git.droids-corp.org - dpdk.git/log

net/virtio: fix crash when number of virtio devices > 1

The vtpci_ops assignment needs the 'hw->port_id' as an input parameter.
That said, we should set 'hw->port_id' firstly, then do the vtpci_ops
assignment, while the code does reversely. That would result to a crash
when more than one virtio devices are used, because we keep assigning
proper vtpci_ops to virtio_hw_internal[0]->vtpci_ops, leaving the pointer
for other ports being NULL.

Reverse the order fixes this issue.

Fixes: 9470427c88e1 ("net/virtio: do not store PCI device pointer at shared memory")
Cc: stable@dpdk.org
Reported-by: Lei Yao <lei.a.yao@intel.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

vhost: fix long stall of negotiation

Setting up the mapping from GPA (guest physical address) to HPA (guest
physical address) could be very time consuming when the guest memory is
backened with small pages (4K). The bigger the guest memory, the longer
it takes. This could lead a very long vhost-user negotiation.

Since the mapping is only needed in zero copy mode so far, we could
avoid such time consuming settup when zero copy is turned off (which is
the default case).

It's actually a workaround, a right fix might be to start a new thread,
and hide the big latency there.

Fixes: e246896178e6 ("vhost: get guest/host physical address mappings")
Cc: stable@dpdk.org
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

vhost: fix dead loop in enqueue path

If a malicious guest forges a dead loop desc chain (let desc->next point
to itself) and desc->len is zero, this could lead to a dead loop in
copy_mbuf_to_desc(following is a simplified code to show this issue
clearly):

    while (mbuf_is_not_totally_consumed) {
        if (desc_avail == 0) {
            desc = &descs[desc->next];
            desc_avail = desc->len;
        }

        COPY(desc, mbuf, desc_avail);
    }

I have actually fixed a same issue before: commit a436f53ebfeb ("vhost:
avoid dead loop chain"); it fixes the dequeue path though, leaving the
enqueue path still vulnerable.

The fix is the same. Add a var nr_desc to avoid the dead loop.

Fixes: f1a519ad981c ("vhost: fix enqueue/dequeue to handle chained vring descriptors")
Cc: stable@dpdk.org
Reported-by: Xieming Katty <katty.xieming@huawei.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

crypto/qat: make PCI device id struct const

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Shreyansh Jain <shreyansh.jain@nxp.com>

doc: describe new performance test application

Add documentation to describe using the new performance test application.

Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>

app/crypto-perf: add test vectors files

Add test vectors example files to the performance test application.

Signed-off-by: Marcin Kerlin <marcinx.kerlin@intel.com>

app/crypto-perf: introduce performance test application

This patchset introduce new application which allows measuring
performance parameters of PMDs available in crypto tree. The goal of
this application is to replace existing performance tests in app/test.
Parameters available are: throughput (--ptest throughput) and latency
(--ptest latency). User can use multiply cores to run tests on but only
one type of crypto PMD can be measured during single application
execution. Cipher parameters, type of device, type of operation and
chain mode have to be specified in the command line as application
parameters. These parameters are checked using device capabilities
structure.
Couple of new library functions in librte_cryptodev are introduced for
application use.
To build the application a CONFIG_RTE_APP_CRYPTO_PERF flag has to be set
(it is set by default).
Example of usage: -c 0xc0 --vdev crypto_aesni_mb_pmd -w 0000:00:00.0 --
--ptest throughput --devtype crypto_aesni_mb --optype cipher-then-auth
--cipher-algo aes-cbc --cipher-op encrypt --cipher-key-sz 16 --auth-algo
sha1-hmac --auth-op generate --auth-key-sz 64 --auth-digest-sz 12
--total-ops 10000000 --burst-sz 32 --buffer-sz 64

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Signed-off-by: Marcin Kerlin <marcinx.kerlin@intel.com>
Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>

cryptodev: retrieve device info

This patch adds helper functions for new performance application which
provide identifiers and number of crypto device and
provide and check capabilities available for defined device and algorithm.
The performance application can be used to measure throughput and latency
of cryptography operation performed by crypto device.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Marcin Kerlin <marcinx.kerlin@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/scheduler: add documentation

