpdk.org
Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>

net/ngbe: redesign internal PHY init flow

Add to read efuse values from flash, and disable EEE to improve signal
quality. Remove PHY semaphore to access PHY registers faster. And remove
unnecessary page selection where quick access is required.

When rte_eth_link_get_nowait() is called frequently with LSC disabled by
self-developed applications, eventually the PHY status register will be
accessed frequently. It will cause internal PHY init failure, if they
are done simultaneously. So there is a protection added for internal PHY
init.

Fixes: 3518df5774c7 ("net/ngbe: support device start/stop")
Fixes: 91bc12c5227c ("net/ngbe: optimize PHY initialization process")
Cc: stable@dpdk.org
Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>

net/ngbe: fix PCIe related operations with bus API

When using mailbox to request firmware to enable or disable PCIe bus
master, there is a small probability that mailbox cannot respond.
Change to use rte_pci_read_config() and rte_pci_write_config(), to
avoid this problem.

Fixes: ac6c5e9af56a ("net/ngbe: fix Tx hang on queue disable")
Cc: stable@dpdk.org
Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>

net/ngbe: fix reading M88E1512 PHY mode

For M88E1512 PHY mixed mode, PXE driver overrides PHY mode at load
time. To workaround this problem, change to read PHY mode from flash
instead of register.

Fixes: 1c44384fce76 ("net/ngbe: support custom PHY interfaces")
Cc: stable@dpdk.org
Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>

net/ngbe: fix external PHY power down

External PHY cannot power down after LAN reset, so need to manually
power down when device stopped.

Fixes: 3d0af7066759 ("net/ngbe: setup PHY link")
Fixes: 1c44384fce76 ("net/ngbe: support custom PHY interfaces")
Cc: stable@dpdk.org
Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>

net/ngbe: fix reading PHY ID

Change to check low ID register to determine the valid PHY address,
for yt8521s PHY with high ID register value 0. And fix polling
register when expect value is 0, to complete MDIO read.

Fixes: 44e97550ca68 ("net/ngbe: identify and reset PHY")
Cc: stable@dpdk.org
Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>

net/ngbe: support yt8531s PHY

Add support for yt8531s PHY.

Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>

net/ngbe: fix link speed check

Since the bit of ETH_LINK_SPEED_FIXED was set for the force link
speed, it conflicts with '~allowed_speeds'.

Fixes: 3518df5774c7 ("net/ngbe: support device start/stop")
Cc: stable@dpdk.org
Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>

ethdev: fix port state when stop

Currently, 'dev_started' is always set to be 0 when dev stop, whether
it succeeded or failed. This is unreasonable and this patch fixed it.

Fixes: 62024eb82756 ("ethdev: change stop operation callback to return int")
Cc: stable@dpdk.org
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Ferruh Yigit <ferruh.yigit@xilinx.com>

net/memif: fix overwriting of head segment

The 'dst_off' was reset in multi segment case.
This caused memif buffer segment to write to
beginning of mbuf, overwriting previous data.
Fix it with this patch.

Fixes: 09c7e63a71f9 ("net/memif: introduce memory interface PMD")
Cc: stable@dpdk.org
Reported-by: Ferruh Yigit <ferruh.yigit@xilinx.com>
Signed-off-by: Joyce Kong <joyce.kong@arm.com>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>

net/bonding: fix mbuf fast free usage

Usage of 'RTE_ETH_TX_OFFLOAD_MBUF_FAST_FREE' offload has two
constraints: per-queue all mbufs comes from the same mempool and
has refcnt = 1.

Bonding mode Broadcast, Tx mbuf has more than one refcnt.
Bonding mode 8023AD, It contains two mempools separately for LACP
packets and other packets. In Tx or Rx, Fast mbuf free will operate
mbuf from different mempool.

This patch will prevent 'RTE_ETH_TX_OFFLOAD_MBUF_FAST_FREE' offload
when in bonding mode Broadcast and mode 8023AD.

Fixes: 78aecefed955 ("bond: move param parsing in configure step")
Cc: stable@dpdk.org
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>

app/testpmd: do not poll stopped queues

Calling Rx/Tx functions on a stopped queue is not supported.
Do not run packet forwarding for streams that use stopped queues.

