Anatoly Burakov [Tue, 17 Apr 2018 15:44:07 +0000 (16:44 +0100)]
fbarray: fix potential null-dereference
We get pointer to mask before we check if fbarray is NULL. Fix
by moving getting mask pointer to until after NULL check.
Coverity issue: 272579
Fixes:
c44d09811b40 ("eal: add shared indexed file-backed array")
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
Anatoly Burakov [Tue, 17 Apr 2018 15:44:06 +0000 (16:44 +0100)]
fbarray: check for open failure
Coverity issue: 272564
Fixes:
c44d09811b40 ("eal: add shared indexed file-backed array")
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
Anatoly Burakov [Tue, 17 Apr 2018 15:44:05 +0000 (16:44 +0100)]
fbarray: use strlcpy instead of snprintf
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
Anatoly Burakov [Mon, 23 Apr 2018 11:14:13 +0000 (12:14 +0100)]
fbarray: make all fbarrays hidden files
fbarray stores its data in a shared file, which is not hidden.
This leads to polluting user's HOME directory with visible
files when running DPDK as non-root. Change fbarray to always
create hidden files by default.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Tomasz Duszynski [Tue, 30 Jan 2018 07:37:08 +0000 (08:37 +0100)]
app/testpmd: allow none shaper profile
Private shaper profiles are attached to nodes defined
in traffic manager hierarchy.
Since not every node must have a configured shaper
testpmd should allow setting shaper profile id to
invalid (RTE_TM_SHAPER_PROFILE_ID_NONE) easily.
This patch follows same approach as in case of setting
parent id of the root node i.e passing a negative value
sets node id to RTE_TM_NODE_ID_NULL.
In case of private shaper profile negative value will set
shaper profile id to RTE_TM_SHAPER_PROFILE_ID_NONE.
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Reviewed-by: Jasvinder Singh <jasvinder.singh@intel.com>
Olivier Matz [Mon, 29 Jan 2018 10:29:03 +0000 (11:29 +0100)]
cmdline: standardize conversion of IP address strings
The code to convert IPv4 and IPv6 address strings into a binary format
(inet_ntop) was included in the cmdline library because the DPDK was
historically compiled in environments where the standard inet_ntop()
function is not available. Today, this is not the case and the standard
inet_ntop() can be used.
This patch removes the internal inet_ntop*() functions and their
specific license.
There is a small functional impact: IP addresses like 012.34.56.78
are not valid anymore.
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Xiao Wang [Fri, 20 Apr 2018 15:10:50 +0000 (23:10 +0800)]
vfio: fix boundary check in region search
A previously mapped region is skipped during the search, leading to
DMA unmap fails.
This patch fixes it and rewords the comment.
Fixes:
73a639085938 ("vfio: allow to map other memory regions")
Signed-off-by: Xiao Wang <xiao.w.wang@intel.com>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
Hemant Agrawal [Thu, 19 Apr 2018 16:52:38 +0000 (22:22 +0530)]
crypto/dpaa2_sec: fix HMAC supported digest sizes
For HMAC algorithms (MD5-HMAC, SHAx-HMAC), the supported
digest sizes are not a fixed value, but a range between
1 and the maximum digest size for those algorithms.
Fixes:
f947fd77185f ("crypto/dpaa2_sec: fix HMAC supported key sizes")
Cc: stable@dpdk.org
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Hemant Agrawal [Thu, 19 Apr 2018 16:52:37 +0000 (22:22 +0530)]
crypto/dpaa_sec: fix HMAC supported digest sizes
For HMAC algorithms (MD5-HMAC, SHAx-HMAC), the supported
digest sizes are not a fixed value, but a range between
1 and the maximum digest size for those algorithms.
Also setting iv_size as 0.
Fixes:
c3e85bdcc6e6 ("crypto/dpaa_sec: add crypto driver for NXP DPAA platform")
Cc: stable@dpdk.org
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Hemant Agrawal [Thu, 19 Apr 2018 16:52:36 +0000 (22:22 +0530)]
crypto/dpaa_sec: support dynamic logging
This patch adds the support for dynamic logging in dpaa_sec.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Pablo de Lara [Thu, 19 Apr 2018 14:55:41 +0000 (15:55 +0100)]
crypto/zuc: batch ops with same transform
The ZUC API to encrypt packets does not require the operations
to share the same key. Currently, the operations were being
batched only when they shared the same key, but this is not needed.
Instead, now operations will be batched based on the transform
(cipher only, auth only...).
