git.droids-corp.org - dpdk.git/log

net/sfc: fix flow tunnel support detection

The condition for that must use the new MAE admin status.

Fixes: 2f577f0ea1a3 ("net/sfc: allow ports without MAE privilege")
Cc: stable@dpdk.org
Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
Reviewed-by: Andy Moreton <amoreton@xilinx.com>

common/sfc_efx/base: add missing handler for 1-byte fields

One may set RECIRC_ID in a MAE action rule specification.
This field is not a network one, and its handling goes
to the code snippet which does not recognise field
sizes other than 4 bytes. Add the missing handler.

Fixes: 3a73dcfdb255 ("common/sfc_efx/base: match on recirc ID in action rules")
Cc: stable@dpdk.org
Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
Reviewed-by: Andy Moreton <amoreton@xilinx.com>

common/sfc_efx/base: fix recirculation ID set in outer rules

Recirculation ID field of MAE outer rule insert MCDI is
part of the lookup control structure and it has non-zero
bit offset relative to the byte offset of the structure.

Fixes: 5cf153e79c6c ("common/sfc_efx/base: support recirculation ID in outer rules")
Cc: stable@dpdk.org
Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
Reviewed-by: Andy Moreton <amoreton@xilinx.com>

net/cnxk: unify file names

Except for the cn*_rte_flow* files, none of the other
file has rte in the file name, remove the
rte to unify the file name across the directory.

Signed-off-by: Jerin Jacob <jerinj@marvell.com>
Acked-by: Kiran Kumar K <kirankumark@marvell.com>

net/cnxk: keep flow rules across restart

Adding changes to enable keep flow rule device capability.
With this change, flow rules will be kept across device restart.

Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
Reviewed-by: Satheesh Paul <psatheesh@marvell.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>

net/cnxk: fix uninitialized local variable

Fix uninitialized local variable as reported by coverity scan.

Coverity issue: 373630
Fixes: 6af19a9d89bf ("net/cnxk: support meter action to flow destroy")
Cc: stable@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>

common/cnxk: fix uninitialized pointer read

Fix uninitialized pointer read reported in coverity scan.

Coverity issue: 370214, 370217, 370219, 370220, 370221
Coverity issue: 370223, 370224, 370225, 372065
Fixes: c34ea71b878d ("common/cnxk: add NPC parsing API")
Cc: stable@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>

common/cnxk fix unintended sign extension

This patch fixes unintended sign extensions reported in coverity
scan.

Coverity issue: 373258
Fixes: 8ca851cdc598 ("common/cnxk: support dual VLAN insert and strip actions")
Cc: stable@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>

common/cnxk: add missing checks of return values

This patch fixes coverity issue by adding checks on return values.

Coverity issue: 373628, 374858, 370213, 370215
Fixes: af75aac78978 ("common/cnxk: support telemetry for NIX")
Fixes: d61138d4f0e2 ("drivers: remove direct access to interrupt handle")
Fixes: fcdef46b6698 ("common/cnxk: support NIX TM debug and misc utils")
Fixes: df405df95eeb ("common/cnxk: add NIX TM helper to alloc/free resource")
Cc: stable@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>

net/cnxk: add inline IPsec telemetry for CN10K

Adds telemetry function to get information about inline
outbound and inline inbound SA's. The function takes port id
as input. Some fields in the structures roc_ot_ipsec_outb_sa
and roc_ot_ipsec_inb_sa are returned as output.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>

net/cnxk: add inline IPsec telemetry for CN9K

Adds telemetry function to get information about inline
outbound and inline inbound SA's. The function takes port id
as input. Some fields in the structures roc_onf_ipsec_outb_sa
and roc_onf_ipsec_inb_sa are returned as output.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>

net/af_xdp: make compatible with libbpf >= 0.7.0

libbpf v0.7.0 deprecates the bpf_prog_load function. Use meson to detect
if libbpf >= v0.7.0 is linked and if so, use the recommended replacement
functions bpf_object__open_file and bpf_object__load.

Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>

net/af_xdp: add missing trailing newline in logs

Caught while trying --in-memory mode, some log messages in this driver
are not terminated with a newline:
rte_pmd_af_xdp_probe(): net_af_xdp: Failed to register multi-process IPC
callback: Operation not supportedvdev_probe(): failed to initialize
net_af_xdp device

Other locations in this driver had the same issue, fix all at once.

