[PATCH 06/13] test/crypto: add IPsec fragmented packet known vectors
From: Tejasree Kondoj
Add fragmented plain packet known vector test case in
IPsec outbound.
Signed-off-by: Tejasree Kondoj
---
app/test/test_cryptodev.c | 22 +
app/test/test_cryptodev_security_ipsec.c | 10 ++
app/test/test_cryptodev_security_ipsec.h | 1 +
.../test_cryptodev_security_ipsec_test_vectors.h | 104 +
4 files changed, 137 insertions(+)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index cb335fc..1315687 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9383,6 +9383,23 @@ test_ipsec_proto_known_vec_inb(const void *test_data)
}
static int
+test_ipsec_proto_known_vec_fragmented(const void *test_data)
+{
+ struct ipsec_test_data td_outb;
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+ flags.fragment = true;
+
+ memcpy(&td_outb, test_data, sizeof(td_outb));
+
+ /* Disable IV gen to be able to test with known vectors */
+ td_outb.ipsec_xform.options.iv_gen_disable = 1;
+
+ return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags);
+}
+
+static int
test_ipsec_proto_all(const struct ipsec_test_flags *flags)
{
struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX];
@@ -14514,6 +14531,11 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
test_ipsec_proto_known_vec,
&pkt_aes_128_cbc_hmac_sha256_v6),
TEST_CASE_NAMED_WITH_DATA(
+ "Outbound fragmented packet",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_fragmented,
+ &pkt_aes_128_gcm_frag),
+ TEST_CASE_NAMED_WITH_DATA(
"Inbound known vector (ESP tunnel mode IPv4 AES-GCM
128)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm),
diff --git a/app/test/test_cryptodev_security_ipsec.c
b/app/test/test_cryptodev_security_ipsec.c
index 12031d3..ccce63f 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -659,6 +659,16 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct
ipsec_test_data *td,
return TEST_FAILED;
}
+ if ((td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) &&
+ flags->fragment) {
+ const struct rte_ipv4_hdr *iph4;
+ iph4 = (const struct rte_ipv4_hdr *)output_text;
+ if (iph4->fragment_offset) {
+ printf("Output packet is fragmented");
+ return TEST_FAILED;
+ }
+ }
+
skip = test_ipsec_tunnel_hdr_len_get(td);
len -= skip;
diff --git a/app/test/test_cryptodev_security_ipsec.h
b/app/test/test_cryptodev_security_ipsec.h
index d74eee7..884a795 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -63,6 +63,7 @@ struct ipsec_test_flags {
bool l4_csum;
bool ipv6;
bool tunnel_ipv6;
+ bool fragment;
};
struct crypto_param {
diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h
b/app/test/test_cryptodev_security_ipsec_test_vectors.h
index b8661f7..b6d48ad 100644
--- a/app/test/test_cryptodev_security_ipsec_test_vectors.h
+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h
@@ -958,4 +958,108 @@ struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6 = {
},
};
+struct ipsec_test_data pkt_aes_128_gcm_frag = {
+ .key = {
+ .data = {
+ 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,
+ 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,
+ },
+ },
+ .input_text = {
+ .data = {
+ 0x45, 0x00, 0x00, 0x6e, 0x00, 0x01, 0x00, 0x17,
+ 0x40, 0x06, 0xed, 0x48, 0xc6, 0x12, 0x00, 0x00,
+ 0xc6, 0x12, 0x01, 0x05, 0x00, 0x14, 0x00, 0x50,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x50, 0x00, 0x00, 0x00, 0x55, 0x05, 0x00, 0x00,
+ 0x00, 0x01, 0x02, 0x03, 0xf2, 0xf6, 0xe9, 0x21,
+ 0xf9, 0xf2, 0xf6, 0xe9, 0x21, 0xf9, 0xf2, 0xf6,
+ 0xe9, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ .len =
[PATCH 07/13] test/crypto: add transport mode cases
Add transport mode tests with test cases for IPv4 packets.
Signed-off-by: Anoob Joseph
---
app/test/test_cryptodev.c| 39 ++
app/test/test_cryptodev_security_ipsec.c | 71 +---
app/test/test_cryptodev_security_ipsec.h | 1 +
3 files changed, 79 insertions(+), 32 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 1315687..f8f2660 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9162,15 +9162,19 @@ test_ipsec_proto_process(const struct ipsec_test_data
td[],
dst += 1;
}
- if (td->ipsec_xform.tunnel.type ==
- RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
- memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
- memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
- } else {
- memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
- sizeof(v6_src));
- memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
- sizeof(v6_dst));
+ if (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
+ if (td->ipsec_xform.tunnel.type ==
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src,
+ sizeof(src));
+ memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst,
+ sizeof(dst));
+ } else {
+ memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
+ sizeof(v6_src));
+ memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
+ sizeof(v6_dst));
+ }
}
ctx = rte_cryptodev_get_sec_ctx(dev_id);
@@ -9636,6 +9640,19 @@ test_ipsec_proto_tunnel_v6_in_v4(const void *data
__rte_unused)
}
static int
+test_ipsec_proto_transport_v4(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = false;
+ flags.transport = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
test_PDCP_PROTO_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -14635,6 +14652,10 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
"Tunnel IPv6 in IPv4",
ut_setup_security, ut_teardown,
test_ipsec_proto_tunnel_v6_in_v4),
+ TEST_CASE_NAMED_ST(
+ "Transport IPv4",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_transport_v4),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c
b/app/test/test_cryptodev_security_ipsec.c
index ccce63f..029fdd3 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -400,12 +400,21 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
test_ipsec_csum_init(&td->input_text.data, false, true);
}
- if (flags->tunnel_ipv6)
- td->ipsec_xform.tunnel.type =
- RTE_SECURITY_IPSEC_TUNNEL_IPV6;
- else
- td->ipsec_xform.tunnel.type =
- RTE_SECURITY_IPSEC_TUNNEL_IPV4;
+ if (flags->transport) {
+ td->ipsec_xform.mode =
+ RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT;
+ } else {
+ td->ipsec_xform.mode =
+ RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
+
+ if (flags->tunnel_ipv6)
+ td->ipsec_xform.tunnel.type =
+ RTE_SECURITY_IPSEC_TUNNEL_IPV6;
+ else
+ td->ipsec_xform.tunnel.type =
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4;
+ }
+
}
}
@@ -748,29 +757,45 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct
ipsec_test_data *td,
uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
int ret;
- if (flags->iv_gen &&
- td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
- ret = test_ipsec_iv_verify_push(m, td);
- if (ret != TEST_SUCCESS)
- return ret;
- }
-
if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
const struct rte_ipv4_hdr *iph4;
const struct rte_ipv6_hdr *iph6;
- if (td->ipsec_xform.tunnel.type ==
-
[PATCH 08/13] test/crypto: add security stats cases
From: Ankur Dwivedi
Adds security stats test cases in IPSEC protocol testsuite.
Signed-off-by: Ankur Dwivedi
---
app/test/test_cryptodev.c| 21 +
app/test/test_cryptodev_security_ipsec.c | 29 +
app/test/test_cryptodev_security_ipsec.h | 6 ++
3 files changed, 56 insertions(+)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f8f2660..34bc3e0 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9332,6 +9332,11 @@ test_ipsec_proto_process(const struct ipsec_test_data
td[],
if (ret != TEST_SUCCESS)
goto crypto_op_free;
+ ret = test_ipsec_stats_verify(ctx, ut_params->sec_session,
+ flags, dir);
+ if (ret != TEST_SUCCESS)
+ goto crypto_op_free;
+
rte_crypto_op_free(ut_params->op);
ut_params->op = NULL;
@@ -9653,6 +9658,18 @@ test_ipsec_proto_transport_v4(const void *data
__rte_unused)
}
static int
+test_ipsec_proto_stats(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.stats_success = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
test_PDCP_PROTO_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -14656,6 +14673,10 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
"Transport IPv4",
ut_setup_security, ut_teardown,
test_ipsec_proto_transport_v4),
+ TEST_CASE_NAMED_ST(
+ "Statistics: success",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_stats),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c
b/app/test/test_cryptodev_security_ipsec.c
index 029fdd3..6fa1d3d 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -415,6 +415,8 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
RTE_SECURITY_IPSEC_TUNNEL_IPV4;
}
+ if (flags->stats_success)
+ td->ipsec_xform.options.stats = 1;
}
}
@@ -871,3 +873,30 @@ test_ipsec_status_check(struct rte_crypto_op *op,
return ret;
}
+
+int
+test_ipsec_stats_verify(struct rte_security_ctx *ctx,
+ struct rte_security_session *sess,
+ const struct ipsec_test_flags *flags,
+ enum rte_security_ipsec_sa_direction dir)
+{
+ struct rte_security_stats stats = {0};
+ int ret = TEST_SUCCESS;
+
+ if (flags->stats_success) {
+ if (rte_security_session_stats_get(ctx, sess, &stats) < 0)
+ return TEST_FAILED;
+
+ if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+ if (stats.ipsec.opackets != 1 ||
+ stats.ipsec.oerrors != 0)
+ ret = TEST_FAILED;
+ } else {
+ if (stats.ipsec.ipackets != 1 ||
+ stats.ipsec.ierrors != 0)
+ ret = TEST_FAILED;
+ }
+ }
+
+ return ret;
+}
diff --git a/app/test/test_cryptodev_security_ipsec.h
b/app/test/test_cryptodev_security_ipsec.h
index 07d2453..3565a8c 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -65,6 +65,7 @@ struct ipsec_test_flags {
bool tunnel_ipv6;
bool transport;
bool fragment;
+ bool stats_success;
};
struct crypto_param {
@@ -188,4 +189,9 @@ int test_ipsec_status_check(struct rte_crypto_op *op,
enum rte_security_ipsec_sa_direction dir,
int pkt_num);
+int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
+ struct rte_security_session *sess,
+ const struct ipsec_test_flags *flags,
+ enum rte_security_ipsec_sa_direction dir);
+
#endif
--
2.7.4
[PATCH 09/13] test/crypto: add lookaside IPsec AES-CTR known vectors
From: Tejasree Kondoj
Add known vectors for AES-CTR in lookaside IPsec mode.
Signed-off-by: Tejasree Kondoj
---
app/test/test_cryptodev_security_ipsec.h | 15 +++
1 file changed, 15 insertions(+)
diff --git a/app/test/test_cryptodev_security_ipsec.h
b/app/test/test_cryptodev_security_ipsec.h
index 3565a8c..3376d08 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -103,6 +103,21 @@ static const struct crypto_param cipher_list[] = {
.alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC,
.key_length = 16,
},
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
+ .key_length = 16,
+ },
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
+ .key_length = 24,
+ },
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
+ .key_length = 32,
+ },
};
static const struct crypto_param auth_list[] = {
--
2.7.4
[PATCH 10/13] test/crypto: add fragmented packet case
From: Tejasree Kondoj
Add fragmented plain packet test case in combined mode.
Signed-off-by: Tejasree Kondoj
---
app/test/test_cryptodev.c| 16
app/test/test_cryptodev_security_ipsec.c | 7 +++
2 files changed, 23 insertions(+)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 34bc3e0..744eb9f 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9670,6 +9670,18 @@ test_ipsec_proto_stats(const void *data __rte_unused)
}
static int
+test_ipsec_proto_pkt_fragment(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.fragment = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
test_PDCP_PROTO_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -14677,6 +14689,10 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
"Statistics: success",
ut_setup_security, ut_teardown,
test_ipsec_proto_stats),
+ TEST_CASE_NAMED_ST(
+ "Fragmented packet",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_pkt_fragment),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c
b/app/test/test_cryptodev_security_ipsec.c
index 6fa1d3d..832f9d8 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -418,6 +418,13 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
if (flags->stats_success)
td->ipsec_xform.options.stats = 1;
+ if (flags->fragment) {
+ struct rte_ipv4_hdr *ip;
+ ip = (struct rte_ipv4_hdr *)&td->input_text.data;
+ ip->fragment_offset = 4;
+ ip->hdr_checksum = rte_ipv4_cksum(ip);
+ }
+
}
}
--
2.7.4
[PATCH 11/13] test/crypto: skip null auth in ICV corrupt case
From: Tejasree Kondoj Skipping NULL auth in ICV corruption test case. Signed-off-by: Tejasree Kondoj --- app/test/test_cryptodev.c | 5 + 1 file changed, 5 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 744eb9f..0f7885c 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9428,6 +9428,11 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) td_outb, nb_pkts); + if (flags->icv_corrupt && (td_outb->aead == false) && + (td_outb->xform.chain.auth.auth.algo == +RTE_CRYPTO_AUTH_NULL)) + continue; + ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true, flags); if (ret == TEST_SKIPPED) -- 2.7.4
[PATCH 12/13] test/crypto: add aes xcbc known vectors
Add known vector test cases for NULL cipher + AES-XCBC. Also add both
algos to the combined mode list of algos.
Signed-off-by: Anoob Joseph
---
app/test/test_cryptodev.c | 38 +++--
app/test/test_cryptodev_security_ipsec.c | 2 +
app/test/test_cryptodev_security_ipsec.h | 17
.../test_cryptodev_security_ipsec_test_vectors.h | 90 ++
4 files changed, 141 insertions(+), 6 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 0f7885c..aa85a19 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9368,8 +9368,11 @@ test_ipsec_proto_known_vec(const void *test_data)
memcpy(&td_outb, test_data, sizeof(td_outb));
- /* Disable IV gen to be able to test with known vectors */
- td_outb.ipsec_xform.options.iv_gen_disable = 1;
+ if (td_outb.aead ||
+ td_outb.xform.chain.cipher.cipher.algo != RTE_CRYPTO_CIPHER_NULL) {
+ /* Disable IV gen to be able to test with known vectors */
+ td_outb.ipsec_xform.options.iv_gen_disable = 1;
+ }
return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags);
}
@@ -9428,10 +9431,23 @@ test_ipsec_proto_all(const struct ipsec_test_flags
*flags)
td_outb,
nb_pkts);
- if (flags->icv_corrupt && (td_outb->aead == false) &&
- (td_outb->xform.chain.auth.auth.algo ==
-RTE_CRYPTO_AUTH_NULL))
- continue;
+ if (!td_outb->aead) {
+ enum rte_crypto_cipher_algorithm cipher_alg;
+ enum rte_crypto_auth_algorithm auth_alg;
+
+ cipher_alg = td_outb->xform.chain.cipher.cipher.algo;
+ auth_alg = td_outb->xform.chain.auth.auth.algo;
+
+ /* ICV is not applicable for NULL auth */
+ if (flags->icv_corrupt &&
+ auth_alg == RTE_CRYPTO_AUTH_NULL)
+ continue;
+
+ /* IV is not applicable for NULL cipher */
+ if (flags->iv_gen &&
+ cipher_alg == RTE_CRYPTO_CIPHER_NULL)
+ continue;
+ }
ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true,
flags);
@@ -14582,6 +14598,11 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
test_ipsec_proto_known_vec,
&pkt_aes_128_cbc_hmac_sha256_v6),
TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 NULL
AES-XCBC-MAC [12B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_null_aes_xcbc),
+ TEST_CASE_NAMED_WITH_DATA(
"Outbound fragmented packet",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_fragmented,
@@ -14626,6 +14647,11 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb,
&pkt_aes_128_cbc_hmac_sha256_v6),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 NULL
AES-XCBC-MAC [12B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_null_aes_xcbc),
TEST_CASE_NAMED_ST(
"Combined test alg list",
ut_setup_security, ut_teardown,
diff --git a/app/test/test_cryptodev_security_ipsec.c
b/app/test/test_cryptodev_security_ipsec.c
index 832f9d8..94e5213 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -375,6 +375,8 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
td->xform.chain.cipher.cipher.algo = param1->alg.cipher;
td->xform.chain.cipher.cipher.key.length =
param1->key_length;
+ td->xform.chain.cipher.cipher.iv.length =
+ param1->iv_length;
td->xform.chain.auth.auth.algo = param2->alg.auth;
td->xform.chain.auth.auth.key.length =
param2->key_length;
diff --git a/app/test/test_cryptodev_security_ipsec.h
b/app/test/test_cryptodev_security_ipsec.h
index 3376d08..6e27eba 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -76,6 +76,7 @
[PATCH 13/13] test/crypto: add copy and set DF cases
Add test cases to verify copy DF and set DF options with lookaside IPsec
offload.
Signed-off-by: Anoob Joseph
---
app/test/test_cryptodev.c| 75
app/test/test_cryptodev_security_ipsec.c | 71 --
app/test/test_cryptodev_security_ipsec.h | 10 +
doc/guides/rel_notes/release_22_03.rst | 18
4 files changed, 171 insertions(+), 3 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index aa85a19..aac17d1 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9169,6 +9169,13 @@ test_ipsec_proto_process(const struct ipsec_test_data
td[],
sizeof(src));
memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst,
sizeof(dst));
+
+ if (flags->df == TEST_IPSEC_SET_DF_0_INNER_1)
+ ipsec_xform.tunnel.ipv4.df = 0;
+
+ if (flags->df == TEST_IPSEC_SET_DF_1_INNER_0)
+ ipsec_xform.tunnel.ipv4.df = 1;
+
} else {
memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
sizeof(v6_src));
@@ -9282,6 +9289,9 @@ test_ipsec_proto_process(const struct ipsec_test_data
td[],
memcpy(input_text, td[i].input_text.data,
td[i].input_text.len);
+ if (test_ipsec_pkt_update(input_text, flags))
+ return TEST_FAILED;
+
/* Generate crypto op data structure */
ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -9700,6 +9710,55 @@ test_ipsec_proto_pkt_fragment(const void *data
__rte_unused)
flags.fragment = true;
return test_ipsec_proto_all(&flags);
+
+}
+
+static int
+test_ipsec_proto_copy_df_inner_0(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_COPY_DF_INNER_0;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_copy_df_inner_1(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_COPY_DF_INNER_1;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_0_inner_1(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_SET_DF_0_INNER_1;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_1_inner_0(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_SET_DF_1_INNER_0;
+
+ return test_ipsec_proto_all(&flags);
}
static int
@@ -14724,6 +14783,22 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
"Fragmented packet",
ut_setup_security, ut_teardown,
test_ipsec_proto_pkt_fragment),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header copy DF (inner 0)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_copy_df_inner_0),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header copy DF (inner 1)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_copy_df_inner_1),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header set DF 0 (inner 1)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_set_df_0_inner_1),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header set DF 1 (inner 0)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_set_df_1_inner_0),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c
b/app/test/test_cryptodev_security_ipsec.c
index 94e5213..4f5f20c 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -427,6 +427,9 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
ip->hdr_checksum = rte_ipv4_cksum(ip);
}
+ if (flags->df == TEST_IPSEC_COPY_DF_INNER_0 ||
+ flags->df == TEST_IPSEC_COPY_DF_INNER_1)
+ td->ipsec_xform.options.copy_df = 1;
}
}
@@ -640,6 +643,7 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct
ipsec_test_data *td,
{
uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
uint32_t skip, len = rte_pktmbuf_pkt_len(m);
+ uint8_t td_output_text
Re: [EXT] Re: [PATCH v3 4/5] common/cnxk: link REE support to ROC files
On Mon, Dec 6, 2021 at 12:24 PM Liron Himi wrote:
>
> Hi,
>
> This patch is not just for map update.
> what about all other changes?
1) roc_ree.c is added in this patch to build. It should be moved to
the first patch where thing started building
+'roc_ree.c',
2) All other minor changes in this patch can be squashed to respective patches.
>
> Liron Himi
>
>
>
> Park Azorim, Kyriat Arie, Petah Tikva, 49527, Israel
> Mobile: +972.52.3329169
>
> -Original Message-
> From: Jerin Jacob
> Sent: Monday, 6 December 2021 07:08
> To: Liron Himi
> Cc: Jerin Jacob Kollanukkaran ; dpdk-dev
> Subject: [EXT] Re: [PATCH v3 4/5] common/cnxk: link REE support to ROC files
>
> External Email
>
> --
> On Tue, Nov 30, 2021 at 1:30 AM wrote:
> >
> > From: Liron Himi
> >
> > add references to REE files from ROC files
> >
> > Signed-off-by: Liron Himi
> > ---
> > cnxk_logtype_nix;
> > cnxk_logtype_npa;
> > cnxk_logtype_npc;
> > + cnxk_logtype_ree;
> > cnxk_logtype_sso;
> > cnxk_logtype_tim;
> > cnxk_logtype_tm;
> > @@ -347,6 +348,21 @@ INTERNAL {
> > roc_tim_lf_enable;
> > roc_tim_lf_free;
> > roc_se_ctx_swap;
> > -
> > + roc_ree_af_reg_read;
> > + roc_ree_af_reg_write;
> > + roc_ree_config_lf;
> > + roc_ree_dev_fini;
> > + roc_ree_dev_init;
> > + roc_ree_err_intr_register;
> > + roc_ree_err_intr_unregister;
> > + roc_ree_iq_disable;
> > + roc_ree_iq_enable;
> > + roc_ree_msix_offsets_get;
> > + roc_ree_qp_get_base;
> > + roc_ree_queues_attach;
> > + roc_ree_queues_detach;
> > + roc_ree_rule_db_get;
> > + roc_ree_rule_db_len_get;
> > + roc_ree_rule_db_prog;
>
>
> We don't update .map files in a separate patch. Please update this to the
> respective patch.
> In short, this 4/5 patch can be squashed to respective patches.
> Rest looks good to me. We can merge the next version if there are no other
> comments.
>
>
> > local: *;
> > };
> > --
> > 2.28.0
> >
RE: [dpdk-dev] Question Regarding FIPS Validation in DPDK
> -Original Message- > From: Brandon Lo > Sent: Friday, December 3, 2021 6:45 PM > To: Mcnamara, John > Cc: Zhang, Roy Fan ; dev ; > Kovacevic, Marko > Subject: Re: [dpdk-dev] Question Regarding FIPS Validation in DPDK > > On Thu, Dec 2, 2021 at 9:45 AM Mcnamara, John > wrote: > > > At the time the dpdk-fips_validation tool was written the test > > > vectors weren't available in JSON format, and, to the best of my > > > knowledge, there was a format specification (which is why there is > > > different parsing for different algorithms). We (the community) > > > should probably move to the JSON format. Adding Fan Zhang since I > > > think this was discussion in the community previously. > > > > Sorry I meant to say " to the best of my knowledge, there *wasn't* a > format specification" available. > > > > John > > Should we plan to move away from the old format to only use the new JSON > format going forward? I believe the file format "CAVS 21.0" is fully > deprecated and NIST does not produce any new files in that format. Yes, we should drop support for the older formats, which were inconsistent and hard to deal with. I don't know if there are any deprecation implications, we can look into that. John
RE: [PATCH 0/3] fix MPRQ prepare
Hi, > -Original Message- > From: Michael Baum > Sent: Tuesday, November 23, 2021 8:38 PM > To: dev@dpdk.org > Cc: Matan Azrad ; Raslan Darawsheh > ; Slava Ovsiienko ; Michael > Baum > Subject: [PATCH 0/3] fix MPRQ prepare > > From: Michael Baum > > Prepare Multy-Packet RQ and fix missing devargs check. > > Michael Baum (3): > common/mlx5: add min WQE size for striding RQ > net/mlx5: improve stride parameter names > net/mlx5: fix missing adjustment MPRQ stride devargs > > drivers/common/mlx5/mlx5_devx_cmds.c | 16 ++ > drivers/common/mlx5/mlx5_devx_cmds.h | 1 + > drivers/common/mlx5/mlx5_prm.h | 11 +- > drivers/net/mlx5/linux/mlx5_os.c | 56 ++ > drivers/net/mlx5/linux/mlx5_verbs.c | 4 +- > drivers/net/mlx5/mlx5.c | 4 +- > drivers/net/mlx5/mlx5.h | 12 +- > drivers/net/mlx5/mlx5_defs.h | 4 +- > drivers/net/mlx5/mlx5_devx.c | 4 +- > drivers/net/mlx5/mlx5_rx.c | 22 +-- > drivers/net/mlx5/mlx5_rx.h | 12 +- > drivers/net/mlx5/mlx5_rxq.c | 247 ++- > drivers/net/mlx5/mlx5_rxtx_vec.c | 8 +- > 13 files changed, 240 insertions(+), 161 deletions(-) > > -- > 2.25.1 Series applied to next-net-mlx, Kindest regards, Raslan Darawsheh
RE: [PATCH v2] net/mlx5: fix modify field MAC address offset
Hi,
> -Original Message-
> From: Slava Ovsiienko
> Sent: Friday, November 26, 2021 3:10 PM
> To: dev@dpdk.org
> Cc: ferruh.yi...@intel.com; NBU-Contact-Thomas Monjalon (EXTERNAL)
> ; Matan Azrad ; Raslan
> Darawsheh
> Subject: [PATCH v2] net/mlx5: fix modify field MAC address offset
>
> The MAC addresses fields are 48 bit wide and are processed
> by mlx5 PMD as two words. There the bug was introduced for
> the offset, causing malfunction of MODIFY_FIELD action
> with MAC address fields as source or destination and
> with non zero field offset.
>
> Fixes: 40c8fb1fd3b3 ("net/mlx5: update modify field action")
>
added Cc: sta...@dpdk.org
> Signed-off-by: Viacheslav Ovsiienko
Patch applied to next-net-mlx,
Kindest regards,
Raslan Darawsheh
RE: [PATCH] net/mlx5: fix metadata endianness in modify field action
Hi,
> -Original Message-
> From: Slava Ovsiienko
> Sent: Monday, November 29, 2021 2:33 PM
> To: dev@dpdk.org
> Cc: Matan Azrad ; Raslan Darawsheh
> ; sta...@dpdk.org
> Subject: [PATCH] net/mlx5: fix metadata endianness in modify field action
>
> As modify field action immediate source parameter the metadata
> should follow the CPU endianness (according to SET_META action
> structure format), and mlx5 PMD wrongly handled the immediate
> parameter metadata buffer as big-endian, resulting in wrong
> metadata set action with incorrect endianness.