Each stream has a read-only "disabled" field,
so that lcore function can skip such streams.
Forwarding engines can set this field
using a new "stream_init" callback function
by checking relevant queue states,
which are stored along with queue configurations
(not all PMDs implement rte_eth_rx/tx_queue_info_get()
to query the state from there).

Fixes: 5f4ec54f1d16 ("testpmd: queue start and stop")
Cc: stable@dpdk.org
Signed-off-by: Dmitry Kozlyuk <dkozlyuk@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>

app/testpmd: fix use of indirect action after port close

When a port was closed, indirect actions could remain
with their handles no longer valid.
If a newly attached device was assigned the same ID as the closed port,
those indirect actions became accessible again.
Any attempt to use them resulted in an undefined behavior.
Automatically flush indirect actions when a port is closed.

Fixes: 4b61b8774be9 ("ethdev: introduce indirect flow action")
Cc: stable@dpdk.org
Signed-off-by: Dmitry Kozlyuk <dkozlyuk@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Acked-by: Aman Singh <aman.deep.singh@intel.com>

ethdev: prohibit polling stopped queue

Whether it is allowed to call Rx/Tx functions for a stopped queue
was undocumented. Some PMDs make this behavior a no-op
either by explicitly checking the queue state
or by the way how their routines are implemented or HW works.

No-op behavior may be convenient for application developers.
But it also means that pollers of stopped queues
would go all the way down to PMD Rx/Tx routines, wasting cycles.
Some PMDs would do a check for the queue state on data path,
even though it may never be needed for a particular application.
Also, use cases for stopping queues or starting them deferred
do not logically require polling stopped queues.

Use case 1: a secondary that was polling the queue has crashed,
the primary is doing a recovery to free all mbufs.
By definition the queue to be restarted is not polled.

Use case 2: deferred queue start or queue reconfiguration.
The polling thread must be synchronized anyway,
because queue start and stop are non-atomic.

Prohibit calling Rx/Tx functions on stopped queues.

Fixes: 0748be2cf9a2 ("ethdev: queue start and stop")
Cc: stable@dpdk.org
Signed-off-by: Dmitry Kozlyuk <dkozlyuk@nvidia.com>
Acked-by: Tyler Retzlaff <roretzla@linux.microsoft.com>

app/testpmd: fix metering and policing command for RFC4115

Add CLI command support for metering and policing of trtcm_rfc4115.

Fixes: 30ffb4e67ee3 ("app/testpmd: add commands traffic metering and policing")
Cc: stable@dpdk.org
Signed-off-by: Shun Hao <shunh@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>

app/testpmd: replace hardcoded min mbuf number with macro

Add macro MIN_TOTAL_NUM_MBUFS (1024) to indicate
what the value of total-num-mbufs should bigger than.

Fixes: c87988187fdb ("app/testpmd: add --total-num-mbufs option")
Cc: stable@dpdk.org
Signed-off-by: Mingxia Liu <mingxia.liu@intel.com>
Acked-by: Yuying Zhang <yuying.zhang@intel.com>
Acked-by: Ferruh Yigit <ferruh.yigit@xilinx.com>

net/cnxk: fix possible null dereference in telemetry

The return value of rte_tel_data_alloc() may be null pointer.
Add missing check vs null.

Fixes: 5ea354a1f2cc ("net/cnxk: support telemetry")
Cc: stable@dpdk.org
Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>

ethdev: fix possible null pointer access

The rte_tel_data_alloc() may return NULL, so the caller should add
judgement for it.

Fixes: 083b0b310b19 ("ethdev: add common stats for telemetry")
Cc: stable@dpdk.org
Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>

ethdev: fix memory leak in xstats telemetry

The 'eth_xstats' should be freed after telemetry dictionary setup.

Fixes: c190daedb9b1 ("ethdev: add telemetry callbacks")
Cc: stable@dpdk.org
Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>

net/axgbe: fix xstats get return if xstats is null

Many user (e.g. telemetry) invokes rte_eth_xstats_get(port_id, NULL, 0)
to retrieve the required number of elements, but currently axgbe PMD
returns zero when xstats is null.