Fixes: f1debd77efaf ("net/af_xdp: introduce AF_XDP PMD")
Fixes: d8a210774e1d ("net/af_xdp: support unaligned umem chunks")
Fixes: 9876cf8316b3 ("net/af_xdp: re-enable secondary process support")
Cc: stable@dpdk.org
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Ciara Loftus <ciara.loftus@intel.com>

net/af_xdp: allow probing when multiprocess is disabled

If EAL multiprocess feature has been disabled via rte_mp_disable()
function, AF_XDP driver may not be able to register its IPC callback.
Previously this leads to probe failure.
This commit adds a check for this condition so that AF_XDP can still be
used even if multiprocess is disabled.

Fixes: 9876cf8316b3 ("net/af_xdp: re-enable secondary process support")

Signed-off-by: Junxiao Shi <git@mail1.yoursunny.com>
Acked-by: Ciara Loftus <ciara.loftus@intel.com>

common/cnxk: fix NPC key extraction validation

The x->len is passed as argument to npc_prep_mcam_ldata().
In the function, the len is used to reference elements of
int_info and int_info_mask array.
The arrays are of length NPC_MAX_EXTRACT_DATA_LEN.

Validating the x->len value so that it is not greater than
NPC_MAX_EXTRACT_DATA_LEN.

This patch also resolves warning observed with gcc 12 compiler.

log:
../drivers/common/cnxk/roc_npc_utils.c:13:26: warning: writing 16 bytes
into a region of size 0 [-Wstringop-overflow=]
ptr[idx] = data[len - 1 - idx];

../drivers/common/cnxk/roc_npc_utils.c:163:17: note: at offset 64 into
destination object ‘int_info’ of size 64
uint8_t int_info[NPC_MAX_EXTRACT_DATA_LEN];

Bugzilla ID: 854
Fixes: 665b6a7400bf ("common/cnxk: add NPC helper API")
Cc: stable@dpdk.org
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Reviewed-by: Kiran Kumar K <kirankumark@marvell.com>

examples/vhost: remove DMA type option help info

The dma-type parameter was not supported when dmadev was
integrated in vhost, but the help info still exists. This
patch deletes it.

Fixes: 53d3f4778c1d ("vhost: integrate dmadev in asynchronous data-path")

Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Reviewed-by: Chenbo Xia <chenbo.xia@intel.com>

vhost: fix unsafe vring addresses modifications

This patch adds missing protection around vring_invalidate
and translate_ring_addresses calls in vhost_user_iotlb_msg.

Fixes: eefac9536a90 ("vhost: postpone device creation until rings are mapped")
Cc: stable@dpdk.org
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: Chenbo Xia <chenbo.xia@intel.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>

vdpa/sfc: make MCDI memzone name unique

Buffer for MCDI channel is allocated using rte_memzone_reserve_aligned
with zone name 'mcdi'. Since multiple MCDI channels are needed to
support multiple VF(s) and rte_memzone_reserve_aligned expects unique
zone names, append PCI address to zone name to make it unique.

Signed-off-by: Abhimanyu Saini <asaini@xilinx.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

vhost: fix physical address mapping

When choosing IOVA as PA mode, IOVA is likely to be discontinuous,
which requires page by page mapping for DMA devices. To be consistent,
this patch implements page by page mapping instead of mapping at the
region granularity for both IOVA as VA and PA mode.

Fixes: 7c61fa08b716 ("vhost: enable IOMMU for async vhost")
Cc: stable@dpdk.org
Signed-off-by: Xuan Ding <xuan.ding@intel.com>
Signed-off-by: Yuan Wang <yuanx.wang@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

vhost: fix field naming in guest page struct

This patch renames the host_phys_addr to host_iova in guest_page
struct. The host_phys_addr is iova, it depends on the DPDK
IOVA mode.

