net/enic: add flow implementation based on Flow Manager API
Flow Manager API is the new firmware interface that exposes match
action capabilities in 1400 series VIC adapters. It is intended for
virtual switch offloads and enables more advanced features than the
existing filter API. For example, it supports VXLAN encap and decap
actions, and exposes TCAM and exact match tables.
Add the new flow implementation using Flow Manager and use it when
available. When Flow Manager is not available, the driver will
continue to use the old filter-based flow implementation.
Signed-off-by: John Daley <johndale@cisco.com> Signed-off-by: Hyong Youb Kim <hyonkim@cisco.com>
Latest firmware supports Geneve with options offload. Current overlay
offload only supports Geneve with no options. This new feature is
disabled by default, as it is intrusive and cannot be used with flow
API. Add a new devarg 'geneve-opt' so the user can explicitly enable
it.
Signed-off-by: Hyong Youb Kim <hyonkim@cisco.com> Reviewed-by: John Daley <johndale@cisco.com>
Both primary and secondary processes may call the queue start/stop,
link update handlers. These functions use the rte_eth_dev pointer
cached in the adapter private data (struct enic). But, this pointer is
valid only in the primary process, as rte_eth_dev addresses may differ
in different processes. Using that cached pointer in secondary
processes leads to a crash.
For the link update handler (enic_link_update), use the rte_eth_dev
pointer passed down from the rte layer as it is valid in the current
process. For the queue start/stop handlers (enic_start_wq and
friends), cache the rte_eth_dev_data pointer in the adapter private
data, and use that. rte_eth_dev_data is in shared memory and its
address is same across processes.
Fixes: 837e68ae94a2 ("net/enic: fix queue stop and start") Fixes: cf8d9826b7be ("net/enic: extract code for checking link status") Cc: stable@dpdk.org Reported-by: Dirk-Holger Lenz <dirk.lenz@ng4t.com> Signed-off-by: Hyong Youb Kim <hyonkim@cisco.com> Tested-by: Dirk-Holger Lenz <dirk.lenz@ng4t.com> Reviewed-by: John Daley <johndale@cisco.com>
Krzysztof Kanas [Fri, 23 Aug 2019 08:16:59 +0000 (10:16 +0200)]
test/bonding: fix LSC timeout unit
Fixes: 76d29903f5f5 ("bond: support link status interrupt") Cc: stable@dpdk.org Signed-off-by: Krzysztof Kanas <kkanas@marvell.com> Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Krzysztof Kanas [Fri, 23 Aug 2019 08:16:58 +0000 (10:16 +0200)]
test/bonding: fix LSC related cases
On rare situation test_link_bonding test case fail due to timespec
tv_nsec overflow, which causes pthread_cond_timedwait to return EINVAL
and test to fail.
Fixes: 76d29903f5f5 ("bond: support link status interrupt") Cc: stable@dpdk.org Signed-off-by: Krzysztof Kanas <kkanas@marvell.com> Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Ori Kam [Thu, 26 Sep 2019 10:22:15 +0000 (10:22 +0000)]
net/mlx5: fix allocation size of RQT attribute
The receive queues list size is based on the size of uint32_t, so
when allocating the memory, the correct value should be used. Or
else there is risk to corrupt the memory, depending on the queues
number, because there is some pad area for alignment. If the queue
number is not large enough, the issue couldn't be observed.
Fixes: dc9ceff73c99 ("net/mlx5: create advanced RxQ via DevX") Cc: stable@dpdk.org Signed-off-by: Ori Kam <orika@mellanox.com> Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
David Marchand [Tue, 22 Oct 2019 08:21:43 +0000 (10:21 +0200)]
net/virtio: do not require IO permissions
On x86, iopl permissions are only available to root user (or users that
have the CAP_SYS_RAWIO capability).
But those permissions are only needed when the virtio devices accesses
are done with inb/outb instructions, which is when the device is bound
to a UIO kernel module.