Adds the description of the cryptodev scheduler PMD overview,
limitations, build, instructions, modes, etc.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/scheduler: add unit test

Same as other cryptodev PMDs, it is necessary to carry out the unit
test for scheduler PMD. Currently the test is designed to attach 2
AESNI-MB cryptodev PMDs as slaves, sets the scheduling mode as round-
robin, and runs almost all AESNI-MB test items (except for sessionless
tests). In the end, the slaves are detached.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/scheduler: enable compilation

Adds Makefile for scheduler cryptodev PMD, and updates existing
Makefiles. Different than other cryptodev PMDs, scheduler PMD
is required to be built as shared libraries.

Adds scheduler PMD enable and debug flags to config/common_base.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/scheduler: register operation functions

Implements all standard operations required for cryptodev,
and register them to cryptodev operation function pointer table.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/scheduler: register as vdev driver

Adds crypto scheduler's PMD's probe and remove function and the device's
enqueue and dequeue burst functions. A cryptodev scheduler PMD is
then registered in the end.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/scheduler: add round-robin mode

Implements round-robin scheduling mode and register into cryptodev
scheduler ops structure. This mode enqueues a burst of operation
to one of its slaves, and iterates the next burst to the other
slave. Same procedure is done on dequeueing operations.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/scheduler: add API implementations

Adds the implementations of the APIs for scheduler cryptodev PMD.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/scheduler: add internal structures

Adds a number of internal structures for the cryptodev scheduler PMD. The
structures include the scheduler context, slave, queue pair context,
and session.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/scheduler: add API

Adds APIs and function prototypes for the scheduler PMD to perform extra
operations other than standard cryptodev APIs.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

cryptodev: add scheduler PMD name and type

This patch adds the cryptodev scheduler PMD name and type identifier to
librte_cryptodev.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

cryptodev: decouple from PCI device

This makes struct rte_cryptodev independent of struct rte_pci_device by
replacing it with a pointer to the generic struct rte_device.

This is inline with the recent changes in ethdev

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: John Griffin <john.griffin@intel.com>
Reviewed-by: Shreyansh Jain <shreyansh.jain@nxp.com>

cryptodev: uninline some functions

rte_cryptodev_pmd_get_dev, rte_cryptodev_pmd_get_named_dev,
rte_cryptodev_pmd_is_valid_dev were incorrectly marked as inline and
therefore not useable from crypto PMDs when built as shared
libraries as they accessed the global rte_cryptodev_globals device
structure.

Fixes: d11b0f30 ("cryptodev: introduce API and framework for crypto devices")

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

mk: parallelize make config

make config dependency resolving was always running serial,
parallelize it for better performance.

$ time make T=x86_64-native-linuxapp-gcc config
real 0m12.633s

$ time make -j8 T=x86_64-native-linuxapp-gcc config
real 0m1.826s

When config creation done under a single make target, using a for loop,
make has no control on the action, and it needs to run as implemented in
the rule. But if for loop converted into multiple targets, make can
detect independent targets and run them parallel based on -j parameter.

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Thomas Monjalon <thomas.monjalon@6wind.com>

doc: add I/O device memory access API to release notes

Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Acked-by: John McNamara <john.mcnamara@intel.com>

usertools: fix active interface detection when binding

When adding crypto devices, the "Active" and "Ssh_if" attributes of
existing network devices were reset. This causes the following issues:

- Network interfaces aren't marked as "*Active*" in the --status output.
- Active network interfaces can be unbound without the --force option,
causing loss of network connection.

The reset was caused by the call to devices[d].update in
get_crypto_details.

This patch prevents the update on non-crypto devices.