>
> Fixes: 40c8fb1fd3b3 ("net/mlx5: update modify field action")
> Cc: sta...@dpdk.org
>
> Signed-off-by: Viacheslav Ovsiienko
Patch applied to next-net-mlx,
Kindest regards,
Raslan Darawsheh
Re: vmxnet3 no longer functional on DPDK 21.11
On Sun, Dec 05, 2021 at 07:52:33PM -0600, Lewis Donzis wrote: > > > - On Nov 30, 2021, at 7:42 AM, Bruce Richardson > bruce.richard...@intel.com wrote: > > > On Mon, Nov 29, 2021 at 02:45:15PM -0600, Lewis Donzis wrote: > >>Hello. > >>We just upgraded from 21.08 to 21.11 and it's rather astounding the > >>number of incompatible changes in three months. Not a big deal, just > >>kind of a surprise, that's all. > >>Anyway, the problem is that the vmxnet3 driver is no longer functional > >>on FreeBSD. > >>In drivers/net/vmxnet3/vmxnet3_ethdev.c, vmxnet3_dev_start() gets an > >>error calling rte_intr_enable(). So it logs "interrupt enable failed" > >>and returns an error. > >>In lib/eal/freebsd/eal_interrupts.c, rte_intr_enable() is returning an > >>error because rte_intr_dev_fd_get(intr_handle) is returning -1. > >>I don't see how that could ever return anything other than -1 since it > >>appears that there is no code that ever calls rte_intr_dev_fd_set() > >>with a value other than -1 on FreeBSD. Also weird to me is that even > >>if it didn't get an error, the switch statement that follows looks like > >>it will return an error in every case. > >>Nonetheless, it worked in 21.08, and I can't quite see why the > >>difference, so I must be missing something. > >>For the moment, I just commented the "return -EIO" in vmxnet3_ethdev.c, > >>and it's now working again, but that's obviously not the correct > >>solution. > >>Can someone who's knowledgable about this mechanism perhaps explain a > >>little bit about what's going on? I'll be happy to help troubleshoot. > >>It seems like it must be something simple, but I just don't see it yet. > > > > Hi > > > > if you have the chance, it would be useful if you could use "git bisect" to > > identify the commit in 21.11 that broke this driver. Looking through the > > logs for 21.11 I can't identify any particular likely-looking commit, so > > bisect is likely a good way to start looking into this. > > > > Regards, > > /Bruce > > Hi, Bruce. git bisect is very time-consuming and very cool! > > I went back to 21.08, about 1100 commits, and worked through the process, but > then I realized that I had forgotten to run ninja on one of the steps, so I > did it again. > > I also re-checked it after the bisect, just to make sure that > c87d435a4d79739c0cec2ed280b94b41cb908af7 is good, and > 7a0935239b9eb817c65c03554a9954ddb8ea5044 is bad. > > Thanks, > lew > Many thanks for taking the time to do this. Adding Konstantin to thread as author of the commit you identified. Konstantin, any thoughts on this issue? /Bruce
[PATCH 7/7] net/ixgbe: Treat 1G Cu SFPs as 1G SX on the X550 devices
1G Cu SFPs are not officially supported on the X552/X553 family of devices but treat them as 1G SX modules since they usually work. Print a warning though since support isn't validated, similar to what already happens for other unofficially supported SFPs enabled via the allow_unsupported_sfps parameter inherited from the mainline Linux driver. Signed-off-by: Stephen Douthit --- drivers/net/ixgbe/base/ixgbe_x550.c | 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/drivers/net/ixgbe/base/ixgbe_x550.c b/drivers/net/ixgbe/base/ixgbe_x550.c index 8810d1658e..8d1bc6c80d 100644 --- a/drivers/net/ixgbe/base/ixgbe_x550.c +++ b/drivers/net/ixgbe/base/ixgbe_x550.c @@ -1538,9 +1538,21 @@ STATIC s32 ixgbe_supported_sfp_modules_X550em(struct ixgbe_hw *hw, bool *linear) case ixgbe_sfp_type_1g_lha_core1: *linear = false; break; - case ixgbe_sfp_type_unknown: + /* Copper SFPs are not officially supported for x550em devices, but can +* often be made to work at fixed 1G speeds. Pretend they're 1g_sx +* modules here to allow g.Fast DSL SFPs to work. +*/ case ixgbe_sfp_type_1g_cu_core0: + EWARN(hw, "Pretending that unsupported 1g_cu SFP is 1g_sx\n"); + *linear = false; + hw->phy.sfp_type = ixgbe_sfp_type_1g_sx_core0; + break; case ixgbe_sfp_type_1g_cu_core1: + EWARN(hw, "Pretending that unsupported 1g_cu SFP is 1g_sx\n"); + *linear = false; + hw->phy.sfp_type = ixgbe_sfp_type_1g_sx_core1; + break; + case ixgbe_sfp_type_unknown: default: return IXGBE_ERR_SFP_NOT_SUPPORTED; } -- 2.31.1
Re: [dpdk-dev] [PATCH] ethdev: support queue-based priority flow control
On Sun, Dec 5, 2021 at 11:30 PM Stephen Hemminger wrote: > > On Sun, 5 Dec 2021 12:33:57 +0530 > Jerin Jacob wrote: > > > On Sat, Dec 4, 2021 at 11:08 PM Stephen Hemminger > > wrote: > > > > > > On Sat, 4 Dec 2021 22:54:58 +0530 > > > wrote: > > > > > > > + /** > > > > + * Maximum supported traffic class as per PFC (802.1Qbb) > > > > specification. > > > > + * > > > > + * Based on device support and use-case need, there are two > > > > different > > > > + * ways to enable PFC. The first case is the port level PFC > > > > + * configuration, in this case, > > > > rte_eth_dev_priority_flow_ctrl_set() > > > > + * API shall be used to configure the PFC, and PFC frames will be > > > > + * generated using based on VLAN TC value. > > > > + * The second case is the queue level PFC configuration, in this > > > > case, > > > > + * Any packet field content can be used to steer the packet to the > > > > + * specific queue using rte_flow or RSS and then use > > > > + * rte_eth_dev_priority_flow_ctrl_queue_set() to set the TC > > > > mapping > > > > + * on each queue. Based on congestion selected on the specific > > > > queue, > > > > + * configured TC shall be used to generate PFC frames. > > > > + * > > > > + * When set to non zero value, application must use queue level > > > > + * PFC configuration via > > > > rte_eth_dev_priority_flow_ctrl_queue_set() API > > > > + * instead of port level PFC configuration via > > > > + * rte_eth_dev_priority_flow_ctrl_set() API to realize > > > > + * PFC configuration. > > > > + */ > > > > + uint8_t pfc_queue_tc_max; > > > > + uint8_t reserved_8s[7]; > > > > + uint64_t reserved_64s[1]; /**< Reserved for future fields */ > > > > void *reserved_ptrs[2]; /**< Reserved for future fields */ > > > > > > Not sure you can claim ABI compatibility because the previous versions of > > > DPDK > > > did not enforce that reserved fields must be zero. The Linux kernel > > > learned this when adding flags for new system calls; reserved fields only > > > work if you enforce that application must set them to zero. > > > > In this case it rte_eth_dev_info is an out parameter and implementation of > > rte_eth_dev_info_get() already memseting to 0. > > Do you still see any other ABI issue? > > > > See rte_eth_dev_info_get() > > /* > > * Init dev_info before port_id check since caller does not have > > * return status and does not know if get is successful or not. > > */ > > memset(dev_info, 0, sizeof(struct rte_eth_dev_info)); > > The concern was from the misreading comment. It talks about what application > should do. > Could you reword the comment so that it describes what pfc_queue_tc_max is > here The comment is at rte_eth_dev_info::pfc_queue_tc_max. So it is implied that get pararamter. current comment --- + * When set to non zero value, application must use queue level + * PFC configuration via rte_eth_dev_priority_flow_ctrl_queue_set() API + * instead of port level PFC configuration via + * rte_eth_dev_priority_flow_ctrl_set() API to realize + * PFC configuration. --- Is updating to following help to clarify. If so, I will send v2, if not, Please suggest. --- + * When set to non zero value by the driver, application must use queue level ^^^ + * PFC configuration via rte_eth_dev_priority_flow_ctrl_queue_set() API + * instead of port level PFC configuration via + * rte_eth_dev_priority_flow_ctrl_set() API to realize + * PFC configuration. --- > and move the flow control set part of the comment to where the API for that > is. The comment is needed for rte_eth_dev_priority_flow_ctrl_set() and rte_eth_dev_priority_flow_ctrl_queue_set(). Instead of duplicating the comments, I added the comment at rte_eth_dev_info::pfc_queue_tc_max and added "@see struct rte_eth_dev_info::pfc_queue_tc_max priority flow control usage models" in rte_eth_dev_priority_flow_ctrl_set() and rte_eth_dev_priority_flow_ctrl_queue_set().
[PATCH v2 00/13] Add new cases to lookaside IPsec tests
Add new tests to lookaside IPsec tests. * Support for chained operations. * AES-CBC 128 NULL auth known vector tests. * AES-CBC 128 HMAC-SHA256 known vector tests. * AES-CBC 128 HMAC-SHA384 known vector tests. * AES-CBC 128 HMAC-SHA512 known vector tests. * NULL cipher AES-XCBC known vector tests. * Tunnel mode tests * IPv6 in IPv6 * IPv4 in IPv4 * IPv4 in IPv6 * IPv6 in IPv4 * IPv4 transport mode tests. * Tunnel mode fragment packet tests. * Security stats tests. * AES-CTR tests. * set/copy DF tests. Changes in v2: - Moved release notes update to originating patch - Fixed build failure with last patch Ankur Dwivedi (1): test/crypto: add security stats cases Anoob Joseph (5): test/crypto: add IPsec aes-cbc known vectors test/crypto: add chained operations in combined cases test/crypto: add transport mode cases test/crypto: add aes xcbc known vectors test/crypto: add copy and set DF cases Tejasree Kondoj (7): test/crypto: add IPsec AES-CBC-HMAC-SHA256 known vectors test/crypto: add IPv6 tunnel mode cases test/crypto: add IPsec HMAC-SHA384/512 known vectors test/crypto: add IPsec fragmented packet known vectors test/crypto: add lookaside IPsec AES-CTR known vectors test/crypto: add fragmented packet case test/crypto: skip null auth in ICV corrupt case app/test/test_cryptodev.c | 395 +- app/test/test_cryptodev_security_ipsec.c | 352 - app/test/test_cryptodev_security_ipsec.h | 113 +++ .../test_cryptodev_security_ipsec_test_vectors.h | 828 + doc/guides/rel_notes/release_22_03.rst | 19 + 5 files changed, 1665 insertions(+), 42 deletions(-) -- 2.7.4
[PATCH v2 01/13] test/crypto: add IPsec aes-cbc known vectors
Extend the framework to support chained operations and add
AES-CBC 128 known vector tests.
Signed-off-by: Anoob Joseph
---
app/test/test_cryptodev.c | 62 ++--
app/test/test_cryptodev_security_ipsec.c | 51 ++
app/test/test_cryptodev_security_ipsec.h | 8 ++
.../test_cryptodev_security_ipsec_test_vectors.h | 110 +
doc/guides/rel_notes/release_22_03.rst | 4 +
5 files changed, 226 insertions(+), 9 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 10b48cd..6d94085 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9191,23 +9191,59 @@ test_ipsec_proto_process(const struct ipsec_test_data
td[],
return TEST_SKIPPED;
}
} else {
- /* Only AEAD supported now */
- return TEST_SKIPPED;
+ memcpy(&ut_params->cipher_xform, &td[0].xform.chain.cipher,
+ sizeof(ut_params->cipher_xform));
+ memcpy(&ut_params->auth_xform, &td[0].xform.chain.auth,
+ sizeof(ut_params->auth_xform));
+ ut_params->cipher_xform.cipher.key.data = td[0].key.data;
+ ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+ ut_params->auth_xform.auth.key.data = td[0].key.data;
+
+ /* Verify crypto capabilities */
+
+ if (test_ipsec_crypto_caps_cipher_verify(
+ sec_cap,
+ &ut_params->cipher_xform) != 0) {
+ if (!silent)
+ RTE_LOG(INFO, USER1,
+ "Cipher crypto capabilities not
supported\n");
+ return TEST_SKIPPED;
+ }
+
+ if (test_ipsec_crypto_caps_auth_verify(
+ sec_cap,
+ &ut_params->auth_xform) != 0) {
+ if (!silent)
+ RTE_LOG(INFO, USER1,
+ "Auth crypto capabilities not
supported\n");
+ return TEST_SKIPPED;
+ }
}
if (test_ipsec_sec_caps_verify(&ipsec_xform, sec_cap, silent) != 0)
return TEST_SKIPPED;
- salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len);
- memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len);
-
struct rte_security_session_conf sess_conf = {
.action_type = ut_params->type,
.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
- .ipsec = ipsec_xform,
- .crypto_xform = &ut_params->aead_xform,
};
+ if (td[0].aead) {
+ salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len);
+ memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len);
+ sess_conf.ipsec = ipsec_xform;
+ sess_conf.crypto_xform = &ut_params->aead_xform;
+ } else {
+ sess_conf.ipsec = ipsec_xform;
+ if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+ sess_conf.crypto_xform = &ut_params->cipher_xform;
+ ut_params->cipher_xform.next = &ut_params->auth_xform;
+ } else {
+ sess_conf.crypto_xform = &ut_params->auth_xform;
+ ut_params->auth_xform.next = &ut_params->cipher_xform;
+ }
+ }
+
/* Create security session */
ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
ts_params->session_mpool,
@@ -9316,14 +9352,18 @@ test_ipsec_proto_known_vec(const void *test_data)
}
static int
-test_ipsec_proto_known_vec_inb(const void *td_outb)
+test_ipsec_proto_known_vec_inb(const void *test_data)
{
+ const struct ipsec_test_data *td = test_data;
struct ipsec_test_flags flags;
struct ipsec_test_data td_inb;
memset(&flags, 0, sizeof(flags));
- test_ipsec_td_in_from_out(td_outb, &td_inb);
+ if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
+ test_ipsec_td_in_from_out(td, &td_inb);
+ else
+ memcpy(&td_inb, td, sizeof(td_inb));
return test_ipsec_proto_process(&td_inb, NULL, 1, false, &flags);
}
@@ -14394,6 +14434,10 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
"Inbound known vector (ESP tunnel mode IPv4 AES-GCM
256)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC
128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb, &pkt_a
[PATCH v2 02/13] test/crypto: add IPsec AES-CBC-HMAC-SHA256 known vectors
From: Tejasree Kondoj
Adding lookaside IPsec AES-CBC-HMAC-SHA256 test cases.
Signed-off-by: Tejasree Kondoj
---
app/test/test_cryptodev.c | 12 ++-
app/test/test_cryptodev_security_ipsec.h | 3 +
.../test_cryptodev_security_ipsec_test_vectors.h | 109 +
doc/guides/rel_notes/release_22_03.rst | 1 +
4 files changed, 124 insertions(+), 1 deletion(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 6d94085..c91b745 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9197,7 +9197,7 @@ test_ipsec_proto_process(const struct ipsec_test_data
td[],
sizeof(ut_params->auth_xform));
ut_params->cipher_xform.cipher.key.data = td[0].key.data;
ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
- ut_params->auth_xform.auth.key.data = td[0].key.data;
+ ut_params->auth_xform.auth.key.data = td[0].auth_key.data;
/* Verify crypto capabilities */
@@ -14423,6 +14423,11 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec, &pkt_aes_256_gcm),
TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-CBC
128 HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
"Inbound known vector (ESP tunnel mode IPv4 AES-GCM
128)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm),
@@ -14438,6 +14443,11 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
"Inbound known vector (ESP tunnel mode IPv4 AES-CBC
128)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_128_cbc_null),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128
HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_aes_128_cbc_hmac_sha256),
TEST_CASE_NAMED_ST(
"Combined test alg list",
ut_setup_security, ut_teardown,
diff --git a/app/test/test_cryptodev_security_ipsec.h
b/app/test/test_cryptodev_security_ipsec.h
index 91c6cd4..70a264a 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -14,6 +14,9 @@ struct ipsec_test_data {
struct {
uint8_t data[32];
} key;
+ struct {
+ uint8_t data[32];
+ } auth_key;
struct {
uint8_t data[1024];
diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h
b/app/test/test_cryptodev_security_ipsec_test_vectors.h
index bf831e9..16c88fe 100644
--- a/app/test/test_cryptodev_security_ipsec_test_vectors.h
+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h
@@ -434,4 +434,113 @@ struct ipsec_test_data pkt_aes_128_cbc_null = {
},
};
+struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256 = {
+ .key = {
+ .data = {
+ 0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x0a, 0x0b, 0x0c, 0x0f, 0x00, 0x00,
+ },
+ },
+ .auth_key = {
+ .data = {
+ 0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+ 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ },
+ },
+ .input_text = {
+ .data = {
+ /* IP */
+ 0x45, 0x00, 0x00, 0x32, 0x00, 0x01, 0x00, 0x00,
+ 0x1f, 0x11, 0x17, 0x8b, 0xc0, 0xa8, 0x01, 0x6f,
+ 0xc0, 0xa8, 0x01, 0x70,
+
+ /* UDP */
+ 0x00, 0x09, 0x00, 0x09, 0x00, 0x1e, 0x00, 0x00,
+ 0xbe, 0x9b, 0xe9, 0x55, 0x00, 0x00, 0x00, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ .len = 50,
+ },
+ .output_text = {
+ .data = {
+ /* IP - outer header */
+ 0x45, 0x00, 0x00, 0x7c, 0x00, 0x01, 0x00, 0x00,
+ 0x40, 0x32, 0x52, 0x4d, 0x14, 0x00, 0x00, 0x01,
+ 0x14, 0x00, 0x00,
[PATCH v2 03/13] test/crypto: add chained operations in combined cases
Extend lookaside IPsec combined mode cases to cover chained operations
also.
Currently covering combinations of,
Ciphers,
1. AES-128-CBC
Auth,
1. NULL
2. SHA2-256 [16B ICV]
Signed-off-by: Anoob Joseph
---
app/test/test_cryptodev.c| 11 +++--
app/test/test_cryptodev_security_ipsec.c | 77 +---
app/test/test_cryptodev_security_ipsec.h | 36 +++
doc/guides/rel_notes/release_22_03.rst | 1 +
4 files changed, 104 insertions(+), 21 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index c91b745..a307aec 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -835,6 +835,8 @@ ipsec_proto_testsuite_setup(void)
ret = TEST_SKIPPED;
}
+ test_ipsec_alg_list_populate();
+
/*
* Stop the device. Device would be started again by individual test
* case setup routine.
@@ -9381,9 +9383,9 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
flags->sa_expiry_pkts_hard)
nb_pkts = IPSEC_TEST_PACKETS_MAX;
- for (i = 0; i < RTE_DIM(aead_list); i++) {
- test_ipsec_td_prepare(&aead_list[i],
- NULL,
+ for (i = 0; i < RTE_DIM(alg_list); i++) {
+ test_ipsec_td_prepare(alg_list[i].param1,
+ alg_list[i].param2,
flags,
td_outb,
nb_pkts);
@@ -9407,7 +9409,8 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
return TEST_FAILED;
if (flags->display_alg)
- test_ipsec_display_alg(&aead_list[i], NULL);
+ test_ipsec_display_alg(alg_list[i].param1,
+ alg_list[i].param2);
pass_cnt++;
}
diff --git a/app/test/test_cryptodev_security_ipsec.c
b/app/test/test_cryptodev_security_ipsec.c
index 45960bf..5f67dc0 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -15,7 +15,29 @@
#define IV_LEN_MAX 16
-extern struct ipsec_test_data pkt_aes_256_gcm;
+struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
+ (RTE_DIM(cipher_list) *
+ RTE_DIM(auth_list))];
+
+void
+test_ipsec_alg_list_populate(void)
+{
+ unsigned long i, j, index = 0;
+
+ for (i = 0; i < RTE_DIM(aead_list); i++) {
+ alg_list[index].param1 = &aead_list[i];
+ alg_list[index].param2 = NULL;
+ index++;
+ }
+
+ for (i = 0; i < RTE_DIM(cipher_list); i++) {
+ for (j = 0; j < RTE_DIM(auth_list); j++) {
+ alg_list[index].param1 = &cipher_list[i];
+ alg_list[index].param2 = &auth_list[j];
+ index++;
+ }
+ }
+}
int
test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
@@ -293,18 +315,31 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
for (i = 0; i < nb_td; i++) {
td = &td_array[i];
- /* Copy template for packet & key fields */
- memcpy(td, &pkt_aes_256_gcm, sizeof(*td));
- /* Override fields based on param */
+ /* Prepare fields based on param */
+
+ if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ /* Copy template for packet & key fields */
+ memcpy(td, &pkt_aes_256_gcm, sizeof(*td));
- if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD)
td->aead = true;
- else
+ td->xform.aead.aead.algo = param1->alg.aead;
+ td->xform.aead.aead.key.length = param1->key_length;
+ } else {
+ /* Copy template for packet & key fields */
+ memcpy(td, &pkt_aes_128_cbc_hmac_sha256, sizeof(*td));
+
td->aead = false;
+ td->xform.chain.cipher.cipher.algo = param1->alg.cipher;
+ td->xform.chain.cipher.cipher.key.length =
+ param1->key_length;
+ td->xform.chain.auth.auth.algo = param2->alg.auth;
+ td->xform.chain.auth.auth.key.length =
+ param2->key_length;
+ td->xform.chain.auth.auth.digest_length =
+ param2->digest_length;
- td->xform.aead.aead.algo = param1->alg.aead;
- td->xform.aead.aead.key.length = param1->key_length;
+ }
if (flags->iv_gen)
td->ipsec_xform.options.iv_gen_disable = 0;
@@ -324,8 +359
[PATCH v2 04/13] test/crypto: add IPv6 tunnel mode cases
From: Tejasree Kondoj
Add IPv6 known vector and combined mode tests.
Following modes are added:
Tunnel IPv6 in IPv6
Tunnel IPv4 in IPv4
Tunnel IPv4 in IPv6
Tunnel IPv6 in IPv4
Signed-off-by: Tejasree Kondoj
---
app/test/test_cryptodev.c | 102 ++-
app/test/test_cryptodev_security_ipsec.c | 74 +++-
app/test/test_cryptodev_security_ipsec.h | 4 +
.../test_cryptodev_security_ipsec_test_vectors.h | 202 +
doc/guides/rel_notes/release_22_03.rst | 5 +
5 files changed, 383 insertions(+), 4 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index a307aec..a64ed60 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9125,6 +9125,10 @@ test_ipsec_proto_process(const struct ipsec_test_data
td[],
bool silent,
const struct ipsec_test_flags *flags)
{
+ uint16_t v6_src[8] = {0x2607, 0xf8b0, 0x400c, 0x0c03, 0x, 0x,
+ 0x, 0x001a};
+ uint16_t v6_dst[8] = {0x2001, 0x0470, 0xe5bf, 0xdead, 0x4957, 0x2174,
+ 0xe82c, 0x4887};
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
struct rte_security_capability_idx sec_cap_idx;
@@ -9158,8 +9162,16 @@ test_ipsec_proto_process(const struct ipsec_test_data
td[],
dst += 1;
}
- memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
- memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
+ if (td->ipsec_xform.tunnel.type ==
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
+ memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
+ } else {
+ memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
+ sizeof(v6_src));
+ memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
+ sizeof(v6_dst));
+ }
ctx = rte_cryptodev_get_sec_ctx(dev_id);
@@ -9555,6 +9567,58 @@ test_ipsec_proto_inner_l4_csum(const void *data
__rte_unused)
}
static int
+test_ipsec_proto_tunnel_v4_in_v4(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = false;
+ flags.tunnel_ipv6 = false;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v6_in_v6(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = true;
+ flags.tunnel_ipv6 = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v4_in_v6(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = false;
+ flags.tunnel_ipv6 = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v6_in_v4(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = true;
+ flags.tunnel_ipv6 = false;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
test_PDCP_PROTO_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -14431,6 +14495,15 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
test_ipsec_proto_known_vec,
&pkt_aes_128_cbc_hmac_sha256),
TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv6 AES-GCM
128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec, &pkt_aes_256_gcm_v6),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv6 AES-CBC
128 HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha256_v6),
+ TEST_CASE_NAMED_WITH_DATA(
"Inbound known vector (ESP tunnel mode IPv4 AES-GCM
128)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm),
@@ -14451,6 +14524,15 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb,
&pkt_aes_128_cbc_hmac_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv6 AES-GCM
128)",
+ ut_setup_security, ut_teardown,
+
[PATCH v2 05/13] test/crypto: add IPsec HMAC-SHA384/512 known vectors
From: Tejasree Kondoj
Add lookaside IPsec HMAC-SHA384/512 known vectors.
Signed-off-by: Tejasree Kondoj
---
app/test/test_cryptodev.c | 20 ++
app/test/test_cryptodev_security_ipsec.h | 14 +-
.../test_cryptodev_security_ipsec_test_vectors.h | 213 +
doc/guides/rel_notes/release_22_03.rst | 2 +
4 files changed, 248 insertions(+), 1 deletion(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index a64ed60..0f74984 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -14495,6 +14495,16 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
test_ipsec_proto_known_vec,
&pkt_aes_128_cbc_hmac_sha256),
TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-CBC
128 HMAC-SHA384 [24B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha384),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-CBC
128 HMAC-SHA512 [32B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha512),
+ TEST_CASE_NAMED_WITH_DATA(
"Outbound known vector (ESP tunnel mode IPv6 AES-GCM
128)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec, &pkt_aes_256_gcm_v6),
@@ -14525,6 +14535,16 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
test_ipsec_proto_known_vec_inb,
&pkt_aes_128_cbc_hmac_sha256),
TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128
HMAC-SHA384 [24B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_aes_128_cbc_hmac_sha384),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128
HMAC-SHA512 [32B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_aes_128_cbc_hmac_sha512),
+ TEST_CASE_NAMED_WITH_DATA(
"Inbound known vector (ESP tunnel mode IPv6 AES-GCM
128)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm_v6),
diff --git a/app/test/test_cryptodev_security_ipsec.h
b/app/test/test_cryptodev_security_ipsec.h
index 69e81ae..d74eee7 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -15,7 +15,7 @@ struct ipsec_test_data {
uint8_t data[32];
} key;
struct {
- uint8_t data[32];
+ uint8_t data[64];
} auth_key;
struct {
@@ -113,6 +113,18 @@ static const struct crypto_param auth_list[] = {
.key_length = 32,
.digest_length = 16,
},
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .alg.auth = RTE_CRYPTO_AUTH_SHA384_HMAC,
+ .key_length = 48,
+ .digest_length = 24,
+ },
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .alg.auth = RTE_CRYPTO_AUTH_SHA512_HMAC,
+ .key_length = 64,
+ .digest_length = 32,
+ },
};
struct crypto_param_comb {
diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h
b/app/test/test_cryptodev_security_ipsec_test_vectors.h
index 04ccbf0..b8661f7 100644
--- a/app/test/test_cryptodev_security_ipsec_test_vectors.h
+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h
@@ -640,6 +640,219 @@ struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256 = {
},
};
+struct ipsec_test_data pkt_aes_128_cbc_hmac_sha384 = {
+ .key = {
+ .data = {
+ 0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x0a, 0x0b, 0x0c, 0x0f, 0x00, 0x00,
+ },
+ },
+ .auth_key = {
+ .data = {
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ 0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+ 0x00, 0x10, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02,
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x34,
+ 0x1a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ },
+ },
+ .input_text = {
+ .data = {
+
[PATCH v2 06/13] test/crypto: add IPsec fragmented packet known vectors
From: Tejasree Kondoj
Add fragmented plain packet known vector test case in
IPsec outbound.