Fixes: e246896178e6 ("vhost: get guest/host physical address mappings")
Cc: stable@dpdk.org
Signed-off-by: Xuan Ding <xuan.ding@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

common/cnxk: enable NIX Tx interrupts errata

An errata exists whereby NIX may incorrectly overwrite the value in
NIX_SQ_CTX_S[SQ_INT]. This may cause set interrupts to get cleared or
causing an QINT when no error is outstanding.
As a workaround, software should always read all SQ debug registers
and not just rely on NIX_SQINT_E bits set in NIX_SQ_CTX_S[SQ_INT].
Also for detecting SQB faults software must read SQ context and
check id next_sqb is NULL.

Signed-off-by: Harman Kalra <hkalra@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>

net/cnxk: fix Rx/Tx function update

When Rx/Tx functions are updated such as in a rte flow
rule creation with VLAN stripping or marking action,
update the fastpath ops table as well.

Fixes: b951c2efcb15 ("net/cnxk: add Rx burst for CN9K")
Fixes: f742a9a66813 ("net/cnxk: add Rx burst for CN10K")
Cc: stable@dpdk.org
Signed-off-by: Satheesh Paul <psatheesh@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>

common/cnxk: fix base rule merge

Egress rules do not have a base steering rule and the
current base steering rule is applicable only for ingress
rules. Hence, when creating a flow rule, merge base steering
rule only for ingress rules.

Fixes: f9af90807466 ("common/cnxk: add mcam utility API")
Cc: stable@dpdk.org
Signed-off-by: Satheesh Paul <psatheesh@marvell.com>
Reviewed-by: Kiran Kumar K <kirankumark@marvell.com>

common/cnxk: fix log level during MCAM allocation

Changed log level from info to debug for a couple of log
messages printed during MCAM allocation.

Fixes: 1f66919817ee ("common/cnxk: improve MCAM entries management")
Cc: stable@dpdk.org
Signed-off-by: Satheesh Paul <psatheesh@marvell.com>
Reviewed-by: Kiran Kumar K <kirankumark@marvell.com>

common/cnxk: fix flow deletion

When a flow is deleted, the counters are deleted without
being cleared first. This results in counter values being
retained and shown in flows created later. Hence, counter
is cleared before being deleted.

Updated driver to clear and delete counters upon flow deletion.

Fixes: a07f7ced436d ("common/cnxk: add NPC init and fini")
Cc: stable@dpdk.org
Signed-off-by: Satheesh Paul <psatheesh@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>

common/cnxk: fix null access in IPv6 flow parsing

Added null check in IPv6 flow pattern parsing.

Fixes: 474e275b1bc6 ("common/cnxk: support extensions attributes in IPv6 item")

Signed-off-by: Satheesh Paul <psatheesh@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>

app/testpmd: check starting port is not in bonding

In bond, start or stop slave port should be operated by bonding port.
This patch add port_is_bonding_slave in start_port function.

Fixes: 0e545d3047fe ("app/testpmd: check stopping port is not in bonding")
Cc: stable@dpdk.org
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>

net/bonding: fix slaves initializing on MTU setting

If a initial process for the bonding device is like:
rte_eth_dev_configure
rte_eth_dev_set_mtu
queue setup and start, etc.

Pass the vdev args to application, and init bonding device only.
-a 0000:af:00.0 --vdev="net_bonding0,mode=2,slave=0000:af:00.0"

It will fail and complain for the slave device
"Port 0 must be configured before MTU set"

Test can be reproduced with ovs.

Fixes: b26bee10ee37 ("ethdev: forbid MTU set before device configure")
Cc: stable@dpdk.org
Signed-off-by: Junjie Wan <wanjunjie@bytedance.com>
Tested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Min Hu (Connor) <humin29@huawei.com>

net/bonding: log on invalid device argument

When invalid args exist, application exits with no error hint.
Adding a log message here will help users to know the reason.

Signed-off-by: Junjie Wan <wanjunjie@bytedance.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Min Hu (Connor) <humin29@huawei.com>

net/cnxk: fix mbuf data length

If multi-segment is enabled and single segment/packet
is received, then mbuf data_len is not updated in
cn9k_nix_cqe_to_mbuf() function.
Also, in case of timestamp is enabled, mbuf data_len
and pkt_len will be updated for all packets including
multi segmented packets.