Fixes:
cf7685d68f00 ("crypto/zuc: add driver for ZUC library")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Pablo de Lara [Thu, 19 Apr 2018 14:55:40 +0000 (15:55 +0100)]
crypto/zuc: remove unnecessary check
When processing operations, the operation type was being
checked to avoid if it was set to NOT SUPPORTED.
In data path, doing so is not required since that is already
checked when creating the crypto session,
so that case will not ever happen.
Fixes:
cf7685d68f00 ("crypto/zuc: add driver for ZUC library")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Pablo de Lara [Thu, 19 Apr 2018 14:55:39 +0000 (15:55 +0100)]
crypto/zuc: do not set default op status
When crypto operations are allocated from the operation
pool, their status get reset to NOT_PROCESSED.
Therefore, there is no need to set this status again.
Fixes:
cf7685d68f00 ("crypto/zuc: add driver for ZUC library")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Tomasz Duszynski [Thu, 19 Apr 2018 10:48:00 +0000 (12:48 +0200)]
maintainers: update MRVL crypto PMD
Jacek will no longer be maintaining mrvl crypto PMD.
Special thanks to him for development and support.
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Anoob Joseph [Wed, 11 Apr 2018 06:40:46 +0000 (12:10 +0530)]
app/testpmd: support IPsec event
Adding support for IPsec event
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Anoob Joseph [Wed, 11 Apr 2018 06:40:45 +0000 (12:10 +0530)]
examples/ipsec-secgw: handle ESN soft limit event
For inline protocol processing, the PMD/device is required to maintain
the ESN. But the application is required to monitor ESN overflow to
initiate SA expiry.
For such cases, application would set the ESN soft limit. An IPsec event
would be raised by rte_eth_event framework, when ESN hits the soft limit
set by the application.
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Anoob Joseph [Wed, 11 Apr 2018 06:40:44 +0000 (12:10 +0530)]
security: extend userdata for IPsec events
Extending 'userdata' to be used for IPsec events too.
IPsec events would have some metadata which would uniquely identify the
security session for which the event is raised. But application would
need some construct which it can understand. The 'userdata' solves a
similar problem for inline processed inbound traffic. Updating the
documentation to extend the usage of 'userdata'.
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Anoob Joseph [Wed, 11 Apr 2018 06:40:43 +0000 (12:10 +0530)]
security: add ESN soft limit in config
Adding ESN soft limit in conf. This will be used in case of protocol
offload. Per SA, application could specify for what ESN the security
device need to notify application. In case of eth dev(inline protocol),
rte_eth_event framework would raise an IPsec event.
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Anoob Joseph [Wed, 11 Apr 2018 06:40:42 +0000 (12:10 +0530)]
ethdev: support inline IPsec events
Adding support for IPsec events in rte_eth_event framework. In inline
IPsec offload, the per packet protocol defined variables, like ESN,
would be managed by PMD. In such cases, PMD would need IPsec events
to notify application about various conditions like, ESN overflow.
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
Anoob Joseph [Mon, 16 Apr 2018 12:23:15 +0000 (17:53 +0530)]
examples/ipsec-secgw: fix usage print
The usage print was not updated when jumbo frames & crypto_dev mask
support was added. Fixing that. Also, the optional arguments were not
properly highlighted in the usage header. This is also fixed.
General cleanup of the usage print was also done to make it look more
cleaner and similar to what is existing in other applications like
l3fwd.
Fixes:
bbabfe6e4ee4 ("examples/ipsec_secgw: support jumbo frames")
Fixes:
2c68fe791538 ("examples/ipsec-secgw: add cryptodev mask option")
Fixes:
d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Cc: stable@dpdk.org
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Jay Zhou [Tue, 17 Apr 2018 09:23:26 +0000 (17:23 +0800)]
doc: add virtio crypto PMD guide
This patch adds the guide for virtio crypto PMD.
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Jay Zhou [Tue, 17 Apr 2018 09:23:25 +0000 (17:23 +0800)]
test/crypto: add tests for virtio-crypto
Only RTE_CRYPTO_CIPHER_AES_CBC cipher
algorithm are tested as unit test, it is supported both by the
cryptodev-backend-builtin and cryptodev-vhost-user of qemu side.
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Jay Zhou [Tue, 17 Apr 2018 09:23:24 +0000 (17:23 +0800)]
crypto/virtio: support HMAC-SHA1
The AES-CBC with HMAC-SHA1 has been supported now.
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Jay Zhou [Tue, 17 Apr 2018 09:23:23 +0000 (17:23 +0800)]
crypto/virtio: support AES-CBC
The AES-CBC cipher only algorithm has been supported now.