Signed-off-by: Tejasree Kondoj
---
app/test/test_cryptodev.c | 22 +
app/test/test_cryptodev_security_ipsec.c | 10 ++
app/test/test_cryptodev_security_ipsec.h | 1 +
.../test_cryptodev_security_ipsec_test_vectors.h | 104 +
doc/guides/rel_notes/release_22_03.rst | 1 +
5 files changed, 138 insertions(+)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 0f74984..e2bbabf 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9383,6 +9383,23 @@ test_ipsec_proto_known_vec_inb(const void *test_data)
}
static int
+test_ipsec_proto_known_vec_fragmented(const void *test_data)
+{
+ struct ipsec_test_data td_outb;
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+ flags.fragment = true;
+
+ memcpy(&td_outb, test_data, sizeof(td_outb));
+
+ /* Disable IV gen to be able to test with known vectors */
+ td_outb.ipsec_xform.options.iv_gen_disable = 1;
+
+ return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags);
+}
+
+static int
test_ipsec_proto_all(const struct ipsec_test_flags *flags)
{
struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX];
@@ -14514,6 +14531,11 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
test_ipsec_proto_known_vec,
&pkt_aes_128_cbc_hmac_sha256_v6),
TEST_CASE_NAMED_WITH_DATA(
+ "Outbound fragmented packet",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_fragmented,
+ &pkt_aes_128_gcm_frag),
+ TEST_CASE_NAMED_WITH_DATA(
"Inbound known vector (ESP tunnel mode IPv4 AES-GCM
128)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm),
diff --git a/app/test/test_cryptodev_security_ipsec.c
b/app/test/test_cryptodev_security_ipsec.c
index 12031d3..ccce63f 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -659,6 +659,16 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct
ipsec_test_data *td,
return TEST_FAILED;
}
+ if ((td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) &&
+ flags->fragment) {
+ const struct rte_ipv4_hdr *iph4;
+ iph4 = (const struct rte_ipv4_hdr *)output_text;
+ if (iph4->fragment_offset) {
+ printf("Output packet is fragmented");
+ return TEST_FAILED;
+ }
+ }
+
skip = test_ipsec_tunnel_hdr_len_get(td);
len -= skip;
diff --git a/app/test/test_cryptodev_security_ipsec.h
b/app/test/test_cryptodev_security_ipsec.h
index d74eee7..884a795 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -63,6 +63,7 @@ struct ipsec_test_flags {
bool l4_csum;
bool ipv6;
bool tunnel_ipv6;
+ bool fragment;
};
struct crypto_param {
diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h
b/app/test/test_cryptodev_security_ipsec_test_vectors.h
index b8661f7..b6d48ad 100644
--- a/app/test/test_cryptodev_security_ipsec_test_vectors.h
+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h
@@ -958,4 +958,108 @@ struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6 = {
},
};
+struct ipsec_test_data pkt_aes_128_gcm_frag = {
+ .key = {
+ .data = {
+ 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,
+ 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,
+ },
+ },
+ .input_text = {
+ .data = {
+ 0x45, 0x00, 0x00, 0x6e, 0x00, 0x01, 0x00, 0x17,
+ 0x40, 0x06, 0xed, 0x48, 0xc6, 0x12, 0x00, 0x00,
+ 0xc6, 0x12, 0x01, 0x05, 0x00, 0x14, 0x00, 0x50,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x50, 0x00, 0x00, 0x00, 0x55, 0x05, 0x00, 0x00,
+ 0x00, 0x01, 0x02, 0x03, 0xf2, 0xf6, 0xe9, 0x21,
+ 0xf9, 0xf2, 0xf6, 0xe9, 0x21, 0xf9, 0xf2, 0xf6,
+ 0xe9, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00,
[PATCH v2 07/13] test/crypto: add transport mode cases
Add transport mode tests with test cases for IPv4 packets.
Signed-off-by: Anoob Joseph
---
app/test/test_cryptodev.c| 39 ++
app/test/test_cryptodev_security_ipsec.c | 71 +---
app/test/test_cryptodev_security_ipsec.h | 1 +
doc/guides/rel_notes/release_22_03.rst | 1 +
4 files changed, 80 insertions(+), 32 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index e2bbabf..f470d5c 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9162,15 +9162,19 @@ test_ipsec_proto_process(const struct ipsec_test_data
td[],
dst += 1;
}
- if (td->ipsec_xform.tunnel.type ==
- RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
- memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
- memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
- } else {
- memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
- sizeof(v6_src));
- memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
- sizeof(v6_dst));
+ if (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
+ if (td->ipsec_xform.tunnel.type ==
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src,
+ sizeof(src));
+ memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst,
+ sizeof(dst));
+ } else {
+ memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
+ sizeof(v6_src));
+ memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
+ sizeof(v6_dst));
+ }
}
ctx = rte_cryptodev_get_sec_ctx(dev_id);
@@ -9636,6 +9640,19 @@ test_ipsec_proto_tunnel_v6_in_v4(const void *data
__rte_unused)
}
static int
+test_ipsec_proto_transport_v4(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = false;
+ flags.transport = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
test_PDCP_PROTO_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -14635,6 +14652,10 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
"Tunnel IPv6 in IPv4",
ut_setup_security, ut_teardown,
test_ipsec_proto_tunnel_v6_in_v4),
+ TEST_CASE_NAMED_ST(
+ "Transport IPv4",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_transport_v4),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c
b/app/test/test_cryptodev_security_ipsec.c
index ccce63f..029fdd3 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -400,12 +400,21 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
test_ipsec_csum_init(&td->input_text.data, false, true);
}
- if (flags->tunnel_ipv6)
- td->ipsec_xform.tunnel.type =
- RTE_SECURITY_IPSEC_TUNNEL_IPV6;
- else
- td->ipsec_xform.tunnel.type =
- RTE_SECURITY_IPSEC_TUNNEL_IPV4;
+ if (flags->transport) {
+ td->ipsec_xform.mode =
+ RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT;
+ } else {
+ td->ipsec_xform.mode =
+ RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
+
+ if (flags->tunnel_ipv6)
+ td->ipsec_xform.tunnel.type =
+ RTE_SECURITY_IPSEC_TUNNEL_IPV6;
+ else
+ td->ipsec_xform.tunnel.type =
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4;
+ }
+
}
}
@@ -748,29 +757,45 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct
ipsec_test_data *td,
uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
int ret;
- if (flags->iv_gen &&
- td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
- ret = test_ipsec_iv_verify_push(m, td);
- if (ret != TEST_SUCCESS)
- return ret;
- }
-
if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
const struct rte_ipv4_hdr *iph4;
const struct rte_ipv6_hdr *iph6;
- if (td->
[PATCH v2 08/13] test/crypto: add security stats cases
From: Ankur Dwivedi
Adds security stats test cases in IPSEC protocol testsuite.
Signed-off-by: Ankur Dwivedi
---
app/test/test_cryptodev.c| 21 +
app/test/test_cryptodev_security_ipsec.c | 29 +
app/test/test_cryptodev_security_ipsec.h | 6 ++
doc/guides/rel_notes/release_22_03.rst | 1 +
4 files changed, 57 insertions(+)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f470d5c..d5902dd 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9332,6 +9332,11 @@ test_ipsec_proto_process(const struct ipsec_test_data
td[],
if (ret != TEST_SUCCESS)
goto crypto_op_free;
+ ret = test_ipsec_stats_verify(ctx, ut_params->sec_session,
+ flags, dir);
+ if (ret != TEST_SUCCESS)
+ goto crypto_op_free;
+
rte_crypto_op_free(ut_params->op);
ut_params->op = NULL;
@@ -9653,6 +9658,18 @@ test_ipsec_proto_transport_v4(const void *data
__rte_unused)
}
static int
+test_ipsec_proto_stats(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.stats_success = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
test_PDCP_PROTO_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -14656,6 +14673,10 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
"Transport IPv4",
ut_setup_security, ut_teardown,
test_ipsec_proto_transport_v4),
+ TEST_CASE_NAMED_ST(
+ "Statistics: success",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_stats),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c
b/app/test/test_cryptodev_security_ipsec.c
index 029fdd3..6fa1d3d 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -415,6 +415,8 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
RTE_SECURITY_IPSEC_TUNNEL_IPV4;
}
+ if (flags->stats_success)
+ td->ipsec_xform.options.stats = 1;
}
}
@@ -871,3 +873,30 @@ test_ipsec_status_check(struct rte_crypto_op *op,
return ret;
}
+
+int
+test_ipsec_stats_verify(struct rte_security_ctx *ctx,
+ struct rte_security_session *sess,
+ const struct ipsec_test_flags *flags,
+ enum rte_security_ipsec_sa_direction dir)
+{
+ struct rte_security_stats stats = {0};
+ int ret = TEST_SUCCESS;
+
+ if (flags->stats_success) {
+ if (rte_security_session_stats_get(ctx, sess, &stats) < 0)
+ return TEST_FAILED;
+
+ if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+ if (stats.ipsec.opackets != 1 ||
+ stats.ipsec.oerrors != 0)
+ ret = TEST_FAILED;
+ } else {
+ if (stats.ipsec.ipackets != 1 ||
+ stats.ipsec.ierrors != 0)
+ ret = TEST_FAILED;
+ }
+ }
+
+ return ret;
+}
diff --git a/app/test/test_cryptodev_security_ipsec.h
b/app/test/test_cryptodev_security_ipsec.h
index 07d2453..3565a8c 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -65,6 +65,7 @@ struct ipsec_test_flags {
bool tunnel_ipv6;
bool transport;
bool fragment;
+ bool stats_success;
};
struct crypto_param {
@@ -188,4 +189,9 @@ int test_ipsec_status_check(struct rte_crypto_op *op,
enum rte_security_ipsec_sa_direction dir,
int pkt_num);
+int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
+ struct rte_security_session *sess,
+ const struct ipsec_test_flags *flags,
+ enum rte_security_ipsec_sa_direction dir);
+
#endif
diff --git a/doc/guides/rel_notes/release_22_03.rst
b/doc/guides/rel_notes/release_22_03.rst
index 58e9690..f15f738 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -69,6 +69,7 @@ New Features
* IPv6 in IPv4
* Added IPv4 transport mode tests.
* Added tunnel mode fragment packet tests.
+ * Added security stats tests.
Removed Items
--
2.7.4
[PATCH v2 09/13] test/crypto: add lookaside IPsec AES-CTR known vectors
From: Tejasree Kondoj
Add known vectors for AES-CTR in lookaside IPsec mode.
Signed-off-by: Tejasree Kondoj
---
app/test/test_cryptodev_security_ipsec.h | 15 +++
doc/guides/rel_notes/release_22_03.rst | 1 +
2 files changed, 16 insertions(+)
diff --git a/app/test/test_cryptodev_security_ipsec.h
b/app/test/test_cryptodev_security_ipsec.h
index 3565a8c..3376d08 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -103,6 +103,21 @@ static const struct crypto_param cipher_list[] = {
.alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC,
.key_length = 16,
},
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
+ .key_length = 16,
+ },
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
+ .key_length = 24,
+ },
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
+ .key_length = 32,
+ },
};
static const struct crypto_param auth_list[] = {
diff --git a/doc/guides/rel_notes/release_22_03.rst
b/doc/guides/rel_notes/release_22_03.rst
index f15f738..db5ec20 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -70,6 +70,7 @@ New Features
* Added IPv4 transport mode tests.
* Added tunnel mode fragment packet tests.
* Added security stats tests.
+ * Added AES-CTR tests.
Removed Items
--
2.7.4
[PATCH v2 10/13] test/crypto: add fragmented packet case
From: Tejasree Kondoj
Add fragmented plain packet test case in combined mode.
Signed-off-by: Tejasree Kondoj
---
app/test/test_cryptodev.c| 16
app/test/test_cryptodev_security_ipsec.c | 7 +++
2 files changed, 23 insertions(+)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index d5902dd..9a8cced 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9670,6 +9670,18 @@ test_ipsec_proto_stats(const void *data __rte_unused)
}
static int
+test_ipsec_proto_pkt_fragment(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.fragment = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
test_PDCP_PROTO_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -14677,6 +14689,10 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
"Statistics: success",
ut_setup_security, ut_teardown,
test_ipsec_proto_stats),
+ TEST_CASE_NAMED_ST(
+ "Fragmented packet",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_pkt_fragment),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c
b/app/test/test_cryptodev_security_ipsec.c
index 6fa1d3d..832f9d8 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -418,6 +418,13 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
if (flags->stats_success)
td->ipsec_xform.options.stats = 1;
+ if (flags->fragment) {
+ struct rte_ipv4_hdr *ip;
+ ip = (struct rte_ipv4_hdr *)&td->input_text.data;
+ ip->fragment_offset = 4;
+ ip->hdr_checksum = rte_ipv4_cksum(ip);
+ }
+
}
}
--
2.7.4
[PATCH v2 11/13] test/crypto: skip null auth in ICV corrupt case
From: Tejasree Kondoj Skipping NULL auth in ICV corruption test case. Signed-off-by: Tejasree Kondoj --- app/test/test_cryptodev.c | 5 + 1 file changed, 5 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 9a8cced..0ab4ca7 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9428,6 +9428,11 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) td_outb, nb_pkts); + if (flags->icv_corrupt && (td_outb->aead == false) && + (td_outb->xform.chain.auth.auth.algo == +RTE_CRYPTO_AUTH_NULL)) + continue; + ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true, flags); if (ret == TEST_SKIPPED) -- 2.7.4
[PATCH v2 12/13] test/crypto: add aes xcbc known vectors
Add known vector test cases for NULL cipher + AES-XCBC. Also add both
algos to the combined mode list of algos.
Signed-off-by: Anoob Joseph
---
app/test/test_cryptodev.c | 38 +++--
app/test/test_cryptodev_security_ipsec.c | 2 +
app/test/test_cryptodev_security_ipsec.h | 17
.../test_cryptodev_security_ipsec_test_vectors.h | 90 ++
doc/guides/rel_notes/release_22_03.rst | 1 +
5 files changed, 142 insertions(+), 6 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 0ab4ca7..203b4a4 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9368,8 +9368,11 @@ test_ipsec_proto_known_vec(const void *test_data)
memcpy(&td_outb, test_data, sizeof(td_outb));
- /* Disable IV gen to be able to test with known vectors */
- td_outb.ipsec_xform.options.iv_gen_disable = 1;
+ if (td_outb.aead ||
+ td_outb.xform.chain.cipher.cipher.algo != RTE_CRYPTO_CIPHER_NULL) {
+ /* Disable IV gen to be able to test with known vectors */
+ td_outb.ipsec_xform.options.iv_gen_disable = 1;
+ }
return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags);
}
@@ -9428,10 +9431,23 @@ test_ipsec_proto_all(const struct ipsec_test_flags
*flags)
td_outb,
nb_pkts);
- if (flags->icv_corrupt && (td_outb->aead == false) &&
- (td_outb->xform.chain.auth.auth.algo ==
-RTE_CRYPTO_AUTH_NULL))
- continue;
+ if (!td_outb->aead) {
+ enum rte_crypto_cipher_algorithm cipher_alg;
+ enum rte_crypto_auth_algorithm auth_alg;
+
+ cipher_alg = td_outb->xform.chain.cipher.cipher.algo;
+ auth_alg = td_outb->xform.chain.auth.auth.algo;
+
+ /* ICV is not applicable for NULL auth */
+ if (flags->icv_corrupt &&
+ auth_alg == RTE_CRYPTO_AUTH_NULL)
+ continue;
+
+ /* IV is not applicable for NULL cipher */
+ if (flags->iv_gen &&
+ cipher_alg == RTE_CRYPTO_CIPHER_NULL)
+ continue;
+ }
ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true,
flags);
@@ -14582,6 +14598,11 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
test_ipsec_proto_known_vec,
&pkt_aes_128_cbc_hmac_sha256_v6),
TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 NULL
AES-XCBC-MAC [12B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_null_aes_xcbc),
+ TEST_CASE_NAMED_WITH_DATA(
"Outbound fragmented packet",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_fragmented,
@@ -14626,6 +14647,11 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb,
&pkt_aes_128_cbc_hmac_sha256_v6),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 NULL
AES-XCBC-MAC [12B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_null_aes_xcbc),
TEST_CASE_NAMED_ST(
"Combined test alg list",
ut_setup_security, ut_teardown,
diff --git a/app/test/test_cryptodev_security_ipsec.c
b/app/test/test_cryptodev_security_ipsec.c
index 832f9d8..94e5213 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -375,6 +375,8 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
td->xform.chain.cipher.cipher.algo = param1->alg.cipher;
td->xform.chain.cipher.cipher.key.length =
param1->key_length;
+ td->xform.chain.cipher.cipher.iv.length =
+ param1->iv_length;
td->xform.chain.auth.auth.algo = param2->alg.auth;
td->xform.chain.auth.auth.key.length =
param2->key_length;
diff --git a/app/test/test_cryptodev_security_ipsec.h
b/app/test/test_cryptodev_security_ipsec.h
index 3376d08..6e27eba 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++
[PATCH v2 13/13] test/crypto: add copy and set DF cases
Add test cases to verify copy DF and set DF options with lookaside IPsec
offload.
Signed-off-by: Anoob Joseph
---
app/test/test_cryptodev.c| 75
app/test/test_cryptodev_security_ipsec.c | 71 --
app/test/test_cryptodev_security_ipsec.h | 10 +
doc/guides/rel_notes/release_22_03.rst | 1 +
4 files changed, 154 insertions(+), 3 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 203b4a4..f808719 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9169,6 +9169,13 @@ test_ipsec_proto_process(const struct ipsec_test_data
td[],
sizeof(src));
memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst,
sizeof(dst));
+
+ if (flags->df == TEST_IPSEC_SET_DF_0_INNER_1)
+ ipsec_xform.tunnel.ipv4.df = 0;
+
+ if (flags->df == TEST_IPSEC_SET_DF_1_INNER_0)
+ ipsec_xform.tunnel.ipv4.df = 1;
+
} else {
memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
sizeof(v6_src));
@@ -9282,6 +9289,9 @@ test_ipsec_proto_process(const struct ipsec_test_data
td[],
memcpy(input_text, td[i].input_text.data,
td[i].input_text.len);
+ if (test_ipsec_pkt_update(input_text, flags))
+ return TEST_FAILED;
+
/* Generate crypto op data structure */
ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -9700,6 +9710,55 @@ test_ipsec_proto_pkt_fragment(const void *data
__rte_unused)
flags.fragment = true;
return test_ipsec_proto_all(&flags);
+
+}
+
+static int
+test_ipsec_proto_copy_df_inner_0(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_COPY_DF_INNER_0;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_copy_df_inner_1(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_COPY_DF_INNER_1;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_0_inner_1(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_SET_DF_0_INNER_1;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_1_inner_0(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_SET_DF_1_INNER_0;
+
+ return test_ipsec_proto_all(&flags);
}
static int
@@ -14724,6 +14783,22 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
"Fragmented packet",
ut_setup_security, ut_teardown,
test_ipsec_proto_pkt_fragment),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header copy DF (inner 0)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_copy_df_inner_0),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header copy DF (inner 1)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_copy_df_inner_1),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header set DF 0 (inner 1)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_set_df_0_inner_1),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header set DF 1 (inner 0)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_set_df_1_inner_0),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c
b/app/test/test_cryptodev_security_ipsec.c
index 94e5213..e662ea2 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -427,6 +427,9 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
ip->hdr_checksum = rte_ipv4_cksum(ip);
}
+ if (flags->df == TEST_IPSEC_COPY_DF_INNER_0 ||
+ flags->df == TEST_IPSEC_COPY_DF_INNER_1)
+ td->ipsec_xform.options.copy_df = 1;
}
}
@@ -640,6 +643,7 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct
ipsec_test_data *td,
{
uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
uint32_t skip, len = rte_pktmbuf_pkt_len(m);
+ uint8_t td_output_text[4096];
RE: vmxnet3 no longer functional on DPDK 21.11
> -Original Message-
> From: Richardson, Bruce
> Sent: Monday, December 6, 2021 9:17 AM
> To: Lewis Donzis
> Cc: dev ; Wang, Yong ; Ananyev, Konstantin
>
> Subject: Re: vmxnet3 no longer functional on DPDK 21.11
>
> On Sun, Dec 05, 2021 at 07:52:33PM -0600, Lewis Donzis wrote:
> >
> >
> > - On Nov 30, 2021, at 7:42 AM, Bruce Richardson
> > bruce.richard...@intel.com wrote:
> >
> > > On Mon, Nov 29, 2021 at 02:45:15PM -0600, Lewis Donzis wrote:
> > >>Hello.
> > >>We just upgraded from 21.08 to 21.11 and it's rather astounding the
> > >>number of incompatible changes in three months. Not a big deal, just
> > >>kind of a surprise, that's all.
> > >>Anyway, the problem is that the vmxnet3 driver is no longer functional
> > >>on FreeBSD.
> > >>In drivers/net/vmxnet3/vmxnet3_ethdev.c, vmxnet3_dev_start() gets an
> > >>error calling rte_intr_enable(). So it logs "interrupt enable failed"
> > >>and returns an error.
> > >>In lib/eal/freebsd/eal_interrupts.c, rte_intr_enable() is returning an
> > >>error because rte_intr_dev_fd_get(intr_handle) is returning -1.
> > >>I don't see how that could ever return anything other than -1 since it
> > >>appears that there is no code that ever calls rte_intr_dev_fd_set()
> > >>with a value other than -1 on FreeBSD. Also weird to me is that even
> > >>if it didn't get an error, the switch statement that follows looks
> > >> like
> > >>it will return an error in every case.
> > >>Nonetheless, it worked in 21.08, and I can't quite see why the
> > >>difference, so I must be missing something.
> > >>For the moment, I just commented the "return -EIO" in
> > >> vmxnet3_ethdev.c,
> > >>and it's now working again, but that's obviously not the correct
> > >>solution.
> > >>Can someone who's knowledgable about this mechanism perhaps explain a
> > >>little bit about what's going on? I'll be happy to help troubleshoot.
> > >>It seems like it must be something simple, but I just don't see it
> > >> yet.
> > >
> > > Hi
> > >
> > > if you have the chance, it would be useful if you could use "git bisect"
> > > to
> > > identify the commit in 21.11 that broke this driver. Looking through the
> > > logs for 21.11 I can't identify any particular likely-looking commit, so
> > > bisect is likely a good way to start looking into this.
> > >
> > > Regards,
> > > /Bruce
> >
> > Hi, Bruce. git bisect is very time-consuming and very cool!
> >
> > I went back to 21.08, about 1100 commits, and worked through the process,
> > but then I realized that I had forgotten to run ninja on one of
> the steps, so I did it again.
> >
> > I also re-checked it after the bisect, just to make sure that
> > c87d435a4d79739c0cec2ed280b94b41cb908af7 is good, and
> 7a0935239b9eb817c65c03554a9954ddb8ea5044 is bad.
> >
> > Thanks,
> > lew
> >
>
> Many thanks for taking the time to do this. Adding Konstantin to thread as
> author of the commit you identified. Konstantin, any thoughts on this
> issue?
Hmm, that's looks really strange to me.
So to clarify, it fails at:
static int
vmxnet3_dev_start(struct rte_eth_dev *dev)
{
...
line 1695:
if (rte_intr_enable(dev->intr_handle) < 0) {
PMD_INIT_LOG(ERR, "interrupt enable failed");
return -EIO;
}
Right?
The strange thing here is that 7a0935239b9e
doesn't change dev_start or rte_intr code in any way.
All it does - change rte_eth_rx_burst/rte_eth_tx_burst and other fast-path
functions.
Anyway, if git blames that commit, let's try to figure out what is going on.
Unfortunately, I don't have freebsd with vmxnet3, so will need to rely on your
help here.
