Re: [dpdk-dev] [EXT] Re: [PATCH] ethdev: allow multiple security sessions to use one rte flow

[Anoob Joseph]

Hi Ori,

Please see inline.

Thanks,
Anoob

> -Original Message-
> From: Ori Kam 
> Sent: Thursday, January 16, 2020 7:08 PM
> To: Anoob Joseph ; Medvedkin, Vladimir
> ; Ananyev, Konstantin
> ; Akhil Goyal ; Adrien
> Mazarguil ; Doherty, Declan
> ; Yigit, Ferruh ; Jerin 
> Jacob
> Kollanukkaran ; Thomas Monjalon
> 
> Cc: Ankur Dwivedi ; Hemant Agrawal
> ; Matan Azrad ; Nicolau,
> Radu ; Shahaf Shuler ;
> Narayana Prasad Raju Athreya ; dev@dpdk.org
> Subject: RE: [dpdk-dev] [EXT] Re: [PATCH] ethdev: allow multiple security
> sessions to use one rte flow
> 
> Just one more question inline.
> 
> > -Original Message-
> > From: dev  On Behalf Of Anoob Joseph
> > Sent: Thursday, January 16, 2020 2:03 PM
> > To: Ori Kam ; Medvedkin, Vladimir
> > ; Ananyev, Konstantin
> > ; Akhil Goyal ;
> > Adrien Mazarguil ; Doherty, Declan
> > ; Yigit, Ferruh ;
> > Jerin Jacob Kollanukkaran ; Thomas Monjalon
> > 
> > Cc: Ankur Dwivedi ; Hemant Agrawal
> > ; Matan Azrad ;
> Nicolau,
> > Radu ; Shahaf Shuler ;
> > Narayana Prasad Raju Athreya ; dev@dpdk.org
> > Subject: Re: [dpdk-dev] [EXT] Re: [PATCH] ethdev: allow multiple
> > security sessions to use one rte flow
> >
> > Hi Ori,
> >
> > Please see inline.
> >
> > Thanks,
> > Anoob
> >
> > > -Original Message-
> > > From: dev  On Behalf Of Ori Kam
> > > Sent: Thursday, January 16, 2020 5:06 PM
> > > To: Anoob Joseph ; Medvedkin, Vladimir
> > > ; Ananyev, Konstantin
> > > ; Akhil Goyal ;
> > Adrien
> > > Mazarguil ; Doherty, Declan
> > > ; Yigit, Ferruh ;
> > > Jerin
> > Jacob
> > > Kollanukkaran ; Thomas Monjalon
> > > 
> > > Cc: Ankur Dwivedi ; Hemant Agrawal
> > > ; Matan Azrad ;
> > Nicolau,
> > > Radu ; Shahaf Shuler ;
> > > Narayana Prasad Raju Athreya ; dev@dpdk.org
> > > Subject: Re: [dpdk-dev] [EXT] Re: [PATCH] ethdev: allow multiple
> > > security sessions to use one rte flow
> > >
> > >
> > >
> > > > -Original Message-
> > > > From: dev  On Behalf Of Anoob Joseph
> > > > Sent: Tuesday, January 14, 2020 11:28 AM
> > > > To: Ori Kam ; Medvedkin, Vladimir
> > > > ; Ananyev, Konstantin
> > > > ; Akhil Goyal ;
> > > > Adrien Mazarguil ; Doherty, Declan
> > > > ; Yigit, Ferruh
> > > > ; Jerin Jacob Kollanukkaran
> > > > ; Thomas Monjalon 
> > > > Cc: Ankur Dwivedi ; Hemant Agrawal
> > > > ; Matan Azrad ;
> > > Nicolau,
> > > > Radu ; Shahaf Shuler
> > ;
> > > > Narayana Prasad Raju Athreya ; dev@dpdk.org
> > > > Subject: Re: [dpdk-dev] [EXT] Re: [PATCH] ethdev: allow multiple
> > > > security sessions to use one rte flow
> > > >
> > > > Hi Ori,
> > > >
> > > > Please see inline.
> > > >
> > > > Thanks,
> > > > Anoob
> > > >
> > > > > -Original Message-
> > > > > From: Ori Kam 
> > > > > Sent: Thursday, January 9, 2020 1:06 PM
> > > > > To: Medvedkin, Vladimir ; Ananyev,
> > > > > Konstantin ; Anoob Joseph
> > > > > ; Akhil Goyal ; Adrien
> > > > > Mazarguil ; Doherty, Declan
> > > > > ; Yigit, Ferruh
> > > > > ; Jerin Jacob Kollanukkaran
> > > > > ; Thomas Monjalon 
> > > > > Cc: Ankur Dwivedi ; Hemant Agrawal
> > > > > ; Matan Azrad ;
> > > Nicolau,
> > > > > Radu ; Shahaf Shuler
> > ;
> > > > > Narayana Prasad Raju Athreya ;
> > dev@dpdk.org
> > > > > Subject: RE: [dpdk-dev] [EXT] Re: [PATCH] ethdev: allow multiple
> > > > > security sessions to use one rte flow
> > > > >
> > > > > Hi
> > > > > sorry for jumping in late.
> > > > >
> > > > >
> > > > > > -Original Message-
> > > > > > From: dev  On Behalf Of Medvedkin,
> > Vladimir
> > > > > > Sent: Wednesday, January 8, 2020 4:30 PM
> > > > > > To: Ananyev, Konstantin ; Anoob
> > > > Joseph
> > > > > > ; Akhil Goyal ;
> > > > > > Adrien Mazarguil ; Doherty, Declan
> > > > > > ; Yigit, Ferruh
> > > > > > ;
> > > > Jerin
> > > > > > Jacob Kollanukkaran ; Thomas Monjalon
> > > > > > 
> > > > > > Cc: Ankur Dwivedi ; Hemant Agrawal
> > > > > > ; Matan Azrad
> > ;
> > > > > > Nicolau, Radu ; Shahaf Shuler
> > > > > > ; Narayana Prasad Raju Athreya
> > > > > > ; dev@dpdk.org
> > > > > > Subject: Re: [dpdk-dev] [EXT] Re: [PATCH] ethdev: allow
> > > > > > multiple security sessions to use one rte flow
> > > > > >
> > > > > > Hi Anoob,
> > > > > >
> > > > > > On 23/12/2019 13:34, Ananyev, Konstantin wrote:
> > > > > > >
> > > > > > >> The rte_security API which enables inline
> > > > > protocol/crypto
> > > > > > >> feature mandates that for every security
> > > > > > >> session
> > an
> > > > > > rte_flow
> > > > > > >> is
> > > > > > > created.
> > > > > > >> This would internally translate to a rule in
> > > > > > >> the
> > > > hardware
> > > > > > >> which would do packet classification.
> > > > > > >>
> > > > > > >> In rte_securty, one SA would be one security
> > session.
> > > > > And
> > > > > > if
> > > > > > >> an rte_flow need to be created for every
> > > > > > >> session, the
> > > > > > number
> > > > > > >> of SAs supported 

[dpdk-dev] [PATCH v2 02/15] common/octeontx2: add routine to check if sec capable otx2

[Anoob Joseph]

From: Vamsi Attunuru 

This routine returns true if given rte_eth_dev is security offload
capable and belongs to octeontx2.

Signed-off-by: Anoob Joseph 
Signed-off-by: Tejasree Kondoj 
Signed-off-by: Vamsi Attunuru 
---
 drivers/common/octeontx2/otx2_common.c   | 20 
 drivers/common/octeontx2/otx2_common.h   |  2 ++
 .../octeontx2/rte_common_octeontx2_version.map   |  1 +
 3 files changed, 23 insertions(+)

diff --git a/drivers/common/octeontx2/otx2_common.c 
b/drivers/common/octeontx2/otx2_common.c
index 7e45366..2f9b167 100644
--- a/drivers/common/octeontx2/otx2_common.c
+++ b/drivers/common/octeontx2/otx2_common.c
@@ -3,6 +3,7 @@
  */
 
 #include 
+#include 
 #include 
 #include 
 
@@ -23,6 +24,25 @@ otx2_npa_set_defaults(struct otx2_idev_cfg *idev)
 
 /**
  * @internal
+ * Check if rte_eth_dev is security offload capable otx2_eth_dev
+ */
+uint8_t
+otx2_ethdev_is_sec_capable(struct rte_eth_dev *eth_dev)
+{
+   struct rte_pci_device *pci_dev;
+
+   pci_dev = RTE_ETH_DEV_TO_PCI(eth_dev);
+
+   if (pci_dev->id.device_id == PCI_DEVID_OCTEONTX2_RVU_PF ||
+   pci_dev->id.device_id == PCI_DEVID_OCTEONTX2_RVU_VF ||
+   pci_dev->id.device_id == PCI_DEVID_OCTEONTX2_RVU_AF_VF)
+   return 1;
+
+   return 0;
+}
+
+/**
+ * @internal
  * Get intra device config structure.
  */
 struct otx2_idev_cfg *
diff --git a/drivers/common/octeontx2/otx2_common.h 
b/drivers/common/octeontx2/otx2_common.h
index f62c45d..db0cde1 100644
--- a/drivers/common/octeontx2/otx2_common.h
+++ b/drivers/common/octeontx2/otx2_common.h
@@ -8,6 +8,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -70,6 +71,7 @@ struct otx2_idev_cfg *otx2_intra_dev_get_cfg(void);
 void otx2_sso_pf_func_set(uint16_t sso_pf_func);
 uint16_t otx2_sso_pf_func_get(void);
 uint16_t otx2_npa_pf_func_get(void);
+uint8_t otx2_ethdev_is_sec_capable(struct rte_eth_dev *eth_dev);
 struct otx2_npa_lf *otx2_npa_lf_obj_get(void);
 void otx2_npa_set_defaults(struct otx2_idev_cfg *idev);
 int otx2_npa_lf_active(void *dev);
diff --git a/drivers/common/octeontx2/rte_common_octeontx2_version.map 
b/drivers/common/octeontx2/rte_common_octeontx2_version.map
index adad21a..bd9fc41 100644
--- a/drivers/common/octeontx2/rte_common_octeontx2_version.map
+++ b/drivers/common/octeontx2/rte_common_octeontx2_version.map
@@ -6,6 +6,7 @@ DPDK_20.0 {
otx2_dev_priv_init;
otx2_disable_irqs;
otx2_intra_dev_get_cfg;
+   otx2_ethdev_is_sec_capable;
otx2_logtype_base;
otx2_logtype_dpi;
otx2_logtype_mbox;
-- 
2.7.4

[dpdk-dev] [PATCH v2 00/15] add OCTEONTX2 inline IPsec support

[Anoob Joseph]

This series adds inline IPsec support in OCTEONTX2 PMD.

In the inbound path, rte_flow framework need to be used to configure
the NPC block, which does the h/w lookup. The packets would get
processed by the crypto block and would submit to the scheduling block,
SSO. So inline IPsec mode can be enabled only when traffic is received
via event device using Rx adapter.

In the outbound path, the core would submit to the crypto block and the
crypto block would submit the packet for Tx internally.

v2:
* Minimized additions to common/octeontx2
* Updated release notes
* Renamed otx2_is_ethdev to otx2_ethdev_is_sec_capable

Ankur Dwivedi (3):
  crypto/octeontx2: add eth security capabilities
  crypto/octeontx2: add datapath ops in eth security ctx
  crypto/octeontx2: add inline tx path changes

Anoob Joseph (4):
  common/octeontx2: add CPT LF mbox for inline inbound
  crypto/octeontx2: create eth security ctx
  crypto/octeontx2: enable CPT to share QP with ethdev
  crypto/octeontx2: add eth security session operations

Archana Muniganti (3):
  crypto/octeontx2: add lookup mem changes to hold sa indices
  drivers/octeontx2: add sec in compiler optimized RX fastpath framework
  drivers/octeontx2: add sec in compiler optimized TX fastpath framework

Tejasree Kondoj (3):
  crypto/octeontx2: configure for inline IPsec
  crypto/octeontx2: add security in eth dev configure
  net/octeontx2: add inline ipsec rx path changes

Vamsi Attunuru (2):
  common/octeontx2: add routine to check if sec capable otx2
  crypto/octeontx2: sync inline tag type cfg with Rx adapter
configuration

 doc/guides/nics/octeontx2.rst  |  20 +
 doc/guides/rel_notes/release_20_02.rst |   9 +
 drivers/common/octeontx2/otx2_common.c |  22 +
 drivers/common/octeontx2/otx2_common.h |  22 +
 drivers/common/octeontx2/otx2_mbox.h   |   7 +
 .../octeontx2/rte_common_octeontx2_version.map |   3 +
 drivers/crypto/octeontx2/Makefile  |   7 +-
 drivers/crypto/octeontx2/meson.build   |   7 +-
 drivers/crypto/octeontx2/otx2_cryptodev.c  |   8 +
 .../crypto/octeontx2/otx2_cryptodev_hw_access.h|  22 +-
 drivers/crypto/octeontx2/otx2_cryptodev_mbox.c |  53 ++
 drivers/crypto/octeontx2/otx2_cryptodev_mbox.h |   7 +
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c  |  56 ++
 drivers/crypto/octeontx2/otx2_cryptodev_qp.h   |  35 +
 drivers/crypto/octeontx2/otx2_ipsec_fp.h   | 348 +
 drivers/crypto/octeontx2/otx2_security.c   | 870 +
 drivers/crypto/octeontx2/otx2_security.h   | 158 
 drivers/crypto/octeontx2/otx2_security_tx.h| 175 +
 drivers/event/octeontx2/Makefile   |   1 +
 drivers/event/octeontx2/meson.build|   5 +-
 drivers/event/octeontx2/otx2_evdev.c   | 170 ++--
 drivers/event/octeontx2/otx2_evdev.h   |   4 +-
 drivers/event/octeontx2/otx2_worker.c  |   6 +-
 drivers/event/octeontx2/otx2_worker.h  |   6 +
 drivers/event/octeontx2/otx2_worker_dual.c |   6 +-
 drivers/net/octeontx2/Makefile |   1 +
 drivers/net/octeontx2/meson.build  |   3 +
 drivers/net/octeontx2/otx2_ethdev.c|  46 +-
 drivers/net/octeontx2/otx2_ethdev.h|   2 +
 drivers/net/octeontx2/otx2_ethdev_devargs.c|  19 +
 drivers/net/octeontx2/otx2_flow.c  |  26 +
 drivers/net/octeontx2/otx2_lookup.c|  11 +-
 drivers/net/octeontx2/otx2_rx.c|  27 +-
 drivers/net/octeontx2/otx2_rx.h| 377 ++---
 drivers/net/octeontx2/otx2_tx.c|  29 +-
 drivers/net/octeontx2/otx2_tx.h| 271 +--
 36 files changed, 2556 insertions(+), 283 deletions(-)
 create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_qp.h
 create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_fp.h
 create mode 100644 drivers/crypto/octeontx2/otx2_security.c
 create mode 100644 drivers/crypto/octeontx2/otx2_security.h
 create mode 100644 drivers/crypto/octeontx2/otx2_security_tx.h

-- 
2.7.4

[dpdk-dev] [PATCH v2 01/15] common/octeontx2: add CPT LF mbox for inline inbound

[Anoob Joseph]

Adding the new mbox introduced to configure CPT LF to be used for inline
inbound.

Signed-off-by: Anoob Joseph 
Signed-off-by: Tejasree Kondoj 
---
 drivers/common/octeontx2/otx2_mbox.h | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/drivers/common/octeontx2/otx2_mbox.h 
b/drivers/common/octeontx2/otx2_mbox.h
index e0e4e2f..70452d1 100644
--- a/drivers/common/octeontx2/otx2_mbox.h
+++ b/drivers/common/octeontx2/otx2_mbox.h
@@ -193,6 +193,8 @@ M(CPT_SET_CRYPTO_GRP,   0xA03, cpt_set_crypto_grp,  
\
   msg_rsp) \
 M(CPT_INLINE_IPSEC_CFG, 0xA04, cpt_inline_ipsec_cfg,   \
   cpt_inline_ipsec_cfg_msg, msg_rsp)   \
+M(CPT_RX_INLINE_LF_CFG, 0xBFE, cpt_rx_inline_lf_cfg,   \
+  cpt_rx_inline_lf_cfg_msg, msg_rsp)   \
 /* NPC mbox IDs (range 0x6000 - 0x7FFF) */ \
 M(NPC_MCAM_ALLOC_ENTRY,0x6000, npc_mcam_alloc_entry,   
\
npc_mcam_alloc_entry_req,   \
@@ -1202,6 +1204,11 @@ struct cpt_inline_ipsec_cfg_msg {
uint16_t __otx2_io nix_pf_func; /* Outbound path NIX_PF_FUNC */
 };
 
+struct cpt_rx_inline_lf_cfg_msg {
+   struct mbox_msghdr hdr;
+   uint16_t __otx2_io sso_pf_func;
+};
+
 /* NPC mbox message structs */
 
 #define NPC_MCAM_ENTRY_INVALID 0x
-- 
2.7.4

[dpdk-dev] [PATCH v2 04/15] crypto/octeontx2: create eth security ctx

[Anoob Joseph]

Adding security ctx to the eth device.

Signed-off-by: Ankur Dwivedi 
Signed-off-by: Anoob Joseph 
Signed-off-by: Archana Muniganti 
Signed-off-by: Tejasree Kondoj 
Signed-off-by: Vamsi Attunuru 
---
 drivers/common/octeontx2/otx2_common.c |  2 ++
 drivers/common/octeontx2/otx2_common.h | 10 +++
 .../octeontx2/rte_common_octeontx2_version.map |  2 ++
 drivers/crypto/octeontx2/Makefile  |  3 +-
 drivers/crypto/octeontx2/meson.build   |  4 ++-
 drivers/crypto/octeontx2/otx2_cryptodev.c  |  4 +++
 drivers/crypto/octeontx2/otx2_security.c   | 35 ++
 drivers/crypto/octeontx2/otx2_security.h   | 14 +
 drivers/net/octeontx2/otx2_ethdev.c| 18 ++-
 9 files changed, 89 insertions(+), 3 deletions(-)
 create mode 100644 drivers/crypto/octeontx2/otx2_security.c
 create mode 100644 drivers/crypto/octeontx2/otx2_security.h

diff --git a/drivers/common/octeontx2/otx2_common.c 
b/drivers/common/octeontx2/otx2_common.c
index 2f9b167..5c41822 100644
--- a/drivers/common/octeontx2/otx2_common.c
+++ b/drivers/common/octeontx2/otx2_common.c
@@ -11,6 +11,8 @@
 #include "otx2_dev.h"
 #include "otx2_mbox.h"
 
+struct otx2_sec_eth_crypto_idev_ops otx2_sec_idev_ops;
+
 /**
  * @internal
  * Set default NPA configuration.
diff --git a/drivers/common/octeontx2/otx2_common.h 
b/drivers/common/octeontx2/otx2_common.h
index db0cde1..4e8d0af 100644
--- a/drivers/common/octeontx2/otx2_common.h
+++ b/drivers/common/octeontx2/otx2_common.h
@@ -77,6 +77,16 @@ void otx2_npa_set_defaults(struct otx2_idev_cfg *idev);
 int otx2_npa_lf_active(void *dev);
 int otx2_npa_lf_obj_ref(void);
 
+typedef int (*otx2_sec_eth_ctx_create_t)(struct rte_eth_dev *eth_dev);
+typedef void (*otx2_sec_eth_ctx_destroy_t)(struct rte_eth_dev *eth_dev);
+
+struct otx2_sec_eth_crypto_idev_ops {
+   otx2_sec_eth_ctx_create_t ctx_create;
+   otx2_sec_eth_ctx_destroy_t ctx_destroy;
+};
+
+extern struct otx2_sec_eth_crypto_idev_ops otx2_sec_idev_ops;
+
 /* Log */
 extern int otx2_logtype_base;
 extern int otx2_logtype_mbox;
diff --git a/drivers/common/octeontx2/rte_common_octeontx2_version.map 
b/drivers/common/octeontx2/rte_common_octeontx2_version.map
index bd9fc41..1a43bb6 100644
--- a/drivers/common/octeontx2/rte_common_octeontx2_version.map
+++ b/drivers/common/octeontx2/rte_common_octeontx2_version.map
@@ -32,5 +32,7 @@ DPDK_20.0 {
otx2_sso_pf_func_set;
otx2_unregister_irq;
 
+   otx2_sec_idev_ops;
+
local: *;
 };
diff --git a/drivers/crypto/octeontx2/Makefile 
b/drivers/crypto/octeontx2/Makefile
index 3ba67ed..d2e9b9f 100644
--- a/drivers/crypto/octeontx2/Makefile
+++ b/drivers/crypto/octeontx2/Makefile
@@ -11,7 +11,7 @@ LIB = librte_pmd_octeontx2_crypto.a
 CFLAGS += $(WERROR_FLAGS)
 
 LDLIBS += -lrte_eal -lrte_ethdev -lrte_mbuf -lrte_mempool -lrte_ring
-LDLIBS += -lrte_cryptodev
+LDLIBS += -lrte_cryptodev -lrte_security
 LDLIBS += -lrte_pci -lrte_bus_pci
 LDLIBS += -lrte_common_cpt -lrte_common_octeontx2
 
@@ -38,6 +38,7 @@ SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += 
otx2_cryptodev_capabilities.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_hw_access.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_mbox.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_ops.c
+SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_security.c
 
 # export include files
 SYMLINK-y-include +=
diff --git a/drivers/crypto/octeontx2/meson.build 
b/drivers/crypto/octeontx2/meson.build
index 67deca3..f7b2937 100644
--- a/drivers/crypto/octeontx2/meson.build
+++ b/drivers/crypto/octeontx2/meson.build
@@ -9,6 +9,7 @@ deps += ['bus_pci']
 deps += ['common_cpt']
 deps += ['common_octeontx2']
 deps += ['ethdev']
+deps += ['security']
 name = 'octeontx2_crypto'
 
 allow_experimental_apis = true
@@ -16,7 +17,8 @@ sources = files('otx2_cryptodev.c',
'otx2_cryptodev_capabilities.c',
'otx2_cryptodev_hw_access.c',
'otx2_cryptodev_mbox.c',
-   'otx2_cryptodev_ops.c')
+   'otx2_cryptodev_ops.c',
+   'otx2_security.c')
 
 extra_flags = []
 # This integrated controller runs only on a arm64 machine, remove 32bit 
warnings
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c 
b/drivers/crypto/octeontx2/otx2_cryptodev.c
index 7fd216b..86c1188 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev.c
@@ -17,6 +17,7 @@
 #include "otx2_cryptodev_mbox.h"
 #include "otx2_cryptodev_ops.h"
 #include "otx2_dev.h"
+#include "otx2_security.h"
 
 /* CPT common headers */
 #include "cpt_common.h"
@@ -154,4 +155,7 @@ RTE_INIT(otx2_cpt_init_log)
otx2_cpt_logtype = rte_log_register("pmd.crypto.octeontx2");
if (otx2_cpt_logtype >= 0)
rte_log_set_level(otx2_cpt_logtype, RTE_LOG_NOTICE);
+
+   otx2_sec_idev_ops.ctx_create = otx2_sec

[dpdk-dev] [PATCH v2 07/15] crypto/octeontx2: enable CPT to share QP with ethdev

[Anoob Joseph]

Adding the infrastructure to save one opaque pointer in idev and
implement the consumer-producer in the PMDs which uses it accordingly.