Remove the logic of "return zero when xstats is NULL", and add the logic
of "return the required number of entries when n is lower than the
required number of entries".

Fixes: 9d1ef6b2e731 ("net/axgbe: add xstats")
Cc: stable@dpdk.org
Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>

net/mvpp2: fix xstats get return if xstats is null

Many user (e.g. telemetry) invokes rte_eth_xstats_get(port_id, NULL, 0)
to retrieve the required number of elements, but currently mvpp2 PMD
returns zero when xstats is null.

Remove the logic of "return zero when xstats is NULL", and add the logic
of "return the required number of entries when n is lower than the
required number of entries".

Fixes: a77b5378cd41 ("net/mrvl: add extended statistics")
Cc: stable@dpdk.org
Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>

net/ipn3ke: fix xstats get return if xstats is null

Many user (e.g. telemetry) invokes rte_eth_xstats_get(port_id, NULL, 0)
to retrieve the required number of elements, but currently ipn3ke PMD
returns zero when xstats is null.

Dedicated check for xstats vs null is not required, since ethdev layer
guarantees that it may be null only if number of entries n is 0 (which
is definitely smaller than total xstats count).

Fixes: 5a6d883878db ("net/ipn3ke: implement statistics")
Cc: stable@dpdk.org
Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>

net/hns3: fix xstats get return if xstats is null

Many user (e.g. telemetry) invokes rte_eth_xstats_get(port_id, NULL, 0)
to retrieve the required number of elements, but currently hns3 PMD
returns zero when xstats is null.

Dedicated check for xstats vs null is not required, since ethdev layer
guarantees that it may be null only if number of entries n is 0 (which
is definitely smaller than total xstats count).

Fixes: 8839c5e202f3 ("net/hns3: support device stats")
Cc: stable@dpdk.org
Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>

ethdev: simplify xstats get implementation

Use eth_dev_get_xstats_basic_count() to retrieve generic statistics count.

Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>

ethdev: clarify null location case in xstats get

When xstats location is null in rte_eth_xstats_get() the return value
is not clearly specified.  Some PMDs (eg. hns3/ipn3ke/mvpp2/axgbe) return
zero while others return the required number of elements.

In this patch, special parameter combinations are restricted:
1. highlight that xstats location may be null if and only if n is 0.
2. amend n parameter description to specify that if n is lower than
    the required number of elements, the function returns the required
    number of elements.
3. specify that if n is zero, the xstats must be NULL, the function
    returns the required number of elements (a duplicate which should
    help to not very attentive readers).

Add sanity check for null xstats and non-zero n case on API level to
make it unnecessary to care about it in drivers.

Fixes: ce757f5c9a4d ("ethdev: new method to retrieve extended statistics")
Cc: stable@dpdk.org
Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>

app/testpmd: remove useless pointer checks

Parameters to this static helper can't be NULL.
str has already been dereferenced in caller.
dst and size point to variable in stack.

Fixes: 169a9fed1f4c ("app/testpmd: fix hex string parser support for flow API")
Cc: stable@dpdk.org
Signed-off-by: David Marchand <david.marchand@redhat.com>

app/testpmd: perform SW IP checksum for GRO/GSO packets

The GRO/GSO library doesn't re-calculate checksums for
merged/fragmented packets. If users want the packets to
have correct IP checksums, they should select HW IP
checksum calculation for the port which the packets are
transmitted to. But if the port doesn't support HW IP
checksum, users may perform a SW IP checksum.

Fixes: b7091f1dcfbc ("app/testpmd: enable the heavyweight mode TCP/IPv4 GRO")
Fixes: 52f38a2055ed ("app/testpmd: enable TCP/IPv4 VxLAN and GRE GSO")
Cc: stable@dpdk.org
Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
Reviewed-by: Jiayu Hu <jiayu.hu@intel.com>
Tested-by: Wei Ling <weix.ling@intel.com>
Acked-by: Yuying Zhang <yuying.zhang@intel.com>

net/sfc: improve naming in flow tunnel offload support

Change ambiguous terms "jump rule" and "group rule" to
clearer "tunnel rule" and "switch rule". The new terms
reflect the purpose of these rules in virtual switches.