Fixes: 7c6bee34064f ("net/cnxk: enable PTP processing in vector Rx")
Cc: stable@dpdk.org
Signed-off-by: Rahul Bhansali <rbhansali@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>

ethdev: fix MAC address in telemetry device info

The right size for a human readable MAC is RTE_ETHER_ADDR_FMT_SIZE.
While at it, the net library provides a helper for MAC address
formatting. Prefer it.

Fixes: 58b43c1ddfd1 ("ethdev: add telemetry endpoint for device info")
Cc: stable@dpdk.org
Reported-by: Christophe Fontaine <cfontain@redhat.com>
Signed-off-by: David Marchand <david.marchand@redhat.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>

net/iavf: reset security context pointer on stop

When iavf_security_ctx_destroy() is cleaning up, it does not correctly
set the security_ctx variable to NULL, which will lead to wild pointer.

Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>

net/txgbe: reset security context pointer on close

When txgbe_dev_close() is cleaning up, it does not correctly set
the security_ctx variable to NULL, which will lead to wild pointer.

Fixes: f437d97c3df1 ("net/txgbe: add IPsec context creation")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>

net/ixgbe: reset security context pointer on close

When ixgbe_dev_close() is cleaning up, it does not correctly set
the security_ctx variable to NULL, which will lead to wild pointer.

Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Haiyue Wang <haiyue.wang@intel.com>

net/ark: add performance optimizations

Added software register writes for hw optimization and
performance fixes.

Signed-off-by: John Miller <john.miller@atomicrules.com>

net/ark: add memory write barriers in critical paths

Add memory write barriers for read and wait status functions
in ddm, udm and mpu.

Signed-off-by: John Miller <john.miller@atomicrules.com>

net/ark: support chunk DMA transfers

Add support for chunk DMA transfers.

Chunk mpu transfer use 64 objects (512 byte) to maintain memory
read alignment.

Align mpu memory allocation to be at 512 byte boundaries.

Reduce force-close allocation from 10000 objects to 64 objects.

Signed-off-by: John Miller <john.miller@atomicrules.com>

net/ark: update packet generator and checker config status

Configuration status updates for internal packet checker and
generator.

Signed-off-by: John Miller <john.miller@atomicrules.com>

net/ark: support arbitrary mbuf size

Added arbitrary mbuf size per queue capability.
Updated ARK_UDM_CONST3 value to reflect the version number
read from the HW that is required to support this change.

Signed-off-by: John Miller <john.miller@atomicrules.com>

net/ark: support new devices

Add two new supported device ID's.
Add documentation for new devices.

Signed-off-by: John Miller <john.miller@atomicrules.com>

net/ark: add device capabilities record

Add a device capabilities record for supported features.
Certain variants require that PCIe read-requests be correctly
throttled. This is called "rqpacing" in Arkville, and has to do
with credit and flow control on certain Arkville implementations.

Signed-off-by: John Miller <john.miller@atomicrules.com>

net/nfb: support more MAC addresses

Extend the eth_dev_ops by add/remove MAC address functions.

Signed-off-by: Martin Spinler <spinler@cesnet.cz>

net/nfb: fix multicast/promiscuous mode switching

In the firmware, the promisc mode overrides the multicast mode.
So when the promisc mode is turned off, driver must check if the
multicast mode was active before and conditionally reactivate it.

Fixes: 6435f9a0ac22 ("net/nfb: add new netcope driver")
Cc: stable@dpdk.org
Signed-off-by: Martin Spinler <spinler@cesnet.cz>

net/nfb: use timestamp offload flag

Rewrite the RX timestamp setup code to use standard offload flag.

Signed-off-by: Martin Spinler <spinler@cesnet.cz>

net/nfb: skip log for zero-sized Tx burst

Zero-sized TX burst floods the log no more.

Signed-off-by: Martin Spinler <spinler@cesnet.cz>

net/nfb: fix array indexes in deinit functions

The indexes in the for cycle were wrongly used and
the code accessed outside of the rxmac/txmac array.

Fixes: 6435f9a0ac22 ("net/nfb: add new netcope driver")
Cc: stable@dpdk.org
Signed-off-by: Martin Spinler <spinler@cesnet.cz>

net/enic: fix dereference before null check

This patch fixes an issue found by coverity. It checks for a possible
null value of "error" before dereferencing it.