So far, the virtio driver was refusing to register based on the check
on IO permissions.
This check does not make sense when binding the device to vfio.
Now that the check on IO permissions has been abstracted in the ioport
API, we can remove it on virtio side.
We still need to call rte_eal_iopl_init() in the virtio constructor so
that the interrupt thread inherits this permission in the case it could
be used with UIO later.
Signed-off-by: David Marchand <david.marchand@redhat.com> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> Acked-by: Tiwei Bie <tiwei.bie@intel.com>
David Marchand [Tue, 22 Oct 2019 08:21:42 +0000 (10:21 +0200)]
bus/pci: check IO permissions for UIO only
On x86, calling inb/outb special instructions (used in UIO ioport
read/write parts) is only possible if the right IO permissions has been
granted.
The only user of this API (the net/virtio pmd) checks this
unconditionnaly but this should be hidden by the rte_pci_ioport API
itself and only checked when the device is bound to a UIO driver.
Signed-off-by: David Marchand <david.marchand@redhat.com> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Anatoly Burakov [Thu, 24 Oct 2019 15:17:56 +0000 (16:17 +0100)]
eal/freebsd: support option --base-virtaddr
According to our docs, only Linuxapp supports base-virtaddr option.
That is, strictly speaking, not true because most of the things
that are attempting to respect base-virtaddr are in common files,
so FreeBSD already *mostly* supports this option in practice.
This commit fixes the remaining bits to explicitly support
base-virtaddr option, and moves the arg parsing from EAL to common
options parsing code. Documentation is also updated to reflect
that all platforms now support base-virtaddr.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Reviewed-by: David Marchand <david.marchand@redhat.com>
Seth Howell [Fri, 11 Oct 2019 20:56:07 +0000 (13:56 -0700)]
bus/pci: remove useless link dependency on ethdev
The makefile in drivers/bus/pci specified rte_ethdev as a dependency for
the library. However there are no actual symbols from librte_ethdev used
in librte_bus_pci.
Including librte_ethdev as a dependency only becomes a problem in some
niche cases like when attempting to build the rte_bus_pci library as a
shared object without building the rte_ethdev library.
I specifically ran into this when trying to build the DPDK included as
an SPDK submodule on a FreeBSD machine. I figure that since there are no
real dependencies between the two, we should enable building
librte_bus_pci without librte_ethdev.
Ruifeng Wang [Tue, 15 Oct 2019 09:28:26 +0000 (17:28 +0800)]
test/distributor: fix spurious failure
Sanity test could spuriously fail with reporting flush count error.
It was caused by worker stat coherent issue between distributor and
worker thread.
Fix this issue by using atomic operations to update worker stat.
Fixes: c3eabff124e6 ("distributor: add unit tests") Cc: stable@dpdk.org Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com> Reviewed-by: Gavin Hu <gavin.hu@arm.com> Acked-by: David Hunt <david.hunt@intel.com>
Ruifeng Wang [Tue, 15 Oct 2019 09:28:25 +0000 (17:28 +0800)]
lib/distributor: fix deadlock on aarch64
Distributor and worker threads rely on data structs in cache line
for synchronization. The shared data structs were not protected.
This caused deadlock issue on weaker memory ordering platforms as
aarch64.
Fix this issue by adding memory barriers to ensure synchronization
among cores.
Bugzilla ID: 342 Fixes: 775003ad2f96 ("distributor: add new burst-capable library") Cc: stable@dpdk.org Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com> Reviewed-by: Gavin Hu <gavin.hu@arm.com> Acked-by: David Hunt <david.hunt@intel.com>
Memory required for the mempool objects need not be physically
contiguous on octeontx2's HW, mempool pmd supports the minimum chunk
size set by the default handler. Hence discarding the limitation set
by the pmd on the min_chunk_size value.