The module name, "flow tunnel", is replaced by "FT" in
function names to avoid the use of word "tunnel" twice.

Use term "FT context" when referring to tunnel entries.
Also, add "ctx" suffix to "ft" and "ft_id" occurrences.

Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
Acked-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>

app/testpmd: fix port status of bonding slave device

Starting or stopping a bonded port also starts or stops all active slaves
under the bonded port. If this port is a bonded device, we need to modify
the port status of all slaves.

Fixes: 0e545d3047fe ("app/testpmd: check stopping port is not in bonding")
Cc: stable@dpdk.org
Signed-off-by: Huisong Li <lihuisong@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
Acked-by: Aman Singh <aman.deep.singh@intel.com>
Acked-by: Konstantin Ananyev <konstantin.v.ananyev@yandex.ru>

net/nfp: make sure MTU is never larger than mbuf size

Setting a MTU larger than mbuf size is not supported by the device but
not prohibited by the driver. This change adds a restriction to the
driver to prevent setting an MTU that is too large.

While at it define the minimum MTU in the device information to describe
the complete supported MTU range.

Fixes: d4a27a3 ("nfp: add basic features")
Cc: stable@dpdk.org
Signed-off-by: Peng Zhang <peng.zhang@corigine.com>
Signed-off-by: Chaoyong He <chaoyong.he@corigine.com>
Signed-off-by: Louis Peens <louis.peens@corigine.com>
Signed-off-by: Niklas Söderlund <niklas.soderlund@corigine.com>
Reviewed-by: Walter Heymans <walter.heymans@corigine.com>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>

ethdev: add protocol based meter input color selection

Currently, meter object supports only DSCP based on input color table,
The patch enhance that to support VLAN based input color table,
color table based on inner field for the tunnel use case, and
support for fallback color per meter if packet based on a different field.

All of the above features are exposed through capability and added
additional capability to specify the implementation supports
more than one input color table per ethdev port.

Suggested-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Signed-off-by: Jerin Jacob <jerinj@marvell.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Acked-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>

net/cxgbe: read firmware configuration file from filesystem

Add support to read firmware configuration file from
/lib/firmware/cxgb4/ path in the filesystem. The firmware
config file is used to enable or disable NIC features before
firmware initialization to help retrieve better debug data to
analyze firmware init failures. The config file can also
be used to redistribute resources, like queues, TCAMs, etc.,
from disabled physical functions (PFs) to main PF, before
firmware init.

Signed-off-by: Rahul Lakkireddy <rahul.lakkireddy@chelsio.com>

net/cxgbe: track packets dropped by TP due to congestion

Transport Processor (TP) on the NIC delivers the incoming packets
from the wire to NIC's DMA engine to place the packets in Rx buffers.
TP sends signal towards the Multi-Port Switch (MPS) near the MAC when
the Rxqs run out of Rx buffers posted by driver. These MPS buffer drop
stats are already accounted for in imissed counters. However, if a
large number of Rxqs run out of Rx buffers simultaneously, then the
TP can start dropping packets by itself when there is heavy congestion
on the channel and hence could not inform to the MPS. So, track these
packets dropped by TP in imissed counters. Also add xstats for these
counters.

Signed-off-by: Rahul Lakkireddy <rahul.lakkireddy@chelsio.com>

examples/l3fwd_power: add configuration options

Add CLI options to l3fwd_power to utilize the new power APIs introduced in
this patchset. These CLI options allow the user to configure the
heuritstics made available through the new API via the l3fwd_power
application options.

Signed-off-by: Kevin Laatz <kevin.laatz@intel.com>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>

power: add get/set min/max scaling frequencies API

Add new get/set API to allow the user or application to set the minimum
and maximum frequencies to use when scaling.
Previously, the frequency range was determined by the HW capabilities of
the CPU. With this new API, the user or application can constrain this
if required.