Fixes: cb4a1d14bf3e ("tools: bind crypto devices")
Cc: stable@dpdk.org
Signed-off-by: Yoni Gilad <yonig@radcom.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

examples/server_node_efd: renamed from flow_distributor

To avoid confusion with distributor app, this commit
renames the flow-distributor sample app to server_node_efd,
since it shows how to use the EFD library and it is based
on a server/nodes model.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

app/test: fix build with overflowed EFD value

When RTE_EFD_VALUE_NUM_BITS is 32, there was a compilation issue
because of an overflow:

app/test/test_efd.c:157:55: error: overflow in expression;
result is 2147483647 with type 'int' [-Werror,-Winteger-overflow]
data[0] = mrand48() & ((1 << RTE_EFD_VALUE_NUM_BITS) - 1);

This commit fixes the issue by using a setting a different
macro VALUE_BITMASK with a conditional

Fixes: 0e925aef2779 ("app/test: add EFD functional and perf tests")

Reported-by: Yong Liu <yong.liu@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

app/test: make PCI device id struct const

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>

pdump: fix coverage warning

Fix GCC 4.8.2 20140120 (Red Hat 4.8.2-16) (RHEL 7.0) false warning
when build with EXTRA_CFLAGS='--coverage'.

Fixes: 278f945402c5 ("pdump: add new library for packet capture")

Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>

app/testpmd: add offload capabilities query

Add two new commands "show port cap <port>" and "show
port cap all" to display what offload capabilities supported
in ports. It will not only display all the capabilities of
the port, but also the enabling condition for each capability
in the running time.

Signed-off-by: Qiming Yang <qiming.yang@intel.com>
Acked-by: Jingjing Wu <jingjing.wu@intel.com>
Acked-by: Beilei Xing <beilei.xing@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

acl: fix flow data comments

Signed-off-by: Michał Mirosław <michal.miroslaw@atendesoftware.pl>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

acl: allow zero verdict

This enables ACL matches to return 0 where the distinction
from no-match case is not needed.

Signed-off-by: Michał Mirosław <michal.miroslaw@atendesoftware.pl>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

acl: remove invalid test

rte_acl_add_rules() has no way of checking rule size.

This was hidden because the test effectively checked that
adding a rule with userdata == 0 failed.

Signed-off-by: Michał Mirosław <michal.miroslaw@atendesoftware.pl>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

efd: fix build by removing dependency to libmath

When we compile the dpdk with:
  CONFIG_RTE_LIBRTE_EFD=y
  CONFIG_RTE_LIBRTE_NFP_PMD=n
  CONFIG_RTE_LIBRTE_THUNDERX_NICVF_PMD=n
  CONFIG_RTE_LIBRTE_SCHED=n
  CONFIG_RTE_LIBRTE_METER=n

The linker gives the following error:
  lib/librte_efd.a(rte_efd.o): In function `rte_efd_create':
  lib/librte_efd/rte_efd.c:560: undefined reference to `log2'
  collect2: error: ld returned 1 exit status

This is because the '-lm' is missing in mk/rte.app.mk.

An alternative, which is proposed by this patch, is to use the compiler
builtin rte_bsf32() to process log2 instead of the libmath log2() that
requires to include math.h and link with -lm.

Fixes: 56b6ef874f80 ("efd: new Elastic Flow Distributor library")

Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

ethdev: remove useless pointer initialization

Found with clang static analysis:
lib/librte_ether/rte_ethdev.c:2467:22:
warning: Value stored to 'dev' during its initialization is never read
struct rte_eth_dev *dev = &rte_eth_devices[port_id];
^~~ ~~~~~~~~~~~~~~~~~~~~~~~~~

Fixes: 88ac4396ad29 ("ethdev: add VMDq support")

Signed-off-by: Emmanuel Roullit <emmanuel.roullit@gmail.com>

ethdev: fix MAC address replay

This patch fixes a bug in replaying MAC address to the hardware
in rte_eth_dev_config_restore() routine. Added default MAC replay as well.