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Jay Zhou [Tue, 17 Apr 2018 09:23:22 +0000 (17:23 +0800)]
crypto/virtio: support stats related ops
This patch implements the statistics of the packets.
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Jay Zhou [Tue, 17 Apr 2018 09:23:21 +0000 (17:23 +0800)]
crypto/virtio: support burst enqueue/dequeue
This patch implements the functions of virtio_crypto_pkt_tx_burst()
and virtio_crypto_pkt_rx_burst(). The encryption and decryption requests
are placed in the data queue and are ultimately handled by
the backend crypto accelerators.
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Jay Zhou [Tue, 17 Apr 2018 09:23:20 +0000 (17:23 +0800)]
crypto/virtio: support session related ops
This patch implements session related operations, which includes creating
and destroying the session. For now, it only supports the session-oriented
API implementation. The control queue used to create or destroy sessions
for symmetric algorithms.
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Jay Zhou [Tue, 17 Apr 2018 09:23:19 +0000 (17:23 +0800)]
crypto/virtio: support basic PMD ops
This patch implements the basic operations of virtio crypto PMD, which
includes start, stop, close, information getting, queue setup and
release of the device.
The virtio crypto device has two types of queues, data queue and
control queue. It has one data queue at least and has one and only one
control queue. For example, if a virtio crypto device has N queues,
then [0, N-2] is the data queue index, N-1 is the control
queue index.
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Jay Zhou [Tue, 17 Apr 2018 09:23:18 +0000 (17:23 +0800)]
crypto/virtio: support device init
This patch implements the initialization of the virtio crypto device.
The virtio crypto device conforms to virtio-1.0, so this patch only
supports modern mode operation.
The cryptodev is created at the virtio crypto pci device probing stage.
The function of virtio_crypto_pkt_tx_burst() is used to burst transfer
packets and virtio_crypto_pkt_rx_burst() is used to burst receive packets.
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Jay Zhou [Tue, 17 Apr 2018 09:23:17 +0000 (17:23 +0800)]
crypto/virtio: add virtio crypto PMD
The virtio crypto device is a virtual cryptography device
as well as a kind of virtual hardware accelerator for
virtual machines. The linux kernel virtio-crypto driver
has been merged, and this patch introduces virtio crypto
PMD to achieve better performance.
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Fiona Trahe [Fri, 6 Apr 2018 18:51:43 +0000 (19:51 +0100)]
crypto/qat: use SPDX license
Use SPDK license for dual-licensed files
and update license date in all files
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Hemant Agrawal [Mon, 9 Apr 2018 08:58:35 +0000 (14:28 +0530)]
app/crypto-perf: add missing SPDX identifier
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Hemant Agrawal [Wed, 11 Apr 2018 09:15:47 +0000 (14:45 +0530)]
examples/l2fwd-crypto: fix the default aead assignments
The code is incorrectly updating the authxform instead of
aead xforms.
Fixes:
b79e4c00af0e ("cryptodev: use AES-GCM/CCM as AEAD algorithms")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Sunil Kumar Kori [Thu, 5 Apr 2018 08:35:49 +0000 (14:05 +0530)]
crypto/dpaa2_sec: improve error handling
Fixed as reported by NXP's internal coverity.
Also part of dpdk coverity.
Coverity issue: 268331
Coverity issue: 268333
Fixes:
8d1f3a5d751b ("crypto/dpaa2_sec: support crypto operation")
Cc: stable@dpdk.org
Signed-off-by: Sunil Kumar Kori <sunil.kori@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Sunil Kumar Kori [Thu, 5 Apr 2018 08:35:48 +0000 (14:05 +0530)]
crypto/dpaa_sec: improve the error checking
Reported by NXP's internal coverity
Fixes:
c3e85bdcc6e6 ("crypto/dpaa_sec: add crypto driver for NXP DPAA platform")
Cc: stable@dpdk.org
Signed-off-by: Sunil Kumar Kori <sunil.kori@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Abhinandan Gujjar [Mon, 16 Apr 2018 06:54:56 +0000 (12:24 +0530)]
doc: add private data info in crypto guide
Signed-off-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Abhinandan Gujjar [Mon, 16 Apr 2018 06:54:55 +0000 (12:24 +0530)]
cryptodev: support session private data setting
The application may want to store private data along with the
rte_cryptodev that is transparent to the rte_cryptodev layer.
For e.g., If an eventdev based application is submitting a
rte_cryptodev_sym_session operation and wants to indicate event
information required to construct a new event that will be
enqueued to eventdev after completion of the rte_cryptodev_sym_session
operation. This patch provides a mechanism for the application
to associate this information with the rte_cryptodev_sym_session session.