Signed-off-by: Kevin Laatz <kevin.laatz@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
Tested-by: David Hunt <david.hunt@intel.com>

power: add get/set pause duration API

Add new get/set API for configuring 'pause_duration' which used to adjust
the pause mode callback duration.

Signed-off-by: Kevin Laatz <kevin.laatz@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
Tested-by: David Hunt <david.hunt@intel.com>

power: add get/set empty-poll maximum API

Add new get/set APIs to configure emptypoll max which is used to
determine when a queue can go into sleep state.

Signed-off-by: Kevin Laatz <kevin.laatz@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Tested-by: David Hunt <david.hunt@intel.com>

lpm: add scalar version of lookupx4

Add an implementation of the rte_lpm_lookupx4() function for platforms
without support for vector operations.

This will be useful in the upcoming RISC-V port as well as any platform
which may want to start with a basic level of LPM support.

Signed-off-by: Michal Mazurek <maz@semihalf.com>
Signed-off-by: Stanislaw Kardach <kda@semihalf.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>

lpm: add const to lookup parameter

All other rte_lpm_lookup* functions take lpm argument as a const. As the
basic rte_lpm_lookup() performs the same function, it should also do
that.

Signed-off-by: Stanislaw Kardach <kda@semihalf.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>

cryptodev: add RSA padding salt length and label

- Added salt length and optional label.
Common parameters to PSS and OAEP padding for RSA.
- Changed RSA hash padding fields names.
Now it corresponds to the RSA documents.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

cryptodev: clarify RSA verify with none padding

- Clarified where should output be stored of signature
decryption with padding none.
PMD is not able to know what padding algorithm was used,
therefore decrypted signature should be returned to the user.
- Removed incorrect big-endian constraints.
Not all data in RSA can be treated as big endian integer,
therefore some of the constraints were lifted.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

cryptodev: move RSA padding into separate struct

- move RSA padding into separate struct.
More padding members should be added into padding,
therefore having separate struct for padding parameters will
make this more readable.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

cryptodev: clarify usage of RSA padding hash

- Clarified usage of RSA padding hash.
It was not specified how to use hash for PKCS1_5
padding. This could lead to incorrect implementation.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

cryptodev: add asym operation flags

- Added flags to rte_crypto_asym_op struct.
It may be shared between different algorithms.
- Added Diffie-Hellman padding flags.
Diffie-Hellman padding is used in certain protocols,
in others, leading zero bytes need to be stripped.
Even same protocol may use a different approach - most
glaring example is TLS1.2 - TLS1.3.
For ease of use, and to avoid additional copy
on certain occasions, driver should be able to return both.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

cryptodev: add public key verify option

- Added key exchange public key verify option.
For some elliptic curves public point in DH exchange
needs to be checked, if it lays on the curve.
Modular exponentiation needs certain checks as well,
though mathematically much easier.
This commit adds verify option to asym_op operations.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

cryptodev: add elliptic curve Diffie-Hellman

- Added elliptic curve Diffie-Hellman parameters.
Point multiplication allows the user to process every phase of
ECDH, but for phase 1, user should not really care about the generator.
The user does not even need to know what the generator looks like,
therefore setting ec xform would make this work.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

cryptodev: move DH type from xform to DH op

- Moved DH operation type to DH operation struct.
Operation type (PUBLIC_KEY_GENERATION, SHARED_SECRET) should
be free to choose for any operation. One xform/session should
be enough to perform both DH operations, if op_type would be xform
member, session would have to be created twice for the same
group. Similar problem would be observed in sessionless case.
Additionally, it will help extend DH to support Elliptic Curves.
- Changed order of Diffie-Hellman operation phases.
Now it corresponds with the order of operations.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

cryptodev: clarify usage of private key in DH

- Clarified usage of private key in Diffie-Hellman.
CSRNG capable device should generate private key and then
use it for public key generation.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

cryptodev: remove DSA ephemeral key usage comment

Removed comment that stated DSA can be used with Diffie
Hellman ephemeral key.
DH and DSA integration allowed to use ephemeral keys for
random integer, but not for private keys.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

cryptodev: separate key exchange operation enum

- Separated key exchange enum from asym op type.
Key exchange and asymmetric crypto operations like signatures,
encryption/decryption should not share same operation enum as
its use cases are unrelated and mutually exclusive.
Therefore op_type was separate into:
1) operation type
2) key exchange operation type