Signed-off-by: Ankur Dwivedi 
Signed-off-by: Anoob Joseph 
Signed-off-by: Archana Muniganti 
Signed-off-by: Tejasree Kondoj 
Signed-off-by: Vamsi Attunuru 
---
 .../crypto/octeontx2/otx2_cryptodev_hw_access.h| 22 +
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c  | 18 
 drivers/crypto/octeontx2/otx2_cryptodev_qp.h   | 35 
 drivers/crypto/octeontx2/otx2_security.c   | 98 ++
 drivers/crypto/octeontx2/otx2_security.h   | 20 +
 5 files changed, 172 insertions(+), 21 deletions(-)
 create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_qp.h

diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_hw_access.h 
b/drivers/crypto/octeontx2/otx2_cryptodev_hw_access.h
index 6f78aa4..43db6a6 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_hw_access.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_hw_access.h
@@ -15,6 +15,7 @@
 #include "cpt_mcode_defines.h"
 
 #include "otx2_dev.h"
+#include "otx2_cryptodev_qp.h"
 
 /* CPT instruction queue length */
 #define OTX2_CPT_IQ_LEN8200
@@ -135,27 +136,6 @@ enum cpt_9x_comp_e {
CPT_9X_COMP_E_LAST_ENTRY = 0x06
 };
 
-struct otx2_cpt_qp {
-   uint32_t id;
-   /**< Queue pair id */
-   uintptr_t base;
-   /**< Base address where BAR is mapped */
-   void *lmtline;
-   /**< Address of LMTLINE */
-   rte_iova_t lf_nq_reg;
-   /**< LF enqueue register address */
-   struct pending_queue pend_q;
-   /**< Pending queue */
-   struct rte_mempool *sess_mp;
-   /**< Session mempool */
-   struct rte_mempool *sess_mp_priv;
-   /**< Session private data mempool */
-   struct cpt_qp_meta_info meta_info;
-   /**< Metabuf info required to support operations on the queue pair */
-   rte_iova_t iq_dma_addr;
-   /**< Instruction queue address */
-};
-
 void otx2_cpt_err_intr_unregister(const struct rte_cryptodev *dev);
 
 int otx2_cpt_err_intr_register(const struct rte_cryptodev *dev);
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c 
b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index b45cb82..d275478 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -13,6 +13,7 @@
 #include "otx2_cryptodev_hw_access.h"
 #include "otx2_cryptodev_mbox.h"
 #include "otx2_cryptodev_ops.h"
+#include "otx2_security.h"
 #include "otx2_mbox.h"
 
 #include "cpt_hw_types.h"
@@ -148,6 +149,11 @@ otx2_cpt_qp_inline_cfg(const struct rte_cryptodev *dev, 
struct otx2_cpt_qp *qp)
if (ret)
return ret;
 
+   /* Publish inline Tx QP to eth dev security */
+   ret = otx2_sec_tx_cpt_qp_add(port_id, qp);
+   if (ret)
+   return ret;
+
return 0;
 }
 
@@ -242,6 +248,12 @@ otx2_cpt_qp_create(const struct rte_cryptodev *dev, 
uint16_t qp_id,
 
qp->lf_nq_reg = qp->base + OTX2_CPT_LF_NQ(0);
 
+   ret = otx2_sec_tx_cpt_qp_remove(qp);
+   if (ret && (ret != -ENOENT)) {
+   CPT_LOG_ERR("Could not delete inline configuration");
+   goto mempool_destroy;
+   }
+
otx2_cpt_iq_disable(qp);
 
ret = otx2_cpt_qp_inline_cfg(dev, qp);
@@ -275,6 +287,12 @@ otx2_cpt_qp_destroy(const struct rte_cryptodev *dev, 
struct otx2_cpt_qp *qp)
char name[RTE_MEMZONE_NAMESIZE];
int ret;
 
+   ret = otx2_sec_tx_cpt_qp_remove(qp);
+   if (ret && (ret != -ENOENT)) {
+   CPT_LOG_ERR("Could not delete inline configuration");
+   return ret;
+   }
+
otx2_cpt_iq_disable(qp);
 
otx2_cpt_metabuf_mempool_destroy(qp);
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_qp.h 
b/drivers/crypto/octeontx2/otx2_cryptodev_qp.h
new file mode 100644
index 000..9d48da4
--- /dev/null
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_qp.h
@@ -0,0 +1,35 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (C) 2020 Marvell International Ltd.
+ */
+
+#ifndef _OTX2_CRYPTODEV_QP_H_
+#define _OTX2_CRYPTODEV_QP_H_
+
+#include 
+#include 
+#include 
+
+#include "cpt_common.h"
+
+struct otx2_cpt_qp {
+   uint32_t id;
+   /**< Queue pair id */
+   uintptr_t base;
+   /**< Base address where BAR is mapped */
+   void *lmtline;
+   /**< Address of LMTLINE */
+   rte_iova_t lf_nq_reg;
+   /**< LF enqueue register address */
+   struct pending_queue pend_q;
+   /**< Pending queue */
+   struct rte_mempool *sess_mp;
+   /**< Session mempool */
+   struct rte_mempool *sess_mp_priv;
+   /**< Session private data mempool */
+   struct cpt_qp_meta_info meta_info;
+   /**< Metabuf info required to support operations on the queue pair */
+   rte_iova_t iq_dma_addr;
+   /**< Instruction queue address */
+};
+
+#endif /* _OTX2_CRYPTODEV_QP_H_ */
diff --git a/drivers/cr

[dpdk-dev] [PATCH v2 03/15] crypto/octeontx2: configure for inline IPsec

[Anoob Joseph]

From: Tejasree Kondoj 

For enabling outbound inline IPsec, a CPT queue needs to be tied
to a NIX PF_FUNC. Distribute CPT queues fairly among all available
otx2 eth ports.

For inbound, one CPT LF will be assigned and initialized by kernel.

Signed-off-by: Ankur Dwivedi 
Signed-off-by: Anoob Joseph 
Signed-off-by: Archana Muniganti 
Signed-off-by: Tejasree Kondoj 
Signed-off-by: Vamsi Attunuru 
---
 drivers/crypto/octeontx2/Makefile  |  3 +-
 drivers/crypto/octeontx2/meson.build   |  2 +
 drivers/crypto/octeontx2/otx2_cryptodev_mbox.c | 53 ++
 drivers/crypto/octeontx2/otx2_cryptodev_mbox.h |  7 
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c  | 38 ++
 5 files changed, 102 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/octeontx2/Makefile 
b/drivers/crypto/octeontx2/Makefile
index f7d6c37..3ba67ed 100644
--- a/drivers/crypto/octeontx2/Makefile
+++ b/drivers/crypto/octeontx2/Makefile
@@ -10,7 +10,7 @@ LIB = librte_pmd_octeontx2_crypto.a
 # build flags
 CFLAGS += $(WERROR_FLAGS)
 
-LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
+LDLIBS += -lrte_eal -lrte_ethdev -lrte_mbuf -lrte_mempool -lrte_ring
 LDLIBS += -lrte_cryptodev
 LDLIBS += -lrte_pci -lrte_bus_pci
 LDLIBS += -lrte_common_cpt -lrte_common_octeontx2
@@ -21,6 +21,7 @@ CFLAGS += -O3
 CFLAGS += -I$(RTE_SDK)/drivers/common/cpt
 CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2
 CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2
+CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2
 CFLAGS += -DALLOW_EXPERIMENTAL_API
 
 ifneq ($(CONFIG_RTE_ARCH_64),y)
diff --git a/drivers/crypto/octeontx2/meson.build 
b/drivers/crypto/octeontx2/meson.build
index b6e5b73..67deca3 100644
--- a/drivers/crypto/octeontx2/meson.build
+++ b/drivers/crypto/octeontx2/meson.build
@@ -8,6 +8,7 @@ endif
 deps += ['bus_pci']
 deps += ['common_cpt']
 deps += ['common_octeontx2']
+deps += ['ethdev']
 name = 'octeontx2_crypto'
 
 allow_experimental_apis = true
@@ -32,3 +33,4 @@ endforeach
 includes += include_directories('../../common/cpt')
 includes += include_directories('../../common/octeontx2')
 includes += include_directories('../../mempool/octeontx2')
+includes += include_directories('../../net/octeontx2')
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_mbox.c 
b/drivers/crypto/octeontx2/otx2_cryptodev_mbox.c
index b54e407..202832d 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_mbox.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_mbox.c
@@ -2,10 +2,13 @@
  * Copyright (C) 2019 Marvell International Ltd.
  */
 #include 
+#include 
 
 #include "otx2_cryptodev.h"
+#include "otx2_cryptodev_hw_access.h"
 #include "otx2_cryptodev_mbox.h"
 #include "otx2_dev.h"
+#include "otx2_ethdev.h"
 #include "otx2_mbox.h"
 
 #include "cpt_pmd_logs.h"
@@ -173,3 +176,53 @@ otx2_cpt_af_reg_write(const struct rte_cryptodev *dev, 
uint64_t reg,
 
return otx2_cpt_send_mbox_msg(vf);
 }
+
+int
+otx2_cpt_inline_init(const struct rte_cryptodev *dev)
+{
+   struct otx2_cpt_vf *vf = dev->data->dev_private;
+   struct otx2_mbox *mbox = vf->otx2_dev.mbox;
+   struct cpt_rx_inline_lf_cfg_msg *msg;
+   int ret;
+
+   msg = otx2_mbox_alloc_msg_cpt_rx_inline_lf_cfg(mbox);
+   msg->sso_pf_func = otx2_sso_pf_func_get();
+
+   otx2_mbox_msg_send(mbox, 0);
+   ret = otx2_mbox_process(mbox);
+   if (ret < 0)
+   return -EIO;
+
+   return 0;
+}
+
+int
+otx2_cpt_qp_ethdev_bind(const struct rte_cryptodev *dev, struct otx2_cpt_qp 
*qp,
+   uint16_t port_id)
+{
+   struct rte_eth_dev *eth_dev = &rte_eth_devices[port_id];
+   struct otx2_cpt_vf *vf = dev->data->dev_private;
+   struct otx2_mbox *mbox = vf->otx2_dev.mbox;
+   struct cpt_inline_ipsec_cfg_msg *msg;
+   struct otx2_eth_dev *otx2_eth_dev;
+   int ret;
+
+   if (!otx2_ethdev_is_sec_capable(&rte_eth_devices[port_id]))
+   return -EINVAL;
+
+   otx2_eth_dev = otx2_eth_pmd_priv(eth_dev);
+
+   msg = otx2_mbox_alloc_msg_cpt_inline_ipsec_cfg(mbox);
+   msg->dir = CPT_INLINE_OUTBOUND;
+   msg->enable = 1;
+   msg->slot = qp->id;
+
+   msg->nix_pf_func = otx2_eth_dev->pf_func;
+
+   otx2_mbox_msg_send(mbox, 0);
+   ret = otx2_mbox_process(mbox);
+   if (ret < 0)
+   return -EIO;
+
+   return 0;
+}
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_mbox.h 
b/drivers/crypto/octeontx2/otx2_cryptodev_mbox.h
index a298718..ae66b08 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_mbox.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_mbox.h
@@ -7,6 +7,8 @@
 
 #include 
 
+#include "otx2_cryptodev_hw_access.h"
+
 int otx2_cpt_available_queues_get(const struct rte_cryptodev *dev,
  uint16_t *nb_queues);
 
@@ -22,4 +24,9 @@ int otx2_cpt_af_reg_read(const struct rte_cryptodev *dev, 
uint64_t reg,
 int otx2_cpt_af_reg_write(const struct rte_cryptodev *dev, uint64_t reg,
  uint64

[dpdk-dev] [PATCH v2 08/15] crypto/octeontx2: add eth security session operations

[Anoob Joseph]

Adding security session operations in eth security ctx.

Signed-off-by: Ankur Dwivedi 
Signed-off-by: Anoob Joseph 
Signed-off-by: Archana Muniganti 
Signed-off-by: Tejasree Kondoj 
Signed-off-by: Vamsi Attunuru 
---
 drivers/crypto/octeontx2/otx2_ipsec_fp.h | 293 ++
 drivers/crypto/octeontx2/otx2_security.c | 339 +++
 drivers/crypto/octeontx2/otx2_security.h |  23 ++-
 3 files changed, 654 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/octeontx2/otx2_ipsec_fp.h 
b/drivers/crypto/octeontx2/otx2_ipsec_fp.h
index bf4181a..c100dc5 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_fp.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_fp.h
@@ -5,6 +5,67 @@
 #ifndef __OTX2_IPSEC_FP_H__
 #define __OTX2_IPSEC_FP_H__
 
+#include 
+#include 
+
+enum {
+   OTX2_IPSEC_FP_SA_DIRECTION_INBOUND = 0,
+   OTX2_IPSEC_FP_SA_DIRECTION_OUTBOUND = 1,
+};
+
+enum {
+   OTX2_IPSEC_FP_SA_IP_VERSION_4 = 0,
+   OTX2_IPSEC_FP_SA_IP_VERSION_6 = 1,
+};
+
+enum {
+   OTX2_IPSEC_FP_SA_MODE_TRANSPORT = 0,
+   OTX2_IPSEC_FP_SA_MODE_TUNNEL = 1,
+};
+
+enum {
+   OTX2_IPSEC_FP_SA_PROTOCOL_AH = 0,
+   OTX2_IPSEC_FP_SA_PROTOCOL_ESP = 1,
+};
+
+enum {
+   OTX2_IPSEC_FP_SA_AES_KEY_LEN_128 = 1,
+   OTX2_IPSEC_FP_SA_AES_KEY_LEN_192 = 2,
+   OTX2_IPSEC_FP_SA_AES_KEY_LEN_256 = 3,
+};
+
+enum {
+   OTX2_IPSEC_FP_SA_ENC_NULL = 0,
+   OTX2_IPSEC_FP_SA_ENC_DES_CBC = 1,
+   OTX2_IPSEC_FP_SA_ENC_3DES_CBC = 2,
+   OTX2_IPSEC_FP_SA_ENC_AES_CBC = 3,
+   OTX2_IPSEC_FP_SA_ENC_AES_CTR = 4,
+   OTX2_IPSEC_FP_SA_ENC_AES_GCM = 5,
+   OTX2_IPSEC_FP_SA_ENC_AES_CCM = 6,
+};
+
+enum {
+   OTX2_IPSEC_FP_SA_AUTH_NULL = 0,
+   OTX2_IPSEC_FP_SA_AUTH_MD5 = 1,
+   OTX2_IPSEC_FP_SA_AUTH_SHA1 = 2,
+   OTX2_IPSEC_FP_SA_AUTH_SHA2_224 = 3,
+   OTX2_IPSEC_FP_SA_AUTH_SHA2_256 = 4,
+   OTX2_IPSEC_FP_SA_AUTH_SHA2_384 = 5,
+   OTX2_IPSEC_FP_SA_AUTH_SHA2_512 = 6,
+   OTX2_IPSEC_FP_SA_AUTH_AES_GMAC = 7,
+   OTX2_IPSEC_FP_SA_AUTH_AES_XCBC_128 = 8,
+};
+
+enum {
+   OTX2_IPSEC_FP_SA_FRAG_POST = 0,
+   OTX2_IPSEC_FP_SA_FRAG_PRE = 1,
+};
+
+enum {
+   OTX2_IPSEC_FP_SA_ENCAP_NONE = 0,
+   OTX2_IPSEC_FP_SA_ENCAP_UDP = 1,
+};
+
 struct otx2_ipsec_fp_sa_ctl {
rte_be32_t spi  : 32;
uint64_t exp_proto_inter_frag : 8;
@@ -24,6 +85,26 @@ struct otx2_ipsec_fp_sa_ctl {
uint64_t aes_key_len  : 2;
 };
 
+struct otx2_ipsec_fp_out_sa {
+   /* w0 */
+   struct otx2_ipsec_fp_sa_ctl ctl;
+
+   /* w1 */
+   uint8_t nonce[4];
+   uint16_t udp_src;
+   uint16_t udp_dst;
+
+   /* w2 */
+   uint32_t ip_src;
+   uint32_t ip_dst;
+
+   /* w3-w6 */
+   uint8_t cipher_key[32];
+
+   /* w7-w12 */
+   uint8_t hmac_key[48];
+};
+
 struct otx2_ipsec_fp_in_sa {
/* w0 */
struct otx2_ipsec_fp_sa_ctl ctl;
@@ -52,4 +133,216 @@ struct otx2_ipsec_fp_in_sa {
uint64_t reserved2;
 };
 
+static inline int
+ipsec_fp_xform_cipher_verify(struct rte_crypto_sym_xform *xform)
+{
+   if (xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
+   switch (xform->cipher.key.length) {
+   case 16:
+   case 24:
+   case 32:
+   break;
+   default:
+   return -ENOTSUP;
+   }
+   return 0;
+   }
+
+   return -ENOTSUP;
+}
+
+static inline int
+ipsec_fp_xform_auth_verify(struct rte_crypto_sym_xform *xform)
+{
+   if (xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) {
+   if (xform->auth.key.length == 64)
+   return 0;
+   }
+
+   return -ENOTSUP;
+}
+
+static inline int
+ipsec_fp_xform_aead_verify(struct rte_security_ipsec_xform *ipsec,
+  struct rte_crypto_sym_xform *xform)
+{
+   if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&
+   xform->aead.op != RTE_CRYPTO_AEAD_OP_ENCRYPT)
+   return -EINVAL;
+
+   if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS &&
+   xform->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT)
+   return -EINVAL;
+
+   if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
+   switch (xform->aead.key.length) {
+   case 16:
+   case 24:
+   case 32:
+   break;
+   default:
+   return -EINVAL;
+   }
+   return 0;
+   }
+
+   return -ENOTSUP;
+}
+
+static inline int
+ipsec_fp_xform_verify(struct rte_security_ipsec_xform *ipsec,
+ struct rte_crypto_sym_xform *xform)
+{
+   struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
+   int ret;
+
+   if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+   return ipsec_fp_xform_aead_verify(ipsec, xform);
+
+   if (xform->next == NULL)
+   return -EINVAL;
+
+   if (

[dpdk-dev] [PATCH v2 05/15] crypto/octeontx2: add security in eth dev configure

[Anoob Joseph]

From: Tejasree Kondoj 

Adding security in eth device configure.

Signed-off-by: Ankur Dwivedi 
Signed-off-by: Anoob Joseph 
Signed-off-by: Archana Muniganti 
Signed-off-by: Tejasree Kondoj 
Signed-off-by: Vamsi Attunuru 
---
 doc/guides/nics/octeontx2.rst   |  20 +
 doc/guides/rel_notes/release_20_02.rst  |   9 ++
 drivers/common/octeontx2/otx2_common.h  |   4 +
 drivers/crypto/octeontx2/Makefile   |   2 +-
 drivers/crypto/octeontx2/meson.build|   1 +
 drivers/crypto/octeontx2/otx2_cryptodev.c   |   2 +
 drivers/crypto/octeontx2/otx2_ipsec_fp.h|  55 +
 drivers/crypto/octeontx2/otx2_security.c| 122 
 drivers/crypto/octeontx2/otx2_security.h|   4 +
 drivers/net/octeontx2/otx2_ethdev.c |  22 -
 drivers/net/octeontx2/otx2_ethdev.h |   2 +
 drivers/net/octeontx2/otx2_ethdev_devargs.c |  19 +
 12 files changed, 260 insertions(+), 2 deletions(-)
 create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_fp.h

diff --git a/doc/guides/nics/octeontx2.rst b/doc/guides/nics/octeontx2.rst
index db62a45..fd4e455 100644
--- a/doc/guides/nics/octeontx2.rst
+++ b/doc/guides/nics/octeontx2.rst
@@ -38,6 +38,7 @@ Features of the OCTEON TX2 Ethdev PMD are:
 - IEEE1588 timestamping
 - HW offloaded `ethdev Rx queue` to `eventdev event queue` packet injection
 - Support Rx interrupt
+- Inline IPsec processing support
 
 Prerequisites
 -
@@ -178,6 +179,17 @@ Runtime Config Options
traffic on this port should be higig2 traffic only. Supported switch header
types are "higig2" and "dsa".
 
+- ``Max SPI for inbound inline IPsec`` (default ``1``)
+
+   Max SPI supported for inbound inline IPsec processing can be specified by
+   ``ipsec_in_max_spi`` ``devargs`` parameter.
+
+   For example::
+  -w 0002:02:00.0,ipsec_in_max_spi=128
+
+   With the above configuration, application can enable inline IPsec processing
+   on 128 SAs (SPI 0-127).
+
 .. note::
 
Above devarg parameters are configurable per device, user needs to pass the
@@ -211,6 +223,14 @@ SDP interface support
 ~
 OCTEON TX2 SDP interface support is limited to PF device, No VF support.
 
+Inline Protocol Processing
+~~
+``net_octeontx2`` pmd doesn't support the following features for packets to be
+inline protocol processed.
+- TSO offload
+- VLAN/QinQ offload
+- Fragmentation
+
 Debugging Options
 -
 
diff --git a/doc/guides/rel_notes/release_20_02.rst 
b/doc/guides/rel_notes/release_20_02.rst
index 6cbe457..8e71fef 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -82,6 +82,15 @@ New Features
 
   Added Chacha20-Poly1305 AEAD algorithm.
 