The application can set the private data using
rte_cryptodev_sym_session_set_private_data() and retrieve it using
rte_cryptodev_sym_session_get_private_data().
Signed-off-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Signed-off-by: Nikhil Rao <nikhil.rao@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Abhinandan Gujjar [Mon, 16 Apr 2018 06:54:54 +0000 (12:24 +0530)]
cryptodev: set private data for session-less mode
The application may want to store private data along with the
rte_crypto_op that is transparent to the rte_cryptodev layer.
For e.g., If an eventdev based application is submitting a
crypto session-less operation and wants to indicate event
information required to construct a new event that will be
enqueued to eventdev after completion of the crypto
operation. This patch provides a mechanism for the application
to associate this information with the rte_crypto_op in
session-less mode.
Signed-off-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Signed-off-by: Nikhil Rao <nikhil.rao@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Hemant Agrawal [Mon, 2 Apr 2018 15:33:16 +0000 (21:03 +0530)]
app/crypto-perf: support non default mempools
The current code usages the default mempool ops while
creating the mempool for crypto usages. Adding the support
for best_mempool_ops to enable it for devices using
non default mempools.
Signed-off-by: Ashish Jain <ashish.jain@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Hemant Agrawal [Mon, 2 Apr 2018 15:33:15 +0000 (21:03 +0530)]
app/crypto-perf: fix excess crypto device error
If number of available devices are more than logical core,
there is no need to throw an error.
Just use the less number of devices instead.
Fixes:
f8be1786b1b8 ("app/crypto-perf: introduce performance test application")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Ashish Jain [Mon, 2 Apr 2018 15:33:14 +0000 (21:03 +0530)]
test/crypto: add macro for dpaa device name
Fixes:
b674d6d0381a ("test/crypto: add dpaa crypto test cases")
Cc: stable@dpdk.org
Signed-off-by: Ashish Jain <ashish.jain@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Hemant Agrawal [Mon, 2 Apr 2018 15:33:21 +0000 (21:03 +0530)]
crypto/dpaa2_sec: fix OP storage for physical IOVA mode
op storage in fle is just for reference for post dq.
So, don't convert it to iova mode.
Fixes:
37f96eb01bce ("crypto/dpaa2_sec: support scatter gather")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Akhil Goyal [Mon, 2 Apr 2018 15:33:20 +0000 (21:03 +0530)]
crypto/dpaa_sec: move mempool allocation to config
Currently, the context mempools are allocated during device probe. Thus,
even if the DPAA SEC devices are not used, any application would still
allocate the memory required for working with the contexts.
This patch moves the allocation to configuration time so that when the
CAAM devices are configured, this allocation would be done.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Ashish Jain <ashish.jain@nxp.com>
Tested-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Shreyansh Jain [Mon, 2 Apr 2018 15:33:19 +0000 (21:03 +0530)]
crypto/dpaa_sec: fix null check in uninit
Fixes:
c3e85bdcc6e6 ("crypto/dpaa_sec: add crypto driver for NXP DPAA platform")
Cc: akhil.goyal@nxp.com
Cc: stable@dpdk.org
Signed-off-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Ashish Jain [Mon, 2 Apr 2018 15:33:18 +0000 (21:03 +0530)]
crypto/dpaa_sec: add portal presence check
Adding a check to do portal configuration if not already
configured before packet enqueue. This check is only done
during dpaa_sec_attach_sess_q for initial packets,
so this change wont affect the data path and hence performance.