As the first thing can you try to run testpmd build with last good commit
(c87d435a4d79)
and then testpmd build with bad commit applied and collect for both cases:
- contents of 'struct rte_eth_dev' and ' rte_eth_dev->intr_handle' for
your vmxnet3 port
- debug log output (--log-level=eal,debug --log-level=pmd,debug)
Konstantin
[PATCH 00/17] features and fixes on NXP eth devices
From: Nipun Gupta This series adds few features and important fixes on DPAA, PFE and ENETC devices. Features added: - level 2 support for shaping on DPAA2 - loopback configuration for DPNI devices on DPAA2 - Multiple TXQ's enqueue for ordered queues for performance - VFs support on ENETC Fixes: - fix unregistering interrupt handler on DPAA2 - fix timestamping for IEEE1588 on DPAA1 - fix 32 bit and PPC compilation for PFE Apeksha Gupta (1): net/pfe: remove setting unused value Gagandeep Singh (4): net/dpaa2: add support for level 2 in traffic management net/enetc: add support for VFs net/pfe: disable HW CRC stripping net/pfe: reduce driver initialization time Jun Yang (4): net/dpaa2: support multiple txqs en-queue for ordered net/dpaa2: secondary process handling for dpni bus/fslmc: add and scan dprc devices net/dpaa2: support recycle loopback port Nipun Gupta (4): bus/fslmc: update MC to 10.29 bus/fslmc: use dmb oshst for synchronization before I/O net/dpaa: check status before configuring shared MAC net/dpaa: enable checksum for shared MAC interface Rohit Raj (1): net/dpaa2: warn user in case of high nb desc Sachin Saxena (1): net/pfe: fix for 32 bit and PPC compilation Vanshika Shukla (2): net/dpaa2: fix unregistering interrupt handler net/dpaa2: fix timestamping for IEEE1588 doc/guides/nics/dpaa2.rst | 2 +- drivers/bus/dpaa/base/fman/fman_hw.c | 11 + drivers/bus/dpaa/include/fsl_fman.h | 2 + drivers/bus/dpaa/version.map | 1 + drivers/bus/fslmc/fslmc_bus.c | 15 +- drivers/bus/fslmc/fslmc_vfio.c| 18 +- drivers/bus/fslmc/mc/dprc.c | 129 drivers/bus/fslmc/mc/fsl_dpmng.h | 2 +- drivers/bus/fslmc/mc/fsl_dprc.h | 46 ++ drivers/bus/fslmc/mc/fsl_dprc_cmd.h | 48 ++ drivers/bus/fslmc/meson.build | 4 +- drivers/bus/fslmc/portal/dpaa2_hw_dprc.c | 100 +++ drivers/bus/fslmc/portal/dpaa2_hw_pvt.h | 15 +- drivers/bus/fslmc/qbman/include/compat.h | 4 +- drivers/bus/fslmc/rte_fslmc.h | 10 +- drivers/event/dpaa2/dpaa2_eventdev.c | 12 +- drivers/mempool/dpaa2/dpaa2_hw_mempool.c | 23 + drivers/mempool/dpaa2/rte_dpaa2_mempool.h | 15 + drivers/mempool/dpaa2/version.map | 1 + drivers/net/dpaa/dpaa_ethdev.c| 17 +- drivers/net/dpaa2/base/dpaa2_hw_dpni.c| 5 +- drivers/net/dpaa2/dpaa2_ethdev.c | 117 +++- drivers/net/dpaa2/dpaa2_ethdev.h | 38 +- drivers/net/dpaa2/dpaa2_ptp.c | 8 +- drivers/net/dpaa2/dpaa2_recycle.c | 780 ++ drivers/net/dpaa2/dpaa2_rxtx.c| 181 - drivers/net/dpaa2/dpaa2_tm.c | 563 +--- drivers/net/dpaa2/dpaa2_tm.h | 17 +- drivers/net/dpaa2/mc/dpdmux.c | 8 + drivers/net/dpaa2/mc/dpkg.c | 7 +- drivers/net/dpaa2/mc/dpni.c | 417 drivers/net/dpaa2/mc/fsl_dpdmux.h | 3 + drivers/net/dpaa2/mc/fsl_dpdmux_cmd.h | 5 +- drivers/net/dpaa2/mc/fsl_dpni.h | 173 +++-- drivers/net/dpaa2/mc/fsl_dpni_cmd.h | 137 ++-- drivers/net/dpaa2/meson.build | 1 + drivers/net/dpaa2/version.map | 1 + drivers/net/enetc/enetc_ethdev.c | 25 +- drivers/net/pfe/pfe_ethdev.c | 10 +- drivers/net/pfe/pfe_hal.c | 4 +- drivers/net/pfe/pfe_hif.c | 9 +- drivers/net/pfe/pfe_hif_lib.c | 3 +- 42 files changed, 2532 insertions(+), 455 deletions(-) create mode 100644 drivers/bus/fslmc/mc/dprc.c create mode 100644 drivers/bus/fslmc/mc/fsl_dprc.h create mode 100644 drivers/bus/fslmc/mc/fsl_dprc_cmd.h create mode 100644 drivers/bus/fslmc/portal/dpaa2_hw_dprc.c create mode 100644 drivers/net/dpaa2/dpaa2_recycle.c -- 2.17.1
[PATCH 01/17] bus/fslmc: update MC to 10.29
From: Nipun Gupta
update MC firmware library version to 10.29
Signed-off-by: Nipun Gupta
Signed-off-by: Gagandeep Singh
---
drivers/bus/fslmc/mc/fsl_dpmng.h | 2 +-
drivers/net/dpaa2/mc/dpdmux.c | 8 ++
drivers/net/dpaa2/mc/dpkg.c | 7 +-
drivers/net/dpaa2/mc/dpni.c | 111 --
drivers/net/dpaa2/mc/fsl_dpdmux.h | 3 +
drivers/net/dpaa2/mc/fsl_dpdmux_cmd.h | 5 +-
drivers/net/dpaa2/mc/fsl_dpni.h | 54 ++---
drivers/net/dpaa2/mc/fsl_dpni_cmd.h | 57 +++--
8 files changed, 181 insertions(+), 66 deletions(-)
diff --git a/drivers/bus/fslmc/mc/fsl_dpmng.h b/drivers/bus/fslmc/mc/fsl_dpmng.h
index 7e9bd96429..073d47efbf 100644
--- a/drivers/bus/fslmc/mc/fsl_dpmng.h
+++ b/drivers/bus/fslmc/mc/fsl_dpmng.h
@@ -20,7 +20,7 @@ struct fsl_mc_io;
* Management Complex firmware version information
*/
#define MC_VER_MAJOR 10
-#define MC_VER_MINOR 28
+#define MC_VER_MINOR 29
/**
* struct mc_version
diff --git a/drivers/net/dpaa2/mc/dpdmux.c b/drivers/net/dpaa2/mc/dpdmux.c
index edbb01b45b..1bb153cad7 100644
--- a/drivers/net/dpaa2/mc/dpdmux.c
+++ b/drivers/net/dpaa2/mc/dpdmux.c
@@ -398,6 +398,9 @@ int dpdmux_get_attributes(struct fsl_mc_io *mc_io,
attr->num_ifs = le16_to_cpu(rsp_params->num_ifs);
attr->mem_size = le16_to_cpu(rsp_params->mem_size);
attr->default_if = le16_to_cpu(rsp_params->default_if);
+ attr->max_dmat_entries = le16_to_cpu(rsp_params->max_dmat_entries);
+ attr->max_mc_groups = le16_to_cpu(rsp_params->max_mc_groups);
+ attr->max_vlan_ids = le16_to_cpu(rsp_params->max_vlan_ids);
return 0;
}
@@ -470,6 +473,11 @@ int dpdmux_if_disable(struct fsl_mc_io *mc_io,
* will be updated with the minimum value of the mfls of the connected
* dpnis and the actual value of dmux mfl.
*
+ * If dpdmux object is created using DPDMUX_OPT_AUTO_MAX_FRAME_LEN and maximum
+ * frame length is changed for a dpni connected to dpdmux interface the change
+ * is propagated through dpdmux interfaces and will overwrite the value set
using
+ * this API.
+ *
* Return: '0' on Success; Error code otherwise.
*/
int dpdmux_set_max_frame_length(struct fsl_mc_io *mc_io,
diff --git a/drivers/net/dpaa2/mc/dpkg.c b/drivers/net/dpaa2/mc/dpkg.c
index 1e171eedc7..4789976b7d 100644
--- a/drivers/net/dpaa2/mc/dpkg.c
+++ b/drivers/net/dpaa2/mc/dpkg.c
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
*
- * Copyright 2017 NXP
+ * Copyright 2017-2021 NXP
*
*/
#include
@@ -63,10 +63,7 @@ dpkg_prepare_key_cfg(const struct dpkg_profile_cfg *cfg,
uint8_t *key_cfg_buf)
dpkg_set_field(extr->extract_type, EXTRACT_TYPE,
cfg->extracts[i].type);
- if (extr->num_of_byte_masks > DPKG_NUM_OF_MASKS)
- return -EINVAL;
-
- for (j = 0; j < extr->num_of_byte_masks; j++) {
+ for (j = 0; j < DPKG_NUM_OF_MASKS; j++) {
extr->masks[j].mask = cfg->extracts[i].masks[j].mask;
extr->masks[j].offset =
cfg->extracts[i].masks[j].offset;
diff --git a/drivers/net/dpaa2/mc/dpni.c b/drivers/net/dpaa2/mc/dpni.c
index 60048d6c43..cf78295d90 100644
--- a/drivers/net/dpaa2/mc/dpni.c
+++ b/drivers/net/dpaa2/mc/dpni.c
@@ -128,6 +128,7 @@ int dpni_create(struct fsl_mc_io *mc_io,
cmd_params->num_cgs = cfg->num_cgs;
cmd_params->num_opr = cfg->num_opr;
cmd_params->dist_key_size = cfg->dist_key_size;
+ cmd_params->num_channels = cfg->num_channels;
/* send command to mc*/
err = mc_send_command(mc_io, &cmd);
@@ -203,7 +204,7 @@ int dpni_set_pools(struct fsl_mc_io *mc_io,
cmd_params = (struct dpni_cmd_set_pools *)cmd.params;
cmd_params->num_dpbp = cfg->num_dpbp;
cmd_params->pool_options = cfg->pool_options;
- for (i = 0; i < cmd_params->num_dpbp; i++) {
+ for (i = 0; i < DPNI_MAX_DPBP; i++) {
cmd_params->pool[i].dpbp_id =
cpu_to_le16(cfg->pools[i].dpbp_id);
cmd_params->pool[i].priority_mask =
@@ -592,6 +593,7 @@ int dpni_get_attributes(struct fsl_mc_io *mc_io,
attr->num_tx_tcs = rsp_params->num_tx_tcs;
attr->mac_filter_entries = rsp_params->mac_filter_entries;
attr->vlan_filter_entries = rsp_params->vlan_filter_entries;
+ attr->num_channels = rsp_params->num_channels;
attr->qos_entries = rsp_params->qos_entries;
attr->fs_entries = le16_to_cpu(rsp_params->fs_entries);
attr->qos_key_size = rsp_params->qos_key_size;
@@ -815,6 +817,9 @@ int dpni_get_offload(struct fsl_mc_io *mc_io,
* in all enqueue operations
*
* Return: '0' on Success; Error code otherwise.
+ *
+ * If dpni object is created using multiple Tc channels this function will
return
+ * qdid value for the first channel
*/
int dpni_
[PATCH 02/17] bus/fslmc: use dmb oshst for synchronization before I/O
From: Nipun Gupta
Outer Shareable Store (oshst) is sufficient for Data Memory
Barrier (dmb) when doing IO on the interface via QBMAN.
This will sync L3/DDR with the L1/L2 cached data.
Signed-off-by: Nipun Gupta
---
drivers/bus/fslmc/qbman/include/compat.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/bus/fslmc/qbman/include/compat.h
b/drivers/bus/fslmc/qbman/include/compat.h
index a4471a80af..ece5da5906 100644
--- a/drivers/bus/fslmc/qbman/include/compat.h
+++ b/drivers/bus/fslmc/qbman/include/compat.h
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2008-2016 Freescale Semiconductor, Inc.
- * Copyright 2017 NXP
+ * Copyright 2017,2021 NXP
*
*/
@@ -81,7 +81,7 @@ do { \
#define __raw_readl(p) (*(const volatile unsigned int *)(p))
#define __raw_writel(v, p) {*(volatile unsigned int *)(p) = (v); }
-#define dma_wmb() rte_smp_mb()
+#define dma_wmb() rte_io_wmb()
#define atomic_trte_atomic32_t
#define atomic_read(v) rte_atomic32_read(v)
--
2.17.1
[PATCH 03/17] net/dpaa2: warn user in case of high nb desc
From: Rohit Raj
Added warning message if application is configuring nb_desc
more than supported by PEB memory suggesting user to configure
HW descriptors in normal memory rather than in faster PEB
memory.
Signed-off-by: Rohit Raj
---
drivers/net/dpaa2/dpaa2_ethdev.c | 13 +
1 file changed, 13 insertions(+)
diff --git a/drivers/net/dpaa2/dpaa2_ethdev.c b/drivers/net/dpaa2/dpaa2_ethdev.c
index a3706439d5..f5cac8f9d9 100644
--- a/drivers/net/dpaa2/dpaa2_ethdev.c
+++ b/drivers/net/dpaa2/dpaa2_ethdev.c
@@ -74,6 +74,9 @@ int dpaa2_timestamp_dynfield_offset = -1;
/* Enable error queue */
bool dpaa2_enable_err_queue;
+#define MAX_NB_RX_DESC 11264
+int total_nb_rx_desc;
+
struct rte_dpaa2_xstats_name_off {
char name[RTE_ETH_XSTATS_NAME_SIZE];
uint8_t page_id; /* dpni statistics page id */
@@ -694,6 +697,13 @@ dpaa2_dev_rx_queue_setup(struct rte_eth_dev *dev,
DPAA2_PMD_DEBUG("dev =%p, queue =%d, pool = %p, conf =%p",
dev, rx_queue_id, mb_pool, rx_conf);
+ total_nb_rx_desc += nb_rx_desc;
+ if (total_nb_rx_desc > MAX_NB_RX_DESC) {
+ DPAA2_PMD_WARN("\nTotal nb_rx_desc exceeds %d limit. Please use
Normal buffers",
+ MAX_NB_RX_DESC);
+ DPAA2_PMD_WARN("To use Normal buffers, run 'export
DPNI_NORMAL_BUF=1' before running dynamic_dpl.sh script");
+ }
+
/* Rx deferred start is not supported */
if (rx_conf->rx_deferred_start) {
DPAA2_PMD_ERR("%p:Rx deferred start not supported",
@@ -984,6 +994,9 @@ dpaa2_dev_rx_queue_release(struct rte_eth_dev *dev,
uint16_t rx_queue_id)
memset(&cfg, 0, sizeof(struct dpni_queue));
PMD_INIT_FUNC_TRACE();
+
+ total_nb_rx_desc -= dpaa2_q->nb_desc;
+
if (dpaa2_q->cgid != 0xff) {
options = DPNI_QUEUE_OPT_CLEAR_CGID;
cfg.cgid = dpaa2_q->cgid;
--
2.17.1
[PATCH 04/17] net/dpaa2: fix unregistering interrupt handler
From: Vanshika Shukla
This patch fixes code that handles unregistering LSC
interrupt handler in dpaa2_dev_stop API.
Fixes: c5acbb5ea20e ("net/dpaa2: support link status event")
Cc: sta...@dpdk.org
Signed-off-by: Vanshika Shukla
---
drivers/net/dpaa2/dpaa2_ethdev.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/net/dpaa2/dpaa2_ethdev.c b/drivers/net/dpaa2/dpaa2_ethdev.c
index f5cac8f9d9..18ff07249f 100644
--- a/drivers/net/dpaa2/dpaa2_ethdev.c
+++ b/drivers/net/dpaa2/dpaa2_ethdev.c
@@ -1265,7 +1265,12 @@ dpaa2_dev_stop(struct rte_eth_dev *dev)
struct fsl_mc_io *dpni = (struct fsl_mc_io *)dev->process_private;
int ret;
struct rte_eth_link link;
- struct rte_intr_handle *intr_handle = dev->intr_handle;
+ struct rte_device *rdev = dev->device;
+ struct rte_intr_handle *intr_handle;
+ struct rte_dpaa2_device *dpaa2_dev;
+
+ dpaa2_dev = container_of(rdev, struct rte_dpaa2_device, device);
+ intr_handle = dpaa2_dev->intr_handle;
PMD_INIT_FUNC_TRACE();
--
2.17.1
[PATCH 06/17] net/dpaa2: support multiple txqs en-queue for ordered
From: Jun Yang
Support the tx enqueue in order queue mode, where queue id
for each event may be different.
Signed-off-by: Jun Yang
---
drivers/event/dpaa2/dpaa2_eventdev.c | 12 ++-
drivers/net/dpaa2/dpaa2_ethdev.h | 4 +
drivers/net/dpaa2/dpaa2_rxtx.c | 142 +++
drivers/net/dpaa2/version.map| 1 +
4 files changed, 155 insertions(+), 4 deletions(-)
diff --git a/drivers/event/dpaa2/dpaa2_eventdev.c
b/drivers/event/dpaa2/dpaa2_eventdev.c
index 4d94c315d2..f3d8a7e4f1 100644
--- a/drivers/event/dpaa2/dpaa2_eventdev.c
+++ b/drivers/event/dpaa2/dpaa2_eventdev.c
@@ -1,5 +1,5 @@
/* SPDX-License-Identifier: BSD-3-Clause
- * Copyright 2017,2019 NXP
+ * Copyright 2017,2019-2021 NXP
*/
#include
@@ -1003,16 +1003,20 @@ dpaa2_eventdev_txa_enqueue(void *port,
struct rte_event ev[],
uint16_t nb_events)
{
- struct rte_mbuf *m = (struct rte_mbuf *)ev[0].mbuf;
+ void *txq[32];
+ struct rte_mbuf *m[32];
uint8_t qid, i;
RTE_SET_USED(port);
for (i = 0; i < nb_events; i++) {
- qid = rte_event_eth_tx_adapter_txq_get(m);
- rte_eth_tx_burst(m->port, qid, &m, 1);
+ m[i] = (struct rte_mbuf *)ev[i].mbuf;
+ qid = rte_event_eth_tx_adapter_txq_get(m[i]);
+ txq[i] = rte_eth_devices[m[i]->port].data->tx_queues[qid];
}
+ dpaa2_dev_tx_multi_txq_ordered(txq, m, nb_events);
+
return nb_events;
}
diff --git a/drivers/net/dpaa2/dpaa2_ethdev.h b/drivers/net/dpaa2/dpaa2_ethdev.h
index c21571e63d..e001a7e49d 100644
--- a/drivers/net/dpaa2/dpaa2_ethdev.h
+++ b/drivers/net/dpaa2/dpaa2_ethdev.h
@@ -241,6 +241,10 @@ void dpaa2_dev_process_ordered_event(struct qbman_swp *swp,
uint16_t dpaa2_dev_tx(void *queue, struct rte_mbuf **bufs, uint16_t nb_pkts);
uint16_t dpaa2_dev_tx_ordered(void *queue, struct rte_mbuf **bufs,
uint16_t nb_pkts);
+__rte_internal
+uint16_t dpaa2_dev_tx_multi_txq_ordered(void **queue,
+ struct rte_mbuf **bufs, uint16_t nb_pkts);
+
uint16_t dummy_dev_tx(void *queue, struct rte_mbuf **bufs, uint16_t nb_pkts);
void dpaa2_dev_free_eqresp_buf(uint16_t eqresp_ci);
void dpaa2_flow_clean(struct rte_eth_dev *dev);
diff --git a/drivers/net/dpaa2/dpaa2_rxtx.c b/drivers/net/dpaa2/dpaa2_rxtx.c
index ee3ed1b152..1096b1cf1d 100644
--- a/drivers/net/dpaa2/dpaa2_rxtx.c
+++ b/drivers/net/dpaa2/dpaa2_rxtx.c
@@ -1468,6 +1468,148 @@ dpaa2_set_enqueue_descriptor(struct dpaa2_queue
*dpaa2_q,
*dpaa2_seqn(m) = DPAA2_INVALID_MBUF_SEQN;
}
+uint16_t
+dpaa2_dev_tx_multi_txq_ordered(void **queue,
+ struct rte_mbuf **bufs, uint16_t nb_pkts)
+{
+ /* Function to transmit the frames to multiple queues respectively.*/
+ uint32_t loop, retry_count;
+ int32_t ret;
+ struct qbman_fd fd_arr[MAX_TX_RING_SLOTS];
+ uint32_t frames_to_send;
+ struct rte_mempool *mp;
+ struct qbman_eq_desc eqdesc[MAX_TX_RING_SLOTS];
+ struct dpaa2_queue *dpaa2_q[MAX_TX_RING_SLOTS];
+ struct qbman_swp *swp;
+ uint16_t bpid;
+ struct rte_mbuf *mi;
+ struct rte_eth_dev_data *eth_data;
+ struct dpaa2_dev_priv *priv;
+ struct dpaa2_queue *order_sendq;
+
+ if (unlikely(!DPAA2_PER_LCORE_DPIO)) {
+ ret = dpaa2_affine_qbman_swp();
+ if (ret) {
+ DPAA2_PMD_ERR(
+ "Failed to allocate IO portal, tid: %d\n",
+ rte_gettid());
+ return 0;
+ }
+ }
+ swp = DPAA2_PER_LCORE_PORTAL;
+
+ for (loop = 0; loop < nb_pkts; loop++) {
+ dpaa2_q[loop] = (struct dpaa2_queue *)queue[loop];
+ eth_data = dpaa2_q[loop]->eth_data;
+ priv = eth_data->dev_private;
+ qbman_eq_desc_clear(&eqdesc[loop]);
+ if (*dpaa2_seqn(*bufs) && priv->en_ordered) {
+ order_sendq = (struct dpaa2_queue *)priv->tx_vq[0];
+ dpaa2_set_enqueue_descriptor(order_sendq,
+(*bufs),
+&eqdesc[loop]);
+ } else {
+ qbman_eq_desc_set_no_orp(&eqdesc[loop],
+DPAA2_EQ_RESP_ERR_FQ);
+ qbman_eq_desc_set_fq(&eqdesc[loop],
+dpaa2_q[loop]->fqid);
+ }
+
+ retry_count = 0;
+ while (qbman_result_SCN_state(dpaa2_q[loop]->cscn)) {
+ retry_count++;
+ /* Retry for some time before giving up */
+ if (retry_count > CONG_RETRY_COUNT)
+ goto send_frames;
+ }
+
[PATCH 05/17] net/dpaa2: fix timestamping for IEEE1588
From: Vanshika Shukla
The current implementation of DPAA2 driver code is such
that it records Rx and Tx timestamp for PTP without checking
if they are PTP packets or not. Packets for which
RTE_MBUF_F_RX_IEEE1588_TMST and RTE_MBUF_F_TX_IEEE1588_TMST
is not set, Rx and Tx timestamp should not be recorded.
This patch fixes this issue by checking if the required
flags are set in the mbuf before recording timestamps.
Also this change defines separate values for
DPAA2_TX_CONF_ENABLE and DPAA2_NO_PREFETCH_RX
Fixes: e806bf878c17 ("net/dpaa2: support timestamp")
Cc: sta...@dpdk.org
Signed-off-by: Vanshika Shukla
---
drivers/net/dpaa2/dpaa2_ethdev.h | 2 +-
drivers/net/dpaa2/dpaa2_ptp.c| 8 ---
drivers/net/dpaa2/dpaa2_rxtx.c | 39 +---
3 files changed, 37 insertions(+), 12 deletions(-)
diff --git a/drivers/net/dpaa2/dpaa2_ethdev.h b/drivers/net/dpaa2/dpaa2_ethdev.h
index c5e9267bf0..c21571e63d 100644
--- a/drivers/net/dpaa2/dpaa2_ethdev.h
+++ b/drivers/net/dpaa2/dpaa2_ethdev.h
@@ -62,7 +62,7 @@
/* Disable RX tail drop, default is enable */
#define DPAA2_RX_TAILDROP_OFF 0x04
/* Tx confirmation enabled */
-#define DPAA2_TX_CONF_ENABLE 0x08
+#define DPAA2_TX_CONF_ENABLE 0x06
#define DPAA2_RSS_OFFLOAD_ALL ( \
RTE_ETH_RSS_L2_PAYLOAD | \
diff --git a/drivers/net/dpaa2/dpaa2_ptp.c b/drivers/net/dpaa2/dpaa2_ptp.c
index 8d79e39244..3a4536dd69 100644
--- a/drivers/net/dpaa2/dpaa2_ptp.c
+++ b/drivers/net/dpaa2/dpaa2_ptp.c
@@ -111,10 +111,12 @@ int dpaa2_timesync_read_tx_timestamp(struct rte_eth_dev
*dev,
{
struct dpaa2_dev_priv *priv = dev->data->dev_private;
- if (priv->next_tx_conf_queue)
- dpaa2_dev_tx_conf(priv->next_tx_conf_queue);
- else
+ if (priv->next_tx_conf_queue) {
+ while (!priv->tx_timestamp)
+ dpaa2_dev_tx_conf(priv->next_tx_conf_queue);
+ } else {
return -1;
+ }
*timestamp = rte_ns_to_timespec(priv->tx_timestamp);
return 0;
diff --git a/drivers/net/dpaa2/dpaa2_rxtx.c b/drivers/net/dpaa2/dpaa2_rxtx.c
index c65589a5f3..ee3ed1b152 100644
--- a/drivers/net/dpaa2/dpaa2_rxtx.c
+++ b/drivers/net/dpaa2/dpaa2_rxtx.c
@@ -140,8 +140,10 @@ dpaa2_dev_rx_parse_slow(struct rte_mbuf *mbuf,
annotation->word3, annotation->word4);
#if defined(RTE_LIBRTE_IEEE1588)
- if (BIT_ISSET_AT_POS(annotation->word1, DPAA2_ETH_FAS_PTP))
+ if (BIT_ISSET_AT_POS(annotation->word1, DPAA2_ETH_FAS_PTP)) {
mbuf->ol_flags |= RTE_MBUF_F_RX_IEEE1588_PTP;
+ mbuf->ol_flags |= RTE_MBUF_F_RX_IEEE1588_TMST;
+ }
#endif
if (BIT_ISSET_AT_POS(annotation->word3, L2_VLAN_1_PRESENT)) {
@@ -769,7 +771,10 @@ dpaa2_dev_prefetch_rx(void *queue, struct rte_mbuf **bufs,
uint16_t nb_pkts)
else
bufs[num_rx] = eth_fd_to_mbuf(fd, eth_data->port_id);
#if defined(RTE_LIBRTE_IEEE1588)
- priv->rx_timestamp = *dpaa2_timestamp_dynfield(bufs[num_rx]);
+ if (bufs[num_rx]->ol_flags & PKT_RX_IEEE1588_TMST) {
+ priv->rx_timestamp =
+ *dpaa2_timestamp_dynfield(bufs[num_rx]);
+ }
#endif
if (eth_data->dev_conf.rxmode.offloads &
@@ -986,6 +991,13 @@ dpaa2_dev_rx(void *queue, struct rte_mbuf **bufs, uint16_t
nb_pkts)
bufs[num_rx] = eth_fd_to_mbuf(fd,
eth_data->port_id);
+#if defined(RTE_LIBRTE_IEEE1588)
+ if (bufs[num_rx]->ol_flags & PKT_RX_IEEE1588_TMST) {
+ priv->rx_timestamp =
+ *dpaa2_timestamp_dynfield(bufs[num_rx]);
+ }
+#endif
+
if (eth_data->dev_conf.rxmode.offloads &
RTE_ETH_RX_OFFLOAD_VLAN_STRIP) {
rte_vlan_strip(bufs[num_rx]);
@@ -1021,6 +1033,8 @@ uint16_t dpaa2_dev_tx_conf(void *queue)
struct rte_eth_dev_data *eth_data = dpaa2_q->eth_data;
struct dpaa2_dev_priv *priv = eth_data->dev_private;
struct dpaa2_annot_hdr *annotation;
+ void *v_addr;
+ struct rte_mbuf *mbuf;
#endif
if (unlikely(!DPAA2_PER_LCORE_DPIO)) {
@@ -1105,10 +1119,16 @@ uint16_t dpaa2_dev_tx_conf(void *queue)
num_tx_conf++;
num_pulled++;
#if defined(RTE_LIBRTE_IEEE1588)
- annotation = (struct dpaa2_annot_hdr *)((size_t)
- DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd)) +
- DPAA2_FD_PTA_SIZE);
- priv->tx_timestamp = annotation->word2;
+ v_addr = DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd));
+ mbuf = DPAA2_INLINE_MBUF_FROM_BUF(v_addr,
+
rte_dpaa2_bpid_info[DPAA2_GET_FD_BPID(fd)].meta_d
[PATCH 07/17] net/dpaa2: add support for level 2 in traffic management
From: Gagandeep Singh
This patch adds support for level 2 for QoS shaping.
Signed-off-by: Gagandeep Singh
---
doc/guides/nics/dpaa2.rst | 2 +-
drivers/net/dpaa2/dpaa2_ethdev.c| 55 ++-
drivers/net/dpaa2/dpaa2_ethdev.h| 6 +-
drivers/net/dpaa2/dpaa2_tm.c| 563 ++--
drivers/net/dpaa2/dpaa2_tm.h| 17 +-
drivers/net/dpaa2/mc/dpni.c | 302 +--
drivers/net/dpaa2/mc/fsl_dpni.h | 119 +++---
drivers/net/dpaa2/mc/fsl_dpni_cmd.h | 79 ++--
8 files changed, 791 insertions(+), 352 deletions(-)
diff --git a/doc/guides/nics/dpaa2.rst b/doc/guides/nics/dpaa2.rst
index 831bc56488..2d113f53df 100644
--- a/doc/guides/nics/dpaa2.rst
+++ b/doc/guides/nics/dpaa2.rst
@@ -588,7 +588,7 @@ Supported Features
The following capabilities are supported:
-- Level0 (root node) and Level1 are supported.