CID: 375064: Dereference after null check
Either the check against null is unnecessary, or there may be a null
pointer dereference.

Coverity issue: 375064
Fixes: ee806eea59fe ("net/enic: support GENEVE flow item")

Signed-off-by: John Daley <johndale@cisco.com>
Reviewed-by: Hyong Youb Kim <hyonkim@cisco.com>

net/iavf: support L2TPv2 for flow director

Add support for L2TPv2(include PPP over L2TPv2) protocols FDIR
based on outer MAC src/dst address and L2TPv2 session ID.

Add support for PPPoL2TPv2oUDP protocols FDIR based on inner IP
src/dst address and UDP/TCP src/dst port.

Patterns are listed below:
eth/ipv4(6)/udp/l2tpv2
eth/ipv4(6)/udp/l2tpv2/ppp

eth/ipv4(6)/udp/l2tpv2/ppp/ipv4(6)
eth/ipv4(6)/udp/l2tpv2/ppp/ipv4(6)/udp
eth/ipv4(6)/udp/l2tpv2/ppp/ipv4(6)/tcp

Signed-off-by: Jie Wang <jie1x.wang@intel.com>
Acked-by: Beilei Xing <beilei.xing@intel.com>

net/iavf: support L2TPv2 for RSS

Add support for L2TPv2(include PPP over L2TPv2) protocols RSS based
on outer MAC src/dst address and L2TPv2 session ID.

Patterns are listed below:
eth/ipv4/udp/l2tpv2
eth/ipv4/udp/l2tpv2/ppp
eth/ipv6/udp/l2tpv2
eth/ipv6/udp/l2tpv2/ppp

Signed-off-by: Jie Wang <jie1x.wang@intel.com>
Acked-by: Beilei Xing <beilei.xing@intel.com>

net/i40e: add flow mark capability to NEON Rx

This commit adds a flow director support to i40e NEON
vector RX path.

I40e can have 16 and 32 byte descriptors, and the Flow
Director ID data and indication-bit are in different
locations for each size descriptor. The support is
implemented in two separate functions as they require
vastly different operations.

The 16B descriptor re-purposes the "filter-status" u32
field to indicate FDIR ID when the FLM bit is set. No
extra loads are required, however we do have to store
to mbuf->fdir.hi, which is not stored to in the RX path
before this patch.

The 32B descriptor requires loading the 2nd 16 bytes of
each descriptor, to get the FLEXBH_STAT and FD Filter ID
from qword3. The resulting data must also be stored to
mbuf->fdir.hi, same as the 16B code path.

Signed-off-by: Joyce Kong <joyce.kong@arm.com>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>

doc: support IPsec Multi-buffer lib v1.2

Updated AESNI MB and AESNI GCM, KASUMI, ZUC and SNOW3G PMD documentation
guides with information about the latest Intel IPSec Multi-buffer
library supported.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/ipsec_mb: fix length and offset settings

KASUMI, SNOW3G and ZUC require lengths and offsets to
be set in bits or bytes depending on the algorithm.
There were some algorithms that were mixing these two,
so this commit is fixing this issue.

Fixes: ae8e085c608d ("crypto/aesni_mb: support KASUMI F8/F9")
Fixes: 6c42e0cf4d12 ("crypto/aesni_mb: support SNOW3G-UEA2/UIA2")
Fixes: fd8df85487c4 ("crypto/aesni_mb: support ZUC-EEA3/EIA3")
Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/ipsec_mb: fix ZUC operation overwrite

ZUC PMD batches crypto operations depending on their type
(encryption + tag generation, tag verification + decryption, etc),
to allow parallelization.
The array used to store the pointers to these operations was
always the same array provided by dequeue_burst() function,
and it was looping around the same positions (from 0 to ZUC_MAX_BURST - 1).

A new internal array is used to avoid overwriting the pointers
of the array provided by dequeue_burst() function.

Fixes: cf7685d68f00 ("crypto/zuc: add driver for ZUC library")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/ipsec_mb: fix ZUC authentication verify

ZUC authentication is done over multiple buffers at a time.
When authentication verification is done, multiple scratch buffers
are using to generate the tags that will be compared afterwards.
However, the same scratch buffer was used always, instead of having
different ones for each crypto operation.