Fixes:
e79416d10fa3 ("crypto/dpaa_sec: support multiple sessions per queue pair")
Cc: stable@dpdk.org
Signed-off-by: Ashish Jain <ashish.jain@nxp.com>
Ashish Jain [Mon, 2 Apr 2018 15:33:17 +0000 (21:03 +0530)]
crypto/dpaa_sec: add macro for device name
Fixes:
c3e85bdcc6e6 ("crypto/dpaa_sec: add crypto driver for NXP DPAA platform")
Cc: stable@dpdk.org
Signed-off-by: Ashish Jain <ashish.jain@nxp.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:53 +0000 (08:23 -0400)]
doc: add AMD CCP guide
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:52 +0000 (08:23 -0400)]
test/crypto: add tests for AMD CCP
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:51 +0000 (08:23 -0400)]
crypto/ccp: support CPU based MD5 and SHA2 family
Auth operations can be performed on CPU without offloading
to CCP if CONFIG_RTE_LIBRTE_PMD_CCP_CPU_AUTH is enabled in
DPDK configuration. CCP PMD skip offloading auth operations
to hardware engines and perform them using openssl APIs.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:50 +0000 (08:23 -0400)]
crypto/ccp: support SHA3 family
Add SHA3 family authentication algorithm support for
CCP crypto PMD. This patch defines new macros for SHA3
algorithms in the DPDK crypto framework.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:49 +0000 (08:23 -0400)]
crypto/ccp: support SHA2 family
Add SHA2 family authentication algorithm support for
CCP crypto PMD.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:48 +0000 (08:23 -0400)]
crypto/ccp: support SHA1
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:47 +0000 (08:23 -0400)]
crypto/ccp: support AES-GCM
Support AES-GCM-128/192/256 AEAD algorithm for
CCP crypto PMD.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:46 +0000 (08:23 -0400)]
crypto/ccp: support AES-CMAC
Support AES-CMAC-128/192/256 authentication algorithm for
CCP crypto PMD.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:45 +0000 (08:23 -0400)]
crypto/ccp: support 3DES
Support 3DES-CBC cipher algorithm for CCP crypto PMD.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:44 +0000 (08:23 -0400)]
crypto/ccp: support AES
Added CCP cipher support for following algorithms:
AES-CBC-128/192/256
AES-CTR-128/192/256
AES-ECB-128/192/256
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:43 +0000 (08:23 -0400)]
crypto/ccp: support hwrng
CCP engines support true hardware random generation feature.
This patch implements api to read random number from CCP to be
used within PMD.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:42 +0000 (08:23 -0400)]
crypto/ccp: support stats related ops
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:41 +0000 (08:23 -0400)]
crypto/ccp: support sessionless ops
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:40 +0000 (08:23 -0400)]
crypto/ccp: support burst enqueue/dequeue
Added support for burst oriented data path.
CCP PMD selects appropriate CCP engine available
on the platform and schedule the batch of crypto ops to a
selected hardware queue of the respective crypto engine.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:39 +0000 (08:23 -0400)]
crypto/ccp: support queue pair related ops
Added crypto queue pair specific crypto ops callback functions
to setup and manage a CCP crypto queue pair object. CCP PMD
exposes only a single crypto queue pair object and handles the
actual hardware queues underneath.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:38 +0000 (08:23 -0400)]
crypto/ccp: support session related ops
Added crypto session specific basic crypto ops callback functions.
Added different crypto engine types and definitions.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:37 +0000 (08:23 -0400)]
crypto/ccp: support basic PMD ops
Added device specific basic crypto ops callback functions.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:36 +0000 (08:23 -0400)]
crypto/ccp: support device init
CCP PMD is a virtual crypto PMD which schedules a number of available
actual CCP hardware engines underneath. The PMD
manages all devices by its own. The PMD supports CCP_5a and
CCP_5b versions of crypto engines and this patch adds support
to initialize and use such devices.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Ravi Kumar [Mon, 19 Mar 2018 12:23:35 +0000 (08:23 -0400)]
crypto/ccp: add AMD ccp skeleton PMD
Added DPDK crypto PMD for AMD Cryptographic Co-Processors.
This patch adds a basic skeleton for PMD.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Anoob Joseph [Fri, 23 Mar 2018 05:50:51 +0000 (11:20 +0530)]
examples/ipsec-secgw: remove redundant string compare
Removing redundant strncmp in parsing long arguments. The getopt library
provides means to identify long options using the "val" field of
structure option. The existing code gets 0 as "val" for all long
arguments and then uses strncmp to figure out which long option was
being referred to. Fixing this.
In addition, the macros and enums used for long arguments have been
renamed and repositioned adhering to the general convention followed in
various other apps, like l3fwd.
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Marko Kovacevic [Tue, 27 Mar 2018 12:15:32 +0000 (13:15 +0100)]
crypto/aesni_mb: support AES CMAC
Added support for AES CMAC hash algorithm with 128-bit key,
which has been added in the v0.49 of the IPSec Multi-buffer lib.
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Marko Kovacevic [Tue, 27 Mar 2018 12:14:30 +0000 (13:14 +0100)]
crypto/aesni_gcm: support IPsec Multi-buffer lib v0.49
Adds support for the v0.49 of the IPsec Multi-buffer lib,
which now gets compiled and installed as a shared object.
Therefore, there is no need to pass the AESNI_MULTI_BUFFER_LIB_PATH
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Marko Kovacevic [Tue, 27 Mar 2018 12:14:29 +0000 (13:14 +0100)]
crypto/aesni_mb: support IPsec Multi-buffer lib v0.49
Adds support for the v0.49 of the IPsec Multi-buffer lib,
which now gets compiled and installed as a shared object.