Fixes: 4bdefaade6d1 ("ethdev: VMDQ enhancements")

Signed-off-by: Steve Shin <jonshin@cisco.com>
Reviewed-by: Igor Ryzhov <iryzhov@nfware.com>

mbuf: remove redundant assignment when attaching

mi->next will be assigned to NULL few lines later, trivial patch

Fixes: ea672a8b1655 ("mbuf: remove the rte_pktmbuf structure")

Signed-off-by: Ilya V. Matveychikov <matvejchikov@gmail.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>

mempool: fix stack handler dequeue

The return value of the stack handler is wrong: it should be 0 on
success, not the number of objects dequeued.

This could lead to memory leaks depending on how the caller checks the
return value (ret < 0 or ret != 0). This was also breaking autotests
with debug enabled, because the debug cookies are only updated when the
function returns 0, so the cookies were not updated, leading to
an abort().

Fixes: 295a530b0844 ("mempool: add stack mempool handler")
Cc: stable@dpdk.org
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>

devargs: reset driver name pointer on parsing failure

The pointer set by strdup() needs to be cleared on failure to avoid a
potential double-free from the caller.

Found with clang static analysis:
lib/librte_eal/common/eal_common_devargs.c:123:2:
warning: Attempt to free released memory
free(buf);
^~~~~~~~~

Fixes: 0fe11ec592b2 ("eal: add vdev init and uninit")

Signed-off-by: Emmanuel Roullit <emmanuel.roullit@gmail.com>

eal: fix warning about debug log at startup

The log "Debug logs available - lower performance" should
now only be displayed when dataplane debug logs are enabled.

The issue occurs only if the default log level (CONFIG_RTE_LOG_LEVEL) is
set to DEBUG in the configuration, which is not the case by default.

Fixes: 5d8f0baf69ea ("log: do not drop debug logs at compile time")

Signed-off-by: Olivier Matz <olivier.matz@6wind.com>

kni: guard against unterminated name oops

If the name is too long, it triggers BUG in alloc_netdev().

Signed-off-by: Michał Mirosław <michal.miroslaw@atendesoftware.pl>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>

kni: set interface name source as user-space

Signed-off-by: Michał Mirosław <michal.miroslaw@atendesoftware.pl>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>

config: disable KNI ethtool by default

KNI ethtool support (KNI control path) is not commonly used,
and it tends to break the build with new version of the Linux kernel.

KNI ethtool feature is disabled by default. KNI datapath is not effected
from this update.

It is possible to enable feature explicitly with config option:
"CONFIG_RTE_KNI_KMOD_ETHTOOL=y"

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Thomas Monjalon <thomas.monjalon@6wind.com>

kni: add build option for ethtool support

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>

buildtools: allow symlinks within a source directory

When creating the symlinks for header files to the include folder, the
relpath script dereferenced all symlinks. This made it impossible to
have file A.h renamed to B.h and then symlinked back to its original
name. This is useful to be able to do when refactoring or reworking
a library. Change this so that we just use the dirname of the path from
readlink, we can use the basename as it was originally, even if it was a
symlink.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>

mk: remove default toolchain prefix for ThunderX

The environment variable CROSS must be set when using a cross-toolchain.
However it is counter intuitive to set a default value, considering
the toolchain required to build this architecture is well known.
It is especially weird when using a native toolchain and requiring to
unset this variable on the command line.

Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
Reviewed-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>

devtools: add more git headline checks for acronyms

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>

devtools: update git headline prefix check for drivers

For the patches that touch multiple drivers in same driver group,
script forces headline prefix start with drv group.

Like for net/a net/b net/c, patch title should be "net: x y z"

Update rule to let "driver" prefix in headline,
for above sample patch title becomes: "drivers/net: x y z"

This prevents patch confused with library with same name.

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>

ethdev: fix data reset when allocating port

Fix an silly error by auto-complete while managing the merge conflicts.
It's the eth_dev_data (but not eth_dev) entry should be memset.

Fixes: d948f596fee2 ("ethdev: fix port data mismatched in multiple process model")

Reported-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>

net/tap: fix build with old kernels

IFF_MULTI_QUEUE does not exist in older kernels:
drivers/net/tap/rte_eth_tap.c:143:19: error: ‘IFF_MULTI_QUEUE’ undeclared

Signed-off-by: Keith Wiles <keith.wiles@intel.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>

eal: fix FreeBSD build

rte_bus_scan() and rte_bus_probe() have been introduced
in eal.c, but it is missing the rte_bus.h header file,
for BSD systems.