+* **Added inline IPsec support to Marvell OCTEONTX2 PMD.**
+
+  Added inline IPsec support to Marvell OCTEONTX2 PMD. With the feature,
+  applications would be able to offload entire IPsec offload to the hardware.
+  For the configured sessions, hardware will do the lookup and perform
+  decryption and IPsec transformation. For the outbound path, application
+  can submit a plain packet to the PMD, and it would be sent out on wire
+  after doing encryption and IPsec transformation of the packet.
+
 
 Removed Items
 -
diff --git a/drivers/common/octeontx2/otx2_common.h 
b/drivers/common/octeontx2/otx2_common.h
index 4e8d0af..fbe7335 100644
--- a/drivers/common/octeontx2/otx2_common.h
+++ b/drivers/common/octeontx2/otx2_common.h
@@ -79,10 +79,14 @@ int otx2_npa_lf_obj_ref(void);
 
 typedef int (*otx2_sec_eth_ctx_create_t)(struct rte_eth_dev *eth_dev);
 typedef void (*otx2_sec_eth_ctx_destroy_t)(struct rte_eth_dev *eth_dev);
+typedef int (*otx2_sec_eth_init_t)(struct rte_eth_dev *eth_dev);
+typedef void (*otx2_sec_eth_fini_t)(struct rte_eth_dev *eth_dev);
 
 struct otx2_sec_eth_crypto_idev_ops {
otx2_sec_eth_ctx_create_t ctx_create;
otx2_sec_eth_ctx_destroy_t ctx_destroy;
+   otx2_sec_eth_init_t init;
+   otx2_sec_eth_fini_t fini;
 };
 
 extern struct otx2_sec_eth_crypto_idev_ops otx2_sec_idev_ops;
diff --git a/drivers/crypto/octeontx2/Makefile 
b/drivers/crypto/octeontx2/Makefile
index d2e9b9f..5966ddc 100644
--- a/drivers/crypto/octeontx2/Makefile
+++ b/drivers/crypto/octeontx2/Makefile
@@ -11,7 +11,7 @@ LIB = librte_pmd_octeontx2_crypto.a
 CFLAGS += $(WERROR_FLAGS)
 
 LDLIBS += -lrte_eal -lrte_ethdev -lrte_mbuf -lrte_mempool -lrte_ring
-LDLIBS += -lrte_cryptodev -lrte_security
+LDLIBS += -lrte_cryptodev -lrte_security -lrte_eventdev
 LDLIBS += -lrte_pci -lrte_bus_pci
 LDLIBS += -lrte_common_cpt -lrte_common_octeontx2
 
diff --git a/drivers/crypto/octeontx2/meson.build 
b/drivers/crypto/octeontx2/meson.build
index f7b2937..f0f5043 100644
--- a/drivers/crypto/octeontx2/meson.build
+++ b/drivers/crypto/octeontx2/meson.build
@@ -9,6 +9,7 @@ deps += ['bus_pci']
 deps += ['common_cpt']
 deps += ['common_octeontx2']
 deps += ['ethdev']
+deps += ['eventdev']
 dep

[dpdk-dev] [PATCH v2 06/15] crypto/octeontx2: add eth security capabilities

[Anoob Joseph]

From: Ankur Dwivedi 

Adding security capabilities supported by the eth PMD.

Signed-off-by: Ankur Dwivedi 
Signed-off-by: Anoob Joseph 
Signed-off-by: Archana Muniganti 
Signed-off-by: Tejasree Kondoj 
Signed-off-by: Vamsi Attunuru 
---
 drivers/crypto/octeontx2/otx2_security.c | 84 
 drivers/crypto/octeontx2/otx2_security.h | 18 +++
 2 files changed, 102 insertions(+)

diff --git a/drivers/crypto/octeontx2/otx2_security.c 
b/drivers/crypto/octeontx2/otx2_security.c
index cdb7950..b8c8f91 100644
--- a/drivers/crypto/octeontx2/otx2_security.c
+++ b/drivers/crypto/octeontx2/otx2_security.c
@@ -2,11 +2,13 @@
  * Copyright (C) 2020 Marvell International Ltd.
  */
 
+#include 
 #include 
 #include 
 #include 
 #include 
 #include 
+#include 
 
 #include "otx2_ethdev.h"
 #include "otx2_ipsec_fp.h"
@@ -27,12 +29,93 @@ struct sec_eth_tag_const {
};
 };
 
+static struct rte_cryptodev_capabilities otx2_sec_eth_crypto_caps[] = {
+   {   /* AES GCM */
+   .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+   {.sym = {
+   .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+   {.aead = {
+   .algo = RTE_CRYPTO_AEAD_AES_GCM,
+   .block_size = 16,
+   .key_size = {
+   .min = 16,
+   .max = 32,
+   .increment = 8
+   },
+   .digest_size = {
+   .min = 16,
+   .max = 16,
+   .increment = 0
+   },
+   .aad_size = {
+   .min = 8,
+   .max = 12,
+   .increment = 4
+   },
+   .iv_size = {
+   .min = 12,
+   .max = 12,
+   .increment = 0
+   }
+   }, }
+   }, }
+   },
+   RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
+};
+
+static const struct rte_security_capability otx2_sec_eth_capabilities[] = {
+   {   /* IPsec Inline Protocol ESP Tunnel Ingress */
+   .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+   .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+   .ipsec = {
+   .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+   .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+   .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+   .options = { 0 }
+   },
+   .crypto_capabilities = otx2_sec_eth_crypto_caps,
+   .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+   },
+   {   /* IPsec Inline Protocol ESP Tunnel Egress */
+   .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+   .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+   .ipsec = {
+   .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+   .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+   .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+   .options = { 0 }
+   },
+   .crypto_capabilities = otx2_sec_eth_crypto_caps,
+   .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+   },
+   {
+   .action = RTE_SECURITY_ACTION_TYPE_NONE
+   }
+};
+
 static inline void
 in_sa_mz_name_get(char *name, int size, uint16_t port)
 {
snprintf(name, size, "otx2_ipsec_in_sadb_%u", port);
 }
 
+static unsigned int
+otx2_sec_eth_session_get_size(void *device __rte_unused)
+{
+   return sizeof(struct otx2_sec_session);
+}
+
+static const struct rte_security_capability *
+otx2_sec_eth_capabilities_get(void *device __rte_unused)
+{
+   return otx2_sec_eth_capabilities;
+}
+
+static struct rte_security_ops otx2_sec_eth_ops = {
+   .session_get_size   = otx2_sec_eth_session_get_size,
+   .capabilities_get   = otx2_sec_eth_capabilities_get
+};
+
 int
 otx2_sec_eth_ctx_create(struct rte_eth_dev *eth_dev)
 {
@@ -46,6 +129,7 @@ otx2_sec_eth_ctx_create(struct rte_eth_dev *eth_dev)
/* Populate ctx */
 
ctx->device = eth_dev;
+   ctx->ops = &otx2_sec_eth_ops;
ctx->sess_cnt = 0;
 
eth_dev->security_ctx = ctx;
diff --git a/drivers/crypto/octeontx2/otx2_security.h 
b/drivers/crypto/octeontx2/otx2_security.h
index 023061d..a442f5c 100644
--- a/drivers/crypto/octeontx2/otx2_security.h
+++ b/drivers/crypto/octeontx2/otx2_security.h
@@ -7,6 +7,24 @@
 
 #include 
 
+#include "otx2_ipsec_fp.h"
+
+/*
+ * Security session for inline

[dpdk-dev] [PATCH v2 11/15] net/octeontx2: add inline ipsec rx path changes

[Anoob Joseph]

From: Tejasree Kondoj 

Adding post-processing required for inline IPsec inbound packets.

Signed-off-by: Ankur Dwivedi 
Signed-off-by: Anoob Joseph 
Signed-off-by: Archana Muniganti 
Signed-off-by: Tejasree Kondoj 
Signed-off-by: Vamsi Attunuru 
---
 drivers/crypto/octeontx2/Makefile|  1 +
 drivers/crypto/octeontx2/otx2_security.h | 19 +
 drivers/event/octeontx2/Makefile |  1 +
 drivers/event/octeontx2/meson.build  |  2 +
 drivers/net/octeontx2/Makefile   |  1 +
 drivers/net/octeontx2/meson.build|  3 ++
 drivers/net/octeontx2/otx2_rx.h  | 73 
 7 files changed, 100 insertions(+)

diff --git a/drivers/crypto/octeontx2/Makefile 
b/drivers/crypto/octeontx2/Makefile
index 5966ddc..62b630e 100644
--- a/drivers/crypto/octeontx2/Makefile
+++ b/drivers/crypto/octeontx2/Makefile
@@ -20,6 +20,7 @@ VPATH += $(RTE_SDK)/drivers/crypto/octeontx2
 CFLAGS += -O3
 CFLAGS += -I$(RTE_SDK)/drivers/common/cpt
 CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2
+CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2
 CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2
 CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2
 CFLAGS += -DALLOW_EXPERIMENTAL_API
diff --git a/drivers/crypto/octeontx2/otx2_security.h 
b/drivers/crypto/octeontx2/otx2_security.h
index b1a401b..6ec321d 100644
--- a/drivers/crypto/octeontx2/otx2_security.h
+++ b/drivers/crypto/octeontx2/otx2_security.h
@@ -26,6 +26,25 @@ struct otx2_sec_eth_cfg {
rte_spinlock_t tx_cpt_lock;
 };
 
+#define OTX2_SEC_CPT_COMP_GOOD 0x1
+#define OTX2_SEC_UC_COMP_GOOD  0x0
+#define OTX2_SEC_COMP_GOOD (OTX2_SEC_UC_COMP_GOOD << 8 | \
+OTX2_SEC_CPT_COMP_GOOD)
+
+/* CPT Result */
+struct otx2_cpt_res {
+   union {
+   struct {
+   uint64_t compcode:8;
+   uint64_t uc_compcode:8;
+   uint64_t doneint:1;
+   uint64_t reserved_17_63:47;
+   uint64_t reserved_64_127;
+   };
+   uint16_t u16[8];
+   };
+};
+
 /*
  * Security session for inline IPsec protocol offload. This is private data of
  * inline capable PMD.
diff --git a/drivers/event/octeontx2/Makefile b/drivers/event/octeontx2/Makefile
index 6dab69c..bcd22ee 100644
--- a/drivers/event/octeontx2/Makefile
+++ b/drivers/event/octeontx2/Makefile
@@ -11,6 +11,7 @@ LIB = librte_pmd_octeontx2_event.a
 
 CFLAGS += $(WERROR_FLAGS)
 CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2
+CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2
 CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2
 CFLAGS += -I$(RTE_SDK)/drivers/event/octeontx2
 CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2
diff --git a/drivers/event/octeontx2/meson.build 
b/drivers/event/octeontx2/meson.build
index 807818b..56febb8 100644
--- a/drivers/event/octeontx2/meson.build
+++ b/drivers/event/octeontx2/meson.build
@@ -32,3 +32,5 @@ foreach flag: extra_flags
 endforeach
 
 deps += ['bus_pci', 'common_octeontx2', 'mempool_octeontx2', 'pmd_octeontx2']
+
+includes += include_directories('../../crypto/octeontx2')
diff --git a/drivers/net/octeontx2/Makefile b/drivers/net/octeontx2/Makefile
index 68f5765..d31ce0a 100644
--- a/drivers/net/octeontx2/Makefile
+++ b/drivers/net/octeontx2/Makefile
@@ -11,6 +11,7 @@ LIB = librte_pmd_octeontx2.a
 
 CFLAGS += $(WERROR_FLAGS)
 CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2
+CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2
 CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2
 CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2
 CFLAGS += -O3
diff --git a/drivers/net/octeontx2/meson.build 
b/drivers/net/octeontx2/meson.build
index fad3076..4a06eb2 100644
--- a/drivers/net/octeontx2/meson.build
+++ b/drivers/net/octeontx2/meson.build
@@ -25,6 +25,7 @@ sources = files('otx2_rx.c',
)
 
 deps += ['bus_pci', 'common_octeontx2', 'mempool_octeontx2']
+deps += ['cryptodev', 'security']
 
 cflags += ['-flax-vector-conversions']
 
@@ -39,3 +40,5 @@ foreach flag: extra_flags
cflags += flag
endif
 endforeach
+
+includes += include_directories('../../crypto/octeontx2')
diff --git a/drivers/net/octeontx2/otx2_rx.h b/drivers/net/octeontx2/otx2_rx.h
index 351ad0f..e1715bd 100644
--- a/drivers/net/octeontx2/otx2_rx.h
+++ b/drivers/net/octeontx2/otx2_rx.h
@@ -5,6 +5,12 @@
 #ifndef __OTX2_RX_H__
 #define __OTX2_RX_H__
 
+#include 
+
+#include "otx2_common.h"
+#include "otx2_ipsec_fp.h"
+#include "otx2_security.h"
+
 /* Default mark value used when none is provided. */
 #define OTX2_FLOW_ACTION_FLAG_DEFAULT  0x
 
@@ -31,6 +37,12 @@
 #define NIX_RX_MULTI_SEG_FBIT(15)
 #define NIX_TIMESYNC_RX_OFFSET 8
 
+/* Inline IPsec offsets */
+
+#define INLINE_INB_RPTR_HDR16
+/* nix_cqe_hdr_s + nix_rx_parse_s + nix_rx_sg_s + nix_iova_s */
+#define INLINE_CPT_RESULT_OFFSET   80
+
 struct otx2_timesync_info {
uint64_trx_tstamp;
rte_iova_t  tx_tsta

[dpdk-dev] [PATCH v2 09/15] crypto/octeontx2: add datapath ops in eth security ctx

[Anoob Joseph]

From: Ankur Dwivedi 

Adding data path ops in eth security ctx.

Signed-off-by: Ankur Dwivedi 
Signed-off-by: Anoob Joseph 
Signed-off-by: Archana Muniganti 
Signed-off-by: Tejasree Kondoj 
Signed-off-by: Vamsi Attunuru 
---
 drivers/crypto/octeontx2/otx2_security.c | 23 +++
 1 file changed, 23 insertions(+)

diff --git a/drivers/crypto/octeontx2/otx2_security.c 
b/drivers/crypto/octeontx2/otx2_security.c
index b4f5c5c..5606851 100644
--- a/drivers/crypto/octeontx2/otx2_security.c
+++ b/drivers/crypto/octeontx2/otx2_security.c
@@ -445,6 +445,27 @@ otx2_sec_eth_session_get_size(void *device __rte_unused)
return sizeof(struct otx2_sec_session);
 }
 
+static int
+otx2_sec_eth_set_pkt_mdata(void *device __rte_unused,
+   struct rte_security_session *session,
+   struct rte_mbuf *m, void *params __rte_unused)
+{
+   /* Set security session as the pkt metadata */
+   m->udata64 = (uint64_t)session;
+
+   return 0;
+}
+
+static int
+otx2_sec_eth_get_userdata(void *device __rte_unused, uint64_t md,
+  void **userdata)
+{
+   /* Retrieve userdata  */
+   *userdata = (void *)md;
+
+   return 0;
+}
+
 static const struct rte_security_capability *
 otx2_sec_eth_capabilities_get(void *device __rte_unused)
 {
@@ -455,6 +476,8 @@ static struct rte_security_ops otx2_sec_eth_ops = {
.session_create = otx2_sec_eth_session_create,
.session_destroy= otx2_sec_eth_session_destroy,
.session_get_size   = otx2_sec_eth_session_get_size,
+   .set_pkt_metadata   = otx2_sec_eth_set_pkt_mdata,
+   .get_userdata   = otx2_sec_eth_get_userdata,
.capabilities_get   = otx2_sec_eth_capabilities_get
 };
 
-- 
2.7.4

[dpdk-dev] [PATCH v2 10/15] crypto/octeontx2: add lookup mem changes to hold sa indices

[Anoob Joseph]

From: Archana Muniganti 

lookup_mem provides fast accessing of data path fields.
Storing sa indices in lookup_mem which are required in
inline rx data path.

Signed-off-by: Ankur Dwivedi 
Signed-off-by: Anoob Joseph 
Signed-off-by: Archana Muniganti 
Signed-off-by: Tejasree Kondoj 
Signed-off-by: Vamsi Attunuru 
---
 drivers/common/octeontx2/otx2_common.h   |  4 +++
 drivers/crypto/octeontx2/otx2_security.c | 59 
 drivers/net/octeontx2/otx2_lookup.c  | 11 --
 3 files changed, 72 insertions(+), 2 deletions(-)

diff --git a/drivers/common/octeontx2/otx2_common.h 
b/drivers/common/octeontx2/otx2_common.h
index fbe7335..88b4b63 100644
--- a/drivers/common/octeontx2/otx2_common.h
+++ b/drivers/common/octeontx2/otx2_common.h
@@ -170,4 +170,8 @@ extern int otx2_logtype_dpi;
 #include "otx2_io_generic.h"
 #endif
 
+/* Fastpath lookup */
+#define OTX2_NIX_FASTPATH_LOOKUP_MEM   "otx2_nix_fastpath_lookup_mem"
+#define OTX2_NIX_SA_TBL_START  (4096*4 + 69632*2)
+
 #endif /* _OTX2_COMMON_H_ */
diff --git a/drivers/crypto/octeontx2/otx2_security.c 
b/drivers/crypto/octeontx2/otx2_security.c
index 5606851..ab488a0 100644
--- a/drivers/crypto/octeontx2/otx2_security.c
+++ b/drivers/crypto/octeontx2/otx2_security.c
@@ -10,6 +10,7 @@
 #include 
 #include 
 
+#include "otx2_common.h"
 #include "otx2_cryptodev_qp.h"
 #include "otx2_ethdev.h"
 #include "otx2_ipsec_fp.h"
@@ -96,6 +97,59 @@ static const struct rte_security_capability 
otx2_sec_eth_capabilities[] = {
}
 };
 
+static void
+lookup_mem_sa_tbl_clear(struct rte_eth_dev *eth_dev)
+{
+   static const char name[] = OTX2_NIX_FASTPATH_LOOKUP_MEM;
+   uint16_t port = eth_dev->data->port_id;
+   const struct rte_memzone *mz;
+   uint64_t **sa_tbl;
+   uint8_t *mem;
+
+   mz = rte_memzone_lookup(name);
+   if (mz == NULL)
+   return;
+
+   mem = mz->addr;
+
+   sa_tbl  = (uint64_t **)RTE_PTR_ADD(mem, OTX2_NIX_SA_TBL_START);
+   if (sa_tbl[port] == NULL)
+   return;
+
+   rte_free(sa_tbl[port]);
+   sa_tbl[port] = NULL;
+}
+
+static int
+lookup_mem_sa_index_update(struct rte_eth_dev *eth_dev, int spi, void *sa)
+{
+   static const char name[] = OTX2_NIX_FASTPATH_LOOKUP_MEM;
+   struct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev);
+   uint16_t port = eth_dev->data->port_id;
+   const struct rte_memzone *mz;
+   uint64_t **sa_tbl;
+   uint8_t *mem;
+
+   mz = rte_memzone_lookup(name);
+   if (mz == NULL) {
+   otx2_err("Could not find fastpath lookup table");
+   return -EINVAL;
+   }
+
+   mem = mz->addr;
+
+   sa_tbl = (uint64_t **)RTE_PTR_ADD(mem, OTX2_NIX_SA_TBL_START);
+
+   if (sa_tbl[port] == NULL) {
+   sa_tbl[port] = rte_malloc(NULL, dev->ipsec_in_max_spi *
+ sizeof(uint64_t), 0);
+   }
+
+   sa_tbl[port][spi] = (uint64_t)sa;
+
+   return 0;
+}
+
 static int
 otx2_sec_eth_tx_cpt_qp_get(uint16_t port_id, struct otx2_cpt_qp **qp)
 {
@@ -343,6 +397,9 @@ sec_eth_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,
 
sa->userdata = priv->userdata;
 
+   if (lookup_mem_sa_index_update(eth_dev, ipsec->spi, sa))
+   return -EINVAL;
+
return ipsec_fp_sa_ctl_set(ipsec, crypto_xform, ctl);
 }
 
@@ -626,6 +683,8 @@ otx2_sec_eth_fini(struct rte_eth_dev *eth_dev)
!(dev->rx_offloads & DEV_RX_OFFLOAD_SECURITY))
return;
 
+   lookup_mem_sa_tbl_clear(eth_dev);
+
in_sa_mz_name_get(name, RTE_MEMZONE_NAMESIZE, port);
rte_memzone_free(rte_memzone_lookup(name));
 }
diff --git a/drivers/net/octeontx2/otx2_lookup.c 
b/drivers/net/octeontx2/otx2_lookup.c
index bcf2ff4..d1cf3c3 100644
--- a/drivers/net/octeontx2/otx2_lookup.c
+++ b/drivers/net/octeontx2/otx2_lookup.c
@@ -5,6 +5,7 @@
 #include 
 #include 
 
+#include "otx2_common.h"
 #include "otx2_ethdev.h"
 
 /* NIX_RX_PARSE_S's ERRCODE + ERRLEV (12 bits) */
@@ -12,7 +13,9 @@
 #define ERR_ARRAY_SZ   ((BIT(ERRCODE_ERRLEN_WIDTH)) *\
sizeof(uint32_t))
 
-#define LOOKUP_ARRAY_SZ(PTYPE_ARRAY_SZ + ERR_ARRAY_SZ)
+#define SA_TBL_SZ  (RTE_MAX_ETHPORTS * sizeof(uint64_t))
+#define LOOKUP_ARRAY_SZ(PTYPE_ARRAY_SZ + ERR_ARRAY_SZ 
+\
+   SA_TBL_SZ)
 
 const uint32_t *
 otx2_nix_supported_ptypes_get(struct rte_eth_dev *eth_dev)
@@ -314,10 +317,14 @@ nix_create_rx_ol_flags_array(void *mem)
 void *
 otx2_nix_fastpath_lookup_mem_get(void)
 {
-   const char name[] = "otx2_nix_fastpath_lookup_mem";
+   const char name[] = OTX2_NIX_FASTPATH_LOOKUP_MEM;
const struct rte_memzone *mz;
void *mem;
 
+   /* SA_TBL starts after PTYPE_ARRAY & ERR_ARRAY */
+   RTE_BUILD_BUG_ON(OTX2_NIX_SA_TBL_START != (PTYPE_ARRAY_SZ +
+  

[dpdk-dev] [PATCH v2 15/15] crypto/octeontx2: sync inline tag type cfg with Rx adapter configuration

[Anoob Joseph]

From: Vamsi Attunuru 

Tag type configuration for the inline processed packets is set during
ethdev configuration, it might conflict with tag type configuration
done during Rx adapter configuration which would be setup later.

This conflict is fixed as part of flow rule creation by updating
tag type config of inline same as Rx adapter configured tag type.