+- Level0 (root node), Level1 and Level2 are supported.
- 1 private shaper at root node (port level) is supported.
- 8 TX queues per port supported (1 channel per port)
- Both SP and WFQ scheduling mechanisms are supported on all 8 queues.
diff --git a/drivers/net/dpaa2/dpaa2_ethdev.c b/drivers/net/dpaa2/dpaa2_ethdev.c
index 18ff07249f..b91e773605 100644
--- a/drivers/net/dpaa2/dpaa2_ethdev.c
+++ b/drivers/net/dpaa2/dpaa2_ethdev.c
@@ -852,6 +852,7 @@ dpaa2_dev_tx_queue_setup(struct rte_eth_dev *dev,
struct dpni_queue tx_conf_cfg;
struct dpni_queue tx_flow_cfg;
uint8_t options = 0, flow_id;
+ uint16_t channel_id;
struct dpni_queue_id qid;
uint32_t tc_id;
int ret;
@@ -877,20 +878,6 @@ dpaa2_dev_tx_queue_setup(struct rte_eth_dev *dev,
memset(&tx_conf_cfg, 0, sizeof(struct dpni_queue));
memset(&tx_flow_cfg, 0, sizeof(struct dpni_queue));
- tc_id = tx_queue_id;
- flow_id = 0;
-
- ret = dpni_set_queue(dpni, CMD_PRI_LOW, priv->token, DPNI_QUEUE_TX,
- tc_id, flow_id, options, &tx_flow_cfg);
- if (ret) {
- DPAA2_PMD_ERR("Error in setting the tx flow: "
- "tc_id=%d, flow=%d err=%d",
- tc_id, flow_id, ret);
- return -1;
- }
-
- dpaa2_q->flow_id = flow_id;
-
if (tx_queue_id == 0) {
/*Set tx-conf and error configuration*/
if (priv->flags & DPAA2_TX_CONF_ENABLE)
@@ -907,10 +894,26 @@ dpaa2_dev_tx_queue_setup(struct rte_eth_dev *dev,
return -1;
}
}
+
+ tc_id = tx_queue_id % priv->num_tx_tc;
+ channel_id = (uint8_t)(tx_queue_id / priv->num_tx_tc) %
priv->num_channels;
+ flow_id = 0;
+
+ ret = dpni_set_queue(dpni, CMD_PRI_LOW, priv->token, DPNI_QUEUE_TX,
+ ((channel_id << 8) | tc_id), flow_id, options,
&tx_flow_cfg);
+ if (ret) {
+ DPAA2_PMD_ERR("Error in setting the tx flow: "
+ "tc_id=%d, flow=%d err=%d",
+ tc_id, flow_id, ret);
+ return -1;
+ }
+
+ dpaa2_q->flow_id = flow_id;
+
dpaa2_q->tc_index = tc_id;
ret = dpni_get_queue(dpni, CMD_PRI_LOW, priv->token,
-DPNI_QUEUE_TX, dpaa2_q->tc_index,
+DPNI_QUEUE_TX, ((channel_id << 8) |
dpaa2_q->tc_index),
dpaa2_q->flow_id, &tx_flow_cfg, &qid);
if (ret) {
DPAA2_PMD_ERR("Error in getting LFQID err=%d", ret);
@@ -942,7 +945,7 @@ dpaa2_dev_tx_queue_setup(struct rte_eth_dev *dev,
ret = dpni_set_congestion_notification(dpni, CMD_PRI_LOW,
priv->token,
DPNI_QUEUE_TX,
- tc_id,
+ ((channel_id << 8) |
tc_id),
&cong_notif_cfg);
if (ret) {
DPAA2_PMD_ERR(
@@ -959,7 +962,7 @@ dpaa2_dev_tx_queue_setup(struct rte_eth_dev *dev,
options = options | DPNI_QUEUE_OPT_USER_CTX;
tx_conf_cfg.user_context = (size_t)(dpaa2_q);
ret = dpni_set_queue(dpni, CMD_PRI_LOW, priv->token,
-DPNI_QUEUE_TX_CONFIRM, dpaa2_tx_conf_q->tc_index,
+DPNI_QUEUE_TX_CONFIRM, ((channel_id << 8) |
dpaa2_tx_conf_q->tc_index),
dpaa2_tx_conf_q->flow_id, options, &tx_conf_cfg);
if (ret) {
DPAA2_PMD_ERR("Error in setting the tx conf flow: "
@@ -970,7 +973,7 @@ dpaa2_dev_tx_queue_setup(struct rte_eth_dev *dev,
}
ret = dpni_get_queue(dpni, CMD_PRI_LOW, priv->token,
-DPNI_QUEUE_TX_CONFIRM, dpaa2_tx_conf_q->tc_index,
+DPNI_QUEUE
[PATCH 08/17] net/dpaa2: secondary process handling for dpni
From: Jun Yang
This change uses 'dev->process_private' instead of 'priv->hw'
to get dpmcp per process while setting flow distribution,
as priv->hw is only valid for primary process.
It also initialize rte_dpaa2_bpid_info in secondary process.
Signed-off-by: Jun Yang
---
drivers/mempool/dpaa2/dpaa2_hw_mempool.c | 23 +++
drivers/mempool/dpaa2/rte_dpaa2_mempool.h | 15 +++
drivers/mempool/dpaa2/version.map | 1 +
drivers/net/dpaa2/base/dpaa2_hw_dpni.c| 5 ++---
drivers/net/dpaa2/dpaa2_ethdev.c | 10 --
drivers/net/dpaa2/dpaa2_ethdev.h | 3 ++-
6 files changed, 51 insertions(+), 6 deletions(-)
diff --git a/drivers/mempool/dpaa2/dpaa2_hw_mempool.c
b/drivers/mempool/dpaa2/dpaa2_hw_mempool.c
index 39c6252a63..56c629c681 100644
--- a/drivers/mempool/dpaa2/dpaa2_hw_mempool.c
+++ b/drivers/mempool/dpaa2/dpaa2_hw_mempool.c
@@ -263,6 +263,29 @@ rte_dpaa2_mbuf_release(struct rte_mempool *pool
__rte_unused,
}
}
+int rte_dpaa2_bpid_info_init(struct rte_mempool *mp)
+{
+ struct dpaa2_bp_info *bp_info = mempool_to_bpinfo(mp);
+ uint32_t bpid = bp_info->bpid;
+
+ if (!rte_dpaa2_bpid_info) {
+ rte_dpaa2_bpid_info = (struct dpaa2_bp_info *)rte_malloc(NULL,
+ sizeof(struct dpaa2_bp_info) * MAX_BPID,
+ RTE_CACHE_LINE_SIZE);
+ if (rte_dpaa2_bpid_info == NULL)
+ return -ENOMEM;
+ memset(rte_dpaa2_bpid_info, 0,
+ sizeof(struct dpaa2_bp_info) * MAX_BPID);
+ }
+
+ rte_dpaa2_bpid_info[bpid].meta_data_size = sizeof(struct rte_mbuf)
+ + rte_pktmbuf_priv_size(mp);
+ rte_dpaa2_bpid_info[bpid].bp_list = bp_info->bp_list;
+ rte_dpaa2_bpid_info[bpid].bpid = bpid;
+
+ return 0;
+}
+
uint16_t
rte_dpaa2_mbuf_pool_bpid(struct rte_mempool *mp)
{
diff --git a/drivers/mempool/dpaa2/rte_dpaa2_mempool.h
b/drivers/mempool/dpaa2/rte_dpaa2_mempool.h
index 4a22b7c42e..28dea74326 100644
--- a/drivers/mempool/dpaa2/rte_dpaa2_mempool.h
+++ b/drivers/mempool/dpaa2/rte_dpaa2_mempool.h
@@ -46,6 +46,21 @@ rte_dpaa2_mbuf_pool_bpid(struct rte_mempool *mp);
struct rte_mbuf *
rte_dpaa2_mbuf_from_buf_addr(struct rte_mempool *mp, void *buf_addr);
+/**
+ * Initialize the rte_dpaa2_bpid_info
+ * In generial, it is called in the secondary process and
+ * mp has been created in the primary process.
+ *
+ * @param mp
+ * memory pool
+ *
+ * @return
+ * - 0 on success.
+ * - (<0) on failure.
+ */
+__rte_internal
+int rte_dpaa2_bpid_info_init(struct rte_mempool *mp);
+
#ifdef __cplusplus
}
#endif
diff --git a/drivers/mempool/dpaa2/version.map
b/drivers/mempool/dpaa2/version.map
index 49c460ec54..cfd4ae617a 100644
--- a/drivers/mempool/dpaa2/version.map
+++ b/drivers/mempool/dpaa2/version.map
@@ -11,5 +11,6 @@ INTERNAL {
global:
rte_dpaa2_bpid_info;
+ rte_dpaa2_bpid_info_init;
rte_dpaa2_mbuf_alloc_bulk;
};
diff --git a/drivers/net/dpaa2/base/dpaa2_hw_dpni.c
b/drivers/net/dpaa2/base/dpaa2_hw_dpni.c
index 3170694841..9509f6e8a3 100644
--- a/drivers/net/dpaa2/base/dpaa2_hw_dpni.c
+++ b/drivers/net/dpaa2/base/dpaa2_hw_dpni.c
@@ -95,7 +95,7 @@ dpaa2_setup_flow_dist(struct rte_eth_dev *eth_dev,
uint64_t req_dist_set, int tc_index)
{
struct dpaa2_dev_priv *priv = eth_dev->data->dev_private;
- struct fsl_mc_io *dpni = priv->hw;
+ struct fsl_mc_io *dpni = eth_dev->process_private;
struct dpni_rx_dist_cfg tc_cfg;
struct dpkg_profile_cfg kg_cfg;
void *p_params;
@@ -457,13 +457,12 @@ dpaa2_distset_to_dpkg_profile_cfg(
int
dpaa2_attach_bp_list(struct dpaa2_dev_priv *priv,
-void *blist)
+ struct fsl_mc_io *dpni, void *blist)
{
/* Function to attach a DPNI with a buffer pool list. Buffer pool list
* handle is passed in blist.
*/
int32_t retcode;
- struct fsl_mc_io *dpni = priv->hw;
struct dpni_pools_cfg bpool_cfg;
struct dpaa2_bp_list *bp_list = (struct dpaa2_bp_list *)blist;
struct dpni_buffer_layout layout;
diff --git a/drivers/net/dpaa2/dpaa2_ethdev.c b/drivers/net/dpaa2/dpaa2_ethdev.c
index b91e773605..a45beed75f 100644
--- a/drivers/net/dpaa2/dpaa2_ethdev.c
+++ b/drivers/net/dpaa2/dpaa2_ethdev.c
@@ -18,6 +18,7 @@
#include
#include
#include
+#include "rte_dpaa2_mempool.h"
#include "dpaa2_pmd_logs.h"
#include
@@ -712,9 +713,14 @@ dpaa2_dev_rx_queue_setup(struct rte_eth_dev *dev,
}
if (!priv->bp_list || priv->bp_list->mp != mb_pool) {
+ if (rte_eal_process_type() != RTE_PROC_PRIMARY) {
+ ret = rte_dpaa2_bpid_info_init(mb_pool);
+ if (ret)
+ return ret;
+ }
bpid = mempool_to_bpid(mb_pool);
- ret = dpaa2_attach_bp
[PATCH 09/17] bus/fslmc: add and scan dprc devices
From: Jun Yang
In order to get connection endpoint of each objects,
scan the dprc object.
Signed-off-by: Jun Yang
Signed-off-by: Nipun Gupta
---
drivers/bus/fslmc/fslmc_bus.c| 15 ++-
drivers/bus/fslmc/fslmc_vfio.c | 18 +++-
drivers/bus/fslmc/mc/dprc.c | 129 +++
drivers/bus/fslmc/mc/fsl_dprc.h | 46
drivers/bus/fslmc/mc/fsl_dprc_cmd.h | 48 +
drivers/bus/fslmc/meson.build| 4 +-
drivers/bus/fslmc/portal/dpaa2_hw_dprc.c | 100 ++
drivers/bus/fslmc/portal/dpaa2_hw_pvt.h | 12 +++
drivers/bus/fslmc/rte_fslmc.h| 10 +-
9 files changed, 374 insertions(+), 8 deletions(-)
create mode 100644 drivers/bus/fslmc/mc/dprc.c
create mode 100644 drivers/bus/fslmc/mc/fsl_dprc.h
create mode 100644 drivers/bus/fslmc/mc/fsl_dprc_cmd.h
create mode 100644 drivers/bus/fslmc/portal/dpaa2_hw_dprc.c
diff --git a/drivers/bus/fslmc/fslmc_bus.c b/drivers/bus/fslmc/fslmc_bus.c
index a0ef24cdc8..a3c0d838c4 100644
--- a/drivers/bus/fslmc/fslmc_bus.c
+++ b/drivers/bus/fslmc/fslmc_bus.c
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
- * Copyright 2016,2018-2019 NXP
+ * Copyright 2016,2018-2021 NXP
*
*/
@@ -136,10 +136,6 @@ scan_one_fslmc_device(char *dev_name)
if (!dev_name)
return ret;
- /* Ignore the Container name itself */
- if (!strncmp("dprc", dev_name, 4))
- return 0;
-
/* Creating a temporary copy to perform cut-parse over string */
dup_dev_name = strdup(dev_name);
if (!dup_dev_name) {
@@ -197,6 +193,8 @@ scan_one_fslmc_device(char *dev_name)
dev->dev_type = DPAA2_MUX;
else if (!strncmp("dprtc", t_ptr, 5))
dev->dev_type = DPAA2_DPRTC;
+ else if (!strncmp("dprc", t_ptr, 4))
+ dev->dev_type = DPAA2_DPRC;
else
dev->dev_type = DPAA2_UNKNOWN;
@@ -339,6 +337,13 @@ rte_fslmc_scan(void)
goto scan_fail;
}
+ /* Scan the DPRC container object */
+ ret = scan_one_fslmc_device(fslmc_container);
+ if (ret != 0) {
+ /* Error in parsing directory - exit gracefully */
+ goto scan_fail_cleanup;
+ }
+
while ((entry = readdir(dir)) != NULL) {
if (entry->d_name[0] == '.' || entry->d_type != DT_DIR)
continue;
diff --git a/drivers/bus/fslmc/fslmc_vfio.c b/drivers/bus/fslmc/fslmc_vfio.c
index b4704eeae4..1b89a56bbc 100644
--- a/drivers/bus/fslmc/fslmc_vfio.c
+++ b/drivers/bus/fslmc/fslmc_vfio.c
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2015-2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2016-2019 NXP
+ * Copyright 2016-2021 NXP
*
*/
@@ -728,6 +728,7 @@ fslmc_process_iodevices(struct rte_dpaa2_device *dev)
case DPAA2_BPOOL:
case DPAA2_DPRTC:
case DPAA2_MUX:
+ case DPAA2_DPRC:
TAILQ_FOREACH(object, &dpaa2_obj_list, next) {
if (dev->dev_type == object->dev_type)
object->create(dev_fd, &device_info,
@@ -881,6 +882,21 @@ fslmc_vfio_process_group(void)
return -1;
}
+ /* Search for DPRC device next as it updates endpoint of
+* other devices.
+*/
+ current_device = 0;
+ RTE_TAILQ_FOREACH_SAFE(dev, &rte_fslmc_bus.device_list, next, dev_temp)
{
+ if (dev->dev_type == DPAA2_DPRC) {
+ ret = fslmc_process_iodevices(dev);
+ if (ret) {
+ DPAA2_BUS_ERR("Unable to process dprc");
+ return -1;
+ }
+ TAILQ_REMOVE(&rte_fslmc_bus.device_list, dev, next);
+ }
+ }
+
current_device = 0;
RTE_TAILQ_FOREACH_SAFE(dev, &rte_fslmc_bus.device_list, next,
dev_temp) {
diff --git a/drivers/bus/fslmc/mc/dprc.c b/drivers/bus/fslmc/mc/dprc.c
new file mode 100644
index 00..491081c7c8
--- /dev/null
+++ b/drivers/bus/fslmc/mc/dprc.c
@@ -0,0 +1,129 @@
+/* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
+ *
+ * Copyright 2013-2016 Freescale Semiconductor Inc.
+ * Copyright 2016-2021 NXP
+ *
+ */
+#include
+#include
+#include
+#include
+
+/** @addtogroup dprc
+ * @{
+ */
+
+/**
+ * dprc_open() - Open DPRC object for use
+ * @mc_io: Pointer to MC portal's I/O object
+ * @cmd_flags: Command flags; one or more of 'MC_CMD_FLAG_'
+ * @container_id: Container ID to open
+ * @token: Returned token of DPRC object
+ *
+ * Return: '0' on Success; Error code otherwise.
+ *
+ * @warningRequired before any operation on the object.
+ */
+int dprc_open(struct fsl_mc_io *mc_io,
+ uint32_t cmd_flags,
+ int container_id,
+ uint
[PATCH 10/17] net/dpaa2: support recycle loopback port
From: Jun Yang
DPAA2 recycle port is used for configuring the device
in the loopback mode. Loopback configuraiton can be at
dpni level or at serdes level.
Signed-off-by: Jun Yang
---
drivers/bus/fslmc/portal/dpaa2_hw_pvt.h | 3 +-
drivers/net/dpaa2/dpaa2_ethdev.c| 32 +-
drivers/net/dpaa2/dpaa2_ethdev.h| 23 +
drivers/net/dpaa2/dpaa2_recycle.c | 780
drivers/net/dpaa2/mc/dpni.c | 32 +
drivers/net/dpaa2/mc/fsl_dpni_cmd.h | 1 +
drivers/net/dpaa2/meson.build | 1 +
7 files changed, 870 insertions(+), 2 deletions(-)
create mode 100644 drivers/net/dpaa2/dpaa2_recycle.c
diff --git a/drivers/bus/fslmc/portal/dpaa2_hw_pvt.h
b/drivers/bus/fslmc/portal/dpaa2_hw_pvt.h
index 8cb4d404aa..4d0f7e4b5d 100644
--- a/drivers/bus/fslmc/portal/dpaa2_hw_pvt.h
+++ b/drivers/bus/fslmc/portal/dpaa2_hw_pvt.h
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2016-2020 NXP
+ * Copyright 2016-2021 NXP
*
*/
@@ -176,6 +176,7 @@ struct dpaa2_queue {
uint16_t nb_desc;
uint16_t resv;
uint64_t offloads;
+ uint64_t lpbk_cntx;
} __rte_cache_aligned;
struct swp_active_dqs {
diff --git a/drivers/net/dpaa2/dpaa2_ethdev.c b/drivers/net/dpaa2/dpaa2_ethdev.c
index a45beed75f..d81f8cb07a 100644
--- a/drivers/net/dpaa2/dpaa2_ethdev.c
+++ b/drivers/net/dpaa2/dpaa2_ethdev.c
@@ -668,6 +668,30 @@ dpaa2_eth_dev_configure(struct rte_eth_dev *dev)
if (rx_offloads & RTE_ETH_RX_OFFLOAD_VLAN_FILTER)
dpaa2_vlan_offload_set(dev, RTE_ETH_VLAN_FILTER_MASK);
+ if (eth_conf->lpbk_mode) {
+ ret = dpaa2_dev_recycle_config(dev);
+ if (ret) {
+ DPAA2_PMD_ERR("Error to configure %s to recycle port.",
+ dev->data->name);
+
+ return ret;
+ }
+ } else {
+ /** User may disable loopback mode by calling
+* "dev_configure" with lpbk_mode cleared.
+* No matter the port was configured recycle or not,
+* recycle de-configure is called here.
+* If port is not recycled, the de-configure will return
directly.
+*/
+ ret = dpaa2_dev_recycle_deconfig(dev);
+ if (ret) {
+ DPAA2_PMD_ERR("Error to de-configure recycle port %s.",
+ dev->data->name);
+
+ return ret;
+ }
+ }
+
dpaa2_tm_init(dev);
return 0;
@@ -2601,6 +2625,9 @@ dpaa2_dev_init(struct rte_eth_dev *eth_dev)
return -1;
}
+ if (eth_dev->data->dev_conf.lpbk_mode)
+ dpaa2_dev_recycle_deconfig(eth_dev);
+
/* Clean the device first */
ret = dpni_reset(dpni_dev, CMD_PRI_LOW, priv->token);
if (ret) {
@@ -2624,6 +2651,7 @@ dpaa2_dev_init(struct rte_eth_dev *eth_dev)
priv->dist_queues = attr.num_queues;
priv->num_channels = attr.num_channels;
priv->channel_inuse = 0;
+ rte_spinlock_init(&priv->lpbk_qp_lock);
/* only if the custom CG is enabled */
if (attr.options & DPNI_OPT_CUSTOM_CG)
@@ -2808,7 +2836,9 @@ dpaa2_dev_init(struct rte_eth_dev *eth_dev)
return ret;
}
}
- RTE_LOG(INFO, PMD, "%s: netdev created\n", eth_dev->data->name);
+ RTE_LOG(INFO, PMD, "%s: netdev created, connected to %s\n",
+ eth_dev->data->name, dpaa2_dev->ep_name);
+
return 0;
init_err:
dpaa2_dev_close(eth_dev);
diff --git a/drivers/net/dpaa2/dpaa2_ethdev.h b/drivers/net/dpaa2/dpaa2_ethdev.h
index bd33a22a8e..b032da9eff 100644
--- a/drivers/net/dpaa2/dpaa2_ethdev.h
+++ b/drivers/net/dpaa2/dpaa2_ethdev.h
@@ -11,6 +11,7 @@
#include
#include
+#include
#include
#include "dpaa2_tm.h"
@@ -65,6 +66,18 @@
/* Tx confirmation enabled */
#define DPAA2_TX_CONF_ENABLE 0x06
+/* HW loopback the egress traffic to self ingress*/
+#define DPAA2_TX_MAC_LOOPBACK_MODE 0x20
+
+#define DPAA2_TX_SERDES_LOOPBACK_MODE 0x40
+
+#define DPAA2_TX_DPNI_LOOPBACK_MODE 0x80
+
+#define DPAA2_TX_LOOPBACK_MODE \
+ (DPAA2_TX_MAC_LOOPBACK_MODE | \
+ DPAA2_TX_SERDES_LOOPBACK_MODE | \
+ DPAA2_TX_DPNI_LOOPBACK_MODE)
+
#define DPAA2_RSS_OFFLOAD_ALL ( \
RTE_ETH_RSS_L2_PAYLOAD | \
RTE_ETH_RSS_IP | \
@@ -192,6 +205,7 @@ struct dpaa2_dev_priv {
struct dpaa2_queue *next_tx_conf_queue;
struct rte_eth_dev *eth_dev; /**< Pointer back to holding ethdev */
+ rte_spinlock_t lpbk_qp_lock;
uint8_t channel_inuse;
LIST_HEAD(, rte_flow) flows; /**< Configured flow rule handles. */
@@ -268,4 +282,13 @@ int dpaa2_timesync_read_rx_timestamp(struct rte_eth_dev
*dev,
uin
[PATCH 11/17] net/dpaa: check status before configuring shared MAC
From: Nipun Gupta
For shared MAC interface, it is a prerequisite to enable the
interface in the kernel, before using it in user-space. This
patch makes sure that device is not getting configured in
case shared MAC interface is not enabled in the kernel.
Signed-off-by: Nipun Gupta
---
drivers/bus/dpaa/base/fman/fman_hw.c | 11 +++
drivers/bus/dpaa/include/fsl_fman.h | 2 ++
drivers/bus/dpaa/version.map | 1 +
drivers/net/dpaa/dpaa_ethdev.c | 13 -
4 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/drivers/bus/dpaa/base/fman/fman_hw.c
b/drivers/bus/dpaa/base/fman/fman_hw.c
index af9bac76c2..24a99f7235 100644
--- a/drivers/bus/dpaa/base/fman/fman_hw.c
+++ b/drivers/bus/dpaa/base/fman/fman_hw.c
@@ -314,6 +314,17 @@ fman_if_disable_rx(struct fman_if *p)
out_be32(__if->ccsr_map + 8, in_be32(__if->ccsr_map + 8) & ~(u32)2);
}
+int
+fman_if_get_rx_status(struct fman_if *p)
+{
+ struct __fman_if *__if = container_of(p, struct __fman_if, __if);
+
+ assert(fman_ccsr_map_fd != -1);
+
+ /* return true if RX bit is set */
+ return !!(in_be32(__if->ccsr_map + 8) & (u32)2);
+}
+
void
fman_if_loopback_enable(struct fman_if *p)
{
diff --git a/drivers/bus/dpaa/include/fsl_fman.h
b/drivers/bus/dpaa/include/fsl_fman.h
index f3a5d05970..acb344584f 100644
--- a/drivers/bus/dpaa/include/fsl_fman.h
+++ b/drivers/bus/dpaa/include/fsl_fman.h
@@ -81,6 +81,8 @@ __rte_internal
void fman_if_enable_rx(struct fman_if *p);
__rte_internal
void fman_if_disable_rx(struct fman_if *p);
+__rte_internal
+int fman_if_get_rx_status(struct fman_if *p);
/* Enable/disable loopback on specific interfaces */
__rte_internal
diff --git a/drivers/bus/dpaa/version.map b/drivers/bus/dpaa/version.map
index 900635b210..1a840fd1a5 100644
--- a/drivers/bus/dpaa/version.map
+++ b/drivers/bus/dpaa/version.map
@@ -33,6 +33,7 @@ INTERNAL {
fman_if_get_fdoff;
fman_if_get_maxfrm;
fman_if_get_sg_enable;
+ fman_if_get_rx_status;
fman_if_loopback_disable;
fman_if_loopback_enable;
fman_if_promiscuous_disable;
diff --git a/drivers/net/dpaa/dpaa_ethdev.c b/drivers/net/dpaa/dpaa_ethdev.c
index e49f765434..3972ecaed8 100644
--- a/drivers/net/dpaa/dpaa_ethdev.c
+++ b/drivers/net/dpaa/dpaa_ethdev.c
@@ -195,6 +195,7 @@ dpaa_eth_dev_configure(struct rte_eth_dev *dev)
struct rte_eth_conf *eth_conf = &dev->data->dev_conf;
uint64_t rx_offloads = eth_conf->rxmode.offloads;
uint64_t tx_offloads = eth_conf->txmode.offloads;
+ struct dpaa_if *dpaa_intf = dev->data->dev_private;
struct rte_device *rdev = dev->device;
struct rte_eth_link *link = &dev->data->dev_link;
struct rte_dpaa_device *dpaa_dev;
@@ -203,7 +204,7 @@ dpaa_eth_dev_configure(struct rte_eth_dev *dev)
struct rte_intr_handle *intr_handle;
uint32_t max_rx_pktlen;
int speed, duplex;
- int ret;
+ int ret, rx_status;
PMD_INIT_FUNC_TRACE();
@@ -211,6 +212,16 @@ dpaa_eth_dev_configure(struct rte_eth_dev *dev)
intr_handle = dpaa_dev->intr_handle;
__fif = container_of(fif, struct __fman_if, __if);
+ /* Check if interface is enabled in case of shared MAC */
+ if (fif->is_shared_mac) {
+ rx_status = fman_if_get_rx_status(fif);
+ if (!rx_status) {
+ DPAA_PMD_ERR("%s Interface not enabled in kernel!",
+dpaa_intf->name);
+ return -EHOSTDOWN;
+ }
+ }
+
/* Rx offloads which are enabled by default */
if (dev_rx_offloads_nodis & ~rx_offloads) {
DPAA_PMD_INFO(
--
2.17.1
[PATCH 12/17] net/dpaa: enable checksum for shared MAC interface
From: Nipun Gupta
In case of shared MAC B0V bit in contextA is required
to be set to set so that ASPID is 0.