Fixes: f44abbc12fa0 ("bus: add scanning")
Fixes: c3cec1d80708 ("bus: add probing")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

version: 17.02-rc1

Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>

bus: add probing

Bus implementations can implement a probe handler to match the devices
scanned against the drivers registered.

Signed-off-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>

bus: add scanning

Scan for bus discovers the devices available on the bus and adds them
to a bus specific device list. Each bus mandatorily implements this
method.

Signed-off-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>

bus: introduce bus abstraction

This patch introduces the rte_bus abstraction for EAL.
The model is:
- One or more devices are connected to a Bus
- Drivers are running instances which manage one or more devices
- Bus is responsible for identifying devices (and interrupt propogation)
- Driver is responsible for initializing the device

This patch adds a 'rte_bus' base class which would be extended for
specific implementations. It also introduces Bus registration and
deregistration functions.

Signed-off-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>

crypto/armv8: add documentation

Add documentation about the driver and update
release notes.

Signed-off-by: Zbigniew Bodek <zbigniew.bodek@caviumnetworks.com>
Reviewed-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>

app/test: add ARMv8 crypto tests and test vectors

Introduce unit tests for ARMv8 crypto PMD.
Add test vectors for short cases such as 160 bytes.
These test cases are ARMv8 specific since the code provides
different processing paths for different input data sizes.

User can validate correctness of algorithms' implementation using:
* cryptodev_sw_armv8_autotest
For performance test one can use:
* cryptodev_sw_armv8_perftest

Signed-off-by: Zbigniew Bodek <zbigniew.bodek@caviumnetworks.com>
Reviewed-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>

cryptodev: introduce ARM-specific feature flags

Add two new feature flags:
* RTE_CRYPTODEV_FF_CPU_NEON
represents ARM NEON (TM) instructions
* RTE_CRYPTODEV_FF_CPU_ARM_CE
represents ARM crypto extensions

Add them to both cryptodev library, documentation and relevant
PMD driver for ARMv8.

Signed-off-by: Zbigniew Bodek <zbigniew.bodek@caviumnetworks.com>

crypto/armv8: add PMD optimized for ARMv8 processors

This patch introduces crypto poll mode driver
using ARMv8 cryptographic extensions.
CPU compatibility with this driver is detected in
run-time and virtual crypto device will not be
created if CPU doesn't provide:
AES, SHA1, SHA2 and NEON.

This PMD is optimized to provide performance boost
for chained crypto operations processing,
such as encryption + HMAC generation,
decryption + HMAC validation. In particular,
cipher only or hash only operations are
not provided.

The driver currently supports AES-128-CBC
in combination with: SHA256 HMAC and SHA1 HMAC
and relies on the external armv8_crypto library:
https://github.com/caviumnetworks/armv8_crypto

Build ARMv8 crypto PMD if compiling for ARM64
and CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO option
is enable in the configuration file.
ARMV8_CRYPTO_LIB_PATH environment variable will
point to the appropriate library directory.

Signed-off-by: Zbigniew Bodek <zbigniew.bodek@caviumnetworks.com>
Reviewed-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>

doc: add ZUC to crypto matrices

When ZUC PMD was added, it was not added in the
Crypto Device Supported Functionality Matrices.
This commit adds a column in all the matrices, plus
the ZUC EEA3/EIA3 algorithms.

Fixes: cf7685d68f00 ("crypto/zuc: add driver for ZUC library")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/aesni_gcm: test new features

Added new unit tests for AES-NI GCM PMD to verify new functionalities.

Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>

crypto/aesni_gcm: migrate from MB library to ISA-L

Current Cryptodev AES-NI GCM PMD is implemented using Multi Buffer
Crypto library.This patch reimplement the device using ISA-L Crypto
library: https://github.com/01org/isa-l_crypto.