Signed-off-by: Ankur Dwivedi 
Signed-off-by: Anoob Joseph 
Signed-off-by: Archana Muniganti 
Signed-off-by: Tejasree Kondoj 
Signed-off-by: Vamsi Attunuru 
---
 drivers/common/octeontx2/otx2_common.h|  2 ++
 drivers/crypto/octeontx2/otx2_cryptodev.c |  2 ++
 drivers/crypto/octeontx2/otx2_security.c  | 28 
 drivers/crypto/octeontx2/otx2_security.h  |  2 ++
 drivers/net/octeontx2/otx2_flow.c | 26 ++
 5 files changed, 60 insertions(+)

diff --git a/drivers/common/octeontx2/otx2_common.h 
b/drivers/common/octeontx2/otx2_common.h
index 88b4b63..01d3a35 100644
--- a/drivers/common/octeontx2/otx2_common.h
+++ b/drivers/common/octeontx2/otx2_common.h
@@ -81,12 +81,14 @@ typedef int (*otx2_sec_eth_ctx_create_t)(struct rte_eth_dev 
*eth_dev);
 typedef void (*otx2_sec_eth_ctx_destroy_t)(struct rte_eth_dev *eth_dev);
 typedef int (*otx2_sec_eth_init_t)(struct rte_eth_dev *eth_dev);
 typedef void (*otx2_sec_eth_fini_t)(struct rte_eth_dev *eth_dev);
+typedef int (*otx2_sec_eth_update_tag_type_t)(struct rte_eth_dev *eth_dev);
 
 struct otx2_sec_eth_crypto_idev_ops {
otx2_sec_eth_ctx_create_t ctx_create;
otx2_sec_eth_ctx_destroy_t ctx_destroy;
otx2_sec_eth_init_t init;
otx2_sec_eth_fini_t fini;
+   otx2_sec_eth_update_tag_type_t update_tag_type;
 };
 
 extern struct otx2_sec_eth_crypto_idev_ops otx2_sec_idev_ops;
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c 
b/drivers/crypto/octeontx2/otx2_cryptodev.c
index 34feb82..b944a51 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev.c
@@ -160,4 +160,6 @@ RTE_INIT(otx2_cpt_init_log)
otx2_sec_idev_ops.ctx_destroy = otx2_sec_eth_ctx_destroy;
otx2_sec_idev_ops.init = otx2_sec_eth_init;
otx2_sec_idev_ops.fini = otx2_sec_eth_fini;
+   otx2_sec_idev_ops.update_tag_type = otx2_sec_eth_update_tag_type;
+
 }
diff --git a/drivers/crypto/octeontx2/otx2_security.c 
b/drivers/crypto/octeontx2/otx2_security.c
index 9a08849..37b9e54 100644
--- a/drivers/crypto/octeontx2/otx2_security.c
+++ b/drivers/crypto/octeontx2/otx2_security.c
@@ -710,6 +710,34 @@ sec_eth_ipsec_cfg(struct rte_eth_dev *eth_dev, uint8_t tt)
 }
 
 int
+otx2_sec_eth_update_tag_type(struct rte_eth_dev *eth_dev)
+{
+   struct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev);
+   struct otx2_mbox *mbox = dev->mbox;
+   struct nix_aq_enq_rsp *rsp;
+   struct nix_aq_enq_req *aq;
+   int ret;
+
+   aq = otx2_mbox_alloc_msg_nix_aq_enq(mbox);
+   aq->qidx = 0; /* Read RQ:0 context */
+   aq->ctype = NIX_AQ_CTYPE_RQ;
+   aq->op = NIX_AQ_INSTOP_READ;
+
+   ret = otx2_mbox_process_msg(mbox, (void *)&rsp);
+   if (ret < 0) {
+   otx2_err("Could not read RQ context");
+   return ret;
+   }
+
+   /* Update tag type */
+   ret = sec_eth_ipsec_cfg(eth_dev, rsp->rq.sso_tt);
+   if (ret < 0)
+   otx2_err("Could not update sec eth tag type");
+
+   return ret;
+}
+
+int
 otx2_sec_eth_init(struct rte_eth_dev *eth_dev)
 {
const size_t sa_width = sizeof(struct otx2_ipsec_fp_in_sa);
diff --git a/drivers/crypto/octeontx2/otx2_security.h 
b/drivers/crypto/octeontx2/otx2_security.h
index fe7c883..3615273 100644
--- a/drivers/crypto/octeontx2/otx2_security.h
+++ b/drivers/crypto/octeontx2/otx2_security.h
@@ -146,6 +146,8 @@ int otx2_sec_eth_ctx_create(struct rte_eth_dev *eth_dev);
 
 void otx2_sec_eth_ctx_destroy(struct rte_eth_dev *eth_dev);
 
+int otx2_sec_eth_update_tag_type(struct rte_eth_dev *eth_dev);
+
 int otx2_sec_eth_init(struct rte_eth_dev *eth_dev);
 
 void otx2_sec_eth_fini(struct rte_eth_dev *eth_dev);
diff --git a/drivers/net/octeontx2/otx2_flow.c 
b/drivers/net/octeontx2/otx2_flow.c
index f1fb9f9..dea5337 100644
--- a/drivers/net/octeontx2/otx2_flow.c
+++ b/drivers/net/octeontx2/otx2_flow.c
@@ -299,6 +299,22 @@ flow_free_rss_action(struct rte_eth_dev *eth_dev,
return 0;
 }
 
+static int
+flow_update_sec_tt(struct rte_eth_dev *eth_dev,
+  const struct rte_flow_action actions[])
+{
+   int rc = 0;
+
+   for (; actions->type != RTE_FLOW_ACTION_TYPE_END; actions++) {
+   if (actions->type == RTE_FLOW_ACTION_TYPE_SECURITY) {
+   if (otx2_sec_idev_ops.update_tag_type != NULL)
+   rc = otx2_sec_idev_ops.update_tag_type(eth_dev);
+   break;
+   }
+   }
+
+   return rc;
+}
 
 static int
 flow_parse_meta_items(__rte_unused struct otx2_parse_state *pst)
@@ -491,6 +507,16 @@ otx2_f

[dpdk-dev] [PATCH v2 13/15] drivers/octeontx2: add sec in compiler optimized TX fastpath framework

[Anoob Joseph]

From: Archana Muniganti 

Added new flag for SECURITY in compiler optimized TX fastpath
framework. With this, compiler autogenerates functions which
have security enabled.

Signed-off-by: Ankur Dwivedi 
Signed-off-by: Anoob Joseph 
Signed-off-by: Archana Muniganti 
Signed-off-by: Tejasree Kondoj 
Signed-off-by: Vamsi Attunuru 
---
 drivers/event/octeontx2/otx2_evdev.c   |  36 ++--
 drivers/event/octeontx2/otx2_evdev.h   |   2 +-
 drivers/event/octeontx2/otx2_worker.c  |   4 +-
 drivers/event/octeontx2/otx2_worker_dual.c |   4 +-
 drivers/net/octeontx2/otx2_ethdev.c|   3 +
 drivers/net/octeontx2/otx2_tx.c|  29 +--
 drivers/net/octeontx2/otx2_tx.h| 271 ++---
 7 files changed, 250 insertions(+), 99 deletions(-)

diff --git a/drivers/event/octeontx2/otx2_evdev.c 
b/drivers/event/octeontx2/otx2_evdev.c
index f6c641a..d20213d 100644
--- a/drivers/event/octeontx2/otx2_evdev.c
+++ b/drivers/event/octeontx2/otx2_evdev.c
@@ -177,35 +177,37 @@ SSO_RX_ADPTR_ENQ_FASTPATH_FUNC
};
 
/* Tx modes */
-   const event_tx_adapter_enqueue ssogws_tx_adptr_enq[2][2][2][2][2][2] = {
-#define T(name, f5, f4, f3, f2, f1, f0, sz, flags) \
-   [f5][f4][f3][f2][f1][f0] =  otx2_ssogws_tx_adptr_enq_ ## name,
+   const event_tx_adapter_enqueue
+   ssogws_tx_adptr_enq[2][2][2][2][2][2][2] = {
+#define T(name, f6, f5, f4, f3, f2, f1, f0, sz, flags) \
+   [f6][f5][f4][f3][f2][f1][f0] =  \
+   otx2_ssogws_tx_adptr_enq_ ## name,
 SSO_TX_ADPTR_ENQ_FASTPATH_FUNC
 #undef T
};
 
const event_tx_adapter_enqueue
-   ssogws_tx_adptr_enq_seg[2][2][2][2][2][2] = {
-#define T(name, f5, f4, f3, f2, f1, f0, sz, flags) \
-   [f5][f4][f3][f2][f1][f0] =  \
+   ssogws_tx_adptr_enq_seg[2][2][2][2][2][2][2] = {
+#define T(name, f6, f5, f4, f3, f2, f1, f0, sz, flags) \
+   [f6][f5][f4][f3][f2][f1][f0] =  \
otx2_ssogws_tx_adptr_enq_seg_ ## name,
 SSO_TX_ADPTR_ENQ_FASTPATH_FUNC
 #undef T
};
 
const event_tx_adapter_enqueue
-   ssogws_dual_tx_adptr_enq[2][2][2][2][2][2] = {
-#define T(name, f5, f4, f3, f2, f1, f0, sz, flags) \
-   [f5][f4][f3][f2][f1][f0] =  \
+   ssogws_dual_tx_adptr_enq[2][2][2][2][2][2][2] = {
+#define T(name, f6, f5, f4, f3, f2, f1, f0, sz, flags) \
+   [f6][f5][f4][f3][f2][f1][f0] =  \
otx2_ssogws_dual_tx_adptr_enq_ ## name,
 SSO_TX_ADPTR_ENQ_FASTPATH_FUNC
 #undef T
};
 
const event_tx_adapter_enqueue
-   ssogws_dual_tx_adptr_enq_seg[2][2][2][2][2][2] = {
-#define T(name, f5, f4, f3, f2, f1, f0, sz, flags) \
-   [f5][f4][f3][f2][f1][f0] =  \
+   ssogws_dual_tx_adptr_enq_seg[2][2][2][2][2][2][2] = {
+#define T(name, f6, f5, f4, f3, f2, f1, f0, sz, flags) \
+   [f6][f5][f4][f3][f2][f1][f0] =  \
otx2_ssogws_dual_tx_adptr_enq_seg_ ## name,
 SSO_TX_ADPTR_ENQ_FASTPATH_FUNC
 #undef T
@@ -290,8 +292,9 @@ SSO_TX_ADPTR_ENQ_FASTPATH_FUNC
}
 
if (dev->tx_offloads & NIX_TX_MULTI_SEG_F) {
-   /* [TSMP] [MBUF_NOFF] [VLAN] [OL3_L4_CSUM] [L3_L4_CSUM] */
+   /* [SEC] [TSMP] [MBUF_NOFF] [VLAN] [OL3_L4_CSUM] [L3_L4_CSUM] */
event_dev->txa_enqueue = ssogws_tx_adptr_enq_seg
+   [!!(dev->tx_offloads & NIX_TX_OFFLOAD_SECURITY_F)]
[!!(dev->tx_offloads & NIX_TX_OFFLOAD_TSO_F)]
[!!(dev->tx_offloads & NIX_TX_OFFLOAD_TSTAMP_F)]
[!!(dev->tx_offloads & NIX_TX_OFFLOAD_MBUF_NOFF_F)]
@@ -300,6 +303,7 @@ SSO_TX_ADPTR_ENQ_FASTPATH_FUNC
[!!(dev->tx_offloads & NIX_TX_OFFLOAD_L3_L4_CSUM_F)];
} else {
event_dev->txa_enqueue = ssogws_tx_adptr_enq
+   [!!(dev->tx_offloads & NIX_TX_OFFLOAD_SECURITY_F)]
[!!(dev->tx_offloads & NIX_TX_OFFLOAD_TSO_F)]
[!!(dev->tx_offloads & NIX_TX_OFFLOAD_TSTAMP_F)]
[!!(dev->tx_offloads & NIX_TX_OFFLOAD_MBUF_NOFF_F)]
@@ -440,8 +444,10 @@ SSO_TX_ADPTR_ENQ_FASTPATH_FUNC
}
 
if (dev->tx_offloads & NIX_TX_MULTI_SEG_F) {
-   /* [TSMP] [MBUF_NOFF] [VLAN] [OL3_L4_CSUM] [L3_L4_CSUM] */
+   /* [SEC] [TSMP] [MBUF_NOFF] [VLAN] [OL3_L4_CSUM] [L3_L4_CSUM] */
event_dev->txa_enqueue = ssogws_dual_tx_adptr_enq_seg
+   [!!(dev->tx_offloads &
+ 

[dpdk-dev] [PATCH v2 12/15] drivers/octeontx2: add sec in compiler optimized RX fastpath framework

[Anoob Joseph]

From: Archana Muniganti 

Added new flag for SECURITY in RX compiler optimized fastpath
framework. With this, compiler autogenerates functions which
have security enabled.

Signed-off-by: Ankur Dwivedi 
Signed-off-by: Anoob Joseph 
Signed-off-by: Archana Muniganti 
Signed-off-by: Tejasree Kondoj 
Signed-off-by: Vamsi Attunuru 
---
 drivers/event/octeontx2/otx2_evdev.c   | 134 -
 drivers/event/octeontx2/otx2_evdev.h   |   2 +-
 drivers/event/octeontx2/otx2_worker.c  |   2 +-
 drivers/event/octeontx2/otx2_worker_dual.c |   2 +-
 drivers/net/octeontx2/otx2_ethdev.c|   3 +
 drivers/net/octeontx2/otx2_rx.c|  27 +--
 drivers/net/octeontx2/otx2_rx.h| 306 -
 7 files changed, 320 insertions(+), 156 deletions(-)

diff --git a/drivers/event/octeontx2/otx2_evdev.c 
b/drivers/event/octeontx2/otx2_evdev.c
index 2daeba4..f6c641a 100644
--- a/drivers/event/octeontx2/otx2_evdev.c
+++ b/drivers/event/octeontx2/otx2_evdev.c
@@ -44,61 +44,64 @@ sso_fastpath_fns_set(struct rte_eventdev *event_dev)
 {
struct otx2_sso_evdev *dev = sso_pmd_priv(event_dev);
/* Single WS modes */
-   const event_dequeue_t ssogws_deq[2][2][2][2][2][2] = {
-#define R(name, f5, f4, f3, f2, f1, f0, flags) \
-   [f5][f4][f3][f2][f1][f0] = otx2_ssogws_deq_ ##name,
+   const event_dequeue_t ssogws_deq[2][2][2][2][2][2][2] = {
+#define R(name, f6, f5, f4, f3, f2, f1, f0, flags) \
+   [f6][f5][f4][f3][f2][f1][f0] = otx2_ssogws_deq_ ##name,
 SSO_RX_ADPTR_ENQ_FASTPATH_FUNC
 #undef R
};
 
-   const event_dequeue_burst_t ssogws_deq_burst[2][2][2][2][2][2] = {
-#define R(name, f5, f4, f3, f2, f1, f0, flags) \
-   [f5][f4][f3][f2][f1][f0] = otx2_ssogws_deq_burst_ ##name,
+   const event_dequeue_burst_t ssogws_deq_burst[2][2][2][2][2][2][2] = {
+#define R(name, f6, f5, f4, f3, f2, f1, f0, flags) \
+   [f6][f5][f4][f3][f2][f1][f0] = otx2_ssogws_deq_burst_ ##name,
 SSO_RX_ADPTR_ENQ_FASTPATH_FUNC
 #undef R
};
 
-   const event_dequeue_t ssogws_deq_timeout[2][2][2][2][2][2] = {
-#define R(name, f5, f4, f3, f2, f1, f0, flags) \
-   [f5][f4][f3][f2][f1][f0] = otx2_ssogws_deq_timeout_ ##name,
+   const event_dequeue_t ssogws_deq_timeout[2][2][2][2][2][2][2] = {
+#define R(name, f6, f5, f4, f3, f2, f1, f0, flags) \
+   [f6][f5][f4][f3][f2][f1][f0] = otx2_ssogws_deq_timeout_ ##name,
 SSO_RX_ADPTR_ENQ_FASTPATH_FUNC
 #undef R
};
 
const event_dequeue_burst_t
-   ssogws_deq_timeout_burst[2][2][2][2][2][2] = {
-#define R(name, f5, f4, f3, f2, f1, f0, flags) \
-   [f5][f4][f3][f2][f1][f0] =  \
+   ssogws_deq_timeout_burst[2][2][2][2][2][2][2] = {
+#define R(name, f6, f5, f4, f3, f2, f1, f0, flags) \
+   [f6][f5][f4][f3][f2][f1][f0] =  \
otx2_ssogws_deq_timeout_burst_ ##name,
 SSO_RX_ADPTR_ENQ_FASTPATH_FUNC
 #undef R
};
 
-   const event_dequeue_t ssogws_deq_seg[2][2][2][2][2][2] = {
-#define R(name, f5, f4, f3, f2, f1, f0, flags) \
-   [f5][f4][f3][f2][f1][f0] = otx2_ssogws_deq_seg_ ##name,
+   const event_dequeue_t ssogws_deq_seg[2][2][2][2][2][2][2] = {
+#define R(name, f6, f5, f4, f3, f2, f1, f0, flags) \
+   [f6][f5][f4][f3][f2][f1][f0] = otx2_ssogws_deq_seg_ ##name,
 SSO_RX_ADPTR_ENQ_FASTPATH_FUNC
 #undef R
};
 
-   const event_dequeue_burst_t ssogws_deq_seg_burst[2][2][2][2][2][2] = {
-#define R(name, f5, f4, f3, f2, f1, f0, flags) \
-   [f5][f4][f3][f2][f1][f0] = otx2_ssogws_deq_seg_burst_ ##name,
+   const event_dequeue_burst_t
+   ssogws_deq_seg_burst[2][2][2][2][2][2][2] = {
+#define R(name, f6, f5, f4, f3, f2, f1, f0, flags) \
+   [f6][f5][f4][f3][f2][f1][f0] =  \
+   otx2_ssogws_deq_seg_burst_ ##name,
 SSO_RX_ADPTR_ENQ_FASTPATH_FUNC
 #undef R
};
 
-   const event_dequeue_t ssogws_deq_seg_timeout[2][2][2][2][2][2] = {
-#define R(name, f5, f4, f3, f2, f1, f0, flags) \
-   [f5][f4][f3][f2][f1][f0] = otx2_ssogws_deq_seg_timeout_ ##name,
+   const event_dequeue_t ssogws_deq_seg_timeout[2][2][2][2][2][2][2] = {
+#define R(name, f6, f5, f4, f3, f2, f1, f0, flags) \
+   [f6][f5][f4][f3][f2][f1][f0] =  \
+   otx2_ssogws_deq_seg_timeout_ ##name,
 SSO_RX_ADPTR_ENQ_FASTPATH_FUNC
 #undef R
};
 
const event_dequeue_burst_t
-   ssogws_deq_seg_timeout_burst[2][2][2][2][2][2] = {
-#define R(n

[dpdk-dev] [PATCH v2 14/15] crypto/octeontx2: add inline tx path changes

[Anoob Joseph]

From: Ankur Dwivedi 

Adding pre-processing required for inline IPsec outbound packets.

Signed-off-by: Ankur Dwivedi 
Signed-off-by: Anoob Joseph 
Signed-off-by: Archana Muniganti 
Signed-off-by: Tejasree Kondoj 
Signed-off-by: Vamsi Attunuru 
---
 drivers/crypto/octeontx2/otx2_security.c|  82 +
 drivers/crypto/octeontx2/otx2_security.h|  60 ++
 drivers/crypto/octeontx2/otx2_security_tx.h | 175 
 drivers/event/octeontx2/meson.build |   3 +-
 drivers/event/octeontx2/otx2_worker.h   |   6 +
 5 files changed, 325 insertions(+), 1 deletion(-)
 create mode 100644 drivers/crypto/octeontx2/otx2_security_tx.h

diff --git a/drivers/crypto/octeontx2/otx2_security.c 
b/drivers/crypto/octeontx2/otx2_security.c
index ab488a0..9a08849 100644
--- a/drivers/crypto/octeontx2/otx2_security.c
+++ b/drivers/crypto/octeontx2/otx2_security.c
@@ -3,12 +3,15 @@
  */
 
 #include 
+#include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
 #include 
+#include 
 
 #include "otx2_common.h"
 #include "otx2_cryptodev_qp.h"
@@ -18,6 +21,15 @@
 
 #define SEC_ETH_MAX_PKT_LEN1450
 
+#define AH_HDR_LEN 12
+#define AES_GCM_IV_LEN 8
+#define AES_GCM_MAC_LEN16
+#define AES_CBC_IV_LEN 16
+#define SHA1_HMAC_LEN  12
+
+#define AES_GCM_ROUNDUP_BYTE_LEN   4
+#define AES_CBC_ROUNDUP_BYTE_LEN   16
+
 struct sec_eth_tag_const {
RTE_STD_C11
union {
@@ -239,6 +251,60 @@ in_sa_get(uint16_t port, int sa_index)
 }
 
 static int
+ipsec_sa_const_set(struct rte_security_ipsec_xform *ipsec,
+  struct rte_crypto_sym_xform *xform,
+  struct otx2_sec_session_ipsec_ip *sess)
+{
+   struct rte_crypto_sym_xform *cipher_xform, *auth_xform;
+
+   sess->partial_len = sizeof(struct rte_ipv4_hdr);
+
+   if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) {
+   sess->partial_len += sizeof(struct rte_esp_hdr);
+   sess->roundup_len = sizeof(struct rte_esp_tail);
+   } else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) {
+   sess->partial_len += AH_HDR_LEN;
+   } else {
+   return -EINVAL;
+   }
+
+   if (ipsec->options.udp_encap)
+   sess->partial_len += sizeof(struct rte_udp_hdr);
+
+   if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+   if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
+   sess->partial_len += AES_GCM_IV_LEN;
+   sess->partial_len += AES_GCM_MAC_LEN;
+   sess->roundup_byte = AES_GCM_ROUNDUP_BYTE_LEN;
+   }
+   return 0;
+   }
+
+   if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+   cipher_xform = xform;
+   auth_xform = xform->next;
+   } else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
+   auth_xform = xform;
+   cipher_xform = xform->next;
+   } else {
+   return -EINVAL;
+   }
+   if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
+   sess->partial_len += AES_CBC_IV_LEN;
+   sess->roundup_byte = AES_CBC_ROUNDUP_BYTE_LEN;
+   } else {
+   return -EINVAL;
+   }
+
+   if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC)
+   sess->partial_len += SHA1_HMAC_LEN;
+   else
+   return -EINVAL;
+
+   return 0;
+}
+
+static int
 sec_eth_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
  struct rte_security_ipsec_xform *ipsec,
  struct rte_crypto_sym_xform *crypto_xform,
@@ -252,6 +318,7 @@ sec_eth_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
struct otx2_ipsec_fp_sa_ctl *ctl;
struct otx2_ipsec_fp_out_sa *sa;
struct otx2_sec_session *priv;
+   struct otx2_cpt_inst_s inst;
struct otx2_cpt_qp *qp;
 
priv = get_sec_session_private_data(sec_sess);
@@ -266,6 +333,12 @@ sec_eth_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
 
memset(sess, 0, sizeof(struct otx2_sec_session_ipsec_ip));
 