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

cryptodev: redefine elliptic curve group enum

- EC enum was renamed to rte_crypto_curve_id.
Elliptic curve enum name was incorrectly associated
with a group (it comes from the current tls registry name).
- Clarified comments about TLS deprecation.
Some curves included are deprecated with TLS 1.3.
Comments to address it were added.
- Clarified FFDH groups usage.
Elliptic curves IDs in TLS are placed in the same registry
as FFDH. Cryptodev does not assign specific groups, and
if specific groups would be assigned by DPDK, it cannot be
TLS SupportedGroups registry, as it would conflict with
other protocols like IPSec.
- Added IANA reference.
Only few selected curves are included in previously
referenced rfc8422. IANA reference is added instead.
- Removed UNKNOWN ec group.
There is no default value, and there is no UNKNOWN
elliptic curve.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

app/crypto-perf: allow auth generate followed by encryption

Allowing auth generation followed by encryption mode.
--optype auth-then-cipher can take cipher-op as encrypt
and auth-op as generate now.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

baseband/fpga_5gnr_fec: remove filler from HARQ

Removed filler bits from HARQ calculation on the N3000 FPGA since these
are already taken out by the deratematching step.
The change is only an optimization with no functional impact, no change
required on stable branches.

Signed-off-by: Hernan Vargas <hernan.vargas@intel.com>
Reviewed-by: Nicolas Chautru <nicolas.chautru@intel.com>

baseband/fpga_5gnr_fec: validate LDPC enc/dec

Enable functions to validate LDPC encoder and decoder parameters

Signed-off-by: Hernan Vargas <hernan.vargas@intel.com>
Reviewed-by: Nicolas Chautru <nicolas.chautru@intel.com>

baseband/fpga_5gnr_fec: check HARQ input length

Add new case DESC_ERR_HARQ_INPUT_LEN to check for valid HARQ input
length.

Signed-off-by: Hernan Vargas <hernan.vargas@intel.com>
Reviewed-by: Nicolas Chautru <nicolas.chautru@intel.com>

baseband/fpga_5gnr_fec: add FPGA mutex

Explicit FPGA mutex added when using the register interface for HARQ
memory preloading to prevent multiple threads from using the same
interface in parallel.
This featured is implemented through MMIO exposed per VF and common to
all queues.

Signed-off-by: Hernan Vargas <hernan.vargas@intel.com>
Reviewed-by: Nicolas Chautru <nicolas.chautru@intel.com>

baseband/fpga_5gnr_fec: remove FLR timeout

FLR timeout register is not used in 5GNR FPGA.

Signed-off-by: Hernan Vargas <hernan.vargas@intel.com>
Reviewed-by: Nicolas Chautru <nicolas.chautru@intel.com>

doc: add missing auth algo for IPsec example

Adding the missing SHA256-HMAC authentication algorithm
in ipsec-secgw guide.

Fixes: b5350285ce6e ("examples/ipsec-secgw: support SHA256 HMAC")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

test/crypto: add short MAC-I test vector for ZUC

Add a ZUC based short MAC-I test vector.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

test/crypto: support raw buffer API for PDCP

This patch supports raw buffer APIs testing for
PDCP test cases.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

test/crypto: fix driver name for DPAA raw API test

PMD name for DPAA raw buffer crypto driver test cases is
updated with correct name.

Fixes: cd8166c28cd1 ("test/crypto: add raw API test for dpaax")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

examples/l2fwd-crypto: add signal handler for exit

Handle SIGINT and SIGTERM signals.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

examples/ipsec-secgw: support XCBC-MAC/DES-CBC

ipsec-secgw application is updated to support
DES-CBC ciphering and XCBC-MAC authentication
based IPsec functionality.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

doc: add notes for ACVP FIPS validation support

Add notes on list of algorithms supported for ACVP FIPS validation.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>

examples/fips_validation: add parsing for AES-CBC

Added function to parse algorithm for AES_CBC test.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>

examples/fips_validation: add parsing for CMAC

Added function to parse algorithm for CMAC test.

Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>

examples/fips_validation: implement JSON CMAC test

Implemented JSON support for the CMAC test.

Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>

examples/fips_validation: add JSON for HMAC

Added JSON support for the HMAC algorithm.

Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Acked-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>

examples/fips_validation: add JSON to GCM test

Added JSON-specific testing and writeback functions which allows
the user to test AES-GCM vector sets.

Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Acked-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>

examples/fips_validation: allow JSON file as input

Added the ability to use the JSON format as the input
and output of the example application.

Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>

examples/fips_validation: add JSON parsing

Added functions to parse the required information from a vector set
given in the new JSON format.

Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>

examples/fips_validation: add JSON info to header

Added JSON-specific functions and other information needed to
test the new FIPS test vectors.

Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>

examples/fips_validation: add jansson dependency

Added a check for RTE_HAS_JANSSON into the meson
configuration file for JSON support.

Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Acked-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>

crypto/qat: add secp384r1 curve

This commit adds secp384r1 (P-384) elliptic
curve to Intel QuickAssist Technology crypto PMD.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

crypto/qat: refactor asym algorithm macros and logs

This commit unifies macros for asymmetric parameters,
therefore making code easier to maintain.
It additionally changes some of PMD output logs that
right now can only be seen in debug mode.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

crypto/qat: enable asymmetric crypto on GEN4 device

This commit enables asymmetric crypto in generation four
devices (4xxx).

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>

crypto/qat: fix offset and length assignment

This patch fix the cipher & auth offset and length values when convert
mbuf to vector chain for QAT build op.

Fixes: a815a04cea05 ("crypto/qat: support symmetric build op request")
Cc: stable@dpdk.org
Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

drivers/crypto: fix warnings for OpenSSL version

The API of the OpenSSL library has changed with version 3.0. This results
in a lot of compiler warnings like

    ../dpdk/drivers/crypto/ccp/ccp_crypto.c:182:9:
    warning: ‘SHA256_Transform’ is deprecated:
    Since OpenSSL 3.0 [-Wdeprecated-declarations]

As many Linux distributions still use elder OpenSSL libraries we cannot
change the used API now. Instead define OPENSSL_API_COMPAT to indicate
that we are using the OpenSSL 1.1.0 API.

OPENSSL_API_COMPAT is introduced in *.c files and not in *.h files as some
*.c files directly include OpenSSL headers.

Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Daxue Gao <daxuex.gao@intel.com>
Tested-by: David Marchand <david.marchand@redhat.com>
Acked-by: Kai Ji <kai.ji@intel.com>

crypto/ipsec_mb: support ChaChaPoly SGL to aesni_mb

Add SGL support for chacha20_poly1305 algorithm through JOB API.

Supports IN-PLACE SGL, OOP SGL IN and LB OUT,
and OOP SGL IN and SGL OUT.

Feature flags not added, as the PMD does not support SGL for all
other algorithms.

Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/ipsec_mb: support GCM SGL to aesni_mb

Add SGL support for GCM algorithm through JOB API.

This change supports IN-PLACE SGL, OOP SGL IN and LB OUT,
and OOP SGL IN and SGL OUT.

Feature flags are not added, as the PMD does not yet support SGL for
all other algorithms.
If an SGL op for an unsupported algorithm is being processed,
a NULL job is submitted instead.

Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

test/security: add inline IPsec IPv6 flow label cases

Patch adds unit tests for IPv6 flow label set & copy
operations.

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

test/security: add ESN and anti-replay for inline IPsec

Added cases to test anti replay for inline IPsec processing
with and without extended sequence number support.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

test/security: add more inline IPsec functional cases

Added more inline IPsec functional verification cases.
These cases do not have known vectors but are verified
using encap + decap test for all the algo combinations.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

test/security: add inline IPsec reassembly cases

Added unit test cases for IP reassembly of inline IPsec
inbound scenarios.
In these cases, known test vectors of fragments are first
processed for inline outbound processing and then received
back on loopback interface for inbound processing along with
IP reassembly of the corresponding decrypted packets.
The resultant plain text reassembled packet is compared with
original unfragmented packet.