The migration entailed the following additional support for:
  * GMAC algorithm.
  * 256-bit cipher key.
  * Session-less mode.
  * Out-of place processing
  * Scatter-gatter support for chained mbufs (only out-of place and
    destination mbuf must be contiguous)

Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>

app/test: fix symmetric session free in crypto perf tests

This commit fixes problem with deallocation of symmetric
session entries in cryptodev performance tests.

Fixes: 390919829fdb ("app/test: update AES SHA performance test")
Fixes: 79521c438363 ("app/test: add AES GCM performance test")
Fixes: ffbe3be0d4b5 ("app/test: add libcrypto")
Fixes: 97fe6461c7cb ("app/test: add SNOW 3G performance test")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>

cryptodev: add user defined name for vdev

This patch adds a user defined name initializing parameter to cryptodev
library.

Originally, for software cryptodev PMD, the vdev name parameter is
treated as the driver identifier, and will create an unique name for each
device automatically, which is not necessarily as same as the vdev
parameter.

This patch allows the user to either create a unique name for his software
cryptodev, or by default, let the system creates a unique one. This should
help the user managing the created cryptodevs easily.

Examples:
CLI command fragment 1: --vdev "crypto_aesni_gcm_pmd"
The above command will result in creating a AESNI-GCM PMD with name of
"crypto_aesni_gcm_X", where postfix X is the number assigned by the system,
starting from 0. This fragment can be placed in the same CLI command
multiple times, resulting the postfixs incremented by one for each new
device.

CLI command fragment 2: --vdev "crypto_aesni_gcm_pmd,name=gcm1"
The above command will result in creating a AESNI-GCM PMD with name of
"gcm1". This fragment can be placed in the same CLI command multiple
times, as long as each having a unique name value.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>

crypto/qat: add scatter gather to feature flags

This commit adds scatter gather option to Intel(R) QuickAssist
Technology driver feature flags.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

examples/ipsec-secgw: support SHA256 HMAC

Add minor adjustments to support SHA256 HMAC:
- extend maximum key length to match SHA256 HMAC
- add SHA256 HMAC parameters and configuration string
- add SHA256 HMAC to inbound and outbound cases

Signed-off-by: Zbigniew Bodek <zbigniew.bodek@caviumnetworks.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>

app/test: check scatter-gather for crypto drivers

This patch provides unit tests for set of cipher/hash combinations covering
currently implemented crypto PMD's and allowing to verify scatter gather
support.

Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>

crypto/openssl: support scatter-gather

Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>

crypto: support scatter-gather in software drivers

This patch introduces RTE_CRYPTODEV_FF_MBUF_SCATTER_GATHER feature flag
informing that selected crypto device supports segmented mbufs natively
and doesn't need to be coalesced before crypto operation.

While using segmented buffers in crypto devices may have unpredictable
results, for PMDs which doesn't support it natively, additional check is
made for debug compilation.

Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>

crypto/openssl: fix indentation in guide

The code section was lacking indentation to be be correctly formatted.

Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")

Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

cryptodev: fix loop in device query

This patch fixes the dev value update problem in
rte_cryptodev_pmd_get_named_dev, orginally, dev won't be updated
after the initial step in the loop.

Fixes: d11b0f30df88 ("cryptodev: introduce API and framework for crypto devices")

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

crypto/openssl: remove unneeded check

EVP_CIPHER_CTX_set_padding() function always returns 1, so the check is
unneeded.

Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")

Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Tested-by: Zhaoyan Chen <zhaoyan.chen@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>

app/test: add integrity check for crypto mbuf data

In block cipher test cases, add checks that the source
and destination mbufs are not modified except where expected.

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>

crypto/qat: fix IV size in capabilities

This patch sets iv size in qat PMD to 12 bytes to be
conformant with nist SP800-38D.

Fixes: 26c2e4ad5ad4 ("cryptodev: add capabilities discovery")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

crypto/aesni_gcm: fix IV size in capabilities

This patch sets iv size in aesni gcm PMD to 12 bytes to be
conformant with nist SP800-38D.