Fixes: 0b133c36ad7d ("crypto/zuc: support IPsec Multi-buffer lib v0.54")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/ipsec_mb: check missing operation types

When processing crypto operations in ZUC PMD,
there were two operation types that were set at session level,
but not checked when the operations are enqueued and processed,
leaving the buffers untouched silently.

Fixes: cde8df1bda9d ("crypto/ipsec_mb: move zuc PMD")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/virtio: fix out-of-bounds access

Coverity flags an untrusted loop bound. Check length of session iv.

Coverity issue: 375802
Fixes: b063e843fa03 ("crypto/virtio: fix IV physical address")
Cc: stable@dpdk.org
Signed-off-by: Brian Dooley <brian.dooley@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

baseband/acc100: avoid out-of-bounds access

The actual maximum number of gather pointers should have been limited

Coverity issue: 375803, 375813, 375819, 375827, 375831
Fixes: 5ad5060f8f7a ("baseband/acc100: add LDPC processing functions")
Cc: stable@dpdk.org
Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>

examples/l2fwd-crypto: fix port mask overflow

Coverity flags an issue with 32-bit value. If max ethports value is
configured with a value larger than 32 there will be an issue.
Coverity issue: 375863 Unintentional integer overflow

Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application")
Cc: stable@dpdk.org
Signed-off-by: Brian Dooley <brian.dooley@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

test/crypto: add L4 checksum case for transport mode

Added test case to verify L4 checksum offload in IPsec transport mode.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

test/crypto: add TTL and hop limit decrement cases

Add test cases to verify TTL and hop limit decrement with lookaside
IPsec offload.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

doc: fix FIPS guide

Added missing step for converting SHA request files to correct
format. Replaced AES_GCM with GCM to follow the correct
naming format.

Fixes: 3d0fad56b74 ("examples/fips_validation: add crypto FIPS application")
Cc: stable@dpdk.org
Signed-off-by: Jakub Poczatek <jakub.poczatek@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

examples/ipsec-secgw: add pool size parameters

Add support to enable per port packet pool and also override
vector pool size from command line args. This is useful
on some HW to tune performance based on usecase.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

examples/ipsec-secgw: fix buffer freeing in vector mode

Fix packet processing to skip after mbuf is freed instead of
touching and Tx'ing it.

Also free vector event buffer in event worker when after processing
there is no pkt to be enqueued to Tx adapter.

Fixes: 86738ebe1e3d ("examples/ipsec-secgw: support event vector")
Cc: stable@dpdk.org
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

examples/ipsec-secgw: avoid logs in data path

Update error prints in data path to RTE_LOG_DP().
Error prints in fast path are not good for performance
as they slow down the application when few bad packets are
received.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

examples/ipsec-secgw: add check for unprotected port mask

Usage of unprotected port mask without any configured SA inbound, will
cause use of uninitialized SA context, so disallow such configuration.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

crypto/qat: refactor asymmetric session

This patch refactors asymmetric session in Intel
QuickAssist Technology PMD and fixes some issues
with xform. Code will be now bit more scalable,
and easier readable.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>

crypto/qat: add ECPM algorithm

This patch adds Elliptic Curve Multiplication
algorithm to Intel QuickAssist Technology PMD.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>

crypto/qat: add ECDSA algorithm

This patch adds ECDSA algorithm to Intel
QuickAssist Technology PMD.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>

crypto/qat: add named elliptic curves

This patch adds secp256r1 and secp521r1 elliptic curves to Intel
QuickAssist Technology PMD.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>

crypto/qat: refactor asymmetric crypto functions

This commit refactors asummetric crypto functions
in Intel QuickAssist Technology PMD.
Functions right now are shorter and far easier readable,
plus it facilitates addition of new algorithms.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>

crypto/qat: support out-of-place SG list

This patch adds the SGL out of place support to QAT PMD

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

crypto/qat: unify raw data path functions

This patch unifies QAT's raw dp api implementations
to the same enqueue/dequeue methods used in crypto operations.
The specific functions for different QAT generation are updated
respectively. The qat_sym_hw_dp.c is removed as no longer required.