Signed-off-by: Brick Yang
Signed-off-by: Nipun Gupta
---
drivers/net/dpaa/dpaa_ethdev.c | 4
1 file changed, 4 insertions(+)
diff --git a/drivers/net/dpaa/dpaa_ethdev.c b/drivers/net/dpaa/dpaa_ethdev.c
index 3972ecaed8..7135a5998d 100644
--- a/drivers/net/dpaa/dpaa_ethdev.c
+++ b/drivers/net/dpaa/dpaa_ethdev.c
@@ -1755,6 +1755,10 @@ static int dpaa_tx_queue_init(struct qman_fq *fq,
/* no tx-confirmation */
opts.fqd.context_a.hi = 0x8000 | fman_dealloc_bufs_mask_hi;
opts.fqd.context_a.lo = 0 | fman_dealloc_bufs_mask_lo;
+ if (fman_ip_rev >= FMAN_V3) {
+ /* Set B0V bit in contextA to set ASPID to 0 */
+ opts.fqd.context_a.hi |= 0x0400;
+ }
DPAA_PMD_DEBUG("init tx fq %p, fqid 0x%x", fq, fq->fqid);
if (cgr_tx) {
--
2.17.1
[PATCH 13/17] net/enetc: add support for VFs
From: Gagandeep Singh
Add virtual function support for enetc devices
Signed-off-by: Gagandeep Singh
---
drivers/net/enetc/enetc_ethdev.c | 25 -
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/drivers/net/enetc/enetc_ethdev.c b/drivers/net/enetc/enetc_ethdev.c
index 7cdb8ce463..1b4337bc48 100644
--- a/drivers/net/enetc/enetc_ethdev.c
+++ b/drivers/net/enetc/enetc_ethdev.c
@@ -19,6 +19,9 @@ enetc_dev_start(struct rte_eth_dev *dev)
uint32_t val;
PMD_INIT_FUNC_TRACE();
+ if (hw->device_id == ENETC_DEV_ID_VF)
+ return 0;
+
val = enetc_port_rd(enetc_hw, ENETC_PM0_CMD_CFG);
enetc_port_wr(enetc_hw, ENETC_PM0_CMD_CFG,
val | ENETC_PM0_TX_EN | ENETC_PM0_RX_EN);
@@ -55,6 +58,9 @@ enetc_dev_stop(struct rte_eth_dev *dev)
PMD_INIT_FUNC_TRACE();
dev->data->dev_started = 0;
+ if (hw->device_id == ENETC_DEV_ID_VF)
+ return 0;
+
/* Disable port */
val = enetc_port_rd(enetc_hw, ENETC_PMR);
enetc_port_wr(enetc_hw, ENETC_PMR, val & (~ENETC_PMR_EN));
@@ -160,11 +166,20 @@ enetc_hardware_init(struct enetc_eth_hw *hw)
/* Enabling Station Interface */
enetc_wr(enetc_hw, ENETC_SIMR, ENETC_SIMR_EN);
- *mac = (uint32_t)enetc_port_rd(enetc_hw, ENETC_PSIPMAR0(0));
- high_mac = (uint32_t)*mac;
- mac++;
- *mac = (uint16_t)enetc_port_rd(enetc_hw, ENETC_PSIPMAR1(0));
- low_mac = (uint16_t)*mac;
+
+ if (hw->device_id == ENETC_DEV_ID_VF) {
+ *mac = (uint32_t)enetc_rd(enetc_hw, ENETC_SIPMAR0);
+ high_mac = (uint32_t)*mac;
+ mac++;
+ *mac = (uint32_t)enetc_rd(enetc_hw, ENETC_SIPMAR1);
+ low_mac = (uint16_t)*mac;
+ } else {
+ *mac = (uint32_t)enetc_port_rd(enetc_hw, ENETC_PSIPMAR0(0));
+ high_mac = (uint32_t)*mac;
+ mac++;
+ *mac = (uint16_t)enetc_port_rd(enetc_hw, ENETC_PSIPMAR1(0));
+ low_mac = (uint16_t)*mac;
+ }
if ((high_mac | low_mac) == 0) {
char *first_byte;
--
2.17.1
[PATCH 14/17] net/pfe: disable HW CRC stripping
From: Gagandeep Singh
LS1012A MAC PCS block has an erratum that is seen with specific
PHY AR803x. The issue is triggered by the (spec-compliant)
operation of the AR803x PHY on the LS1012A-FRWY board.
Due to this, good FCS packet is reported as error packet by MAC,
so for these error packets FCS should be validated and discard
only real error packets in PFE engine Rx packet path. Now onwards
CRC validation will be handled in pfe.ko and DPDK driver can not
use CRC Forwarding option.
Signed-off-by: Gagandeep Singh
---
drivers/net/pfe/pfe_ethdev.c | 7 +--
drivers/net/pfe/pfe_hal.c| 4 ++--
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/drivers/net/pfe/pfe_ethdev.c b/drivers/net/pfe/pfe_ethdev.c
index 047010e15e..bfcaf51dd9 100644
--- a/drivers/net/pfe/pfe_ethdev.c
+++ b/drivers/net/pfe/pfe_ethdev.c
@@ -1,5 +1,5 @@
/* SPDX-License-Identifier: BSD-3-Clause
- * Copyright 2018-2019 NXP
+ * Copyright 2018-2020 NXP
*/
#include
@@ -422,8 +422,11 @@ pfe_eth_close(struct rte_eth_dev *dev)
}
static int
-pfe_eth_configure(struct rte_eth_dev *dev __rte_unused)
+pfe_eth_configure(struct rte_eth_dev *dev)
{
+ if (dev->data->dev_conf.rxmode.offloads & DEV_RX_OFFLOAD_KEEP_CRC)
+ PFE_PMD_ERR("PMD does not support KEEP_CRC offload");
+
return 0;
}
diff --git a/drivers/net/pfe/pfe_hal.c b/drivers/net/pfe/pfe_hal.c
index 41d783dbff..f49d1728b2 100644
--- a/drivers/net/pfe/pfe_hal.c
+++ b/drivers/net/pfe/pfe_hal.c
@@ -1,5 +1,5 @@
/* SPDX-License-Identifier: BSD-3-Clause
- * Copyright 2018-2019 NXP
+ * Copyright 2018-2020 NXP
*/
#include
@@ -191,7 +191,7 @@ gemac_set_mode(void *base, __rte_unused int mode)
val &= ~EMAC_RCNTRL_LOOP;
/*Enable flow control and MII mode*/
- val |= (EMAC_RCNTRL_FCE | EMAC_RCNTRL_MII_MODE | EMAC_RCNTRL_CRC_FWD);
+ val |= (EMAC_RCNTRL_FCE | EMAC_RCNTRL_MII_MODE);
writel(val, base + EMAC_RCNTRL_REG);
}
--
2.17.1
[PATCH 15/17] net/pfe: reduce driver initialization time
From: Gagandeep Singh
This patch reduces the delay in the device init.
Signed-off-by: Gagandeep Singh
---
drivers/net/pfe/pfe_hif.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/pfe/pfe_hif.c b/drivers/net/pfe/pfe_hif.c
index c4a7154ba7..eade726b2e 100644
--- a/drivers/net/pfe/pfe_hif.c
+++ b/drivers/net/pfe/pfe_hif.c
@@ -1,5 +1,5 @@
/* SPDX-License-Identifier: BSD-3-Clause
- * Copyright 2018-2019 NXP
+ * Copyright 2018-2020 NXP
*/
#include "pfe_logs.h"
@@ -9,6 +9,8 @@
#include
#include
+#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d))
+#define msleep(x) rte_delay_us(1000 * (x))
static int
pfe_hif_alloc_descr(struct pfe_hif *hif)
{
@@ -766,7 +768,7 @@ pfe_hif_rx_idle(struct pfe_hif *hif)
if (rx_status & BDP_CSR_RX_DMA_ACTV)
send_dummy_pkt_to_hif();
- sleep(1);
+ msleep(DIV_ROUND_UP(100, 1000));
} while (--hif_stop_loop);
if (readl(HIF_RX_STATUS) & BDP_CSR_RX_DMA_ACTV)
--
2.17.1
[PATCH 16/17] net/pfe: remove setting unused value
From: Apeksha Gupta
remove setting link status where it is not being used
Signed-off-by: Apeksha Gupta
---
drivers/net/pfe/pfe_ethdev.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/net/pfe/pfe_ethdev.c b/drivers/net/pfe/pfe_ethdev.c
index bfcaf51dd9..5a3008cbb5 100644
--- a/drivers/net/pfe/pfe_ethdev.c
+++ b/drivers/net/pfe/pfe_ethdev.c
@@ -590,8 +590,7 @@ pfe_eth_link_update(struct rte_eth_dev *dev, int
wait_to_complete __rte_unused)
ret = ioctl(priv->link_fd, ioctl_cmd, &lstatus);
if (ret != 0) {
PFE_PMD_ERR("Unable to fetch link status (ioctl)\n");
- /* use dummy link value */
- link.link_status = 1;
+ return -1;
}
PFE_PMD_DEBUG("Fetched link state (%d) for dev %d.\n",
lstatus, priv->id);
--
2.17.1
[PATCH 17/17] net/pfe: fix for 32 bit and PPC compilation
From: Sachin Saxena
This patch fixes compilation for 32 bit and power PC
compiler.
Fixes: 36220514de01 ("net/pfe: add Rx/Tx")
Cc: sta...@dpdk.org
Signed-off-by: Hemant Agrawal
Signed-off-by: Sachin Saxena
---
drivers/net/pfe/pfe_hif.c | 3 ++-
drivers/net/pfe/pfe_hif_lib.c | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/pfe/pfe_hif.c b/drivers/net/pfe/pfe_hif.c
index eade726b2e..67efb8b3a7 100644
--- a/drivers/net/pfe/pfe_hif.c
+++ b/drivers/net/pfe/pfe_hif.c
@@ -309,7 +309,8 @@ client_put_rxpacket(struct hif_rx_queue *queue,
if (readl(&desc->ctrl) & CL_DESC_OWN) {
- mbuf = rte_cpu_to_le_64(rte_pktmbuf_alloc(pool));
+ mbuf = (struct rte_mbuf *)
+ rte_cpu_to_le_64((uintptr_t)rte_pktmbuf_alloc(pool));
if (unlikely(!mbuf)) {
PFE_PMD_WARN("Buffer allocation failure\n");
return NULL;
diff --git a/drivers/net/pfe/pfe_hif_lib.c b/drivers/net/pfe/pfe_hif_lib.c
index 799050dce3..2487273a7c 100644
--- a/drivers/net/pfe/pfe_hif_lib.c
+++ b/drivers/net/pfe/pfe_hif_lib.c
@@ -50,7 +50,8 @@ pfe_hif_shm_init(struct hif_shm *hif_shm, struct rte_mempool
*mb_pool)
hif_shm->rx_buf_pool_cnt = HIF_RX_DESC_NT;
for (i = 0; i < hif_shm->rx_buf_pool_cnt; i++) {
- mbuf = rte_cpu_to_le_64(rte_pktmbuf_alloc(mb_pool));
+ mbuf = (struct rte_mbuf *)
+ rte_cpu_to_le_64((uintptr_t)rte_pktmbuf_alloc(mb_pool));
if (mbuf)
hif_shm->rx_buf_pool[i] = mbuf;
else
--
2.17.1
Re: [dpdk-dev] [PATCH v1] drivers: remove octeontx2 drivers
On 12/6/2021 8:35 AM, jer...@marvell.com wrote:
From: Jerin Jacob
As per the deprecation notice, In the view of enabling unified driver
for octeontx2(cn9k)/octeontx3(cn10k), removing drivers/octeontx2
drivers and replace with drivers/cnxk/ which
supports both octeontx2(cn9k) and octeontx3(cn10k) SoCs.
This patch does the following
- Replace drivers/common/octeontx2/ with drivers/common/cnxk/
- Replace drivers/mempool/octeontx2/ with drivers/mempool/cnxk/
- Replace drivers/net/octeontx2/ with drivers/net/cnxk/
- Replace drivers/event/octeontx2/ with drivers/event/cnxk/
- Replace drivers/crypto/octeontx2/ with drivers/crypto/cnxk/
- Rename config/arm/arm64_octeontx2_linux_gcc as
config/arm/arm64_cn9k_linux_gcc
- Update the documentation and MAINTAINERS to reflect the same.
- Change the reference to OCTEONTX2 as OCTEON 9. The kernel related
documentation is not accounted for this change as kernel documentation
still uses OCTEONTX2.
Depends-on: series-20804 ("common/cnxk: add REE HW definitions")
Signed-off-by: Jerin Jacob
---
MAINTAINERS | 37 -
app/test/meson.build |1 -
app/test/test_cryptodev.c |7 -
app/test/test_cryptodev.h |1 -
app/test/test_cryptodev_asym.c| 17 -
app/test/test_eventdev.c |8 -
config/arm/arm64_cn10k_linux_gcc |1 -
...teontx2_linux_gcc => arm64_cn9k_linux_gcc} |3 +-
config/arm/meson.build| 10 +-
devtools/check-abi.sh |4 +
doc/guides/cryptodevs/features/octeontx2.ini | 87 -
doc/guides/cryptodevs/index.rst |1 -
doc/guides/cryptodevs/octeontx2.rst | 188 -
doc/guides/dmadevs/cnxk.rst |2 +-
doc/guides/eventdevs/features/octeontx2.ini | 30 -
doc/guides/eventdevs/index.rst|1 -
doc/guides/eventdevs/octeontx2.rst| 178 -
doc/guides/mempool/index.rst |1 -
doc/guides/mempool/octeontx2.rst | 92 -
doc/guides/nics/cnxk.rst |4 +-
doc/guides/nics/features/octeontx2.ini| 97 -
doc/guides/nics/features/octeontx2_vec.ini| 48 -
doc/guides/nics/features/octeontx2_vf.ini | 45 -
doc/guides/nics/index.rst |1 -
doc/guides/nics/octeontx2.rst | 465 ---
doc/guides/nics/octeontx_ep.rst |4 +-
doc/guides/platform/cnxk.rst | 12 +
.../octeontx2_packet_flow_hw_accelerators.svg | 2804 --
.../img/octeontx2_resource_virtualization.svg | 2418
doc/guides/platform/index.rst |1 -
doc/guides/platform/octeontx2.rst | 520 ---
doc/guides/rel_notes/deprecation.rst | 17 -
doc/guides/rel_notes/release_19_08.rst| 12 +-
doc/guides/rel_notes/release_19_11.rst|6 +-
doc/guides/rel_notes/release_20_02.rst|8 +-
doc/guides/rel_notes/release_20_05.rst|4 +-
doc/guides/rel_notes/release_20_08.rst|6 +-
doc/guides/rel_notes/release_20_11.rst|8 +-
doc/guides/rel_notes/release_21_02.rst| 10 +-
doc/guides/rel_notes/release_21_05.rst|6 +-
doc/guides/rel_notes/release_21_11.rst|2 +-
Not sure about updating old release notes files, using 'octeontx2' still can
make
sense for the context of those releases.
Also search still gives some instances of 'octeontx2', like
'devtools/check-abi.sh'
one, can you please confirm if OK to have them:
$git grep -i octeontx2
Except from above items, agree with change in principal and build test looks
good:
Acked-by: Ferruh Yigit
Re: vmxnet3 no longer functional on DPDK 21.11
- On Dec 6, 2021, at 6:08 AM, Ananyev, Konstantin
konstantin.anan...@intel.com wrote:
> So to clarify, it fails at:
> static int
> vmxnet3_dev_start(struct rte_eth_dev *dev)
> {
> ...
> line 1695:
> if (rte_intr_enable(dev->intr_handle) < 0) {
>PMD_INIT_LOG(ERR, "interrupt enable failed");
>return -EIO;
>}
>
> Right?
That's right. And further, the failure inside of rte_intr_enable() is the test
on rte_intr_dev_fd_get():
int
rte_intr_enable(const struct rte_intr_handle *intr_handle)
{
...
if (rte_intr_fd_get(intr_handle) < 0 ||
rte_intr_dev_fd_get(intr_handle) < 0) {
rc = -1;
goto out;
}
switch (rte_intr_type_get(intr_handle)) {
/* not used at this moment */
case RTE_INTR_HANDLE_ALARM:
rc = -1;
break;
/* not used at this moment */
case RTE_INTR_HANDLE_DEV_EVENT:
rc = -1;
break;
/* unknown handle type */
default:
RTE_LOG(ERR, EAL, "Unknown handle type of fd %d\n",
rte_intr_fd_get(intr_handle));
rc = -1;
break;
}
out:
rte_eal_trace_intr_enable(intr_handle, rc);
return rc;
}
Two things about this code that confuse me:
1. rte_intr_dev_fd_get(intr_handle) just returns the value of
intr_handle->dev_fd, which is never set to anything other than -1 in any code I
can find.
2. Even if it made it past that "if" statement, I don't see how the switch that
follows ever *doesn't* return an error, i.e., every single case results in an
error! Even if it got past rte_intr_dev_fd_get(), the interrupt type is
neither of the first two cases, so it would presumably execute the default case.
> The strange thing here is that 7a0935239b9e
> doesn't change dev_start or rte_intr code in any way.
I agree, and also don't see any way the diffs between those two commits could
cause this.
> Anyway, if git blames that commit, let's try to figure out what is going on.
> Unfortunately, I don't have freebsd with vmxnet3, so will need to rely on your
> help here.
Sure no problem. If it helps, we could arrange for remote access to a FreeBSD
VM, but I suspect this is going to be something simple, so let's see if we can
get it figured out.
> As the first thing can you try to run testpmd build with last good commit
> (c87d435a4d79)
> and then testpmd build with bad commit applied and collect for both cases:
> - contents of 'struct rte_eth_dev' and ' rte_eth_dev->intr_handle' for
> your vmxnet3 port
> - debug log output (--log-level=eal,debug --log-level=pmd,debug)
Ok, we'll check it out.
Thanks,
lew
Re: [PATCH] tap:remove maintainer
On 12/2/2021 5:15 PM, Wiles, Keith wrote: I no longer have the bandwidth to support the TAP PMD, so I am removing myself as the maintainer so as to not hold up commits. Thanks Keith, introducing this PMD and maintaining up until now, when you have more time we would like to see you back. Meanwhile some features of the PMD like rte_flow, eBPF (for RSS), netlink, Rx interrupt, TC support, etc.. introduced by 6wind/Nvidia, and these features makes majority of the driver. Pascal, Ophir, Moti, do you still have use cases for these features? Can you please help maintaining the driver? Thanks, ferruh Signed-off-by: Wiles, Keith --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 18d9edaf88..b43285b6ab 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -989,7 +989,7 @@ F: doc/guides/nics/pcap_ring.rst F: doc/guides/nics/features/pcap.ini Tap PMD -M: Keith Wiles +M: F: drivers/net/tap/ F: doc/guides/nics/tap.rst F: doc/guides/nics/features/tap.ini -- 2.30.1 (Apple Git-130)
20.11.4 patches review and test
Hi all, Here is a list of patches targeted for stable release 20.11.4. The planned date for the final release is 31th December. Please help with testing and validation of your use cases and report any issues/results with reply-all to this mail. For the final release the fixes and reported validations will be added to the release notes. A release candidate tarball can be found at: https://dpdk.org/browse/dpdk-stable/tag/?id=v20.11.4-rc1 These patches are located at branch 20.11 of dpdk-stable repo: https://dpdk.org/browse/dpdk-stable/ Thanks. Xueming Li --- Ajit Khaparde (5): net/bnxt: update ring group after ring stop start net/bnxt: fix Tx queue startup state net/bnxt: fix memzone free for Tx and Rx rings net/bnxt: fix tunnel port accounting doc: update NIC feature matrix for bnxt Alexander Bechikov (1): mbuf: fix dump of dynamic fields and flags Alexander Kozyrev (3): net/mlx5: fix mbuf replenishment check for zipped CQE net/mlx5: fix GRE flow item matching net/mlx5: fix GENEVE and VXLAN-GPE flow item matching Alvin Zhang (4): app/testpmd: update forward engine beginning app/testpmd: fix txonly forwarding net/i40e: fix Rx packet statistics net/iavf: fix pointer of meta data Anatoly Burakov (3): vfio: fix FreeBSD clear group stub vfio: fix FreeBSD documentation vfio: set errno on unsupported OS Andrew Rybchenko (4): mempool: deprecate unused physical page defines drivers/net: remove queue xstats auto-fill flag ethdev: forbid closing started device common/sfc_efx: fix debug compilation control Anoob Joseph (4): examples/ipsec-secgw: fix parsing of flow queue test/crypto: skip plain text compare for null cipher test/crypto: fix missing return checks common/cpt: fix KASUMI input length Arek Kusztal (2): crypto/qat: fix status in RSA decryption crypto/qat: fix uncleared cookies after operation Baruch Siach (1): net/af_xdp: fix zero-copy Tx queue drain Ben Magistro (2): doc: fix bonding driver name net/i40e: fix i40evf device initialization Ben Pfaff (1): doc: fix numbers power of 2 in LPM6 guide Bing Zhao (3): net/mlx5: fix flow tables double release net/mlx5: fix RETA update without stopping device vdpa/mlx5: fix mkey creation check Bruce Richardson (5): usertools: fix handling EOF for telemetry input pipe eal/freebsd: lock memory device to prevent conflicts test/mem: fix memory autotests on FreeBSD eal/freebsd: ignore in-memory option doc: fix Doxygen examples build on FreeBSD Chengchang Tang (4): net/hns3: fix queue flow action validation net/hns3: fix taskqueue pair reset command net/bonding: fix dedicated queue mode in vector burst net/bonding: fix RSS key length Chengfeng Ye (2): net/axgbe: fix unreleased lock in I2C transfer net/mlx5: fix mutex unlock in Tx packet pacing cleanup Chengwen Feng (3): kni: check error code of allmulticast mode switch net/hns3: fix interrupt vector freeing net/hns3: optimize Tx performance by mbuf fast free Cian Ferriter (1): ring: fix Doxygen comment of internal function Ciara Loftus (1): net/af_xdp: disable secondary process support Ciara Power (4): crypto/openssl: fix CCM processing 0 length source examples/fips_validation: remove unused allocation examples/fips_validation: fix resetting pointer test/crypto: remove unnecessary stats retrieval Conor Walsh (12): eal: fix memory leak when saving arguments net/hinic/base: remove some unused variables net/octeontx: remove unused packet length bus/fslmc: remove unused device count event/sw: remove unused inflight events count net/bnxt: remove some unused variables net/liquidio: remove unused counter net/nfp: remove unused message length net/qede/base: remove unused message size net/vmxnet3: fix build with clang 13 test/distributor: remove unused counter examples/performance-thread: remove unused hits count Danny Patel (1): crypto/octeontx2: fix unaligned access to device memory Dapeng Yu (10): net/ice/base: fix PF ID for DCF net/bonding: fix memory leak on closing device net/ice: fix double free ACL flow entry net/ice: retry getting VF VSI map after failure net/ice: fix deadlock on flow redirect net/ice: fix function pointer in multi-process net/iavf: fix shared data in multi-process net/ice: save rule on switch filter creation net/ice: fix flow redirect net/iavf: fix multi-process shared data Dariusz Sosnowski (4): net/mlx5: fix partial inline of fine grain packets net/mlx5: fix MPLS tunnel outer layer overwrite net/mlx5: fix multi-segment packet wraparound doc: fix typo in coding style David Christensen (3):
[PATCH] doc/dlb2: update dlb2 documentation
Number of direct credits, atomic inflight and history list sizes are updated to what is supported in DLB2.0. Revised Class of Service section is added. Signed-off-by: Rashmi Shetty --- doc/guides/eventdevs/dlb2.rst | 32 +++- 1 file changed, 11 insertions(+), 21 deletions(-) diff --git a/doc/guides/eventdevs/dlb2.rst b/doc/guides/eventdevs/dlb2.rst index bce984ca08..c2887a71dc 100644 --- a/doc/guides/eventdevs/dlb2.rst +++ b/doc/guides/eventdevs/dlb2.rst @@ -151,7 +151,7 @@ load-balanced queues, and directed credits are used for directed queues. These pools' sizes are controlled by the nb_events_limit field in struct rte_event_dev_config. The load-balanced pool is sized to contain nb_events_limit credits, and the directed pool is sized to contain -nb_events_limit/4 credits. The directed pool size can be overridden with the +nb_events_limit/2 credits. The directed pool size can be overridden with the num_dir_credits devargs argument, like so: .. code-block:: console @@ -239,8 +239,8 @@ queue A. Due to this, workers should stop retrying after a time, release the events it is attempting to enqueue, and dequeue more events. It is important that the worker release the events and don't simply set them aside to retry the enqueue -again later, because the port has limited history list size (by default, twice -the port's dequeue_depth). +again later, because the port has limited history list size (by default, same +as port's dequeue_depth). Priority @@ -309,17 +309,11 @@ scheduled. The likelihood of this case depends on the eventdev configuration, traffic behavior, event processing latency, potential for a worker to be interrupted or otherwise delayed, etc. -By default, the PMD allocates 16 buffer entries for each load-balanced queue, -which provides an even division across all 128 queues but potentially wastes +By default, the PMD allocates 64 buffer entries for each load-balanced queue, +which provides an even division across all 32 queues but potentially wastes buffer space (e.g. if not all queues are used, or aren't used for atomic scheduling). -The PMD provides a dev arg to override the default per-queue allocation. To -increase per-queue atomic-inflight allocation to (for example) 64: - -.. code-block:: console - - --allow ea:00.0,atm_inflights=64 QID Depth Threshold ~~~ @@ -337,7 +331,7 @@ Per queue threshold metrics are tracked in the DLB xstats, and are also returned in the impl_opaque field of each received event. The per qid threshold can be specified as part of the device args, and -can be applied to all queue, a range of queues, or a single queue, as +can be applied to all queues, a range of queues, or a single queue, as shown below. .. code-block:: console @@ -350,14 +344,10 @@ Class of service DLB supports provisioning the DLB bandwidth into 4 classes of service. +By default, each of the 4 classes (0-3) correspond to 25% of the DLB +hardware bandwidth. -- Class 4 corresponds to 40% of the DLB hardware bandwidth -- Class 3 corresponds to 30% of the DLB hardware bandwidth -- Class 2 corresponds to 20% of the DLB hardware bandwidth -- Class 1 corresponds to 10% of the DLB hardware bandwidth -- Class 0 corresponds to don't care - -The classes are applied globally to the set of ports contained in this +The classes are applied globally to the set of ports contained in the scheduling domain, which is more appropriate for the bifurcated PMD than for the PF PMD, since the PF PMD supports just 1 scheduling domain. @@ -366,7 +356,7 @@ Class of service can be specified in the devargs, as follows .. code-block:: console - --allow ea:00.0,cos=<0..4> + --allow ea:00.0,cos=<0..3> Use X86 Vector Instructions ~~~ @@ -379,4 +369,4 @@ follows .. code-block:: console - --allow ea:00.0,vector_opts_enabled= + --allow ea:00.0,vector_opts_enable= -- 2.25.1
Re: [PATCH v11 6/9] app/test: differentiate a strerror on different OS
On Sat, Dec 04, 2021 at 04:33:37AM +0300, Dmitry Kozlyuk wrote:
> 2021-12-02 16:06 (UTC-0800), Jie Zhou:
> > On Windows, strerror returns just "Unknown error" for errnum greater
> > than MAX_ERRNO, while linux and freebsd returns "Unknown error ",
> > which is the current expectation for errno_autotest. Differentiate
> > the error string on Windows to remove a "duplicate error code" failure.