Fixes: eec136f3c54f ("aesni_gcm: add driver for AES-GCM crypto operations")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>

crypto/aesni_gcm: fix J0 padding bytes

This commit fixes pre-counter block (J0) padding by clearing
four most significant bytes before setting initial counter value.

Fixes: b2bb3597470c ("crypto/aesni_gcm: move pre-counter block to driver")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>

crypto/aesni_mb: support AVX512

Release v0.44 of Intel(R) Multi-Buffer Crypto for IPsec library adds
support for AVX512 instructions. This patch enables the new AVX512
accelerated functions from the aesni_mb_pmd crypto poll mode driver.

This patch set requires that the aesni_mb_pmd is linked against the
version 0.44 or greater of the Multi-Buffer Crypto for IPsec library.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/aesni_mb: add missing supported algos in guide

AESNI MB PMD supports SHA224-HMAC and SHA384-HMAC,
but the documentation was not updated with this.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>

crypto/aesni_mb: add single operation functionality

Update driver to use new AESNI Multibuffer IPSec library single
operation functionality (cipher only and authentication only).
This patch also adds tests for this new feature.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>

crypto/aesni_mb: update dependency in guide

The Intel(R) Multi Buffer Crypto library used in the AESNI MB PMD
has been moved to a new repository, in github.
This patch updates the link where it can be downloaded.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>

crypto/aesni_mb: fix incorrect crypto session

When using sessionless crypto operations, crypto session
is obtained from a pool of sessions, when processing the
operation. Once the operation is processed, the session
is put back in the pool, but for the AESNI MB PMD, this
session was not being saved in the operation and therefore,
it did not return to the session pool.

Fixes: 924e84f87306 ("aesni_mb: add driver for multi buffer based crypto")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>

app/test: check SGL on QAT

This commit adds GCM tests to use within scatter-gather list.
Test use direct chained mbufs created based on the input parameter
for max size for in place operations and out of place operations.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

crypto/qat: add SGL capability

This commit adds scatter-gather list capability to Intel QuickAssist
Technology driver.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

app/test: check DES on QAT

This commit adds tests of Data Encryption Standard (DES)
algorithm to Intel QuickAssist technology crypto test suites

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

crypto/qat: add DES capability

This commit adds DES capability to Intel QuickAssist
Technology Driver

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

cryptodev: add DES CBC cipher algorithm

This commit adds DES CBC ciper algorithm to available algorithms

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

crypto/openssl: fix extra bytes written at end of data

Extra bytes are being written at end of data while process standard
openssl cipher encryption. This behaviour is unexpected.

This patch disable the padding feature in openssl library, which is
causing the problem.

Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")

Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

crypto/qat: fix buffer overwrite in OOP case

In out-of-place operation, data is DMAed from source mbuf
to destination mbuf. To avoid header data in dest mbuf being
overwritten, the minimal data-set should be DMAed.

Fixes: 39e0bee48e81 ("crypto/qat: rework request builder for performance")

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: John Griffin <john.griffin@intel.com>

cryptodev: fix crash on null dereference

crypodev->data->name will be null when
rte_cryptodev_get_dev_id() invoked without a valid
crypto device instance.

Fixes: d11b0f30df88 ("cryptodev: introduce API and framework for crypto devices")

Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>

app/test: check AES cipher-only on QAT

Extended functional AES-CBC and AES-CTR cipher-only
tests to run on QAT PMD.
Added AES_CBC cipher-only performance tests on QAT PMD.
No driver changes, but as now tested, QAT documentation
is updated to remove constraint.

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>

cryptodev: remove unused digest-appended feature

The cryptodev API had specified that if the digest address field was
left empty on an authentication operation, then the PMD would assume
the digest was appended to the source or destination data.
This case was not handled at all by most PMDs and incorrectly handled
by the QAT PMD.
As no bugs were raised, it is assumed to be not needed, so this patch
removes it, rather than add handling for the case on all PMDs.
The digest can still be appended to the data, but its
address must now be provided in the op.