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

crypto/qat: rework burst data path

This patch enable the op_build_request function in
qat_enqueue_op_burst, and the qat_dequeue_process_response
function in qat_dequeue_op_burst.
The op_build_request invoked in crypto build request op is based
on crypto operations setup'd during session init.

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

crypto/qat: unify asymmetric functions

This patch removes qat_asym_pmd.c and integrates all the
functions into qat_asym.c. The unified/integrated asym crypto
pmd functions should make them easier to maintain.

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

crypto/qat: unify symmetric functions

This patch removes qat_sym_pmd.c and integrates all the functions into
qat_sym.c. The unified/integrated qat sym crypto pmd functions should
make them easier to maintain.

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

crypto/qat: rework asymmetric op build operation

This patch reworks the asymmetric crypto data path
implementation in QAT driver. The changes include asymmetric
crypto data path separation for QAT hardware generations, and
code optimisation of the device capabilities declaration.

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

crypto/qat: rework session functions

This patch introduces a set of set_session methods to QAT
generations. In addition, the reuse of QAT session between
generations is prohibit as the support of min_qat_dev_gen_id'
is removed.

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

crypto/qat: support symmetric build op request

This patch adds common inline functions for QAT symmetric
crypto driver to process crypto op, and the implementation of
build op request function for QAT generation 1.

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

common/qat: define build request and dequeue operations

This patch introduce build request and dequeue op function
pointers to the qat queue pair implementation. The function
pointers are assigned during qat session generation based on input
crypto operation request.

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

crypto/cnxk: support TTL or hop limit decrement

Add support for TTL if IPv4 or hop limit if IPv6 decrement for cn10k.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

cryptodev: fix RSA key type name

This patch fixes misspelled RTE_RSA_KEY_TYPE_QT,
this will prevent checkpach from complaining wherever
change to RSA is being made.

Fixes: 26008aaed14c ("cryptodev: add asymmetric xform and op definitions")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

crypto/ipsec_mb: support null auth/cipher for aesni_mb

Add NULL cipher and auth support to AESNI-MB PMD type.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>

cryptodev: fix asymmetric private session variable size

When creating the asymmetric session mempool, the maximum private
session size of all devices is used when creating the mempool
object size.
The return value for ``rte_cryptodev_asym_get_private_session_size``
is unsigned int, whereas the variable was uint8_t, leading to a
possible overflow issue.

To fix this, the variable for private session size is now changed to
unsigned int to match the function return type.

Fixes: 1f1e4b7cbaad ("cryptodev: use single mempool for asymmetric session")

Reported-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>

crypto/ipsec_mb: remove useless check

The qp is never NULL when it reaches the qp_setup_cleanup error handling
code. This is due to checks earlier in the function that return an error
if qp is NULL.

Coverity issue: 375013
Fixes: 581c39b1cb7d ("crypto/ipsec_mb: fix queue cleanup null pointer dereference")
Cc: stable@dpdk.org
Signed-off-by: Ciara Power <ciara.power@intel.com>

test/crypto: add ESN and antireplay cases

Added test cases for IPsec ESN and Antireplay.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

test/crypto: add copy and set DSCP cases

Add test cases to verify copy and set DSCP with
IPv4 and IPv6 tunnels.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

app/eventdev: add crypto producer mode

In crypto producer mode, producer core enqueues cryptodev with software
generated crypto ops and worker core dequeues crypto completion events
from the eventdev. Event crypto metadata used for above processing is
pre-populated in each crypto session.

Parameter --prod_type_cryptodev can be used to enable crypto producer
mode. Parameter --crypto_adptr_mode can be set to select the crypto
adapter mode, 0 for OP_NEW and 1 for OP_FORWARD.

This mode can be used to measure the performance of crypto adapter.

Example:
  ./dpdk-test-eventdev -l 0-2 -w <EVENTDEV> -w <CRYPTODEV> -- \
  --prod_type_cryptodev --crypto_adptr_mode 1 --test=perf_atq \
  --stlist=a --wlcores 1 --plcores 2

Signed-off-by: Shijith Thotton <sthotton@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>

eventdev/crypto: remove useless check

eca_cryptodev_cdev_flush() is internal function and called with
valid range of cdevs.

crypto_cdev_info structure is allocated at adapter creation time
and retrieved from the adapter for a valid cdevs which cannot be NULL
and hence no need for NULL check.