+   sess->seq = 1;
+
+   ret = ipsec_sa_const_set(ipsec, crypto_xform, sess);
+   if (ret < 0)
+   return ret;
+
memcpy(sa->nonce, &ipsec->salt, 4);
 
if (ipsec->options.udp_encap == 1) {
@@ -274,6 +347,9 @@ sec_eth_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
}
 
if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
+   /* Start ip id from 1 */
+   sess->ip_id = 1;
+
if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
memcpy(&sa->ip_src, &ipsec->tunnel.ipv4.src_ip,
   sizeof(struct in_addr));
@@ -307,6 +383,12 @@ sec_eth_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
else
return -EINVAL;
 
+   /* Determine word 7 of CPT instr

Re: [dpdk-dev] [PATCH v9 2/6] lib/ring: apis to support configurable element size

[Ananyev, Konstantin]

> > On Wed, Jan 15, 2020 at 11:25:07PM -0600, Honnappa Nagarahalli wrote:
> > > Current APIs assume ring elements to be pointers. However, in many use
> > > cases, the size can be different. Add new APIs to support configurable
> > > ring element sizes.
> > >
> > > Signed-off-by: Honnappa Nagarahalli 
> > > Reviewed-by: Dharmik Thakkar 
> > > Reviewed-by: Gavin Hu 
> > > Reviewed-by: Ruifeng Wang 
> > > ---
> > >  lib/librte_ring/Makefile |3 +-
> > >  lib/librte_ring/meson.build  |4 +
> > >  lib/librte_ring/rte_ring.c   |   41 +-
> > >  lib/librte_ring/rte_ring.h   |1 +
> > >  lib/librte_ring/rte_ring_elem.h  | 1003 ++
> > >  lib/librte_ring/rte_ring_version.map |2 +
> > >  6 files changed, 1045 insertions(+), 9 deletions(-)  create mode
> > > 100644 lib/librte_ring/rte_ring_elem.h
> > >
> >
> > [...]
> >
> > > +static __rte_always_inline void
> > > +enqueue_elems_32(struct rte_ring *r, const uint32_t size, uint32_t idx,
> > > + const void *obj_table, uint32_t n)
> > > +{
> > > + unsigned int i;
> > > + uint32_t *ring = (uint32_t *)&r[1];
> > > + const uint32_t *obj = (const uint32_t *)obj_table;
> > > + if (likely(idx + n < size)) {
> > > + for (i = 0; i < (n & ~0x7); i += 8, idx += 8) {
> > > + ring[idx] = obj[i];
> > > + ring[idx + 1] = obj[i + 1];
> > > + ring[idx + 2] = obj[i + 2];
> > > + ring[idx + 3] = obj[i + 3];
> > > + ring[idx + 4] = obj[i + 4];
> > > + ring[idx + 5] = obj[i + 5];
> > > + ring[idx + 6] = obj[i + 6];
> > > + ring[idx + 7] = obj[i + 7];
> > > + }
> > > + switch (n & 0x7) {
> > > + case 7:
> > > + ring[idx++] = obj[i++]; /* fallthrough */
> > > + case 6:
> > > + ring[idx++] = obj[i++]; /* fallthrough */
> > > + case 5:
> > > + ring[idx++] = obj[i++]; /* fallthrough */
> > > + case 4:
> > > + ring[idx++] = obj[i++]; /* fallthrough */
> > > + case 3:
> > > + ring[idx++] = obj[i++]; /* fallthrough */
> > > + case 2:
> > > + ring[idx++] = obj[i++]; /* fallthrough */
> > > + case 1:
> > > + ring[idx++] = obj[i++]; /* fallthrough */
> > > + }
> > > + } else {
> > > + for (i = 0; idx < size; i++, idx++)
> > > + ring[idx] = obj[i];
> > > + /* Start at the beginning */
> > > + for (idx = 0; i < n; i++, idx++)
> > > + ring[idx] = obj[i];
> > > + }
> > > +}
> > > +
> > > +static __rte_always_inline void
> > > +enqueue_elems_64(struct rte_ring *r, uint32_t prod_head,
> > > + const void *obj_table, uint32_t n)
> > > +{
> > > + unsigned int i;
> > > + const uint32_t size = r->size;
> > > + uint32_t idx = prod_head & r->mask;
> > > + uint64_t *ring = (uint64_t *)&r[1];
> > > + const uint64_t *obj = (const uint64_t *)obj_table;
> > > + if (likely(idx + n < size)) {
> > > + for (i = 0; i < (n & ~0x3); i += 4, idx += 4) {
> > > + ring[idx] = obj[i];
> > > + ring[idx + 1] = obj[i + 1];
> > > + ring[idx + 2] = obj[i + 2];
> > > + ring[idx + 3] = obj[i + 3];
> > > + }
> > > + switch (n & 0x3) {
> > > + case 3:
> > > + ring[idx++] = obj[i++]; /* fallthrough */
> > > + case 2:
> > > + ring[idx++] = obj[i++]; /* fallthrough */
> > > + case 1:
> > > + ring[idx++] = obj[i++];
> > > + }
> > > + } else {
> > > + for (i = 0; idx < size; i++, idx++)
> > > + ring[idx] = obj[i];
> > > + /* Start at the beginning */
> > > + for (idx = 0; i < n; i++, idx++)
> > > + ring[idx] = obj[i];
> > > + }
> > > +}
> > > +
> > > +static __rte_always_inline void
> > > +enqueue_elems_128(struct rte_ring *r, uint32_t prod_head,
> > > + const void *obj_table, uint32_t n)
> > > +{
> > > + unsigned int i;
> > > + const uint32_t size = r->size;
> > > + uint32_t idx = prod_head & r->mask;
> > > + rte_int128_t *ring = (rte_int128_t *)&r[1];
> > > + const rte_int128_t *obj = (const rte_int128_t *)obj_table;
> > > + if (likely(idx + n < size)) {
> > > + for (i = 0; i < (n & ~0x1); i += 2, idx += 2)
> > > + memcpy((void *)(ring + idx),
> > > + (const void *)(obj + i), 32);
> > > + switch (n & 0x1) {
> > > + case 1:
> > > + memcpy((void *)(ring + idx),
> > > + (const void *)(obj + i), 16);
> > > + }
> > > + } else {
> > > + for (i = 0; idx < size; i++, idx++)
> > > + memcpy((void *)(ring + idx),
> > > + (const void *)(obj + i), 16);
> > > + /* Start at the beginning */
> > 

Re: [dpdk-dev] [PATCH v2 01/15] common/octeontx2: add CPT LF mbox for inline inbound

[Jerin Jacob]

On Sat, Jan 18, 2020 at 4:19 PM Anoob Joseph  wrote:
>
> Adding the new mbox introduced to configure CPT LF to be used for inline
> inbound.
>
> Signed-off-by: Anoob Joseph 
> Signed-off-by: Tejasree Kondoj 

Acked-by: Jerin Jacob 



> ---
>  drivers/common/octeontx2/otx2_mbox.h | 7 +++
>  1 file changed, 7 insertions(+)
>
> diff --git a/drivers/common/octeontx2/otx2_mbox.h 
> b/drivers/common/octeontx2/otx2_mbox.h
> index e0e4e2f..70452d1 100644
> --- a/drivers/common/octeontx2/otx2_mbox.h
> +++ b/drivers/common/octeontx2/otx2_mbox.h
> @@ -193,6 +193,8 @@ M(CPT_SET_CRYPTO_GRP,   0xA03, cpt_set_crypto_grp,
>   \
>msg_rsp) \
>  M(CPT_INLINE_IPSEC_CFG, 0xA04, cpt_inline_ipsec_cfg,   \
>cpt_inline_ipsec_cfg_msg, msg_rsp)   \
> +M(CPT_RX_INLINE_LF_CFG, 0xBFE, cpt_rx_inline_lf_cfg,   \
> +  cpt_rx_inline_lf_cfg_msg, msg_rsp)   \
>  /* NPC mbox IDs (range 0x6000 - 0x7FFF) */ \
>  M(NPC_MCAM_ALLOC_ENTRY,0x6000, npc_mcam_alloc_entry, 
>   \
> npc_mcam_alloc_entry_req,   \
> @@ -1202,6 +1204,11 @@ struct cpt_inline_ipsec_cfg_msg {
> uint16_t __otx2_io nix_pf_func; /* Outbound path NIX_PF_FUNC */
>  };
>
> +struct cpt_rx_inline_lf_cfg_msg {
> +   struct mbox_msghdr hdr;
> +   uint16_t __otx2_io sso_pf_func;
> +};
> +
>  /* NPC mbox message structs */
>
>  #define NPC_MCAM_ENTRY_INVALID 0x
> --
> 2.7.4
>

Re: [dpdk-dev] [PATCH v2 02/15] common/octeontx2: add routine to check if sec capable otx2

[Jerin Jacob]

On Sat, Jan 18, 2020 at 4:19 PM Anoob Joseph  wrote:
>
> From: Vamsi Attunuru 
>
> This routine returns true if given rte_eth_dev is security offload
> capable and belongs to octeontx2.
>
> Signed-off-by: Anoob Joseph 
> Signed-off-by: Tejasree Kondoj 
> Signed-off-by: Vamsi Attunuru 

Acked-by: Jerin Jacob 


> ---
>  drivers/common/octeontx2/otx2_common.c   | 20 
> 
>  drivers/common/octeontx2/otx2_common.h   |  2 ++
>  .../octeontx2/rte_common_octeontx2_version.map   |  1 +
>  3 files changed, 23 insertions(+)
>
> diff --git a/drivers/common/octeontx2/otx2_common.c 
> b/drivers/common/octeontx2/otx2_common.c
> index 7e45366..2f9b167 100644
> --- a/drivers/common/octeontx2/otx2_common.c
> +++ b/drivers/common/octeontx2/otx2_common.c
> @@ -3,6 +3,7 @@
>   */
>
>  #include 
> +#include 
>  #include 
>  #include 
>
> @@ -23,6 +24,25 @@ otx2_npa_set_defaults(struct otx2_idev_cfg *idev)
>
>  /**
>   * @internal
> + * Check if rte_eth_dev is security offload capable otx2_eth_dev
> + */
> +uint8_t
> +otx2_ethdev_is_sec_capable(struct rte_eth_dev *eth_dev)
> +{
> +   struct rte_pci_device *pci_dev;
> +
> +   pci_dev = RTE_ETH_DEV_TO_PCI(eth_dev);
> +
> +   if (pci_dev->id.device_id == PCI_DEVID_OCTEONTX2_RVU_PF ||
> +   pci_dev->id.device_id == PCI_DEVID_OCTEONTX2_RVU_VF ||
> +   pci_dev->id.device_id == PCI_DEVID_OCTEONTX2_RVU_AF_VF)
> +   return 1;
> +
> +   return 0;
> +}
> +
> +/**
> + * @internal
>   * Get intra device config structure.
>   */
>  struct otx2_idev_cfg *
> diff --git a/drivers/common/octeontx2/otx2_common.h 
> b/drivers/common/octeontx2/otx2_common.h
> index f62c45d..db0cde1 100644
> --- a/drivers/common/octeontx2/otx2_common.h
> +++ b/drivers/common/octeontx2/otx2_common.h
> @@ -8,6 +8,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  #include 
>  #include 
>  #include 
> @@ -70,6 +71,7 @@ struct otx2_idev_cfg *otx2_intra_dev_get_cfg(void);
>  void otx2_sso_pf_func_set(uint16_t sso_pf_func);
>  uint16_t otx2_sso_pf_func_get(void);
>  uint16_t otx2_npa_pf_func_get(void);
> +uint8_t otx2_ethdev_is_sec_capable(struct rte_eth_dev *eth_dev);
>  struct otx2_npa_lf *otx2_npa_lf_obj_get(void);
>  void otx2_npa_set_defaults(struct otx2_idev_cfg *idev);
>  int otx2_npa_lf_active(void *dev);
> diff --git a/drivers/common/octeontx2/rte_common_octeontx2_version.map 
> b/drivers/common/octeontx2/rte_common_octeontx2_version.map
> index adad21a..bd9fc41 100644
> --- a/drivers/common/octeontx2/rte_common_octeontx2_version.map
> +++ b/drivers/common/octeontx2/rte_common_octeontx2_version.map
> @@ -6,6 +6,7 @@ DPDK_20.0 {
> otx2_dev_priv_init;
> otx2_disable_irqs;
> otx2_intra_dev_get_cfg;
> +   otx2_ethdev_is_sec_capable;
> otx2_logtype_base;
> otx2_logtype_dpi;
> otx2_logtype_mbox;
> --
> 2.7.4
>

Re: [dpdk-dev] [PATCH v2 00/15] add OCTEONTX2 inline IPsec support

[Jerin Jacob]

On Sat, Jan 18, 2020 at 4:19 PM Anoob Joseph  wrote:
>
> This series adds inline IPsec support in OCTEONTX2 PMD.
>
> In the inbound path, rte_flow framework need to be used to configure
> the NPC block, which does the h/w lookup. The packets would get
> processed by the crypto block and would submit to the scheduling block,
> SSO. So inline IPsec mode can be enabled only when traffic is received
> via event device using Rx adapter.
>
> In the outbound path, the core would submit to the crypto block and the
> crypto block would submit the packet for Tx internally.


Please fix following check-git-log.sh issues.

Wrong headline lowercase:
net/octeontx2: add inline ipsec rx path changes
drivers/octeontx2: add sec in compiler optimized RX fastpath framework
drivers/octeontx2: add sec in compiler optimized TX fastpath framework
crypto/octeontx2: add inline tx path changes
Headline too long:
drivers/octeontx2: add sec in compiler optimized RX fastpath framework
drivers/octeontx2: add sec in compiler optimized TX fastpath framework
crypto/octeontx2: sync inline tag type cfg with Rx adapter configuration

Changing to Rx and Tx will fix most of the issues.



> v2:
> * Minimized additions to common/octeontx2
> * Updated release notes
> * Renamed otx2_is_ethdev to otx2_ethdev_is_sec_capable
>
> Ankur Dwivedi (3):
>   crypto/octeontx2: add eth security capabilities
>   crypto/octeontx2: add datapath ops in eth security ctx
>   crypto/octeontx2: add inline tx path changes
>
> Anoob Joseph (4):
>   common/octeontx2: add CPT LF mbox for inline inbound
>   crypto/octeontx2: create eth security ctx
>   crypto/octeontx2: enable CPT to share QP with ethdev
>   crypto/octeontx2: add eth security session operations
>
> Archana Muniganti (3):
>   crypto/octeontx2: add lookup mem changes to hold sa indices
>   drivers/octeontx2: add sec in compiler optimized RX fastpath framework
>   drivers/octeontx2: add sec in compiler optimized TX fastpath framework
>
> Tejasree Kondoj (3):
>   crypto/octeontx2: configure for inline IPsec
>   crypto/octeontx2: add security in eth dev configure
>   net/octeontx2: add inline ipsec rx path changes
>
> Vamsi Attunuru (2):
>   common/octeontx2: add routine to check if sec capable otx2
>   crypto/octeontx2: sync inline tag type cfg with Rx adapter
> configuration
>
>  doc/guides/nics/octeontx2.rst  |  20 +
>  doc/guides/rel_notes/release_20_02.rst |   9 +
>  drivers/common/octeontx2/otx2_common.c |  22 +
>  drivers/common/octeontx2/otx2_common.h |  22 +
>  drivers/common/octeontx2/otx2_mbox.h   |   7 +
>  .../octeontx2/rte_common_octeontx2_version.map |   3 +
>  drivers/crypto/octeontx2/Makefile  |   7 +-
>  drivers/crypto/octeontx2/meson.build   |   7 +-
>  drivers/crypto/octeontx2/otx2_cryptodev.c  |   8 +
>  .../crypto/octeontx2/otx2_cryptodev_hw_access.h|  22 +-
>  drivers/crypto/octeontx2/otx2_cryptodev_mbox.c |  53 ++
>  drivers/crypto/octeontx2/otx2_cryptodev_mbox.h |   7 +
>  drivers/crypto/octeontx2/otx2_cryptodev_ops.c  |  56 ++
>  drivers/crypto/octeontx2/otx2_cryptodev_qp.h   |  35 +
>  drivers/crypto/octeontx2/otx2_ipsec_fp.h   | 348 +
>  drivers/crypto/octeontx2/otx2_security.c   | 870 
> +
>  drivers/crypto/octeontx2/otx2_security.h   | 158 
>  drivers/crypto/octeontx2/otx2_security_tx.h| 175 +
>  drivers/event/octeontx2/Makefile   |   1 +
>  drivers/event/octeontx2/meson.build|   5 +-
>  drivers/event/octeontx2/otx2_evdev.c   | 170 ++--
>  drivers/event/octeontx2/otx2_evdev.h   |   4 +-
>  drivers/event/octeontx2/otx2_worker.c  |   6 +-
>  drivers/event/octeontx2/otx2_worker.h  |   6 +
>  drivers/event/octeontx2/otx2_worker_dual.c |   6 +-
>  drivers/net/octeontx2/Makefile |   1 +
>  drivers/net/octeontx2/meson.build  |   3 +
>  drivers/net/octeontx2/otx2_ethdev.c|  46 +-
>  drivers/net/octeontx2/otx2_ethdev.h|   2 +
>  drivers/net/octeontx2/otx2_ethdev_devargs.c|  19 +
>  drivers/net/octeontx2/otx2_flow.c  |  26 +
>  drivers/net/octeontx2/otx2_lookup.c|  11 +-
>  drivers/net/octeontx2/otx2_rx.c|  27 +-
>  drivers/net/octeontx2/otx2_rx.h| 377 ++---
>  drivers/net/octeontx2/otx2_tx.c|  29 +-
>  drivers/net/octeontx2/otx2_tx.h| 271 +--
>  36 files changed, 2556 insertions(+), 283 deletions(-)
>  create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_qp.h
>  create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_fp.h
>  create mode 100644 drivers/crypto/octeontx2/otx2_security.c
>  create mode 100644 drivers/crypto/octeontx2/otx2_security.h
>  create

Re: [dpdk-dev] [PATCH v9 2/6] lib/ring: apis to support configurable element size

[Honnappa Nagarahalli]

> 
> > > On Wed, Jan 15, 2020 at 11:25:07PM -0600, Honnappa Nagarahalli wrote:
> > > > Current APIs assume ring elements to be pointers. However, in many
> > > > use cases, the size can be different. Add new APIs to support
> > > > configurable ring element sizes.
> > > >
> > > > Signed-off-by: Honnappa Nagarahalli 
> > > > Reviewed-by: Dharmik Thakkar 
> > > > Reviewed-by: Gavin Hu 
> > > > Reviewed-by: Ruifeng Wang 
> > > > ---
> > > >  lib/librte_ring/Makefile |3 +-
> > > >  lib/librte_ring/meson.build  |4 +
> > > >  lib/librte_ring/rte_ring.c   |   41 +-
> > > >  lib/librte_ring/rte_ring.h   |1 +
> > > >  lib/librte_ring/rte_ring_elem.h  | 1003
> ++
> > > >  lib/librte_ring/rte_ring_version.map |2 +
> > > >  6 files changed, 1045 insertions(+), 9 deletions(-)  create mode
> > > > 100644 lib/librte_ring/rte_ring_elem.h
> > > >
> > >
> > > [...]
> > >
> > > > +static __rte_always_inline void
> > > > +enqueue_elems_32(struct rte_ring *r, const uint32_t size, uint32_t idx,
> > > > +   const void *obj_table, uint32_t n) {
> > > > +   unsigned int i;
> > > > +   uint32_t *ring = (uint32_t *)&r[1];
> > > > +   const uint32_t *obj = (const uint32_t *)obj_table;
> > > > +   if (likely(idx + n < size)) {
> > > > +   for (i = 0; i < (n & ~0x7); i += 8, idx += 8) {
> > > > +   ring[idx] = obj[i];
> > > > +   ring[idx + 1] = obj[i + 1];
> > > > +   ring[idx + 2] = obj[i + 2];
> > > > +   ring[idx + 3] = obj[i + 3];
> > > > +   ring[idx + 4] = obj[i + 4];
> > > > +   ring[idx + 5] = obj[i + 5];
> > > > +   ring[idx + 6] = obj[i + 6];
> > > > +   ring[idx + 7] = obj[i + 7];
> > > > +   }
> > > > +   switch (n & 0x7) {
> > > > +   case 7:
> > > > +   ring[idx++] = obj[i++]; /* fallthrough */
> > > > +   case 6:
> > > > +   ring[idx++] = obj[i++]; /* fallthrough */
> > > > +   case 5:
> > > > +   ring[idx++] = obj[i++]; /* fallthrough */
> > > > +   case 4:
> > > > +   ring[idx++] = obj[i++]; /* fallthrough */
> > > > +   case 3:
> > > > +   ring[idx++] = obj[i++]; /* fallthrough */
> > > > +   case 2:
> > > > +   ring[idx++] = obj[i++]; /* fallthrough */
> > > > +   case 1:
> > > > +   ring[idx++] = obj[i++]; /* fallthrough */
> > > > +   }
> > > > +   } else {
> > > > +   for (i = 0; idx < size; i++, idx++)
> > > > +   ring[idx] = obj[i];
> > > > +   /* Start at the beginning */
> > > > +   for (idx = 0; i < n; i++, idx++)
> > > > +   ring[idx] = obj[i];
> > > > +   }
> > > > +}
> > > > +
> > > > +static __rte_always_inline void
> > > > +enqueue_elems_64(struct rte_ring *r, uint32_t prod_head,
> > > > +   const void *obj_table, uint32_t n) {
> > > > +   unsigned int i;
> > > > +   const uint32_t size = r->size;
> > > > +   uint32_t idx = prod_head & r->mask;
> > > > +   uint64_t *ring = (uint64_t *)&r[1];
> > > > +   const uint64_t *obj = (const uint64_t *)obj_table;
> > > > +   if (likely(idx + n < size)) {
> > > > +   for (i = 0; i < (n & ~0x3); i += 4, idx += 4) {
> > > > +   ring[idx] = obj[i];
> > > > +   ring[idx + 1] = obj[i + 1];
> > > > +   ring[idx + 2] = obj[i + 2];
> > > > +   ring[idx + 3] = obj[i + 3];
> > > > +   }
> > > > +   switch (n & 0x3) {
> > > > +   case 3:
> > > > +   ring[idx++] = obj[i++]; /* fallthrough */
> > > > +   case 2:
> > > > +   ring[idx++] = obj[i++]; /* fallthrough */
> > > > +   case 1:
> > > > +   ring[idx++] = obj[i++];
> > > > +   }
> > > > +   } else {
> > > > +   for (i = 0; idx < size; i++, idx++)
> > > > +   ring[idx] = obj[i];
> > > > +   /* Start at the beginning */
> > > > +   for (idx = 0; i < n; i++, idx++)
> > > > +   ring[idx] = obj[i];
> > > > +   }
> > > > +}
> > > > +
> > > > +static __rte_always_inline void
> > > > +enqueue_elems_128(struct rte_ring *r, uint32_t prod_head,
> > > > +   const void *obj_table, uint32_t n) {
> > > > +   unsigned int i;
> > > > +   const uint32_t size = r->size;
> > > > +   uint32_t idx = prod_head & r->mask;
> > > > +   rte_int128_t *ring = (rte_int128_t *)&r[1];
> > > > +   const rte_int128_t *obj = (const rte_int128_t *)obj_table;
> > > > +   

Re: [dpdk-dev] [PATCH v9 3/6] test/ring: add functional tests for rte_ring_xxx_elem APIs

[Honnappa Nagarahalli]

> On Wed, Jan 15, 2020 at 11:25:08PM -0600, Honnappa Nagarahalli wrote:
> > Add basic infrastructure to test rte_ring_xxx_elem APIs.
> > Adjust the existing test cases to test for various ring element sizes.
> >
> > Signed-off-by: Honnappa Nagarahalli 
> > Reviewed-by: Gavin Hu 
> > ---
> >  app/test/test_ring.c | 1342
> > +-
> >  app/test/test_ring.h |  187 ++
> >  2 files changed, 850 insertions(+), 679 deletions(-)  create mode
> > 100644 app/test/test_ring.h
> >
> > diff --git a/app/test/test_ring.c b/app/test/test_ring.c index
> > aaf1e70ad..c08500eca 100644
> > --- a/app/test/test_ring.c
> > +++ b/app/test/test_ring.c
> > @@ -23,11 +23,13 @@
> >  #include 
> >  #include 
> >  #include 
> > +#include 
> >  #include 
> >  #include 
> >  #include 
> >
> >  #include "test.h"
> > +#include "test_ring.h"
> >
> >  /*
> >   * Ring
> 
> As you are changing a lot of things, maybe it's an opportunity to update or
> remove the comment at the beginning of the file.
I have removed specific comments. I have converted it into generic comments.