> >
> > Signed-off-by: Jie Zhou
> >
> > ---
> > app/test/test_errno.c | 12 +++-
> > lib/eal/common/eal_common_errno.c | 4
> > 2 files changed, 15 insertions(+), 1 deletion(-)
> [...]
> > diff --git a/lib/eal/common/eal_common_errno.c
> > b/lib/eal/common/eal_common_errno.c
> > index f86802705a..4c4abb802e 100644
> > --- a/lib/eal/common/eal_common_errno.c
> > +++ b/lib/eal/common/eal_common_errno.c
> > @@ -37,7 +37,11 @@ rte_strerror(int errnum)
> > /* since some implementations of strerror_r throw an error
> > * themselves if errnum is too big, we handle that case here */
> > if (errnum >= RTE_MAX_ERRNO)
> > +#ifdef RTE_EXEC_ENV_WINDOWS
> > + snprintf(ret, RETVAL_SZ, "Unknown error%s", sep);
>
> "sep" is not needed here, is it?
Yes, it is unnecessary. Removed. Thanks for spotting it.
>
> > +#else
> > snprintf(ret, RETVAL_SZ, "Unknown error%s %d", sep, errnum);
> > +#endif
> > else
> > switch (errnum){
> > case E_RTE_SECONDARY:
[PATCH v2 0/7] ixgbe SFP handling fixes
v2: General: * Fix typos reported by checkpatch (my codespell list was old) Patch 5: * Refactor the delay code to use msec_delay(), fixes Windows builds. I had opencoded some delay checks similar to the jiffies/time_after scheme used frequently in the Linux kernel, but that failed to build on Windows without nanosleep(). msec_delay() eventually calls rte_delay_us_sleep(), which doesn't busy wait, which is want we want. And there's a Window's backend for that function, so now this builds with gcc/clang on Windows Server 2019, and gcc on Windows 10 (didn't try clang there) --- Hello all, We have several platforms based on Intel's C3000 series of SoCs that have integrated ixgbe devices (X550EM) operating in the "Native SFI" mode (the 0x15c4 device ID). The first five patches in the series all fix issues relating to the ID and setup of SFPs. Patch 6 allows slow to boot SFPs (like some XGS-PON modules) to work. Patch 7 enables 1G Cu to run with a warning, similar to other unofficially supported modules covered by the allow_unsupported_sfp flag. Currently we use this for g.Fast modules, but other modules that enumerate as 1G Cu may also benefit. Since all of my testing was done on a C3000 platform, and the ixgbe driver now covers a large number of devices, any regression testing that can be done on other ixgbe devices would be greatly appreciated. Thanks, Steve Stephen Douthit (7): net/ixgbe: Fix ixgbe_is_sfp() to return valid result for X550EM_a devs net/ixgbe: Add ixgbe_check_sfp_cage() for testing state of PRSNT# signal net/ixgbe: Check that SFF-8472 soft rate select is supported before write net/ixgbe: Run 82599 link status workaround only on affected devices net/ixgbe: Fix SFP detection and linking on hotplug net/ixgbe: Retry SFP ID read field to handle misbehaving SFPs net/ixgbe: Treat 1G Cu SFPs as 1G SX on the X550 devices drivers/net/ixgbe/base/ixgbe_82599.c | 41 +++ drivers/net/ixgbe/base/ixgbe_common.c | 106 ++-- drivers/net/ixgbe/base/ixgbe_common.h | 8 + drivers/net/ixgbe/base/ixgbe_phy.c| 39 ++- drivers/net/ixgbe/base/ixgbe_phy.h| 3 + drivers/net/ixgbe/base/ixgbe_type.h | 2 + drivers/net/ixgbe/base/ixgbe_x550.c | 14 +- drivers/net/ixgbe/ixgbe_ethdev.c | 370 -- drivers/net/ixgbe/ixgbe_ethdev.h | 18 +- 9 files changed, 426 insertions(+), 175 deletions(-) -- 2.31.1
[PATCH v2 1/7] net/ixgbe: Fix ixgbe_is_sfp() to return valid result for X550EM_a devs
Currently all X500EM* MAC types fallthrough to the default case and get
reported as non-SFP regardless of media type, which isn't correct.
Fixes: 0790adeb567 ("ixgbe/base: support X550em_a device")
Cc: sta...@dpdk.org
Signed-off-by: Stephen Douthit
---
drivers/net/ixgbe/ixgbe_ethdev.c | 14 ++
1 file changed, 14 insertions(+)
diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c
index fe61dba81d..66f7af95de 100644
--- a/drivers/net/ixgbe/ixgbe_ethdev.c
+++ b/drivers/net/ixgbe/ixgbe_ethdev.c
@@ -781,6 +781,20 @@ ixgbe_is_sfp(struct ixgbe_hw *hw)
case ixgbe_phy_sfp_passive_unknown:
return 1;
default:
+ /* x550em devices may be SFP, check media type */
+ switch (hw->mac.type) {
+ case ixgbe_mac_X550EM_x:
+ case ixgbe_mac_X550EM_a:
+ switch (hw->mac.ops.get_media_type(hw)) {
+ case ixgbe_media_type_fiber:
+ case ixgbe_media_type_fiber_qsfp:
+ return 1;
+ default:
+ return 0;
+ }
+ default:
+ return 0;
+ }
return 0;
}
}
--
2.31.1
[PATCH v2 2/7] net/ixgbe: Add ixgbe_check_sfp_cage() for testing state of PRSNT# signal
Refactor the SFP check code from ixgbe_check_mac_link_generic into its own
function.
Note that the SFP present status was inverted for the X550EM family of
devices, where SDP0 represents the active low PRSNT# signal from the cage.
Call the new function in ixgbe_identify_module_generic() to short circuit
the I2C polling and greatly speed things up for devices we know are
absent.
Fixes: dd3a93cf5a2 ("net/ixgbe/base: bypass checking link for crosstalk")
Cc: sta...@dpdk.org
Signed-off-by: Stephen Douthit
---
drivers/net/ixgbe/base/ixgbe_common.c | 60 +++
drivers/net/ixgbe/base/ixgbe_common.h | 8
drivers/net/ixgbe/base/ixgbe_phy.c| 8
3 files changed, 58 insertions(+), 18 deletions(-)
diff --git a/drivers/net/ixgbe/base/ixgbe_common.c
b/drivers/net/ixgbe/base/ixgbe_common.c
index aa843bd5c4..2764cf7cf1 100644
--- a/drivers/net/ixgbe/base/ixgbe_common.c
+++ b/drivers/net/ixgbe/base/ixgbe_common.c
@@ -4124,6 +4124,45 @@ static bool ixgbe_need_crosstalk_fix(struct ixgbe_hw *hw)
return true;
}
+/**
+ * ixgbe_check_sfp_cage - Find present status of SFP module
+ * @hw: pointer to hardware structure
+ *
+ * Find if a SFP module is present and if this device supports SFPs
+ **/
+enum ixgbe_sfp_cage_status ixgbe_check_sfp_cage(struct ixgbe_hw *hw)
+{
+ enum ixgbe_sfp_cage_status status;
+
+ /* If we're not a fiber/fiber_qsfp, no cage to check */
+ switch (hw->mac.ops.get_media_type(hw)) {
+ case ixgbe_media_type_fiber:
+ case ixgbe_media_type_fiber_qsfp:
+ break;
+ default:
+ return IXGBE_SFP_CAGE_NOCAGE;
+ }
+
+ switch (hw->mac.type) {
+ case ixgbe_mac_82599EB:
+ status = !!(IXGBE_READ_REG(hw, IXGBE_ESDP) &
+IXGBE_ESDP_SDP2);
+ break;
+ case ixgbe_mac_X550EM_x:
+ case ixgbe_mac_X550EM_a:
+ /* SDP0 is the active low signal PRSNT#, so invert this */
+ status = !(IXGBE_READ_REG(hw, IXGBE_ESDP) &
+ IXGBE_ESDP_SDP0);
+ break;
+ default:
+ /* Don't know how to check this device type yet */
+ status = IXGBE_SFP_CAGE_UNKNOWN;
+ break;
+ }
+
+ return status;
+}
+
/**
* ixgbe_check_mac_link_generic - Determine link and speed status
* @hw: pointer to hardware structure
@@ -4145,25 +4184,10 @@ s32 ixgbe_check_mac_link_generic(struct ixgbe_hw *hw,
ixgbe_link_speed *speed,
* the SFP+ cage is full.
*/
if (ixgbe_need_crosstalk_fix(hw)) {
- u32 sfp_cage_full;
-
- switch (hw->mac.type) {
- case ixgbe_mac_82599EB:
- sfp_cage_full = IXGBE_READ_REG(hw, IXGBE_ESDP) &
- IXGBE_ESDP_SDP2;
- break;
- case ixgbe_mac_X550EM_x:
- case ixgbe_mac_X550EM_a:
- sfp_cage_full = IXGBE_READ_REG(hw, IXGBE_ESDP) &
- IXGBE_ESDP_SDP0;
- break;
- default:
- /* sanity check - No SFP+ devices here */
- sfp_cage_full = false;
- break;
- }
+ enum ixgbe_sfp_cage_status sfp_cage_status;
- if (!sfp_cage_full) {
+ sfp_cage_status = ixgbe_check_sfp_cage(hw);
+ if (sfp_cage_status != IXGBE_SFP_CAGE_FULL) {
*link_up = false;
*speed = IXGBE_LINK_SPEED_UNKNOWN;
return IXGBE_SUCCESS;
diff --git a/drivers/net/ixgbe/base/ixgbe_common.h
b/drivers/net/ixgbe/base/ixgbe_common.h
index 5bdb484407..30db9a08c4 100644
--- a/drivers/net/ixgbe/base/ixgbe_common.h
+++ b/drivers/net/ixgbe/base/ixgbe_common.h
@@ -112,6 +112,14 @@ s32 ixgbe_set_vlvf_generic(struct ixgbe_hw *hw, u32 vlan,
u32 vind,
s32 ixgbe_clear_vfta_generic(struct ixgbe_hw *hw);
s32 ixgbe_find_vlvf_slot(struct ixgbe_hw *hw, u32 vlan, bool vlvf_bypass);
+enum ixgbe_sfp_cage_status {
+ IXGBE_SFP_CAGE_EMPTY = 0,
+ IXGBE_SFP_CAGE_FULL,
+ IXGBE_SFP_CAGE_UNKNOWN = -1,
+ IXGBE_SFP_CAGE_NOCAGE = -2,
+};
+enum ixgbe_sfp_cage_status ixgbe_check_sfp_cage(struct ixgbe_hw *hw);
+
s32 ixgbe_check_mac_link_generic(struct ixgbe_hw *hw,
ixgbe_link_speed *speed,
bool *link_up, bool link_up_wait_to_complete);
diff --git a/drivers/net/ixgbe/base/ixgbe_phy.c
b/drivers/net/ixgbe/base/ixgbe_phy.c
index 8d4d9bbfef..d8d51d2c3f 100644
--- a/drivers/net/ixgbe/base/ixgbe_phy.c
+++ b/drivers/net/ixgbe/base/ixgbe_phy.c
@@ -1228,9 +1228,17 @@ s32 ixgbe_reset_phy_nl(struct ixgbe_hw *hw)
s32 ixgbe_identify_module_generic(struct ixgbe_hw *hw)
{
s32 status = IXGBE_ERR_SFP_NOT_PRESENT;
+ enum ixgbe_sfp_cage_status sfp_cage_status
[PATCH v2 3/7] net/ixgbe: Check that SFF-8472 soft rate select is supported before write
Make sure an SFP is really a SFF-8472 device that supports the optional
soft rate select feature before just blindly poking those I2C registers.
Skip all I2C traffic if we know there's no SFP.
Fixes: f3430431aba ("ixgbe/base: add SFP+ dual-speed support")
Cc: sta...@dpdk.org
Signed-off-by: Stephen Douthit
---
drivers/net/ixgbe/base/ixgbe_common.c | 46 +++
drivers/net/ixgbe/base/ixgbe_phy.h| 3 ++
2 files changed, 49 insertions(+)
diff --git a/drivers/net/ixgbe/base/ixgbe_common.c
b/drivers/net/ixgbe/base/ixgbe_common.c
index 2764cf7cf1..3be1cc7fa2 100644
--- a/drivers/net/ixgbe/base/ixgbe_common.c
+++ b/drivers/net/ixgbe/base/ixgbe_common.c
@@ -5371,6 +5371,7 @@ s32 ixgbe_setup_mac_link_multispeed_fiber(struct ixgbe_hw
*hw,
void ixgbe_set_soft_rate_select_speed(struct ixgbe_hw *hw,
ixgbe_link_speed speed)
{
+ enum ixgbe_sfp_cage_status sfp_cage_status;
s32 status;
u8 rs, eeprom_data;
@@ -5387,6 +5388,51 @@ void ixgbe_set_soft_rate_select_speed(struct ixgbe_hw
*hw,
return;
}
+ /* Can't set rate on missing devices, skip all I2C access */
+ sfp_cage_status = ixgbe_check_sfp_cage(hw);
+ if (sfp_cage_status == IXGBE_SFP_CAGE_EMPTY ||
+ sfp_cage_status == IXGBE_SFP_CAGE_NOCAGE) {
+ DEBUGOUT("No SFP\n");
+ return;
+ }
+
+ /* This only applies to SFF-8472 devices, so check that this device has
+* a non-zero SFF8472 compliance code @ device 0xA0 byte 94
+*/
+ status = hw->phy.ops.read_i2c_eeprom(hw,
+IXGBE_SFF_SFF_8472_COMP,
+&eeprom_data);
+ if (status || !eeprom_data) {
+ DEBUGOUT("Not a SFF-8472 device\n");
+ goto out;
+ }
+
+ /* (read|write)_i2c_byte() don't support the address change mechanism
+* outlined in section 8.9 "Addressing Modes" of SFF_8472, so if that
+* is a requirement give up
+*/
+ status = hw->phy.ops.read_i2c_eeprom(hw,
+IXGBE_SFF_SFF_8472_SWAP,
+&eeprom_data);
+ if (status || (eeprom_data & IXGBE_SFF_ADDRESSING_MODE)) {
+ DEBUGOUT("Address change not supported\n");
+ goto out;
+ }
+ /* Digital diagnostic monitoring must be supported for rate select */
+ if (!(eeprom_data & IXGBE_SFF_DDM_IMPLEMENTED)) {
+ DEBUGOUT("DDM not implemented\n");
+ goto out;
+ }
+
+ /* Finally check if the optional rate select feature is implemented */
+ status = hw->phy.ops.read_i2c_eeprom(hw,
+IXGBE_SFF_SFF_8472_EOPT,
+&eeprom_data);
+ if (status || !(eeprom_data & IXGBE_SFF_HAVE_RS)) {
+ DEBUGOUT("Rate select not supported");
+ goto out;
+ }
+
/* Set RS0 */
status = hw->phy.ops.read_i2c_byte(hw, IXGBE_SFF_SFF_8472_OSCB,
IXGBE_I2C_EEPROM_DEV_ADDR2,
diff --git a/drivers/net/ixgbe/base/ixgbe_phy.h
b/drivers/net/ixgbe/base/ixgbe_phy.h
index ceefbb3e68..cd57ce040f 100644
--- a/drivers/net/ixgbe/base/ixgbe_phy.h
+++ b/drivers/net/ixgbe/base/ixgbe_phy.h
@@ -21,6 +21,7 @@
#define IXGBE_SFF_CABLE_TECHNOLOGY 0x8
#define IXGBE_SFF_CABLE_SPEC_COMP 0x3C
#define IXGBE_SFF_SFF_8472_SWAP0x5C
+#define IXGBE_SFF_SFF_8472_EOPT0x5D
#define IXGBE_SFF_SFF_8472_COMP0x5E
#define IXGBE_SFF_SFF_8472_OSCB0x6E
#define IXGBE_SFF_SFF_8472_ESCB0x76
@@ -48,6 +49,8 @@
#define IXGBE_SFF_SOFT_RS_SELECT_10G 0x8
#define IXGBE_SFF_SOFT_RS_SELECT_1G0x0
#define IXGBE_SFF_ADDRESSING_MODE 0x4
+#define IXGBE_SFF_DDM_IMPLEMENTED 0x40
+#define IXGBE_SFF_HAVE_RS 0x2
#define IXGBE_SFF_QSFP_DA_ACTIVE_CABLE 0x1
#define IXGBE_SFF_QSFP_DA_PASSIVE_CABLE0x8
#define IXGBE_SFF_QSFP_CONNECTOR_NOT_SEPARABLE 0x23
--
2.31.1
[PATCH v2 4/7] net/ixgbe: Run 82599 link status workaround only on affected devices
1ca05831b9b added a check that SDP3 (used as a TX_DISABLE output to the
SFP cage on these cards) is not asserted to avoid incorrectly reporting
link up when the SFP's laser is turned off.
ff8162cb957 limited this workaround to fiber ports
Refactor this so it's:
* Not open coded in ixgbe_dev_link_update_share()
* Runs only on fiber 82599 devices, not all fiber ixgbe devs (which don't
all use SDP3 as TX_DISABLE)
Fixes: 1ca05831b9b ("net/ixgbe: fix link status")
Fixes: ff8162cb957 ("net/ixgbe: fix link status")
Cc: sta...@dpdk.org
Signed-off-by: Stephen Douthit
---
drivers/net/ixgbe/base/ixgbe_82599.c | 41
drivers/net/ixgbe/ixgbe_ethdev.c | 7 -
2 files changed, 41 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ixgbe/base/ixgbe_82599.c
b/drivers/net/ixgbe/base/ixgbe_82599.c
index 69fd4cd3fb..5786114b0a 100644
--- a/drivers/net/ixgbe/base/ixgbe_82599.c
+++ b/drivers/net/ixgbe/base/ixgbe_82599.c
@@ -28,6 +28,39 @@ STATIC s32 ixgbe_read_i2c_byte_82599(struct ixgbe_hw *hw, u8
byte_offset,
STATIC s32 ixgbe_write_i2c_byte_82599(struct ixgbe_hw *hw, u8 byte_offset,
u8 dev_addr, u8 data);
+/**
+ * ixgbe_check_mac_link_82599_fiber - Determine link and speed status
+ *
+ * @hw: pointer to hardware structure
+ * @speed: pointer to link speed
+ * @link_up: true when link is up
+ * @link_up_wait_to_complete: bool used to wait for link up or not
+ *
+ * Call the generic MAC check_link function, but also take into account the
+ * state of SDP3, which is a GPIO configured as an output driving the
TX_DISABLE
+ * pin on the SFP cage. This prevents reporting a false positive link up in
the
+ * case where the link partner is transmitting, but we are not.
+ **/
+STATIC s32 ixgbe_check_mac_link_82599_fiber(struct ixgbe_hw *hw,
+ ixgbe_link_speed *speed,
+ bool *link_up,
+ bool link_up_wait_to_complete)
+{
+ u32 esdp_reg;
+ s32 err;
+
+ DEBUGFUNC("ixgbe_check_mac_link_82599_fiber");
+
+ err = ixgbe_check_mac_link_generic(hw, speed, link_up,
+ link_up_wait_to_complete);
+
+ esdp_reg = IXGBE_READ_REG(hw, IXGBE_ESDP);
+ if ((esdp_reg & IXGBE_ESDP_SDP3))
+ *link_up = 0;
+
+ return err;
+}
+
void ixgbe_init_mac_link_ops_82599(struct ixgbe_hw *hw)
{
struct ixgbe_mac_info *mac = &hw->mac;
@@ -52,6 +85,14 @@ void ixgbe_init_mac_link_ops_82599(struct ixgbe_hw *hw)
mac->ops.flap_tx_laser = NULL;
}
+ /*
+* For 82599 SFP+ fiber, make sure that SDP3 (TX_DISABLE to SFP cage)
+* isn't asserted. Either by mac->ops.disable_tx_laser(), or possibly
+* management firmware
+*/
+ if (mac->ops.get_media_type(hw) == ixgbe_media_type_fiber)
+ mac->ops.check_link = ixgbe_check_mac_link_82599_fiber;
+
if (hw->phy.multispeed_fiber) {
/* Set up dual speed SFP+ support */
mac->ops.setup_link = ixgbe_setup_mac_link_multispeed_fiber;
diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c
index 66f7af95de..34b7cb2d4e 100644
--- a/drivers/net/ixgbe/ixgbe_ethdev.c
+++ b/drivers/net/ixgbe/ixgbe_ethdev.c
@@ -4216,7 +4216,6 @@ ixgbe_dev_link_update_share(struct rte_eth_dev *dev,
bool link_up;
int diag;
int wait = 1;
- u32 esdp_reg;
memset(&link, 0, sizeof(link));
link.link_status = RTE_ETH_LINK_DOWN;
@@ -4250,12 +4249,6 @@ ixgbe_dev_link_update_share(struct rte_eth_dev *dev,
return rte_eth_linkstatus_set(dev, &link);
}
- if (ixgbe_get_media_type(hw) == ixgbe_media_type_fiber) {
- esdp_reg = IXGBE_READ_REG(hw, IXGBE_ESDP);
- if ((esdp_reg & IXGBE_ESDP_SDP3))
- link_up = 0;
- }
-
if (link_up == 0) {
if (ixgbe_get_media_type(hw) == ixgbe_media_type_fiber) {
ixgbe_dev_wait_setup_link_complete(dev, 0);
--
2.31.1
[PATCH v2 6/7] net/ixgbe: Retry SFP ID read field to handle misbehaving SFPs
Some XGS-PON SFPs have been observed ACKing I2C reads and returning
uninitialized garbage while their uC boots. This can lead to the SFP ID
code marking an otherwise working SFP module as unsupported if a bogus
ID value is read while its internal PHY/microcontroller is still
booting.
Retry the ID read several times looking not just for NAK, but also for a
valid ID field.
Since the device isn't NAKing the trasanction the existing longer retry
code in ixgbe_read_i2c_byte_generic_int() doesn't apply here.
Signed-off-by: Stephen Douthit
---
drivers/net/ixgbe/base/ixgbe_phy.c | 31 ++
1 file changed, 27 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ixgbe/base/ixgbe_phy.c
b/drivers/net/ixgbe/base/ixgbe_phy.c
index d8d51d2c3f..27bce066a1 100644
--- a/drivers/net/ixgbe/base/ixgbe_phy.c
+++ b/drivers/net/ixgbe/base/ixgbe_phy.c
@@ -1275,6 +1275,7 @@ s32 ixgbe_identify_sfp_module_generic(struct ixgbe_hw *hw)
u8 cable_tech = 0;
u8 cable_spec = 0;
u16 enforce_sfp = 0;
+ u8 id_reads;
DEBUGFUNC("ixgbe_identify_sfp_module_generic");
@@ -1287,12 +1288,34 @@ s32 ixgbe_identify_sfp_module_generic(struct ixgbe_hw
*hw)
/* LAN ID is needed for I2C access */
hw->mac.ops.set_lan_id(hw);
- status = hw->phy.ops.read_i2c_eeprom(hw,
-IXGBE_SFF_IDENTIFIER,
-&identifier);
+ /* Need to check this a couple of times for a sane value.
+*
+* SFPs that have a uC slaved to the I2C bus (vs. a dumb EEPROM) can be
+* poorly designed such that they will ACK I2C reads and return
+* whatever bogus data is in the SRAM (or whatever is backing the target
+* device) before things are truly initialized.
+*
+* In a perfect world devices would NAK I2C requests until they were
+* sane, but here we are.
+*
+* Give such devices a couple tries to get their act together before
+* marking the device as unsupported.
+*/
+ for (id_reads = 0; id_reads < 5; id_reads++) {
+ status = hw->phy.ops.read_i2c_eeprom(hw,
+IXGBE_SFF_IDENTIFIER,
+&identifier);
- if (status != IXGBE_SUCCESS)
+ DEBUGOUT("status %d, id %d\n", status, identifier);
+ if (!status &&
+ identifier == IXGBE_SFF_IDENTIFIER_SFP)
+ break;
+ }
+
+ if (status != IXGBE_SUCCESS) {
+ DEBUGOUT("Failed SFF ID read (%d attempts)\n", id_reads);
goto err_read_i2c_eeprom;
+ }
if (identifier != IXGBE_SFF_IDENTIFIER_SFP) {
hw->phy.type = ixgbe_phy_sfp_unsupported;
--
2.31.1
[PATCH v2 5/7] net/ixgbe: Fix SFP detection and linking on hotplug
Currently the ixgbe driver does not ID any SFP except for the first one
plugged in. This can lead to no-link, or incorrect speed conditions.
For example:
* If link is initially established with a 1G SFP, and later a 1G/10G
multispeed part is later installed, then the MAC link setup functions are
never called to change from 1000BASE-X to 10GBASE-R mode, and the link
stays running at the slower rate.
* If link is initially established with a 1G SFP, and later a 10G only
module is later installed, no link is established, since we are still
trasnsmitting in 1000BASE-X mode to a 10GBASE-R only partner.
Refactor the SFP ID/setup, and link setup code, to more closely match the
flow of the mainline kernel driver which does not have these issues. In
that driver a service task runs periodically to handle these operations
based on bit flags that have been set (usually via interrupt or userspace
request), and then get cleared once the requested subtask has been
completed.