In this patch, cases are added for 2/4/5 fragments for both
IPv4 and IPv6 packets. A few negative test cases are also added
like incomplete fragments, out of place fragments, duplicate
fragments.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

test/security: add combined mode inline IPsec cases

Added combined encap and decap test cases for various algorithm
combinations

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

test/security: add inline inbound IPsec cases

Added test cases for inline Inbound protocol offload
verification with known test vectors from Lookaside mode.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

test/security: add cases for inline IPsec offload

A new test suite is added in test app to test inline IPsec protocol
offload. In this patch, predefined vectors from Lookaside IPsec test
are used to verify the IPsec functionality without the need of
external traffic generators. The sent packet is loopbacked onto the same
interface which is received and matched with the expected output.
The test suite can be updated further with other functional test cases.
In this patch encap only cases are added.
The testsuite can be run using:
RTE> inline_ipsec_autotest

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

app/eventdev: support asym ops for crypto adapter

Test eventdev app is updated to add new option for asymmetric
crypto ops for event crypto adapter.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

test/event: add asymmetric cases for crypto adapter

Test app is updated to add cases for asymmetric crypto
sessions for event crypto adapter.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

eventdev: use new API to get event crypto metadata

For getting event crypto metadata from crypto_op,
the new API rte_cryptodev_get_session_event_mdata is used
instead of getting userdata inside PMD.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

test/event: use new API to set event crypto metadata

Used the new API rte_cryptodev_set_session_event_mdata to set
event crypto metadata from the applications (app/test and
app/test-eventdev) instead of using session userdata.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

crypto/octeontx: use new API for event metadata

For getting event crypto metadata from crypto_op,
the new API rte_cryptodev_get_session_event_mdata can be used
directly instead of getting userdata inside PMD.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

crypto/cnxk: add event metadata set operation

Added cryptodev operation for setting event crypto
metadata for all supported sessions - sym/asym/security.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

cryptodev: add API to get/set event metadata

Currently, crypto session userdata is used to set event crypto
metadata from the application and the driver is dereferencing it
in driver which is not correct. User data is meant to be opaque
to the driver.
To support this, new API is added to get and set event crypto
metadata. The new API, rte_cryptodev_set_session_event_mdata,
allows setting event metadata in session private data which is
filled inside PMD using a new cryptodev op. This operation
can be performed on any of the PMD supported sessions
(sym/asym/security).
For SW abstraction of event crypto adapter to be used by
eventdev library, a new field is added in asymmetric crypto
session for now and for symmetric case, current implementation
of using userdata is used. Symmetric cases cannot be fixed now,
as it will be ABI breakage which will be resolved in DPDK 22.11.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

test/crypto: fix null check for ZUC authentication

Check if the returned op is NULL because of failure,
before using it and causing a segmentation fault.

Fixes: 4c99481f49c4 ("app/test: add ZUC")
Cc: stable@dpdk.org
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/cnxk: enable 3DES-CBC secure capability

Patch enables 3DES-CBC secure capability of crypto device.

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

crypto/mlx5: support plain text keys

Using crypto devs requires the user to log in and the supplied DEK to be
encrypted with a KEK (keys encryption key).
KEK is burned once on the nic, along with credentials for users,
and for a user to log in, he is needed to supply his creds wrapped with
the KEK.
A device comes out of the Mellanox factory with a pre-defined import
method for each algorithm. The defined method could be wrapped
mode, so the device can be used as described above, or
plaintext mode, without the need to log in and wrap supplied DEKs.

Support crypto operations with the plaintext import method.

Signed-off-by: Raja Zidane <rzidane@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>

examples/ipsec-secgw: fix promiscuous mode option

Currently default value of promiscuous mode flag is true and
even there is command line argument to set it to true.
So it never is in non-promiscuous mode. Fix it by
changing default value to false.

Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Cc: stable@dpdk.org
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>