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com> Acked-by: Jerin Jacob <jerinj@marvell.com>
Adam Dybkowski [Mon, 21 Oct 2019 11:29:55 +0000 (13:29 +0200)]
test/crypto: add encrypted digest case for AES-CTR-CMAC
This patch adds tests for encrypted digest AES-CTR + AES CMAC using
mixed auth-cipher algorithm functions. Tests allow easy
extending with new cases, check in-place and
out-of-place operations and use linear and sgl
buffers as input/output.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com> Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Gagandeep Singh [Mon, 21 Oct 2019 05:31:27 +0000 (11:01 +0530)]
config: change default endianness for CAAM JR
CAAM JR can work on both LE and BE mode.
Latest platforms are in LE mode, so changing the
default mode to LE to make it more convenient for
the latest platforms.
Nicolas Chautru [Tue, 22 Oct 2019 13:16:17 +0000 (06:16 -0700)]
baseband/fpga_lte_fec: fix polling of MMIO register
Polling of MMIO register could misreport the actual value
set dynamically in hardware as the variable was not set explicitly
to volatile integer.
Fixes: efd453698c49 ("baseband/fpga_lte_fec: add driver for FEC on FPGA") Cc: stable@dpdk.org Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Nicolas Chautru [Tue, 22 Oct 2019 13:16:16 +0000 (06:16 -0700)]
baseband/fpga_lte_fec: fix probing
A change to PCI mapping assumption was missed earlier, this causes
probing to fail with the fpga_lte_fec PMD when checking for name
of the rte_driver (not set yet) instead of the rte_pci_driver.
Fixes: 391797f04208 ("drivers/bus: move driver assignment to end of probing") Cc: stable@dpdk.org Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Arek Kusztal [Tue, 22 Oct 2019 14:04:29 +0000 (16:04 +0200)]
test/crypto: add RSA cases in QAT and openssl
This commit adds RSA tests to Intel QuickAssist Technology pmd
and OpenSSL pmd test suite for session and session-less cases
when PADDING_NONE selected
Replace rte_ipsec_sad_add(), rte_ipsec_sad_del() and
rte_ipsec_sad_lookup() stubs with actual implementation.
It uses three librte_hash tables each of which contains
an entries for a specific SA type (either it is addressed by SPI only
or SPI+DIP or SPI+DIP+SIP)
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com> Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
According to RFC 4301 IPSec implementation needs an inbound SA database
(SAD).
For each incoming inbound IPSec-protected packet (ESP or AH) it has to
perform a lookup within it's SAD.
Lookup should be performed by:
Security Parameters Index (SPI) + destination IP (DIP) + source IP (SIP)
or SPI + DIP
or SPI only
and an implementation has to return the 'longest' existing match.
This patch extend DPDK IPsec library with inbound security association
database (SAD) API implementation that:
- conforms to the RFC requirements above
- can scale up to millions of entries
- supports fast lookups
- supports incremental updates
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Damian Nowak [Fri, 9 Aug 2019 09:29:01 +0000 (11:29 +0200)]
crypto/qat: fix null auth when using VFIO
When running auth NULL cases while using
vfio_pci, DMAR read/write faults appear. It
happens even if digest_length is set to 0.
This is caused by auth_res_addr initialized
as 0x0.
Pablo de Lara [Thu, 17 Oct 2019 16:30:50 +0000 (17:30 +0100)]
crypto/aesni_gcm: allow device init if no AES-NI is present
The IPSec Multi buffer library does not require AES-NI
instructions to be supported by the CPU, as it can emulate these
instructions in software (adding a big performance penalty when
using AES algorithms).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Pablo de Lara [Thu, 17 Oct 2019 16:30:49 +0000 (17:30 +0100)]
crypto/aesni_mb: allow device init if no AES-NI is present
The IPSec Multi buffer library does not require AES-NI
instructions to be supported by the CPU, as it can emulate these
instructions in software (adding a big performance penalty when
using AES algorithms).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Hemant Agrawal [Tue, 13 Aug 2019 07:20:16 +0000 (12:50 +0530)]
common/dpaax: move shared sec HW code from dpaa2_sec
The SEC HW code is being shared by multiple NXP based
drivers. It is better to place it at a common place.