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: John Griffin <john.griffin@intel.com>

doc: add flow distributor example guide

Signed-off-by: Sameh Gobriel <sameh.gobriel@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Christian Maciocco <christian.maciocco@intel.com>

doc: add EFD library section in programmers guide

Signed-off-by: Sameh Gobriel <sameh.gobriel@intel.com>
Acked-by: Christian Maciocco <christian.maciocco@intel.com>

examples/flow_distributor: new example to demonstrate EFD

This new sample app, based on the client/server sample app,
shows the user an scenario using the EFD library.
It consists of:

- A front-end server which has an EFD table that stores the
  node id for each flow key, which will distribute the incoming
  packets to the different nodes

- A back-end node, which has a hash table where node checks,
  after reading packets coming from the server, whether the packet
  is meant to be used in such node, in which case it will be TXed,
  or not, in which case, packet will be dropped.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Signed-off-by: Saikrishna Edupuganti <saikrishna.edupuganti@intel.com>
Acked-by: Christian Maciocco <christian.maciocco@intel.com>

app/test: add EFD functional and perf tests

Signed-off-by: Byron Marohn <byron.marohn@intel.com>
Signed-off-by: Karla Saur <karla.saur@intel.com>
Signed-off-by: Saikrishna Edupuganti <saikrishna.edupuganti@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Christian Maciocco <christian.maciocco@intel.com>

efd: add AVX2 vector lookup function

Signed-off-by: Byron Marohn <byron.marohn@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Signed-off-by: Saikrishna Edupuganti <saikrishna.edupuganti@intel.com>
Acked-by: Christian Maciocco <christian.maciocco@intel.com>

efd: new Elastic Flow Distributor library

Elastic Flow Distributor (EFD) is a distributor library that uses
perfect hashing to determine a target/value for a given incoming flow key.
It has the following advantages:

- First, because it uses perfect hashing, it does not store
  the key itself and hence lookup performance is not dependent
  on the key size.

- Second, the target/value can be any arbitrary value hence
  the system designer and/or operator can better optimize service rates
  and inter-cluster network traffic locating.

- Third, since the storage requirement is much smaller than a hash-based
  flow table (i.e. better fit for CPU cache), EFD can scale to
  millions of flow keys.
  Finally, with current optimized library implementation performance
  is fully scalable with number of CPU cores.

Signed-off-by: Byron Marohn <byron.marohn@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Signed-off-by: Saikrishna Edupuganti <saikrishna.edupuganti@intel.com>
Acked-by: Christian Maciocco <christian.maciocco@intel.com>

crypto/qat: use I/O device memory read/write API

Replace the raw I/O device memory read/write access with eal
abstraction for I/O device memory read/write access to fix portability
issues across different architectures.

CC: John Griffin <john.griffin@intel.com>
CC: Fiona Trahe <fiona.trahe@intel.com>
CC: Deepak Kumar Jain <deepak.k.jain@intel.com>
Signed-off-by: Santosh Shukla <santosh.shukla@caviumnetworks.com>
Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>

net/vmxnet3: use I/O device memory read/write API

Replace the raw I/O device memory read/write access with eal
abstraction for I/O device memory read/write access to fix
portability issues across different architectures.

CC: Yong Wang <yongwang@vmware.com>
Signed-off-by: Santosh Shukla <santosh.shukla@caviumnetworks.com>
Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>

net/virtio: use I/O device memory read/write API

Replace the raw I/O device memory read/write access with eal
abstraction for I/O device memory read/write access to fix
portability issues across different architectures.

Signed-off-by: Santosh Shukla <santosh.shukla@caviumnetworks.com>
Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Acked-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>

net/thunderx: use I/O device memory read/write API

Replace the raw I/O device memory read/write access with eal
abstraction for I/O device memory read/write access to fix portability
issues across different architectures.

Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>

net/ena: use I/O device memory read/write API

Replace the raw I/O device memory read/write access with eal
abstraction for I/O device memory read/write access to fix
portability issues across different architectures.

Suggested-by: Jan Medala <jan@semihalf.com>
Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Acked-by: Jan Medala <jan@semihalf.com>