Therefore, there is no need to pass the AESNI_MULTI_BUFFER_LIB_PATH
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Lee Roberts [Fri, 9 Mar 2018 18:00:36 +0000 (11:00 -0700)]
crypto/qat: assign device to correct NUMA node
rte_cryptodev_pmd_init_params should use NUMA node of the QAT device
for its socket_id rather than the socket_id of the initializing process.
Signed-off-by: Lee Roberts <lee.roberts@hpe.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Tomasz Duszynski [Wed, 21 Mar 2018 09:44:38 +0000 (10:44 +0100)]
crypto/mrvl: add missing library dependencies
While trying to do a shared build one will get linkage error
since a couple of library dependencies are missing from a makefile.
At some point there was a batch update of all PMDs but mrvl crypto was
missed back then.
Necessary makefile changes were introduced in
commit
cbc12b0a96f5 ("mk: do not generate LDLIBS from directory dependencies")
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Tomasz Duszynski [Wed, 14 Mar 2018 13:12:54 +0000 (14:12 +0100)]
test/crypto: add MRVL to hash test cases
MRVL Crypto PMD supports most of the hash algorithms covered
by test suites thus specific bits should be set in pmd_masks.
Otherwise blockcipher authonly test returns success even though no
real tests have been executed.
Fixes:
84e0ded38ac5 ("test/crypto: add mrvl crypto unit tests")
Cc: stable@dpdk.org
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Fiona Trahe [Fri, 9 Mar 2018 17:44:38 +0000 (17:44 +0000)]
cryptodev: change argument of driver registration
Pass an rte_driver to the RTE_PMD_REGISTER_CRYPTO_DRIVER macro
rather than an unspecified container which holds an rte_driver.
All the macro actually needs is the rte_driver, not the
container holding it.
This paves the way for a later patch in which a driver
will be registered which does not naturally derive from a
container and so avoids having to create an arbitrary container
to pass in the rte_driver.
This patch changes the cryptodev lib macro and all the
PMDs which use it.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
Tomasz Duszynski [Mon, 12 Mar 2018 07:47:19 +0000 (08:47 +0100)]
crypto/mrvl: convert license headers to SPDX tags
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Maxime Coquelin [Wed, 14 Mar 2018 16:31:25 +0000 (17:31 +0100)]
vhost: deprecate unsafe GPA translation API
This patch marks rte_vhost_gpa_to_vva() as deprecated because
it is unsafe. Application relying on this API should move
to the new rte_vhost_va_from_guest_pa() API, and check
returned length to avoid out-of-bound accesses.
This issue has been assigned CVE-2018-1059.
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Maxime Coquelin [Thu, 19 Apr 2018 08:52:33 +0000 (10:52 +0200)]
vhost/crypto: move to safe GPA translation API
This patch uses the new rte_vhost_va_from_guest_pa() API
to ensure all the descriptor buffer is mapped contiguously
in the application virtual address space.
It does not handle buffers discontiguous in host virtual
address space, but only return an error.
This issue has been assigned CVE-2018-1059.
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Maxime Coquelin [Wed, 14 Mar 2018 15:46:46 +0000 (16:46 +0100)]
examples/vhost_scsi: move to safe GPA translation API
This patch uses the new rte_vhost_va_from_guest_pa() API
to ensure all the descriptor buffer is mapped contiguously
in the application virtual address space.
As the application did not checked return of previous API,
this patch just print an error if the buffer address isn't in
the vhost memory regions or if it is scattered. Ideally, it
should handle scattered buffers gracefully.
This issue has been assigned CVE-2018-1059.
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Maxime Coquelin [Tue, 13 Mar 2018 18:43:48 +0000 (19:43 +0100)]
examples/vhost: move to safe GPA translation API
This patch uses the new rte_vhost_va_from_guest_pa() API
to ensure the application doesn't perform out-of-bound
accesses either because of a malicious guest providing an
incorrect descriptor length, or because the buffer is
contiguous in guest physical address space but not in the
host process virtual address space.
This issue has been assigned CVE-2018-1059.
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Maxime Coquelin [Thu, 1 Mar 2018 08:36:33 +0000 (09:36 +0100)]
vhost: handle virtually non-contiguous buffers in Rx-mrg
This patch enables the handling of buffers non-contiguous in
process virtual address space in the enqueue path when mergeable
buffers are used.
When virtio-net header doesn't fit in a single chunck, it is
computed in a local variable and copied to the buffer chuncks
afterwards.