> 
> 
> > @@ -55,8 +57,6 @@
> >  #define RING_SIZE 4096
> >  #define MAX_BULK 32
> >
> > -static rte_atomic32_t synchro;
> > -
> >  #defineTEST_RING_VERIFY(exp)
>   \
> > if (!(exp)) {   \
> > printf("error at %s:%d\tcondition " #exp " failed\n",   \
> > @@ -67,808 +67,792 @@ static rte_atomic32_t synchro;
> >
> >  #defineTEST_RING_FULL_EMTPY_ITER   8
> >
> > -/*
> > - * helper routine for test_ring_basic
> > - */
> > -static int
> > -test_ring_basic_full_empty(struct rte_ring *r, void * const src[],
> > void *dst[])
> > +static int esize[] = {-1, 4, 8, 16, 20};
> 
> it could be const
Yes

> 
> [...]
> 
> > +/*
> > + * Burst and bulk operations with sp/sc, mp/mc and default (during
> > +creation)
> > + * Random number of elements are enqueued and dequeued.
> > + */
> > +static int
> > +test_ring_burst_bulk_tests1(unsigned int api_type) {
> > +   struct rte_ring *r;
> > +   void **src = NULL, **cur_src = NULL, **dst = NULL, **cur_dst = NULL;
> > +   int ret;
> > +   unsigned int i, j;
> > +   int rand;
> > +   const unsigned int rsz = RING_SIZE - 1;
> >
> > -   /* check data */
> > -   if (memcmp(src, dst, cur_dst - dst)) {
> > -   rte_hexdump(stdout, "src", src, cur_src - src);
> > -   rte_hexdump(stdout, "dst", dst, cur_dst - dst);
> > -   printf("data after dequeue is not the same\n");
> > -   goto fail;
> > -   }
> > +   for (i = 0; i < RTE_DIM(esize); i++) {
> > +   test_ring_print_test_string("Test standard ring", api_type,
> > +   esize[i]);
> >
> > -   cur_src = src;
> > -   cur_dst = dst;
> > +   /* Create the ring */
> > +   r = test_ring_create("test_ring_burst_bulk_tests", esize[i],
> > +   RING_SIZE, SOCKET_ID_ANY, 0);
> >
> > -   ret = rte_ring_mp_enqueue(r, cur_src);
> > -   if (ret != 0)
> > -   goto fail;
> > +   /* alloc dummy object pointers */
> > +   src = test_ring_calloc(RING_SIZE * 2, esize[i]);
> > +   if (src == NULL)
> > +   goto fail;
> > +   test_ring_mem_init(src, RING_SIZE * 2, esize[i]);
> > +   cur_src = src;
> >
> > -   ret = rte_ring_mc_dequeue(r, cur_dst);
> > -   if (ret != 0)
> > -   goto fail;
> > +   /* alloc some room for copied objects */
> > +   dst = test_ring_calloc(RING_SIZE * 2, esize[i]);
> > +   if (dst == NULL)
> > +   goto fail;
> > +   cur_dst = dst;
> > +
> > +   printf("Random full/empty test\n");
> > +
> > +   for (j = 0; j != TEST_RING_FULL_EMTPY_ITER; j++) {
> > +   /* random shift in the ring */
> > +   rand = RTE_MAX(rte_rand() % RING_SIZE, 1UL);
> > +   printf("%s: iteration %u, random shift: %u;\n",
> > +   __func__, i, rand);
> > +   ret = test_ring_enqueue(r, cur_src, esize[i], rand,
> > +   api_type);
> > +   TEST_RING_VERIFY(ret != 0);
> > +
> > +   ret = test_ring_dequeue(r, cur_dst, esize[i], rand,
> > +   api_type);
> > +   TEST_RING_VERIFY(ret == rand);
> > +
> > +   /* fill the ring */
> > +   ret = test_ring_enqueue(r, cur_src, esize[i], rsz,
> > +   api_type);
> > +   TEST_RING_VERIFY(ret != 0);
> > +
> > +   TEST_RING_VERIFY(rte_ring_free_count(r) == 0);
> > +   TEST_RING_VERIFY(rsz == rte_ring_count(r));
> > +   TEST_RING_VERIFY(rte_ring_full(r));
> > +   TEST_RING_VERIFY(rte_ring_empty(r) == 0);
> > +
> > +   /* empt

Re: [dpdk-dev] [PATCH v9 4/6] test/ring: modify perf test cases to use rte_ring_xxx_elem APIs

[Honnappa Nagarahalli]

> 
> On Wed, Jan 15, 2020 at 11:25:09PM -0600, Honnappa Nagarahalli wrote:
> > Adjust the performance test cases to test rte_ring_xxx_elem APIs.
> >
> > Signed-off-by: Honnappa Nagarahalli 
> > Reviewed-by: Gavin Hu 
> > ---
> >  app/test/test_ring_perf.c | 454
> > +++---
> >  1 file changed, 273 insertions(+), 181 deletions(-)
> >
> > diff --git a/app/test/test_ring_perf.c b/app/test/test_ring_perf.c
> > index 6c2aca483..8d1217951 100644
> > --- a/app/test/test_ring_perf.c
> > +++ b/app/test/test_ring_perf.c
> 
> [...]
> 
> > -static int
> > -test_ring_perf(void)
> > +/* Run all tests for a given element size */ static
> > +__rte_always_inline int test_ring_perf_esize(const int esize)
> >  {
> > struct lcore_pair cores;
> > struct rte_ring *r = NULL;
> >
> > -   r = rte_ring_create(RING_NAME, RING_SIZE, rte_socket_id(), 0);
> > +   /*
> > +* Performance test for legacy/_elem APIs
> > +* SP-SC/MP-MC, single
> > +*/
> > +   r = test_ring_create(RING_NAME, esize, RING_SIZE, rte_socket_id(),
> > +0);
> > if (r == NULL)
> > return -1;
> >
> > -   printf("### Testing single element and burst enq/deq ###\n");
> > -   test_single_enqueue_dequeue(r);
> > -   test_burst_enqueue_dequeue(r);
> > +   printf("\n### Testing single element enq/deq ###\n");
> > +   if (test_single_enqueue_dequeue(r, esize,
> > +   TEST_RING_THREAD_SPSC |
> TEST_RING_ELEM_SINGLE) < 0)
> > +   return -1;
> 
> the ring is not freed on error (same below)
Will fix.

[dpdk-dev] [PATCH v10 0/6] lib/ring: APIs to support custom element size

[Honnappa Nagarahalli]

The current rte_ring hard-codes the type of the ring element to 'void *',
hence the size of the element is hard-coded to 32b/64b. Since the ring
element type is not an input to rte_ring APIs, it results in couple
of issues:

1) If an application requires to store an element which is not 64b, it
   needs to write its own ring APIs similar to rte_event_ring APIs. This
   creates additional burden on the programmers, who end up making
   work-arounds and often waste memory.
2) If there are multiple libraries that store elements of the same
   type, currently they would have to write their own rte_ring APIs. This
   results in code duplication.

This patch adds new APIs to support configurable ring element size.
The APIs support custom element sizes by allowing to define the ring
element to be a multiple of 32b.

The aim is to achieve same performance as the existing ring
implementation.

v10
 - Improved comments in test case files (Olivier)
 - Fixed possible memory leaks (Olivier)
 - Changed 'test_ring_with_exact_size' to use unaligned
   addresses (Konstantin)
 - Changed the commit message for eventdev (Jerin)

v9
 - Split 'test_ring_burst_bulk_tests' test case into 4 smaller
   functions to address clang compilation time issue.
 - Addressed compilation failure in Intel CI in the hash changes.

v8
 - Changed the 128b copy elements inline function to use 'memcpy'
   to generate unaligned load/store instructions for x86. Generic
   copy function results in performance drop. (Konstantin)
 - Changed the API type #defines to be more clear (Konstantin)
 - Removed the code duplication in performance tests (Konstantin)
 - Fixed memory leak, changed test macros to inline functions (Konstantin)
 - Changed functional tests to test for 20B ring element. Fixed
   a bug in 32b element copy code for enqueue/dequeue(ring size
   needs to be normalized for 32b).
 - Squashed the functional and performance tests in their
   respective single commits.

v7
 - Merged the test cases to test both legacy APIs and
   rte_ring_xxx_elem APIs without code duplication (Konstantin, Olivier)
 - Performance test cases are merged as well (Konstantin, Olivier)
 - Macros to copy elements are converted into inline functions (Olivier)
 - Added back the changes to hash and event libraries

v6
 - Labelled as RFC to indicate the better status
 - Added unit tests to test the rte_ring_xxx_elem APIs
 - Corrected 'macro based partial memcpy' (5/6) patch
 - Added Konstantin's method after correction (6/6)
 - Check Patch shows significant warnings and errors mainly due
   copying code from existing test cases. None of them are harmful.
   I will fix them once we have an agreement.

v5
 - Use memcpy for chunks of 32B (Konstantin).
 - Both 'ring_perf_autotest' and 'ring_perf_elem_autotest' are available
   to compare the results easily.
 - Copying without memcpy is also available in 1/3, if anyone wants to
   experiment on their platform.
 - Added other platform owners to test on their respective platforms.

v4
 - Few fixes after more performance testing

v3
 - Removed macro-fest and used inline functions
   (Stephen, Bruce)

v2
 - Change Event Ring implementation to use ring templates
   (Jerin, Pavan)


Honnappa Nagarahalli (6):
  test/ring: use division for cycle count calculation
  lib/ring: apis to support configurable element size
  test/ring: add functional tests for rte_ring_xxx_elem APIs
  test/ring: modify perf test cases to use rte_ring_xxx_elem APIs
  lib/hash: use ring with 32b element size to save memory
  eventdev: use custom element size ring for event rings

 app/test/test_ring.c | 1383 +-
 app/test/test_ring.h |  187 
 app/test/test_ring_perf.c|  476 +
 lib/librte_eventdev/rte_event_ring.c |  147 +--
 lib/librte_eventdev/rte_event_ring.h |   45 +-
 lib/librte_hash/rte_cuckoo_hash.c|   94 +-
 lib/librte_hash/rte_cuckoo_hash.h|2 +-
 lib/librte_ring/Makefile |3 +-
 lib/librte_ring/meson.build  |4 +
 lib/librte_ring/rte_ring.c   |   41 +-
 lib/librte_ring/rte_ring.h   |1 +
 lib/librte_ring/rte_ring_elem.h  | 1003 +++
 lib/librte_ring/rte_ring_version.map |2 +
 13 files changed, 2279 insertions(+), 1109 deletions(-)
 create mode 100644 app/test/test_ring.h
 create mode 100644 lib/librte_ring/rte_ring_elem.h

-- 
2.17.1

[dpdk-dev] [PATCH v10 1/6] test/ring: use division for cycle count calculation

[Honnappa Nagarahalli]

Use division instead of modulo operation to calculate more
accurate cycle count.

Signed-off-by: Honnappa Nagarahalli 
Acked-by: Olivier Matz 
---
 app/test/test_ring_perf.c | 22 --
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/app/test/test_ring_perf.c b/app/test/test_ring_perf.c
index 70ee46ffe..6c2aca483 100644
--- a/app/test/test_ring_perf.c
+++ b/app/test/test_ring_perf.c
@@ -357,10 +357,10 @@ test_single_enqueue_dequeue(struct rte_ring *r)
}
const uint64_t mc_end = rte_rdtsc();
 
-   printf("SP/SC single enq/dequeue: %"PRIu64"\n",
-   (sc_end-sc_start) >> iter_shift);
-   printf("MP/MC single enq/dequeue: %"PRIu64"\n",
-   (mc_end-mc_start) >> iter_shift);
+   printf("SP/SC single enq/dequeue: %.2F\n",
+   ((double)(sc_end-sc_start)) / iterations);
+   printf("MP/MC single enq/dequeue: %.2F\n",
+   ((double)(mc_end-mc_start)) / iterations);
 }
 
 /*
@@ -395,13 +395,15 @@ test_burst_enqueue_dequeue(struct rte_ring *r)
}
const uint64_t mc_end = rte_rdtsc();
 
-   uint64_t mc_avg = ((mc_end-mc_start) >> iter_shift) / 
bulk_sizes[sz];
-   uint64_t sc_avg = ((sc_end-sc_start) >> iter_shift) / 
bulk_sizes[sz];
+   double mc_avg = ((double)(mc_end-mc_start) / iterations) /
+   bulk_sizes[sz];
+   double sc_avg = ((double)(sc_end-sc_start) / iterations) /
+   bulk_sizes[sz];
 
-   printf("SP/SC burst enq/dequeue (size: %u): %"PRIu64"\n", 
bulk_sizes[sz],
-   sc_avg);
-   printf("MP/MC burst enq/dequeue (size: %u): %"PRIu64"\n", 
bulk_sizes[sz],
-   mc_avg);
+   printf("SP/SC burst enq/dequeue (size: %u): %.2F\n",
+   bulk_sizes[sz], sc_avg);
+   printf("MP/MC burst enq/dequeue (size: %u): %.2F\n",
+   bulk_sizes[sz], mc_avg);
}
 }
 
-- 
2.17.1

[dpdk-dev] [PATCH v10 4/6] test/ring: modify perf test cases to use rte_ring_xxx_elem APIs

[Honnappa Nagarahalli]

Adjust the performance test cases to test rte_ring_xxx_elem APIs.

Signed-off-by: Honnappa Nagarahalli 
Reviewed-by: Gavin Hu 
---
 app/test/test_ring_perf.c | 478 +++---
 1 file changed, 285 insertions(+), 193 deletions(-)

diff --git a/app/test/test_ring_perf.c b/app/test/test_ring_perf.c
index 6c2aca483..ce23ee737 100644
--- a/app/test/test_ring_perf.c
+++ b/app/test/test_ring_perf.c
@@ -13,16 +13,11 @@
 #include 
 
 #include "test.h"
+#include "test_ring.h"
 
 /*
- * Ring
- * 
- *
- * Measures performance of various operations using rdtsc
- *  * Empty ring dequeue
- *  * Enqueue/dequeue of bursts in 1 threads
- *  * Enqueue/dequeue of bursts in 2 threads
- *  * Enqueue/dequeue of bursts in all available threads
+ * Ring performance test cases, measures performance of various operations
+ * using rdtsc for legacy and 16B size ring elements.
  */
 
 #define RING_NAME "RING_PERF"
@@ -41,6 +36,35 @@ struct lcore_pair {
 
 static volatile unsigned lcore_count = 0;
 
+static void
+test_ring_print_test_string(unsigned int api_type, int esize,
+   unsigned int bsz, double value)
+{
+   if (esize == -1)
+   printf("legacy APIs");
+   else
+   printf("elem APIs: element size %dB", esize);
+
+   if (api_type == TEST_RING_IGNORE_API_TYPE)
+   return;
+
+   if ((api_type & TEST_RING_THREAD_DEF) == TEST_RING_THREAD_DEF)
+   printf(": default enqueue/dequeue: ");
+   else if ((api_type & TEST_RING_THREAD_SPSC) == TEST_RING_THREAD_SPSC)
+   printf(": SP/SC: ");
+   else if ((api_type & TEST_RING_THREAD_MPMC) == TEST_RING_THREAD_MPMC)
+   printf(": MP/MC: ");
+
+   if ((api_type & TEST_RING_ELEM_SINGLE) == TEST_RING_ELEM_SINGLE)
+   printf("single: ");
+   else if ((api_type & TEST_RING_ELEM_BULK) == TEST_RING_ELEM_BULK)
+   printf("bulk (size: %u): ", bsz);
+   else if ((api_type & TEST_RING_ELEM_BURST) == TEST_RING_ELEM_BURST)
+   printf("burst (size: %u): ", bsz);
+
+   printf("%.2F\n", value);
+}
+
 / Functions to analyse our core mask to get cores for different tests ***/
 
 static int
@@ -117,27 +141,21 @@ get_two_sockets(struct lcore_pair *lcp)
 
 /* Get cycle counts for dequeuing from an empty ring. Should be 2 or 3 cycles 
*/
 static void
-test_empty_dequeue(struct rte_ring *r)
+test_empty_dequeue(struct rte_ring *r, const int esize,
+   const unsigned int api_type)
 {
-   const unsigned iter_shift = 26;
-   const unsigned iterations = 1< enqueue
+ * flag == 1 -> dequeue
  */
-static int
-enqueue_bulk(void *p)
+static __rte_always_inline int
+enqueue_dequeue_bulk_helper(const unsigned int flag, const int esize,
+   struct thread_params *p)
 {
-   const unsigned iter_shift = 23;
-   const unsigned iterations = 1size;
-   unsigned i;
-   void *burst[MAX_BURST] = {0};
+   int ret;
+   const unsigned int iter_shift = 23;
+   const unsigned int iterations = 1 << iter_shift;
+   struct rte_ring *r = p->r;
+   unsigned int bsize = p->size;
+   unsigned int i;
+   void *burst = NULL;
 
 #ifdef RTE_USE_C11_MEM_MODEL
if (__atomic_add_fetch(&lcore_count, 1, __ATOMIC_RELAXED) != 2)
@@ -173,23 +193,67 @@ enqueue_bulk(void *p)
while(lcore_count != 2)
rte_pause();
 
+   burst = test_ring_calloc(MAX_BURST, esize);
+   if (burst == NULL)
+   return -1;
+
const uint64_t sp_start = rte_rdtsc();
for (i = 0; i < iterations; i++)
-   while (rte_ring_sp_enqueue_bulk(r, burst, size, NULL) == 0)
-   rte_pause();
+   do {
+   if (flag == 0)
+   ret = test_ring_enqueue(r, burst, esize, bsize,
+   TEST_RING_THREAD_SPSC |
+   TEST_RING_ELEM_BULK);
+   else if (flag == 1)
+   ret = test_ring_dequeue(r, burst, esize, bsize,
+   TEST_RING_THREAD_SPSC |
+   TEST_RING_ELEM_BULK);
+   if (ret == 0)
+   rte_pause();
+   } while (!ret);
const uint64_t sp_end = rte_rdtsc();
 
const uint64_t mp_start = rte_rdtsc();
for (i = 0; i < iterations; i++)
-   while (rte_ring_mp_enqueue_bulk(r, burst, size, NULL) == 0)
-   rte_pause();
+   do {
+   if (flag == 0)
+   ret = test_ring_enqueue(r, burst, esize, bsize,
+   TEST_RING_THREAD_MPMC |
+   TEST_RING_ELEM_BULK);
+   else if (fl

[dpdk-dev] [PATCH v10 3/6] test/ring: add functional tests for rte_ring_xxx_elem APIs

[Honnappa Nagarahalli]

Add basic infrastructure to test rte_ring_xxx_elem APIs.
Adjust the existing test cases to test for various ring
element sizes.