Current users are:
1. DPAA2_SEC
2. DPAA_SEC
3. CAAM_JR
doc: fix list of unsupported features in IPsec guide
List of unsupported features doesn't reflect latest changes.
Fixes: cd5b860c1851 ("ipsec: support header construction") Fixes: 2c1887fad075 ("ipsec: fix transport mode for IPv6 with extensions") Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com> Acked-by: Bernard Iremonger <bernard.iremonger@intel.com>
Julien Meunier [Wed, 16 Oct 2019 10:21:11 +0000 (13:21 +0300)]
cryptodev: fix checks related to device id
Each cryptodev are indexed with dev_id in the global rte_crypto_devices
variable. nb_devs is incremented / decremented each time a cryptodev is
created / deleted. The goal of nb_devs was to prevent the user to get an
invalid dev_id.
Let's imagine DPDK has configured N cryptodevs. If the cryptodev=1 is
removed at runtime, the latest cryptodev N cannot be accessible, because
nb_devs=N-1 with the current implementaion.
In order to prevent this kind of behavior, let's remove the check with
nb_devs and iterate in all the rte_crypto_devices elements: if data is
not NULL, that means a valid cryptodev is available.
Also, remove max_devs field and use RTE_CRYPTO_MAX_DEVS in order to
unify the code.
Fixes: d11b0f30df88 ("cryptodev: introduce API and framework for crypto devices") Cc: stable@dpdk.org Signed-off-by: Julien Meunier <julien.meunier@nokia.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Hemant Agrawal [Mon, 14 Oct 2019 06:53:30 +0000 (12:23 +0530)]
crypto/dpaa_sec: reorganize session management
The session related parameters shall be populated during
the session create only.
At the runtime on first packet, the CDB should just reference
the session data instead of re-interpreting data again.
Vakul Garg [Mon, 14 Oct 2019 06:53:25 +0000 (12:23 +0530)]
crypto/dpaax_sec: support auth trailer in cipher-auth
For cases like ESN where authentication data can be after cipher
data, support for authentication trailer is required.
This patch adds support of auth-only data trailing after cipher data.
Vakul Garg [Mon, 14 Oct 2019 06:53:24 +0000 (12:23 +0530)]
crypto/dpaax_sec: enhance GCM descs to not skip AAD
The GCM descriptors needlessly skip auth_only_len bytes from output
buffer. Due to this, workarounds have to be made in dpseci driver code.
Also this leads to failing of one cryptodev test case for gcm. In this
patch, we change the descriptor construction and adjust dpaaX_sec
accordingly. The test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_1seg
now passes.
eal/linux: restore specific hugepage ordering for ppc
An ifdef present in eal_memory.c references "RTE_ARCH_PPC64" when
it should actually use "RTE_ARCH_PPC_64". Simple testing revealed
that both the PPC_64 and non-PPC_64 versions of the code involved
work, but the PPC_64 version of the code is retained to be
consistent with other instances in the same file where mmapped
memory is accessed in reverse order on Power platforms.
Fixes: 66cc45e293ed ("mem: replace memseg with memseg lists") Cc: stable@dpdk.org Signed-off-by: David Christensen <drc@linux.vnet.ibm.com> Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
This patch implements following new test cases:
- test_call4: test case to verify if stack corruption occurs
across with multiple function calls.
- test_jump2: test case with a default packet in memory, parse
the packet and check if dest ip is part of a subnet.
- test_call5: test case with string data in the stack and
calling string comaprision.
Signed-off-by: Harman Kalra <hkalra@marvell.com> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
git.droids-corp.org / dpdk.git / log