For packet content, the copy length is limited to the chunck
size, next chuncks VAs being fetched afterward.
This issue has been assigned CVE-2018-1059.
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Maxime Coquelin [Thu, 1 Mar 2018 07:47:58 +0000 (08:47 +0100)]
vhost: handle virtually non-contiguous buffers in Rx
This patch enables the handling of buffers non-contiguous in
process virtual address space in the enqueue path when mergeable
buffers aren't used.
When virtio-net header doesn't fit in a single chunck, it is
computed in a local variable and copied to the buffer chuncks
afterwards.
For packet content, the copy length is limited to the chunck
size, next chuncks VAs being fetched afterward.
This issue has been assigned CVE-2018-1059.
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Maxime Coquelin [Wed, 24 Jan 2018 16:19:29 +0000 (17:19 +0100)]
vhost: handle virtually non-contiguous buffers in Tx
This patch enables the handling of buffers non-contiguous in
process virtual address space in the dequeue path.
When virtio-net header doesn't fit in a single chunck, it is
copied into a local variablei before being processed.
For packet content, the copy length is limited to the chunck
size, next chuncks VAs being fetched afterward.
This issue has been assigned CVE-2018-1059.
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Maxime Coquelin [Wed, 24 Jan 2018 10:27:25 +0000 (11:27 +0100)]
vhost: add support for non-contiguous indirect descs tables
This patch adds support for non-contiguous indirect descriptor
tables in VA space.
When it happens, which is unlikely, a table is allocated and the
non-contiguous content is copied into it.
This issue has been assigned CVE-2018-1059.
Reported-by: Yongji Xie <xieyongji@baidu.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Maxime Coquelin [Tue, 23 Jan 2018 18:01:45 +0000 (19:01 +0100)]
vhost: ensure all range is mapped when translating QVAs
This patch ensures that all the address range is mapped when
translating addresses from master's addresses (e.g. QEMU host
addressess) to process VAs.
This issue has been assigned CVE-2018-1059.
Reported-by: Yongji Xie <xieyongji@baidu.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Maxime Coquelin [Tue, 23 Jan 2018 13:37:50 +0000 (14:37 +0100)]
vhost: introduce safe API for GPA translation
This new rte_vhost_va_from_guest_pa API takes an extra len
parameter, used to specify the size of the range to be mapped.
Effective mapped range is returned via len parameter.
This issue has been assigned CVE-2018-1059.
Reported-by: Yongji Xie <xieyongji@baidu.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Maxime Coquelin [Tue, 23 Jan 2018 13:26:02 +0000 (14:26 +0100)]
vhost: check all range is mapped when translating GPAs
There is currently no check done on the length when translating
guest addresses into host virtual addresses. Also, there is no
guanrantee that the guest addresses range is contiguous in
the host virtual address space.
This patch prepares vhost_iova_to_vva() and its callers to
return and check the mapped size. If the mapped size is smaller
than the requested size, the caller handle it as an error.
This issue has been assigned CVE-2018-1059.
Reported-by: Yongji Xie <xieyongji@baidu.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Maxime Coquelin [Tue, 23 Jan 2018 08:51:29 +0000 (09:51 +0100)]
vhost: fix indirect descriptors table translation size
This patch fixes the size passed at the indirect descriptor
table translation time, which is the len field of the descriptor,
and not a single descriptor.
This issue has been assigned CVE-2018-1059.
Fixes:
62fdb8255ae7 ("vhost: use the guest IOVA to host VA helper")
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Thomas Monjalon [Tue, 17 Apr 2018 12:23:29 +0000 (14:23 +0200)]
eal/linux: use strlcpy in uevent parsing
Support of strlcpy has recently been added to DPDK.
This replacement has been generated by the coccinelle script:
devtools/cocci.sh devtools/cocci/strlcpy.cocci
Fixes:
0d0f478d0483 ("eal/linux: add uevent parse and process")
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Thomas Monjalon [Thu, 19 Apr 2018 23:53:10 +0000 (01:53 +0200)]
mbuf: improve tunnel Tx offloads API doc
Add few details to remind TSO flag, checksum flags and header lengths.
The doxygen syntax for MPLS-in-UDP is fixed.
Fixes:
d95188551fa1 ("mbuf: introduce new Tx offload flag for MPLS-in-UDP")
Cc: stable@dpdk.org
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
Thomas Monjalon [Thu, 19 Apr 2018 23:39:52 +0000 (01:39 +0200)]
mbuf: fix Tx checksum offload API doc
When introducing rte_eth_tx_prepare(), the constraints on checksum
pre-filling for Tx offloads were relaxed because implemented in
the PMDs with rte_net_intel_cksum_flags_prepare() helper.