Signed-off-by: Honnappa Nagarahalli 
Reviewed-by: Gavin Hu 
---
 app/test/test_ring.c | 1383 +-
 app/test/test_ring.h |  187 ++
 2 files changed, 875 insertions(+), 695 deletions(-)
 create mode 100644 app/test/test_ring.h

diff --git a/app/test/test_ring.c b/app/test/test_ring.c
index aaf1e70ad..fbcd109b1 100644
--- a/app/test/test_ring.c
+++ b/app/test/test_ring.c
@@ -23,40 +23,29 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
 
 #include "test.h"
+#include "test_ring.h"
 
 /*
  * Ring
  * 
  *
- * #. Basic tests: done on one core:
+ * #. Functional tests. Tests single/bulk/burst, default/SPSC/MPMC,
+ *legacy/custom element size (4B, 8B, 16B, 20B) APIs.
+ *Some tests incorporate unaligned addresses for objects.
+ *The enqueued/dequeued data is validated for correctness.
  *
- *- Using single producer/single consumer functions:
- *
- *  - Enqueue one object, two objects, MAX_BULK objects
- *  - Dequeue one object, two objects, MAX_BULK objects
- *  - Check that dequeued pointers are correct
- *
- *- Using multi producers/multi consumers functions:
- *
- *  - Enqueue one object, two objects, MAX_BULK objects
- *  - Dequeue one object, two objects, MAX_BULK objects
- *  - Check that dequeued pointers are correct
- *
- * #. Performance tests.
- *
- * Tests done in test_ring_perf.c
+ * #. Performance tests are in test_ring_perf.c
  */
 
 #define RING_SIZE 4096
 #define MAX_BULK 32
 
-static rte_atomic32_t synchro;
-
 #defineTEST_RING_VERIFY(exp)   
\
if (!(exp)) {   \
printf("error at %s:%d\tcondition " #exp " failed\n",   \
@@ -67,808 +56,812 @@ static rte_atomic32_t synchro;
 
 #defineTEST_RING_FULL_EMTPY_ITER   8
 
-/*
- * helper routine for test_ring_basic
- */
-static int
-test_ring_basic_full_empty(struct rte_ring *r, void * const src[], void *dst[])
+static const int esize[] = {-1, 4, 8, 16, 20};
+
+static void**
+test_ring_inc_ptr(void **obj, int esize, unsigned int n)
 {
-   unsigned i, rand;
-   const unsigned rsz = RING_SIZE - 1;
-
-   printf("Basic full/empty test\n");
-
-   for (i = 0; TEST_RING_FULL_EMTPY_ITER != i; i++) {
-
-   /* random shift in the ring */
-   rand = RTE_MAX(rte_rand() % RING_SIZE, 1UL);
-   printf("%s: iteration %u, random shift: %u;\n",
-   __func__, i, rand);
-   TEST_RING_VERIFY(rte_ring_enqueue_bulk(r, src, rand,
-   NULL) != 0);
-   TEST_RING_VERIFY(rte_ring_dequeue_bulk(r, dst, rand,
-   NULL) == rand);
-
-   /* fill the ring */
-   TEST_RING_VERIFY(rte_ring_enqueue_bulk(r, src, rsz, NULL) != 0);
-   TEST_RING_VERIFY(0 == rte_ring_free_count(r));
-   TEST_RING_VERIFY(rsz == rte_ring_count(r));
-   TEST_RING_VERIFY(rte_ring_full(r));
-   TEST_RING_VERIFY(0 == rte_ring_empty(r));
-
-   /* empty the ring */
-   TEST_RING_VERIFY(rte_ring_dequeue_bulk(r, dst, rsz,
-   NULL) == rsz);
-   TEST_RING_VERIFY(rsz == rte_ring_free_count(r));
-   TEST_RING_VERIFY(0 == rte_ring_count(r));
-   TEST_RING_VERIFY(0 == rte_ring_full(r));
-   TEST_RING_VERIFY(rte_ring_empty(r));
+   /* Legacy queue APIs? */
+   if ((esize) == -1)
+   return ((void **)obj) + n;
+   else
+   return (void **)(((uint32_t *)obj) +
+   (n * esize / sizeof(uint32_t)));
+}
 
-   /* check data */
-   TEST_RING_VERIFY(0 == memcmp(src, dst, rsz));
-   rte_ring_dump(stdout, r);
-   }
-   return 0;
+static void
+test_ring_mem_init(void *obj, unsigned int count, int esize)
+{
+   unsigned int i;
+
+   /* Legacy queue APIs? */
+   if (esize == -1)
+   for (i = 0; i < count; i++)
+   ((void **)obj)[i] = (void *)(unsigned long)i;
+   else
+   for (i = 0; i < (count * esize / sizeof(uint32_t)); i++)
+   ((uint32_t *)obj)[i] = i;
 }
 
-static int
-test_ring_basic(struct rte_ring *r)
+static void
+test_ring_print_test_string(const char *istr, unsigned int api_type, int esize)
 {
-   void **src = NULL, **cur_src = NULL, **dst = NULL, **cur_dst = NULL;
-   int ret;
-   unsigned i, num_elems;
+   printf("\n%s: ", istr);
+
+   if (esize == -1)
+   printf("legacy APIs: ");
+   else
+   printf("elem APIs: element size %dB ", esize);
+
+   if (api_type == TEST_RING_IGNORE_API_TYPE)
+ 

[dpdk-dev] [PATCH v10 5/6] lib/hash: use ring with 32b element size to save memory

[Honnappa Nagarahalli]

The freelist and external bucket indices are 32b. Using rings
that use 32b element sizes will save memory.

Signed-off-by: Honnappa Nagarahalli 
Reviewed-by: Gavin Hu 
Reviewed-by: Ola Liljedahl 
Acked-by: Yipeng Wang 
---
 lib/librte_hash/rte_cuckoo_hash.c | 94 ---
 lib/librte_hash/rte_cuckoo_hash.h |  2 +-
 2 files changed, 50 insertions(+), 46 deletions(-)

diff --git a/lib/librte_hash/rte_cuckoo_hash.c 
b/lib/librte_hash/rte_cuckoo_hash.c
index 87a4c01f2..6c292b6f8 100644
--- a/lib/librte_hash/rte_cuckoo_hash.c
+++ b/lib/librte_hash/rte_cuckoo_hash.c
@@ -24,7 +24,7 @@
 #include 
 #include 
 #include 
-#include 
+#include 
 #include 
 #include 
 #include 
@@ -136,7 +136,6 @@ rte_hash_create(const struct rte_hash_parameters *params)
char ring_name[RTE_RING_NAMESIZE];
char ext_ring_name[RTE_RING_NAMESIZE];
unsigned num_key_slots;
-   unsigned i;
unsigned int hw_trans_mem_support = 0, use_local_cache = 0;
unsigned int ext_table_support = 0;
unsigned int readwrite_concur_support = 0;
@@ -145,6 +144,7 @@ rte_hash_create(const struct rte_hash_parameters *params)
uint32_t *ext_bkt_to_free = NULL;
uint32_t *tbl_chng_cnt = NULL;
unsigned int readwrite_concur_lf_support = 0;
+   uint32_t i;
 
rte_hash_function default_hash_func = (rte_hash_function)rte_jhash;
 
@@ -213,8 +213,8 @@ rte_hash_create(const struct rte_hash_parameters *params)
 
snprintf(ring_name, sizeof(ring_name), "HT_%s", params->name);
/* Create ring (Dummy slot index is not enqueued) */
-   r = rte_ring_create(ring_name, rte_align32pow2(num_key_slots),
-   params->socket_id, 0);
+   r = rte_ring_create_elem(ring_name, sizeof(uint32_t),
+   rte_align32pow2(num_key_slots), params->socket_id, 0);
if (r == NULL) {
RTE_LOG(ERR, HASH, "memory allocation failed\n");
goto err;
@@ -227,7 +227,7 @@ rte_hash_create(const struct rte_hash_parameters *params)
if (ext_table_support) {
snprintf(ext_ring_name, sizeof(ext_ring_name), "HT_EXT_%s",
params->name);
-   r_ext = rte_ring_create(ext_ring_name,
+   r_ext = rte_ring_create_elem(ext_ring_name, sizeof(uint32_t),
rte_align32pow2(num_buckets + 1),
params->socket_id, 0);
 
@@ -295,7 +295,7 @@ rte_hash_create(const struct rte_hash_parameters *params)
 * for next bucket
 */
for (i = 1; i <= num_buckets; i++)
-   rte_ring_sp_enqueue(r_ext, (void *)((uintptr_t) i));
+   rte_ring_sp_enqueue_elem(r_ext, &i, sizeof(uint32_t));
 
if (readwrite_concur_lf_support) {
ext_bkt_to_free = rte_zmalloc(NULL, sizeof(uint32_t) *
@@ -434,7 +434,7 @@ rte_hash_create(const struct rte_hash_parameters *params)
 
/* Populate free slots ring. Entry zero is reserved for key misses. */
for (i = 1; i < num_key_slots; i++)
-   rte_ring_sp_enqueue(r, (void *)((uintptr_t) i));
+   rte_ring_sp_enqueue_elem(r, &i, sizeof(uint32_t));
 
te->data = (void *) h;
TAILQ_INSERT_TAIL(hash_list, te, next);
@@ -598,13 +598,13 @@ rte_hash_reset(struct rte_hash *h)
tot_ring_cnt = h->entries;
 
for (i = 1; i < tot_ring_cnt + 1; i++)
-   rte_ring_sp_enqueue(h->free_slots, (void *)((uintptr_t) i));
+   rte_ring_sp_enqueue_elem(h->free_slots, &i, sizeof(uint32_t));
 
/* Repopulate the free ext bkt ring. */
if (h->ext_table_support) {
for (i = 1; i <= h->num_buckets; i++)
-   rte_ring_sp_enqueue(h->free_ext_bkts,
-   (void *)((uintptr_t) i));
+   rte_ring_sp_enqueue_elem(h->free_ext_bkts, &i,
+   sizeof(uint32_t));
}
 
if (h->use_local_cache) {
@@ -623,13 +623,14 @@ rte_hash_reset(struct rte_hash *h)
 static inline void
 enqueue_slot_back(const struct rte_hash *h,
struct lcore_cache *cached_free_slots,
-   void *slot_id)
+   uint32_t slot_id)
 {
if (h->use_local_cache) {
cached_free_slots->objs[cached_free_slots->len] = slot_id;
cached_free_slots->len++;
} else
-   rte_ring_sp_enqueue(h->free_slots, slot_id);
+   rte_ring_sp_enqueue_elem(h->free_slots, &slot_id,
+   sizeof(uint32_t));
 }
 
 /* Search a key from bucket and update its data.
@@ -923,9 +924,8 @@ __rte_hash_add_key_with_hash(const struct rte_hash *h, 
const void *key,
uint32_t prim_bucket_idx, sec_bucket_idx;
struct rte_hash_bucket *pr

[dpdk-dev] [PATCH v10 2/6] lib/ring: apis to support configurable element size

[Honnappa Nagarahalli]

Current APIs assume ring elements to be pointers. However, in many
use cases, the size can be different. Add new APIs to support
configurable ring element sizes.

Signed-off-by: Honnappa Nagarahalli 
Reviewed-by: Dharmik Thakkar 
Reviewed-by: Gavin Hu 
Reviewed-by: Ruifeng Wang 
---
 lib/librte_ring/Makefile |3 +-
 lib/librte_ring/meson.build  |4 +
 lib/librte_ring/rte_ring.c   |   41 +-
 lib/librte_ring/rte_ring.h   |1 +
 lib/librte_ring/rte_ring_elem.h  | 1003 ++
 lib/librte_ring/rte_ring_version.map |2 +
 6 files changed, 1045 insertions(+), 9 deletions(-)
 create mode 100644 lib/librte_ring/rte_ring_elem.h

diff --git a/lib/librte_ring/Makefile b/lib/librte_ring/Makefile
index 22454b084..917c560ad 100644
--- a/lib/librte_ring/Makefile
+++ b/lib/librte_ring/Makefile
@@ -6,7 +6,7 @@ include $(RTE_SDK)/mk/rte.vars.mk
 # library name
 LIB = librte_ring.a
 
-CFLAGS += $(WERROR_FLAGS) -I$(SRCDIR) -O3
+CFLAGS += $(WERROR_FLAGS) -I$(SRCDIR) -O3 -DALLOW_EXPERIMENTAL_API
 LDLIBS += -lrte_eal
 
 EXPORT_MAP := rte_ring_version.map
@@ -16,6 +16,7 @@ SRCS-$(CONFIG_RTE_LIBRTE_RING) := rte_ring.c
 
 # install includes
 SYMLINK-$(CONFIG_RTE_LIBRTE_RING)-include := rte_ring.h \
+   rte_ring_elem.h \
rte_ring_generic.h \
rte_ring_c11_mem.h
 
diff --git a/lib/librte_ring/meson.build b/lib/librte_ring/meson.build
index ca8a435e9..f2f3ccc88 100644
--- a/lib/librte_ring/meson.build
+++ b/lib/librte_ring/meson.build
@@ -3,5 +3,9 @@
 
 sources = files('rte_ring.c')
 headers = files('rte_ring.h',
+   'rte_ring_elem.h',
'rte_ring_c11_mem.h',
'rte_ring_generic.h')
+
+# rte_ring_create_elem and rte_ring_get_memsize_elem are experimental
+allow_experimental_apis = true
diff --git a/lib/librte_ring/rte_ring.c b/lib/librte_ring/rte_ring.c
index d9b308036..3e15dc398 100644
--- a/lib/librte_ring/rte_ring.c
+++ b/lib/librte_ring/rte_ring.c
@@ -33,6 +33,7 @@
 #include 
 
 #include "rte_ring.h"
+#include "rte_ring_elem.h"
 
 TAILQ_HEAD(rte_ring_list, rte_tailq_entry);
 
@@ -46,23 +47,38 @@ EAL_REGISTER_TAILQ(rte_ring_tailq)
 
 /* return the size of memory occupied by a ring */
 ssize_t
-rte_ring_get_memsize(unsigned count)
+rte_ring_get_memsize_elem(unsigned int esize, unsigned int count)
 {
ssize_t sz;
 
+   /* Check if element size is a multiple of 4B */
+   if (esize % 4 != 0) {
+   RTE_LOG(ERR, RING, "element size is not a multiple of 4\n");
+
+   return -EINVAL;
+   }
+
/* count must be a power of 2 */
if ((!POWEROF2(count)) || (count > RTE_RING_SZ_MASK )) {
RTE_LOG(ERR, RING,
-   "Requested size is invalid, must be power of 2, and "
-   "do not exceed the size limit %u\n", RTE_RING_SZ_MASK);
+   "Requested number of elements is invalid, must be power 
of 2, and not exceed %u\n",
+   RTE_RING_SZ_MASK);
+
return -EINVAL;
}
 
-   sz = sizeof(struct rte_ring) + count * sizeof(void *);
+   sz = sizeof(struct rte_ring) + count * esize;
sz = RTE_ALIGN(sz, RTE_CACHE_LINE_SIZE);
return sz;
 }
 
+/* return the size of memory occupied by a ring */
+ssize_t
+rte_ring_get_memsize(unsigned count)
+{
+   return rte_ring_get_memsize_elem(sizeof(void *), count);
+}
+
 void
 rte_ring_reset(struct rte_ring *r)
 {
@@ -114,10 +130,10 @@ rte_ring_init(struct rte_ring *r, const char *name, 
unsigned count,
return 0;
 }
 
-/* create the ring */
+/* create the ring for a given element size */
 struct rte_ring *
-rte_ring_create(const char *name, unsigned count, int socket_id,
-   unsigned flags)
+rte_ring_create_elem(const char *name, unsigned int esize, unsigned int count,
+   int socket_id, unsigned int flags)
 {
char mz_name[RTE_MEMZONE_NAMESIZE];
struct rte_ring *r;
@@ -135,7 +151,7 @@ rte_ring_create(const char *name, unsigned count, int 
socket_id,
if (flags & RING_F_EXACT_SZ)
count = rte_align32pow2(count + 1);
 
-   ring_size = rte_ring_get_memsize(count);
+   ring_size = rte_ring_get_memsize_elem(esize, count);
if (ring_size < 0) {
rte_errno = ring_size;
return NULL;
@@ -182,6 +198,15 @@ rte_ring_create(const char *name, unsigned count, int 
socket_id,
return r;
 }
 
+/* create the ring */
+struct rte_ring *
+rte_ring_create(const char *name, unsigned count, int socket_id,
+   unsigned flags)
+{
+   return rte_ring_create_elem(name, sizeof(void *), count, socket_id,
+   flags);
+}
+
 /* free the ring */
 void
 rte_ring_free(struct rte_ring *r)
diff --git a/lib/librte_ring/rte_ring.h b/lib/librte_ring/rte_ring.h
index 2a9f768a1..18fc5d845 100644
--- a/lib/l

[dpdk-dev] [PATCH v10 6/6] eventdev: use custom element size ring for event rings

[Honnappa Nagarahalli]

Use custom element size ring APIs to replace event ring
implementation. This avoids code duplication.

Signed-off-by: Honnappa Nagarahalli 
Reviewed-by: Gavin Hu 
Reviewed-by: Ola Liljedahl 
Reviewed-by: Jerin Jacob 
---
 lib/librte_eventdev/rte_event_ring.c | 147 ++-
 lib/librte_eventdev/rte_event_ring.h |  45 
 2 files changed, 24 insertions(+), 168 deletions(-)

diff --git a/lib/librte_eventdev/rte_event_ring.c 
b/lib/librte_eventdev/rte_event_ring.c
index 50190de01..d27e23901 100644
--- a/lib/librte_eventdev/rte_event_ring.c
+++ b/lib/librte_eventdev/rte_event_ring.c
@@ -1,5 +1,6 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  * Copyright(c) 2017 Intel Corporation
+ * Copyright(c) 2019 Arm Limited
  */
 
 #include 
@@ -11,13 +12,6 @@
 #include 
 #include "rte_event_ring.h"
 
-TAILQ_HEAD(rte_event_ring_list, rte_tailq_entry);
-
-static struct rte_tailq_elem rte_event_ring_tailq = {
-   .name = RTE_TAILQ_EVENT_RING_NAME,
-};
-EAL_REGISTER_TAILQ(rte_event_ring_tailq)
-
 int
 rte_event_ring_init(struct rte_event_ring *r, const char *name,
unsigned int count, unsigned int flags)
@@ -35,150 +29,21 @@ struct rte_event_ring *
 rte_event_ring_create(const char *name, unsigned int count, int socket_id,
unsigned int flags)
 {
-   char mz_name[RTE_MEMZONE_NAMESIZE];
-   struct rte_event_ring *r;
-   struct rte_tailq_entry *te;
-   const struct rte_memzone *mz;
-   ssize_t ring_size;
-   int mz_flags = 0;
-   struct rte_event_ring_list *ring_list = NULL;
-   const unsigned int requested_count = count;
-   int ret;
-
-   ring_list = RTE_TAILQ_CAST(rte_event_ring_tailq.head,
-   rte_event_ring_list);
-
-   /* for an exact size ring, round up from count to a power of two */
-   if (flags & RING_F_EXACT_SZ)
-   count = rte_align32pow2(count + 1);
-   else if (!rte_is_power_of_2(count)) {
-   rte_errno = EINVAL;
-   return NULL;
-   }
-
-   ring_size = sizeof(*r) + (count * sizeof(struct rte_event));
-
-   ret = snprintf(mz_name, sizeof(mz_name), "%s%s",
-   RTE_RING_MZ_PREFIX, name);
-   if (ret < 0 || ret >= (int)sizeof(mz_name)) {
-   rte_errno = ENAMETOOLONG;
-   return NULL;
-   }
-
-   te = rte_zmalloc("RING_TAILQ_ENTRY", sizeof(*te), 0);
-   if (te == NULL) {
-   RTE_LOG(ERR, RING, "Cannot reserve memory for tailq\n");
-   rte_errno = ENOMEM;
-   return NULL;
-   }
-
-   rte_mcfg_tailq_write_lock();
-
-   /*
-* reserve a memory zone for this ring. If we can't get rte_config or
-* we are secondary process, the memzone_reserve function will set
-* rte_errno for us appropriately - hence no check in this this function
-*/
-   mz = rte_memzone_reserve(mz_name, ring_size, socket_id, mz_flags);
-   if (mz != NULL) {
-   r = mz->addr;
-   /* Check return value in case rte_ring_init() fails on size */
-   int err = rte_event_ring_init(r, name, requested_count, flags);
-   if (err) {
-   RTE_LOG(ERR, RING, "Ring init failed\n");
-   if (rte_memzone_free(mz) != 0)
-   RTE_LOG(ERR, RING, "Cannot free memzone\n");
-   rte_free(te);
-   rte_mcfg_tailq_write_unlock();
-   return NULL;
-   }
-
-   te->data = (void *) r;
-   r->r.memzone = mz;
-
-   TAILQ_INSERT_TAIL(ring_list, te, next);
-   } else {
-   r = NULL;
-   RTE_LOG(ERR, RING, "Cannot reserve memory\n");
-   rte_free(te);
-   }
-   rte_mcfg_tailq_write_unlock();
-
-   return r;
+   return (struct rte_event_ring *)rte_ring_create_elem(name,
+   sizeof(struct rte_event),
+   count, socket_id, flags);
 }
 
 
 struct rte_event_ring *
 rte_event_ring_lookup(const char *name)
 {
-   struct rte_tailq_entry *te;
-   struct rte_event_ring *r = NULL;
-   struct rte_event_ring_list *ring_list;
-
-   ring_list = RTE_TAILQ_CAST(rte_event_ring_tailq.head,
-   rte_event_ring_list);
-
-   rte_mcfg_tailq_read_lock();
-
-   TAILQ_FOREACH(te, ring_list, next) {
-   r = (struct rte_event_ring *) te->data;
-   if (strncmp(name, r->r.name, RTE_RING_NAMESIZE) == 0)
-   break;
-   }
-
-   rte_mcfg_tailq_read_unlock();
-
-   if (te == NULL) {
-   rte_errno = ENOENT;
-   return NULL;
-   }
-
-   return r;
+   return (struct rte_event_ring *)rte_ring_lookup(name);
 }
 
 /* free the ring */
 void
 rte_event_ring_free(struct rte_event_ring *r)
 {
-   struct rte_event_ring_list *ring_list = NULL

Re: [dpdk-dev] 18.11.6 (LTS) patches review and test

[Yu, PingX]

Kevin,
Intel finished the following regression test as bugs are found 18.11.6-rc1. All 
passed.

* Intel(R) Testing
# Basic Intel(R) NIC testing
* PF(i40e): Pass
* Build or compile: Pass

#Basic cryptodev: Pass.