Fixes: 2ae84b39ae7b ("eventdev/crypto: store operations in circular buffer")

Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>

event/cnxk: update SQB FC check for Tx adapter

Update SQB limit to include CPT queue size when Security
offload is enabled.

Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>

event/cnxk: remove deschedule usage in CN9K

Using deschedule cmd might incorrectly ignore updates
to WQE, GGRP on CN9K.
Use addwork to pipeline work instead.

Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>

event/cnxk: fix uninitialized local variables

Fix uninitialized local variable as reported in coverity scan.

Coverity issue: 370578, 370579, 370587
Fixes: 300b796262a ("event/cnxk: add timer arm routine")
Cc: stable@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>

event/cnxk: fix memory leaks

Fix memory leaks reported by coverity scan in
cnxk_tim_parse_clk_list() and cnxk_tim_parse_ring_ctl_list()
functions on not freeing strduped memory.

Coverity issue: 374990 374991
Fixes: 8a3d58c189f ("event/cnxk: add option to control timer adapters")
Cc: stable@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>

event/cnxk: fix variables casting

Fix incompatible casting on variables reported by coverity scan.

Coverity issue: 370582 370584
Fixes: 6223ede2036 ("event/cnxk: add event port link and unlink")
Cc: stable@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>

event/dlb2: poll HW CQ inflights before mapping queue

When attempting to link a port and queue immediately after unlinking,
the CQ inflights may not all be processed. Poll the h/w register for
outstanding inflights instead of reading once, in case the inflights
are still being processed. Also return EBUSY if the inflight
processing is not completed in a suitable amount of time.

Fixes: 1857f1922ce2 ("event/dlb2: use new implementation of resource file")
Cc: stable@dpdk.org
Signed-off-by: Timothy McDaniel <timothy.mcdaniel@intel.com>

event/dlb2: update rolling mask used for dequeue

Update the rolling mask used in dequeue operations to
fix the vector optimized dequeue.

Fixes: 000a7b8e7582 ("event/dlb2: optimize dequeue operation")
Cc: stable@dpdk.org
Signed-off-by: Timothy McDaniel <timothy.mcdaniel@intel.com>

eventdev/eth_rx: fix queue config query

Remove the memcpy usage in queue config get function for
`event` variable which is 8 byte size and use direct copy.
Also provide vector information and event buffer size in the
queue config info.

Fixes: da781e6488 ("eventdev/eth_rx: support Rx queue config get")
Cc: stable@dpdk.org
Signed-off-by: Naga Harish K S V <s.v.naga.harish.k@intel.com>
Acked-by: Jay Jayatheerthan <jay.jayatheerthan@intel.com>

eventdev/eth_rx: fix parameters parsing memory leak

The memory get from strdup should be freed when parameter parsing
finished, and also should be freed when error occurs.

Fixes: 814d01709328 ("eventdev/eth_rx: support telemetry")
Fixes: 9e583185318f ("eventdev/eth_rx: support telemetry")
Cc: stable@dpdk.org
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
Acked-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
Acked-by: Jay Jayatheerthan <jay.jayatheerthan@intel.com>

examples/qos_sched: fix core mask overflow

Masking of core mask was incorrect. Instead of using 1U for shifting, it
should be using 1LU as the result is assigned to uint64.

CID 375859: Potentially overflowing expression "1U << app_main_core" with
type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit
arithmetic, and then used in a context that expects an expression of
type "uint64_t" (64 bits, unsigned).

Coverity issue: 375859
Fixes: de3cfa2c9823 ("sched: initial import")
Cc: stable@dpdk.org
Signed-off-by: Megha Ajmera <megha.ajmera@intel.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>

sched: enable traffic class oversubscription unconditionally

Removed RTE_SCHED_SUBPORT_TC_OV from rte_config.h.
Best effort traffic class oversubscription is always enabled.

Signed-off-by: Megha Ajmera <megha.ajmera@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>

sched: enable statistics unconditionally

Removed RTE_SCHED_COLLECT_STATS flag from rte_config.h.
Stats collection is always enabled.

Signed-off-by: Megha Ajmera <megha.ajmera@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>