As a consequence, these old requirements are removed for:
- PKT_TX_OUTER_IP_CKSUM
- PKT_TX_IP_CKSUM
- PKT_TX_[L4]_CKSUM
- PKT_TX_TCP_SEG
Not sure SCTP offload is properly implemented though.
A reference to rte_eth_tx_prepare() is added in rte_eth_tx_burst() doc.
Fixes:
609dd68ef14f ("mbuf: enhance the API documentation of offload flags")
Fixes:
4fb7e803eb1a ("ethdev: add Tx preparation")
Cc: stable@dpdk.org
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
Thomas Monjalon [Mon, 23 Apr 2018 01:18:35 +0000 (03:18 +0200)]
maintainers: fix typo and ordering
Fix logical/alphabetical ordering, spacing, and syntax typo.
Fixes:
8fb3b2576025 ("maintainers: call out subtree committers")
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tomasz Duszynski [Thu, 19 Apr 2018 12:21:14 +0000 (14:21 +0200)]
crypto/mrvl: add to meson build
Add MRVL CRYPTO PMD to meson build system.
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Tomasz Duszynski [Wed, 11 Apr 2018 11:45:07 +0000 (13:45 +0200)]
net/mvpp2: add to meson build
Add support for building MRVL MVPP2 PMD with meson. To avoid cluttering
the build environment and to keep all relevant settings local to a cross
build we get MUSDK library installation path from a meson option.
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Tomasz Duszynski [Wed, 11 Apr 2018 11:45:06 +0000 (13:45 +0200)]
net/mvpp2: rename version map file to standard
Rename the version file to follow standard naming convention.
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Jerin Jacob [Mon, 9 Apr 2018 14:39:46 +0000 (20:09 +0530)]
build: fix default arm64 instruction level
The make based build system has crc+crypto instruction
support for the default arm64 build.
http://dpdk.org/browse/dpdk/tree/mk/machine/armv8a/rte.vars.mk#n31
This patch fixes the disparity with meson build flags for armv8.
As a bonus, This patch fixes the following errors with
ip_pipeline example application.
Assembler messages:
Error: selected processor does not support `crc32cx w3,w3,x0'
Fixes:
c6e536e38437 ("build: add more implementers IDs and PNs for ARM")
Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Tested-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Bruce Richardson [Wed, 4 Apr 2018 10:12:13 +0000 (11:12 +0100)]
rawdev: add to meson build
Add librte_rawdev to the meson build of DPDK.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Bruce Richardson [Thu, 29 Mar 2018 13:54:36 +0000 (14:54 +0100)]
drivers/dpaa: reduce meson dependency lists
Meson build currently tracks the dependencies between libraries, which
can often make things easier, but has the side-effect of slowing down
the initial meson run if too many duplicated dependencies are provided.
Therefore, we remove dependencies from the dpaa items where other
dependencies already depend on those. This provides a noticable speed-up
in meson configuration runs when lots of sample apps are included in the
build.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Harry van Haaren <harry.van.haaren@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Bruce Richardson [Thu, 29 Mar 2018 13:54:35 +0000 (14:54 +0100)]
examples: improve error report for missing meson deps
When a required library is missing on a platform, rather than having
meson report an error about the missing variable, catch the problem
earlier and provide a more readable message.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Harry van Haaren <harry.van.haaren@intel.com>
Bruce Richardson [Thu, 29 Mar 2018 13:54:34 +0000 (14:54 +0100)]
examples: allow building all as part of meson build
To test building all relevant example applications as part of a build, we
add support for the "all" keyword to be passed to the "examples" build
option. Since not all examples can actually be built on all systems,
we also add support for the "build" option inside the sub-dirs. However,
in case where "all" is not used, and a particular example is requested
to be built, we will error out if building the requested app is not
possible.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Harry van Haaren <harry.van.haaren@intel.com>
Bruce Richardson [Thu, 29 Mar 2018 13:54:33 +0000 (14:54 +0100)]
examples: disable unsupported examples on BSD build
When building with meson, set build to false when building unsupported
example apps on FreeBSD.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Harry van Haaren <harry.van.haaren@intel.com>
Bruce Richardson [Thu, 29 Mar 2018 13:54:32 +0000 (14:54 +0100)]
examples/l2fwd-cat: make build dependent on pqos lib
The l2fwd-cat example uses the pqos library to work, so make the meson
build dependent on the presence of that library
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Harry van Haaren <harry.van.haaren@intel.com>