Regards,
Yu Ping


> -Original Message-
> From: Kevin Traynor [mailto:ktray...@redhat.com]
> Sent: Tuesday, January 14, 2020 10:41 PM
> To: sta...@dpdk.org
> Cc: dev@dpdk.org; Abhishek Marathe ;
> Akhil Goyal ; Ali Alnubani ;
> Walker, Benjamin ; David Christensen
> ; Hemant Agrawal ;
> Stokes, Ian ; Jerin Jacob ;
> Mcnamara, John ; Ju-Hyoung Lee
> ; Kevin Traynor ; Luca
> Boccassi ; Pei Zhang ; Yu, PingX
> ; Xu, Qian Q ; Raslan Darawsheh
> ; Thomas Monjalon ; Peng,
> Yuan ; Chen, Zhaoyan ; Lili
> Deng 
> Subject: 18.11.6 (LTS) patches review and test
> 
> Hi all,
> 
> Here is a list of patches targeted for LTS release 18.11.6.
> 
> The planned date for the final release is 31st January.
> 
> Please help with testing and validation of your use cases and report any
> issues/results with reply-all to this mail. For the final release the fixes 
> and
> reported validations will be added to the release notes.
> 
> A release candidate tarball can be found at:
> 
> https://dpdk.org/browse/dpdk-stable/tag/?id=v18.11.6-rc2
> 
> These patches are located at branch 18.11 of dpdk-stable repo:
> https://dpdk.org/browse/dpdk-stable/
> 
> 
> rc2 notes:
> Looking at the list of commits since rc1 below and the tests reported, I 
> suggest
> that Red Hat, Mellanox and Microsoft do not need to re-test rc2, but of course
> you are welcome to if you prefer.
> 
> Intel had reported some failures so it would be good to re-test those.
> 
> rc1 -> rc2 commits:
> 99fc7cdad test/crypto: fix checks for null digest in null auth
> c5518d931 net/mlx: allow build only on Linux ec7abe27e pmdinfogen: fix
> freebsd build
> e6eefab32 kni: fix ethtool build for gcc 9
> dd8c3d464 net/mlx: fix build with clang 9 e86a5e81e eal: remove legacy PMD
> log macro
> d4cea5522 eventdev: use same log macro for all unsupported calls
> f518f3b58 eal: drop unused macros for primary process check 46367219d ci:
> use meson 0.47.1
> a29b3db54 net/mlx5: block RSS action without Rx queue
> 
> Thanks.
> 
> Kevin.
> 
> ---
> Aaron Conole (1):
>   test/interrupt: account for race with callback
> 
> Abhishek Sachan (1):
>   net/af_packet: fix stale sockets
> 
> Adrian Moreno (4):
>   vhost: fix vring memory partially mapped
>   vhost: translate incoming log address to GPA
>   vhost: prevent zero copy mode if IOMMU is on
>   vhost: convert buffer addresses to GPA for logging
> 
> Ajit Khaparde (9):
>   net/bnxt: fix setting max RSS contexts
>   net/bnxt: fix writing MTU to FW
>   net/bnxt: fix crash in xstats get
>   net/bnxt: fix resource qcaps with older FW
>   net/bnxt: fix async link handling and update
>   net/bnxt: fix flow flush handling
>   net/bnxt: update trusted VF status only when it changes
>   net/bnxt: fix doorbell register offset for Tx ring
>   net/bnxt: get default HWRM command timeout from FW
> 
> Akhil Goyal (1):
>   crypto/dpaa2_sec: fix length retrieved from hardware
> 
> Ali Alnubani (3):
>   mk: fix build on arm64
>   eal: fix header file install with meson
>   net/mlx: fix build with clang 9
> 
> Alvin Zhang (1):
>   net/i40e: fix exception with multi-driver
> 
> Amaranath Somalapuram (5):
>   doc: fix l2fwd-crypto usage in CCP guide
>   crypto/ccp: fix maximum queues and burst size
>   crypto/ccp: fix CPU authentication crash
>   crypto/ccp: fix scheduling of burst
>   crypto/ccp: fix digest size capabilities
> 
> Anatoly Burakov (2):
>   mempool: use actual IOVA addresses when populating
>   common/octeontx: add missing public symbol
> 
> Andrew Rybchenko (5):
>   ethdev: fix doc reference to FDIR disabled mode
>   ethdev: remove redundant device info cleanup before get
>   net/sfc: fix missing notification on link status change
>   net/virtio: reject unsupported Tx multi-queue modes
>   ethdev: avoid undefined behaviour on configuration copy
> 
> Andrzej Ostruszka (4):
>   doc: fix description of versioning macros
>   eventdev: fix possible use of uninitialized var
>   doc: fix tap guide
>   net/dpaa2: fix possible use of uninitialized vars
> 
> Anoob Joseph (1):
>   examples/ipsec-secgw: fix access to freed packet
> 
> Archana Muniganti (1):
>   app/crypto-perf: fix input of AEAD decrypt
> 
> Arek Kusztal (2):
>   crypto/qat: fix AES CMAC mininum digest size
>   test/crypto: fix checks for null digest in null auth
> 
> Bernard Iremonger (1):
>   examples/ipsec-secgw: fix unchecked return value
> 
> Bruce Richardson (4):
>   examples/vm_power: fix type of cmdline token in cli
>   port: fix pcap support with meson
>   examples: hide error for missing pkg-config path flag
>   usertools: fix typo in SPDX tag of telemetry script
> 
> Chaitan

Re: [dpdk-dev] [EXT] Re: [PATCH] ethdev: allow multiple security sessions to use one rte flow

[Ori Kam]

Hi Anoob,

Thanks for your explanation.
Best,
Ori


> -Original Message-
> From: Anoob Joseph 
> Sent: Saturday, January 18, 2020 10:12 AM
> To: Ori Kam ; Medvedkin, Vladimir
> ; Ananyev, Konstantin
> ; Akhil Goyal ;
> Adrien Mazarguil ; Doherty, Declan
> ; Yigit, Ferruh ; Jerin
> Jacob Kollanukkaran ; Thomas Monjalon
> 
> Cc: Ankur Dwivedi ; Hemant Agrawal
> ; Matan Azrad ;
> Nicolau, Radu ; Shahaf Shuler
> ; Narayana Prasad Raju Athreya
> ; dev@dpdk.org
> Subject: RE: [dpdk-dev] [EXT] Re: [PATCH] ethdev: allow multiple security
> sessions to use one rte flow
> 
> Hi Ori,
> 
> Please see inline.
> 
> Thanks,
> Anoob
> 
> > -Original Message-
> > From: Ori Kam 
> > Sent: Thursday, January 16, 2020 7:08 PM
> > To: Anoob Joseph ; Medvedkin, Vladimir
> > ; Ananyev, Konstantin
> > ; Akhil Goyal ;
> Adrien
> > Mazarguil ; Doherty, Declan
> > ; Yigit, Ferruh ; Jerin
> Jacob
> > Kollanukkaran ; Thomas Monjalon
> > 
> > Cc: Ankur Dwivedi ; Hemant Agrawal
> > ; Matan Azrad ;
> Nicolau,
> > Radu ; Shahaf Shuler ;
> > Narayana Prasad Raju Athreya ; dev@dpdk.org
> > Subject: RE: [dpdk-dev] [EXT] Re: [PATCH] ethdev: allow multiple security
> > sessions to use one rte flow
> >
> > Just one more question inline.
> >
> > > -Original Message-
> > > From: dev  On Behalf Of Anoob Joseph
> > > Sent: Thursday, January 16, 2020 2:03 PM
> > > To: Ori Kam ; Medvedkin, Vladimir
> > > ; Ananyev, Konstantin
> > > ; Akhil Goyal ;
> > > Adrien Mazarguil ; Doherty, Declan
> > > ; Yigit, Ferruh ;
> > > Jerin Jacob Kollanukkaran ; Thomas Monjalon
> > > 
> > > Cc: Ankur Dwivedi ; Hemant Agrawal
> > > ; Matan Azrad ;
> > Nicolau,
> > > Radu ; Shahaf Shuler
> ;
> > > Narayana Prasad Raju Athreya ; dev@dpdk.org
> > > Subject: Re: [dpdk-dev] [EXT] Re: [PATCH] ethdev: allow multiple
> > > security sessions to use one rte flow
> > >
> > > Hi Ori,
> > >
> > > Please see inline.
> > >
> > > Thanks,
> > > Anoob
> > >
> > > > -Original Message-
> > > > From: dev  On Behalf Of Ori Kam
> > > > Sent: Thursday, January 16, 2020 5:06 PM
> > > > To: Anoob Joseph ; Medvedkin, Vladimir
> > > > ; Ananyev, Konstantin
> > > > ; Akhil Goyal ;
> > > Adrien
> > > > Mazarguil ; Doherty, Declan
> > > > ; Yigit, Ferruh ;
> > > > Jerin
> > > Jacob
> > > > Kollanukkaran ; Thomas Monjalon
> > > > 
> > > > Cc: Ankur Dwivedi ; Hemant Agrawal
> > > > ; Matan Azrad ;
> > > Nicolau,
> > > > Radu ; Shahaf Shuler
> ;
> > > > Narayana Prasad Raju Athreya ;
> dev@dpdk.org
> > > > Subject: Re: [dpdk-dev] [EXT] Re: [PATCH] ethdev: allow multiple
> > > > security sessions to use one rte flow
> > > >
> > > >
> > > >
> > > > > -Original Message-
> > > > > From: dev  On Behalf Of Anoob Joseph
> > > > > Sent: Tuesday, January 14, 2020 11:28 AM
> > > > > To: Ori Kam ; Medvedkin, Vladimir
> > > > > ; Ananyev, Konstantin
> > > > > ; Akhil Goyal
> ;
> > > > > Adrien Mazarguil ; Doherty, Declan
> > > > > ; Yigit, Ferruh
> > > > > ; Jerin Jacob Kollanukkaran
> > > > > ; Thomas Monjalon 
> > > > > Cc: Ankur Dwivedi ; Hemant Agrawal
> > > > > ; Matan Azrad
> ;
> > > > Nicolau,
> > > > > Radu ; Shahaf Shuler
> > > ;
> > > > > Narayana Prasad Raju Athreya ;
> dev@dpdk.org
> > > > > Subject: Re: [dpdk-dev] [EXT] Re: [PATCH] ethdev: allow multiple
> > > > > security sessions to use one rte flow
> > > > >
> > > > > Hi Ori,
> > > > >
> > > > > Please see inline.
> > > > >
> > > > > Thanks,
> > > > > Anoob
> > > > >
> > > > > > -Original Message-
> > > > > > From: Ori Kam 
> > > > > > Sent: Thursday, January 9, 2020 1:06 PM
> > > > > > To: Medvedkin, Vladimir ;
> Ananyev,
> > > > > > Konstantin ; Anoob Joseph
> > > > > > ; Akhil Goyal ;
> Adrien
> > > > > > Mazarguil ; Doherty, Declan
> > > > > > ; Yigit, Ferruh
> > > > > > ; Jerin Jacob Kollanukkaran
> > > > > > ; Thomas Monjalon 
> > > > > > Cc: Ankur Dwivedi ; Hemant Agrawal
> > > > > > ; Matan Azrad
> ;
> > > > Nicolau,
> > > > > > Radu ; Shahaf Shuler
> > > ;
> > > > > > Narayana Prasad Raju Athreya ;
> > > dev@dpdk.org
> > > > > > Subject: RE: [dpdk-dev] [EXT] Re: [PATCH] ethdev: allow multiple
> > > > > > security sessions to use one rte flow
> > > > > >
> > > > > > Hi
> > > > > > sorry for jumping in late.
> > > > > >
> > > > > >
> > > > > > > -Original Message-
> > > > > > > From: dev  On Behalf Of Medvedkin,
> > > Vladimir
> > > > > > > Sent: Wednesday, January 8, 2020 4:30 PM
> > > > > > > To: Ananyev, Konstantin ;
> Anoob
> > > > > Joseph
> > > > > > > ; Akhil Goyal ;
> > > > > > > Adrien Mazarguil ; Doherty,
> Declan
> > > > > > > ; Yigit, Ferruh
> > > > > > > ;
> > > > > Jerin
> > > > > > > Jacob Kollanukkaran ; Thomas Monjalon
> > > > > > > 
> > > > > > > Cc: Ankur Dwivedi ; Hemant Agrawal
> > > > > > > ; Matan Azrad
> > > ;
> > > > > > > Nicolau, Radu ; Shahaf Shuler
> > > > > > > ; Narayana Prasad Raju Athreya
> > > > > > > ; dev@dpdk.org
> > > > > > > Subject: Re: [dpdk-dev] [EXT] Re: [PATCH] ethdev: allow
> > > > > > > multiple security sessions to use one rte flow
> > > > >

[dpdk-dev] [PATCH v2 0/3] armv8 crypto PMD update

[Ruifeng Wang]

Maintainance of armv8_crypto library created by Marvell/Cavium will
be discontinued. Going forward, Armv8 crypto PMD will link to AArch64
crypto library hosted by Arm.

Patch 1/3, 2/3 update source code and document respectively to reflect
the change.
Patch 3/3 fixs Clang build issue when Armv8 crypto PMD is enabled.


v2:
Convert to formal patches from RFC.
API and public structure renaming.

Ruifeng Wang (3):
  crypto/armv8: link PMD to crypto library hosted by Arm
  doc: update link to the crypto library for armv8 PMD
  crypto/armv8: fix clang build

 doc/guides/cryptodevs/armv8.rst  |  7 ++-
 drivers/crypto/armv8/Makefile|  3 +-
 drivers/crypto/armv8/armv8_pmd_private.h |  4 +-
 drivers/crypto/armv8/rte_armv8_pmd.c | 55 
 drivers/crypto/armv8/rte_armv8_pmd_ops.c |  2 -
 mk/rte.app.mk|  2 +-
 6 files changed, 44 insertions(+), 29 deletions(-)

-- 
2.17.1

[dpdk-dev] [PATCH v2 3/3] crypto/armv8: fix clang build

[Ruifeng Wang]

1. Clang requires braces around initialization of subobject.
2. Clang complains implicit conversion of enumeration type.

Trapped issue with Clang version 8.0 and CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO
was set.
Error messages:
rte_armv8_pmd.c:144:2: error: suggest braces around initialization of
 subobject [-Werror,-Wmissing-braces]
NULL
^~~~
{   }
/usr/lib/llvm-8/lib/clang/8.0.0/include/stddef.h:105:16: note: expanded
 from macro 'NULL'
   ^~
rte_armv8_pmd.c:429:21: error: implicit conversion from enumeration
 type 'enum rte_crypto_cipher_operation' to different enumeration type
  'enum armv8_crypto_cipher_operation' [-Werror,-Wenum-conversion]
cop = sess->cipher.direction;
~ ~^

Fixes: 169ca3db550c ("crypto/armv8: add PMD optimized for ARMv8 processors")
Cc: sta...@dpdk.org

Signed-off-by: Ruifeng Wang 
Reviewed-by: Honnappa Nagarahalli 
Reviewed-by: Gavin Hu 
---
 drivers/crypto/armv8/rte_armv8_pmd.c | 15 ---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c 
b/drivers/crypto/armv8/rte_armv8_pmd.c
index fd8140896..d2b7ab5e0 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -86,12 +86,12 @@ crypto_op_ca_encrypt = {
 
 static const crypto_func_tbl_t
 crypto_op_ca_decrypt = {
-   NULL
+   { {NULL} }
 };
 
 static const crypto_func_tbl_t
 crypto_op_ac_encrypt = {
-   NULL
+   { {NULL} }
 };
 
 static const crypto_func_tbl_t
@@ -377,7 +377,16 @@ armv8_crypto_set_session_chained_parameters(struct 
armv8_crypto_session *sess,
/* Select cipher key */
sess->cipher.key.length = cipher_xform->cipher.key.length;
/* Set cipher direction */
-   cop = sess->cipher.direction;
+   switch (sess->cipher.direction) {
+   case RTE_CRYPTO_CIPHER_OP_ENCRYPT:
+   cop = ARMV8_CRYPTO_CIPHER_OP_ENCRYPT;
+   break;
+   case RTE_CRYPTO_CIPHER_OP_DECRYPT:
+   cop = ARMV8_CRYPTO_CIPHER_OP_DECRYPT;
+   break;
+   default:
+   return -ENOTSUP;
+   }
/* Set cipher algorithm */
calg = cipher_xform->cipher.algo;
 
-- 
2.17.1

[dpdk-dev] [PATCH v2 1/3] crypto/armv8: link PMD to crypto library hosted by Arm

[Ruifeng Wang]

Armv8 crypto PMD linked to armv8_crypto library created by Marvell.
Maintenance of armv8_crypto library will be discontinued.
Change Armv8 PMD to link to AArch64 crypto library hosted by Arm.

Signed-off-by: Ruifeng Wang 
Reviewed-by: Honnappa Nagarahalli 
Reviewed-by: Gavin Hu 
Reviewed-by: Ola Liljedahl 
---
 drivers/crypto/armv8/Makefile|  3 +-
 drivers/crypto/armv8/armv8_pmd_private.h |  4 ++-
 drivers/crypto/armv8/rte_armv8_pmd.c | 40 ++--
 drivers/crypto/armv8/rte_armv8_pmd_ops.c |  2 --
 mk/rte.app.mk|  2 +-
 5 files changed, 29 insertions(+), 22 deletions(-)

diff --git a/drivers/crypto/armv8/Makefile b/drivers/crypto/armv8/Makefile
index 125283664..7f20a28d4 100644
--- a/drivers/crypto/armv8/Makefile
+++ b/drivers/crypto/armv8/Makefile
@@ -24,9 +24,8 @@ EXPORT_MAP := rte_pmd_armv8_version.map
 
 # external library dependencies
 CFLAGS += -I$(ARMV8_CRYPTO_LIB_PATH)
-CFLAGS += -I$(ARMV8_CRYPTO_LIB_PATH)/asm/include
 CFLAGS += -DALLOW_EXPERIMENTAL_API
-LDLIBS += -L$(ARMV8_CRYPTO_LIB_PATH) -larmv8_crypto
+LDLIBS += -L$(ARMV8_CRYPTO_LIB_PATH) -lAArch64crypto
 LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
 LDLIBS += -lrte_cryptodev
 LDLIBS += -lrte_bus_vdev
diff --git a/drivers/crypto/armv8/armv8_pmd_private.h 
b/drivers/crypto/armv8/armv8_pmd_private.h
index 24040dda2..e08d0df78 100644
--- a/drivers/crypto/armv8/armv8_pmd_private.h
+++ b/drivers/crypto/armv8/armv8_pmd_private.h
@@ -5,6 +5,8 @@
 #ifndef _ARMV8_PMD_PRIVATE_H_
 #define _ARMV8_PMD_PRIVATE_H_
 
+#include "AArch64cryptolib.h"
+
 #define CRYPTODEV_NAME_ARMV8_PMD   crypto_armv8
 /**< ARMv8 Crypto PMD device name */
 
@@ -98,7 +100,7 @@ enum armv8_crypto_auth_mode {
 
 typedef int (*crypto_func_t)(uint8_t *, uint8_t *, uint64_t,
uint8_t *, uint8_t *, uint64_t,
-   crypto_arg_t *);
+   armv8_cipher_digest_t *);
 
 typedef void (*crypto_key_sched_t)(uint8_t *, const uint8_t *);
 
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c 
b/drivers/crypto/armv8/rte_armv8_pmd.c
index 7dc83e69e..fd8140896 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -12,7 +12,7 @@
 #include 
 #include 
 
-#include "armv8_crypto_defs.h"
+#include "AArch64cryptolib.h"
 
 #include "armv8_pmd_private.h"
 
@@ -78,8 +78,10 @@ 
crypto_func_tbl_t[CRYPTO_CIPHER_MAX][CRYPTO_AUTH_MAX][CRYPTO_CIPHER_KEYLEN_MAX];
 static const crypto_func_tbl_t
 crypto_op_ca_encrypt = {
/* [cipher alg][auth alg][key length] = crypto_function, */
-   [CIPH_AES_CBC][AUTH_SHA1_HMAC][KEYL(128)] = aes128cbc_sha1_hmac,
-   [CIPH_AES_CBC][AUTH_SHA256_HMAC][KEYL(128)] = aes128cbc_sha256_hmac,
+   [CIPH_AES_CBC][AUTH_SHA1_HMAC][KEYL(128)] =
+   armv8_enc_aes_cbc_sha1_128,
+   [CIPH_AES_CBC][AUTH_SHA256_HMAC][KEYL(128)] =
+   armv8_enc_aes_cbc_sha256_128,
 };
 
 static const crypto_func_tbl_t
@@ -95,8 +97,10 @@ crypto_op_ac_encrypt = {
 static const crypto_func_tbl_t
 crypto_op_ac_decrypt = {
/* [cipher alg][auth alg][key length] = crypto_function, */
-   [CIPH_AES_CBC][AUTH_SHA1_HMAC][KEYL(128)] = sha1_hmac_aes128cbc_dec,
-   [CIPH_AES_CBC][AUTH_SHA256_HMAC][KEYL(128)] = sha256_hmac_aes128cbc_dec,
+   [CIPH_AES_CBC][AUTH_SHA1_HMAC][KEYL(128)] =
+   armv8_dec_aes_cbc_sha1_128,
+   [CIPH_AES_CBC][AUTH_SHA256_HMAC][KEYL(128)] =
+   armv8_dec_aes_cbc_sha256_128,
 };
 
 /**
@@ -155,13 +159,13 @@ 
crypto_key_sched_tbl_t[CRYPTO_CIPHER_MAX][CRYPTO_CIPHER_KEYLEN_MAX];
 static const crypto_key_sched_tbl_t
 crypto_key_sched_encrypt = {
/* [cipher alg][key length] = key_expand_func, */
-   [CIPH_AES_CBC][KEYL(128)] = aes128_key_sched_enc,
+   [CIPH_AES_CBC][KEYL(128)] = armv8_expandkeys_enc_aes_cbc_128,
 };
 
 static const crypto_key_sched_tbl_t
 crypto_key_sched_decrypt = {
/* [cipher alg][key length] = key_expand_func, */
-   [CIPH_AES_CBC][KEYL(128)] = aes128_key_sched_dec,
+   [CIPH_AES_CBC][KEYL(128)] = armv8_expandkeys_dec_aes_cbc_128,
 };
 
 /**
@@ -277,14 +281,16 @@ auth_set_prerequisites(struct armv8_crypto_session *sess,
 * Calculate partial hash values for i_key_pad and o_key_pad.
 * Will be used as initialization state for final HMAC.
 */
-   error = sha1_block_partial(NULL, sess->auth.hmac.i_key_pad,
-   partial, SHA1_BLOCK_SIZE);
+   error = armv8_sha1_block_partial(NULL,
+   sess->auth.hmac.i_key_pad,
+   partial, SHA1_BLOCK_SIZE);
if (error != 0)
return -1;
memcpy(sess->auth.hmac.i_key_pad, partial, SHA1_BLOCK_SIZE);
 
-   error = sha1_block_partial(NULL, sess->auth.hmac.o_key_pad,
-   partial, SHA1_BLOCK_SIZE);
+   error = armv8_sha1

[dpdk-dev] [PATCH v2 2/3] doc: update link to the crypto library for armv8 PMD

[Ruifeng Wang]

Armv8 crypto PMD now uses crypto library hosted by Arm.
Update doc with the crypto library link to reflect the change.

Signed-off-by: Ruifeng Wang 
Reviewed-by: Honnappa Nagarahalli 
Acked-by: Jerin Jacob 
---
 doc/guides/cryptodevs/armv8.rst | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/doc/guides/cryptodevs/armv8.rst b/doc/guides/cryptodevs/armv8.rst
index 1ab40096e..fee85354b 100644
--- a/doc/guides/cryptodevs/armv8.rst
+++ b/doc/guides/cryptodevs/armv8.rst
@@ -28,12 +28,11 @@ Installation
 
 In order to enable this virtual crypto PMD, user must:
 
-* Download ARMv8 crypto library source code from
-  `here `_
+* Download AArch64 crypto library source code from
+  `here `_
 
 * Export the environmental variable ARMV8_CRYPTO_LIB_PATH with
-  the path where the ``armv8_crypto`` library was downloaded
-  or cloned.
+  the path to ``AArch64cryptolib`` library.
 
 * Build the library by invoking:
 
-- 
2.17.1