Fixes: af75078fece ("first public release")
Cc: sta...@dpdk.org
Signed-off-by: Stephen Douthit
---
drivers/net/ixgbe/base/ixgbe_type.h | 2 +
drivers/net/ixgbe/ixgbe_ethdev.c| 349 +---
drivers/net/ixgbe/ixgbe_ethdev.h| 18 +-
3 files changed, 224 insertions(+), 145 deletions(-)
diff --git a/drivers/net/ixgbe/base/ixgbe_type.h
b/drivers/net/ixgbe/base/ixgbe_type.h
index b7eec45635..c23257aa4c 100644
--- a/drivers/net/ixgbe/base/ixgbe_type.h
+++ b/drivers/net/ixgbe/base/ixgbe_type.h
@@ -45,6 +45,8 @@
#include "ixgbe_osdep.h"
+#define BIT(a) (1UL << (a))
+
/* Override this by setting IOMEM in your ixgbe_osdep.h header */
/* Vendor ID */
diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c
index 34b7cb2d4e..94d5a8f419 100644
--- a/drivers/net/ixgbe/ixgbe_ethdev.c
+++ b/drivers/net/ixgbe/ixgbe_ethdev.c
@@ -229,9 +229,6 @@ static int ixgbe_dev_interrupt_get_status(struct
rte_eth_dev *dev);
static int ixgbe_dev_interrupt_action(struct rte_eth_dev *dev);
static void ixgbe_dev_interrupt_handler(void *param);
static void ixgbe_dev_interrupt_delayed_handler(void *param);
-static void *ixgbe_dev_setup_link_thread_handler(void *param);
-static int ixgbe_dev_wait_setup_link_complete(struct rte_eth_dev *dev,
- uint32_t timeout_ms);
static int ixgbe_add_rar(struct rte_eth_dev *dev,
struct rte_ether_addr *mac_addr,
@@ -1032,6 +1029,163 @@ ixgbe_swfw_lock_reset(struct ixgbe_hw *hw)
ixgbe_release_swfw_semaphore(hw, mask);
}
+static s32
+ixgbe_sfp_id_and_setup(struct rte_eth_dev *dev)
+{
+ struct ixgbe_hw *hw =
+ IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ enum ixgbe_sfp_cage_status sfp_cage_status;
+ s32 err;
+
+ /* Can't ID or setup SFP if it's not plugged in */
+ sfp_cage_status = ixgbe_check_sfp_cage(hw);
+ if (sfp_cage_status == IXGBE_SFP_CAGE_EMPTY ||
+ sfp_cage_status == IXGBE_SFP_CAGE_NOCAGE)
+ return IXGBE_ERR_SFP_NOT_PRESENT;
+
+ /* Something's in the cage, ID it */
+ hw->phy.ops.identify_sfp(hw);
+
+ /* Unknown module type, give up */
+ if (hw->phy.sfp_type == ixgbe_sfp_type_unknown) {
+ PMD_DRV_LOG(ERR, "unknown SFP type, giving up");
+ return IXGBE_ERR_SFP_NOT_SUPPORTED;
+ }
+
+ /* This should be a redundant check, since we looked at the
+* PRSNT# signal from the cage above, but just in case this is
+* an SFP that's slow to respond to I2C pokes correctly, try it
+* again later
+*/
+ if (hw->phy.sfp_type == ixgbe_sfp_type_not_present) {
+ PMD_DRV_LOG(ERR, "IDed SFP as absent but cage PRSNT# active!?");
+ return IXGBE_ERR_SFP_NOT_PRESENT;
+ }
+
+ /* SFP is present and identified, try to set it up */
+ err = hw->mac.ops.setup_sfp(hw);
+ if (err)
+ PMD_DRV_LOG(ERR, "setup_sfp() failed %d", err);
+
+ return err;
+}
+
+static void
+ixgbe_sfp_service(struct rte_eth_dev *dev)
+{
+ struct ixgbe_hw *hw =
+ IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ struct ixgbe_interrupt *intr =
+ IXGBE_DEV_PRIVATE_TO_INTR(dev->data->dev_private);
+ enum ixgbe_sfp_cage_status sfp_cage_status;
+ s32 err;
+
+ /* No setup requested? Nothing to do */
+ if (!(intr->flags & IXGBE_FLAG_NEED_SFP_SETUP))
+ return;
+
+ sfp_cage_status = ixgbe_check_sfp_cage(hw);
+ if (sfp_cage_status == IXGBE_SFP_CAGE_EMPTY ||
+ sfp_cage_status == IXGBE_SFP_CAGE_NOCAGE)
+ return;
+
+ err = ixgbe_sfp_id_and_setup(dev);
+ if (err) {
+ PMD_DRV_LOG(DEBUG, "failed to ID & setup SFP %d", err);
+ return;
+ }
+
+ /* Setup is done, clear the flag, but make sure link config runs for
new SFP */
+ intr->flags &= ~IXGBE_FLAG_NE
[PATCH v2 7/7] net/ixgbe: Treat 1G Cu SFPs as 1G SX on the X550 devices
1G Cu SFPs are not officially supported on the X552/X553 family of devices but treat them as 1G SX modules since they usually work. Print a warning though since support isn't validated, similar to what already happens for other unofficially supported SFPs enabled via the allow_unsupported_sfps parameter inherited from the mainline Linux driver. Signed-off-by: Stephen Douthit --- drivers/net/ixgbe/base/ixgbe_x550.c | 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/drivers/net/ixgbe/base/ixgbe_x550.c b/drivers/net/ixgbe/base/ixgbe_x550.c index 8810d1658e..8d1bc6c80d 100644 --- a/drivers/net/ixgbe/base/ixgbe_x550.c +++ b/drivers/net/ixgbe/base/ixgbe_x550.c @@ -1538,9 +1538,21 @@ STATIC s32 ixgbe_supported_sfp_modules_X550em(struct ixgbe_hw *hw, bool *linear) case ixgbe_sfp_type_1g_lha_core1: *linear = false; break; - case ixgbe_sfp_type_unknown: + /* Copper SFPs are not officially supported for x550em devices, but can +* often be made to work at fixed 1G speeds. Pretend they're 1g_sx +* modules here to allow g.Fast DSL SFPs to work. +*/ case ixgbe_sfp_type_1g_cu_core0: + EWARN(hw, "Pretending that unsupported 1g_cu SFP is 1g_sx\n"); + *linear = false; + hw->phy.sfp_type = ixgbe_sfp_type_1g_sx_core0; + break; case ixgbe_sfp_type_1g_cu_core1: + EWARN(hw, "Pretending that unsupported 1g_cu SFP is 1g_sx\n"); + *linear = false; + hw->phy.sfp_type = ixgbe_sfp_type_1g_sx_core1; + break; + case ixgbe_sfp_type_unknown: default: return IXGBE_ERR_SFP_NOT_SUPPORTED; } -- 2.31.1
RE: [PATCH] net/ice: fix Tx checksum offload capability
> -Original Message-
> From: Zhang, Qi Z
> Sent: Wednesday, November 24, 2021 09:09
> To: Yang, Qiming
> Cc: dev@dpdk.org; Xu, Wei1 ; Zhang, Qi Z
> ; sta...@dpdk.org
> Subject: [PATCH] net/ice: fix Tx checksum offload capability
>
> Add missing capability for outer UDP Tx checksum.
> Also fixed the feature list in ice_dcf.ini
>
> Fixes: bf89db4409bb ("net/ice: complete device info get in DCF")
> Cc: sta...@dpdk.org
>
> Signed-off-by: Qi Zhang
> ---
> doc/guides/nics/features/ice_dcf.ini | 5 +
> drivers/net/ice/ice_dcf_ethdev.c | 1 +
> 2 files changed, 6 insertions(+)
>
> diff --git a/doc/guides/nics/features/ice_dcf.ini
> b/doc/guides/nics/features/ice_dcf.ini
> index 4d6fb6d849..54073f0b88 100644
> --- a/doc/guides/nics/features/ice_dcf.ini
> +++ b/doc/guides/nics/features/ice_dcf.ini
> @@ -3,6 +3,9 @@
> ;
> ; Refer to default.ini for the full list of available PMD features.
> ;
> +; A feature with "P" indicates only be supported when non-vector path ;
> +is selected.
> +;
> [Features]
> Queue start/stop = Y
> Scattered Rx = Y
> @@ -10,6 +13,8 @@ RSS hash = P
> CRC offload = Y
> L3 checksum offload = P
> L4 checksum offload = P
> +Inner L3 checksum= P
> +Inner L4 checksum= P
> Basic stats = Y
> Linux= Y
> x86-32 = Y
> diff --git a/drivers/net/ice/ice_dcf_ethdev.c
> b/drivers/net/ice/ice_dcf_ethdev.c
> index 28f7f7fb72..fb0d13e5ec 100644
> --- a/drivers/net/ice/ice_dcf_ethdev.c
> +++ b/drivers/net/ice/ice_dcf_ethdev.c
> @@ -681,6 +681,7 @@ ice_dcf_dev_info_get(struct rte_eth_dev *dev,
> RTE_ETH_TX_OFFLOAD_TCP_CKSUM |
> RTE_ETH_TX_OFFLOAD_SCTP_CKSUM |
> RTE_ETH_TX_OFFLOAD_OUTER_IPV4_CKSUM |
> + RTE_ETH_TX_OFFLOAD_OUTER_UDP_CKSUM |
> RTE_ETH_TX_OFFLOAD_TCP_TSO |
> RTE_ETH_TX_OFFLOAD_VXLAN_TNL_TSO |
> RTE_ETH_TX_OFFLOAD_GRE_TNL_TSO |
> --
> 2.26.2
Acked-by: Qiming Yang
[PATCH 01/25] common/cnxk: define minor opcodes for MISC opcode
MISC CPT instruction behaves differently based on minor opcode. Define the missing minor opcodes for MISC major opcode. Signed-off-by: Aakash Sasidharan Signed-off-by: Anoob Joseph --- drivers/common/cnxk/roc_se.h | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h index 5be832f..253575a 100644 --- a/drivers/common/cnxk/roc_se.h +++ b/drivers/common/cnxk/roc_se.h @@ -15,7 +15,11 @@ #define ROC_SE_MAJOR_OP_HMAC 0x35 #define ROC_SE_MAJOR_OP_ZUC_SNOW3G 0x37 #define ROC_SE_MAJOR_OP_KASUMI0x38 -#define ROC_SE_MAJOR_OP_MISC 0x01 + +#define ROC_SE_MAJOR_OP_MISC0x01 +#define ROC_SE_MISC_MINOR_OP_PASSTHROUGH 0x03 +#define ROC_SE_MISC_MINOR_OP_DUMMY 0x04 +#define ROC_SE_MISC_MINOR_OP_HW_SUPPORT 0x08 #define ROC_SE_MAX_AAD_SIZE 64 #define ROC_SE_MAX_MAC_LEN 64 -- 2.7.4
[PATCH 02/25] common/cnxk: add aes-xcbc key derive
Add support for AES-XCBC key derivation.
Signed-off-by: Anoob Joseph
---
drivers/common/cnxk/meson.build | 1 +
drivers/common/cnxk/roc_aes.c | 208
drivers/common/cnxk/roc_aes.h | 14 +++
drivers/common/cnxk/roc_api.h | 3 +
drivers/common/cnxk/roc_cpt.h | 24 ++---
drivers/common/cnxk/version.map | 1 +
6 files changed, 239 insertions(+), 12 deletions(-)
create mode 100644 drivers/common/cnxk/roc_aes.c
create mode 100644 drivers/common/cnxk/roc_aes.h
diff --git a/drivers/common/cnxk/meson.build b/drivers/common/cnxk/meson.build
index 4928f7e..4995cfd 100644
--- a/drivers/common/cnxk/meson.build
+++ b/drivers/common/cnxk/meson.build
@@ -12,6 +12,7 @@ config_flag_fmt = 'RTE_LIBRTE_@0@_COMMON'
deps = ['eal', 'pci', 'bus_pci', 'mbuf', 'security']
sources = files(
'roc_ae.c',
+'roc_aes.c',
'roc_ae_fpm_tables.c',
'roc_bphy.c',
'roc_bphy_cgx.c',
diff --git a/drivers/common/cnxk/roc_aes.c b/drivers/common/cnxk/roc_aes.c
new file mode 100644
index 000..f821c8b
--- /dev/null
+++ b/drivers/common/cnxk/roc_aes.c
@@ -0,0 +1,208 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (c) 2021 Marvell.
+ */
+
+#include "roc_api.h"
+
+#define KEY_WORD_LEN(ROC_CPT_AES_XCBC_KEY_LENGTH / sizeof(uint32_t))
+#define KEY_ROUNDS 10 /* (Nr+1)*Nb */
+#define KEY_SCHEDULE_LEN ((KEY_ROUNDS + 1) * 4) /* (Nr+1)*Nb words */
+
+/*
+ * AES 128 implementation based on NIST FIPS 197 suitable for LittleEndian
+ * https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf
+ */
+
+/* Sbox from NIST FIPS 197 */
+static uint8_t Sbox[] = {
+ 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b,
+ 0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
+ 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 0xb7, 0xfd, 0x93, 0x26,
+ 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+ 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2,
+ 0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
+ 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed,
+ 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+ 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f,
+ 0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
+ 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec,
+ 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+ 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14,
+ 0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
+ 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d,
+ 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+ 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f,
+ 0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
+ 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11,
+ 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+ 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f,
+ 0xb0, 0x54, 0xbb, 0x16,
+};
+
+/* Substitute a byte with Sbox[byte]. Do it for a word for 4 bytes */
+static uint32_t
+sub_word(uint32_t word)
+{
+ word = (Sbox[(word >> 24) & 0xFF] << 24) |
+ (Sbox[(word >> 16) & 0xFF] << 16) |
+ (Sbox[(word >> 8) & 0xFF] << 8) | Sbox[word & 0xFF];
+ return word;
+}
+
+/* Rotate a word by one byte */
+static uint32_t
+rot_word(uint32_t word)
+{
+ return ((word >> 8) & 0xFF) | (word << 24);
+}
+
+/*
+ * Multiply with power of 2 and polynomial reduce the result using AES
+ * polynomial
+ */
+static uint8_t
+Xtime(uint8_t byte, uint8_t pow)
+{
+ uint32_t w = byte;
+
+ while (pow) {
+ w = w << 1;
+ if (w >> 8)
+ w ^= 0x11b;
+ pow--;
+ }
+
+ return (uint8_t)w;
+}
+
+/*
+ * Multiply a byte with another number such that the result is polynomial
+ * reduced in the GF8 space
+ */
+static uint8_t
+GF8mul(uint8_t byte, uint32_t mp)
+{
+ uint8_t pow, mul = 0;
+
+ while (mp) {
+ pow = ffs(mp) - 1;
+ mul ^= Xtime(byte, pow);
+ mp ^= (1 << pow);
+ }
+ return mul;
+}
+
+static void
+aes_key_expand(const uint8_t *key, uint32_t *ks)
+{
+ unsigned int i = 4;
+ uint32_t temp;
+
+ /* Skip key in ks */
+ memcpy(ks, key, KEY_WORD_LEN * sizeof(uint32_t));
+
+ while (i < KEY_SCHEDULE_LEN) {
+ temp = ks[i - 1];
+ if ((i & 0x3) == 0) {
+ temp = rot_word(temp);
+ temp = sub_word(temp);
+
[PATCH 07/25] crypto/cnxk: add lookaside IPsec AES-CBC-HMAC-SHA256 support
From: Tejasree Kondoj
Adding AES-CBC-HMAC-SHA256 support to lookaside IPsec PMD.
Signed-off-by: Tejasree Kondoj
---
doc/guides/cryptodevs/cnxk.rst| 39 +++
doc/guides/rel_notes/release_22_03.rst| 4 +++
drivers/common/cnxk/cnxk_security.c | 14
drivers/crypto/cnxk/cn10k_ipsec.c | 3 ++
drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 20
drivers/crypto/cnxk/cnxk_ipsec.h | 3 +-
6 files changed, 75 insertions(+), 8 deletions(-)
diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index 23cc823..8c4c4ea 100644
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -246,14 +246,27 @@ CN9XX Features supported
* IPv4
* IPv6
* ESP
+* ESN
+* Anti-replay
* Tunnel mode
* Transport mode(IPv4)
* UDP Encapsulation
+
+AEAD algorithms
+
* AES-128/192/256-GCM
-* AES-128/192/256-CBC-SHA1-HMAC
-* AES-128/192/256-CBC-SHA256-128-HMAC
-* ESN
-* Anti-replay
+
+Cipher algorithms
++
+
+* AES-128/192/256-CBC
+
+Auth algorithms
+
+* SHA1-HMAC
+* SHA256-128-HMAC
CN10XX Features supported
~
@@ -263,6 +276,20 @@ CN10XX Features supported
* Tunnel mode
* Transport mode
* UDP Encapsulation
+
+AEAD algorithms
+
* AES-128/192/256-GCM
-* AES-128/192/256-CBC-NULL
-* AES-128/192/256-CBC-SHA1-HMAC
+
+Cipher algorithms
++
+
+* AES-128/192/256-CBC
+
+Auth algorithms
+
+* NULL
+* SHA1-HMAC
+* SHA256-128-HMAC
diff --git a/doc/guides/rel_notes/release_22_03.rst
b/doc/guides/rel_notes/release_22_03.rst
index 6d99d1e..1639b0e 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -55,6 +55,10 @@ New Features
Also, make sure to start the actual text at the margin.
===
+* **Updated Marvell cnxk crypto PMD.**
+
+ * Added SHA256-HMAC support in lookaside protocol (IPsec) for CN10K.
+
Removed Items
-
diff --git a/drivers/common/cnxk/cnxk_security.c
b/drivers/common/cnxk/cnxk_security.c
index 787138b..f39bc1e 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -32,6 +32,10 @@ ipsec_hmac_opad_ipad_gen(struct rte_crypto_sym_xform
*auth_xform,
roc_hash_sha1_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]);
break;
+ case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ roc_hash_sha256_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
+ roc_hash_sha256_gen(ipad, (uint32_t *)&hmac_opad_ipad[64]);
+ break;
default:
break;
}
@@ -129,6 +133,16 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2
*w2,
i++)
tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);
break;
+ case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA2_256;
+ ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
+
+ tmp_key = (uint64_t *)hmac_opad_ipad;
+ for (i = 0; i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN /
+ sizeof(uint64_t));
+i++)
+ tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);
+ break;
default:
return -ENOTSUP;
}
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c
b/drivers/crypto/cnxk/cn10k_ipsec.c
index 27df1dc..93eab1b 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -65,6 +65,9 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt,
if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
sa->iv_offset = crypto_xfrm->aead.iv.offset;
sa->iv_length = crypto_xfrm->aead.iv.length;
+ } else {
+ sa->iv_offset = crypto_xfrm->cipher.iv.offset;
+ sa->iv_length = crypto_xfrm->cipher.iv.length;
}
}
#else
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 59b63ed..7d22626 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -797,6 +797,26 @@ static const struct rte_cryptodev_capabilities
sec_caps_sha1_sha2[] = {
}, }
}, }
},
+ { /* SHA256 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth =
[PATCH 08/25] crypto/cnxk: clear session data before populating
Clear session data before populating fields to not have garbage data. Signed-off-by: Anoob Joseph --- drivers/crypto/cnxk/cn10k_ipsec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 93eab1b..1bd127e 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -130,6 +130,8 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, sa = &sess->sa; in_sa = &sa->in_sa; + memset(in_sa, 0, sizeof(struct roc_ot_ipsec_inb_sa)); + /* Translate security parameters to SA */ ret = cnxk_ot_ipsec_inb_sa_fill(in_sa, ipsec_xfrm, crypto_xfrm); if (ret) -- 2.7.4
[PATCH 09/25] crypto/cnxk: update max sec crypto caps
Update the macro to include newly added ciphers. Updated the functions
populating caps to throw error when max is exceeded.
Signed-off-by: Anoob Joseph
---
drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +-
drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 8 ++--
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h
b/drivers/crypto/cnxk/cnxk_cryptodev.h
index cfb9d29..2e0f467 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -11,7 +11,7 @@
#include "roc_cpt.h"
#define CNXK_CPT_MAX_CAPS 34
-#define CNXK_SEC_CRYPTO_MAX_CAPS 4
+#define CNXK_SEC_CRYPTO_MAX_CAPS 6
#define CNXK_SEC_MAX_CAPS 5
#define CNXK_AE_EC_ID_MAX 8
/**
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 7d22626..8305341 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -943,8 +943,10 @@ static void
sec_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos,
const struct rte_cryptodev_capabilities *caps, int nb_caps)
{
- if (*cur_pos + nb_caps > CNXK_SEC_CRYPTO_MAX_CAPS)
+ if (*cur_pos + nb_caps > CNXK_SEC_CRYPTO_MAX_CAPS) {
+ rte_panic("Could not add sec crypto caps");
return;
+ }
memcpy(&cnxk_caps[*cur_pos], caps, nb_caps * sizeof(caps[0]));
*cur_pos += nb_caps;
@@ -957,8 +959,10 @@ cn10k_sec_crypto_caps_update(struct
rte_cryptodev_capabilities cnxk_caps[],
const struct rte_cryptodev_capabilities *cap;
unsigned int i;
- if ((CNXK_CPT_MAX_CAPS - *cur_pos) < 1)
+ if ((CNXK_SEC_CRYPTO_MAX_CAPS - *cur_pos) < 1) {
+ rte_panic("Could not add sec crypto caps");
return;
+ }
/* NULL auth */
for (i = 0; i < RTE_DIM(caps_null); i++) {
--
2.7.4
[PATCH 10/25] crypto/cnxk: write CPT CTX through microcode op
From: Tejasree Kondoj
Adding support to write CPT CTX through microcode op(SET_CTX) for
cn10k lookaside PMD.
Signed-off-by: Tejasree Kondoj
---
drivers/crypto/cnxk/cn10k_ipsec.c | 121 --
1 file changed, 89 insertions(+), 32 deletions(-)
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c
b/drivers/crypto/cnxk/cn10k_ipsec.c
index 1bd127e..a11a6b7 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -2,18 +2,19 @@
* Copyright(C) 2021 Marvell.
*/
-#include
#include
#include
#include
+#include
#include
#include
#include
+#include "cn10k_ipsec.h"
#include "cnxk_cryptodev.h"
+#include "cnxk_cryptodev_ops.h"
#include "cnxk_ipsec.h"
#include "cnxk_security.h"
-#include "cn10k_ipsec.h"
#include "roc_api.h"
@@ -32,36 +33,46 @@ ipsec_cpt_inst_w7_get(struct roc_cpt *roc_cpt, void *sa)
}
static int
-cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt,
+cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
struct rte_security_ipsec_xform *ipsec_xfrm,
struct rte_crypto_sym_xform *crypto_xfrm,
struct rte_security_session *sec_sess)
{
union roc_ot_ipsec_outb_param1 param1;
- struct roc_ot_ipsec_outb_sa *out_sa;
+ struct roc_ot_ipsec_outb_sa *sa_dptr;
struct cnxk_ipsec_outb_rlens rlens;
struct cn10k_sec_session *sess;
struct cn10k_ipsec_sa *sa;
union cpt_inst_w4 inst_w4;
- int ret;
+ void *out_sa;
+ int ret = 0;
sess = get_sec_session_private_data(sec_sess);
sa = &sess->sa;
out_sa = &sa->out_sa;
- memset(out_sa, 0, sizeof(struct roc_ot_ipsec_outb_sa));
+ /* Allocate memory to be used as dptr for CPT ucode WRITE_SA op */
+ sa_dptr = plt_zmalloc(ROC_NIX_INL_OT_IPSEC_OUTB_HW_SZ, 0);
+ if (sa_dptr == NULL) {
+ plt_err("Couldn't allocate memory for SA dptr");
+ return -ENOMEM;
+ }
+
+ memset(sa_dptr, 0, sizeof(struct roc_ot_ipsec_outb_sa));
/* Translate security parameters to SA */
- ret = cnxk_ot_ipsec_outb_sa_fill(out_sa, ipsec_xfrm, crypto_xfrm);
- if (ret)
- return ret;
+ ret = cnxk_ot_ipsec_outb_sa_fill(sa_dptr, ipsec_xfrm, crypto_xfrm);
+ if (ret) {
+ plt_err("Could not fill outbound session parameters");
+ goto sa_dptr_free;
+ }
sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa);
#ifdef LA_IPSEC_DEBUG
/* Use IV from application in debug mode */
if (ipsec_xfrm->options.iv_gen_disable == 1) {
- out_sa->w2.s.iv_src = ROC_IE_OT_SA_IV_SRC_FROM_SA;
+ sa_dptr->w2.s.iv_src = ROC_IE_OT_SA_IV_SRC_FROM_SA;
if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
sa->iv_offset = crypto_xfrm->aead.iv.offset;
sa->iv_length = crypto_xfrm->aead.iv.length;
@@ -73,14 +84,15 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt,
#else
if (ipsec_xfrm->options.iv_gen_disable != 0) {
plt_err("Application provided IV not supported");
- return -ENOTSUP;
+ ret = -ENOTSUP;
+ goto sa_dptr_free;
}
#endif
/* Get Rlen calculation data */
ret = cnxk_ipsec_outb_rlens_get(&rlens, ipsec_xfrm, crypto_xfrm);
if (ret)
- return ret;
+ goto sa_dptr_free;
sa->max_extended_len = rlens.max_extended_len;
@@ -110,37 +122,61 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt,
sa->inst.w4 = inst_w4.u64;
- return 0;
+ memset(out_sa, 0, sizeof(struct roc_ot_ipsec_outb_sa));
+
+ /* Copy word0 from sa_dptr to populate ctx_push_sz ctx_size fields */
+ memcpy(out_sa, sa_dptr, 8);
+
+ /* Write session using microcode opcode */
+ ret = roc_cpt_ctx_write(lf, sa_dptr, out_sa,
+ ROC_NIX_INL_OT_IPSEC_OUTB_HW_SZ);
+ if (ret) {
+ plt_err("Could not write outbound session to hardware");
+ goto sa_dptr_free;
+ }
+
+ /* Trigger CTX flush to write dirty data back to DRAM */
+ roc_cpt_lf_ctx_flush(lf, out_sa, false);
+
+sa_dptr_free:
+ plt_free(sa_dptr);
+
+ return ret;
}
static int
-cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt,
+cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
struct rte_security_ipsec_xform *ipsec_xfrm,
struct rte_crypto_sym_xform *crypto_xfrm,
struct rte_security_session *sec_sess)
{
union roc_ot_ipsec_inb_param1 param1;
- struct roc_ot_ipsec_inb_sa *in_sa;
+ struct roc_ot_ipsec_inb_sa *sa_dptr;
struct cn10k_sec_session *sess;
struct cn10k_ipsec_sa *sa;
union cpt_inst_w
[PATCH 11/25] crypto/cnxk: support cnxk lookaside IPsec HMAC-SHA384/512
From: Tejasree Kondoj
Adding HMAC-SHA384/512 support to cnxk lookaside IPsec.
Signed-off-by: Tejasree Kondoj
---
doc/guides/cryptodevs/cnxk.rst| 4 ++
doc/guides/rel_notes/release_22_03.rst| 2 +
drivers/common/cnxk/cnxk_security.c | 36 +--
drivers/crypto/cnxk/cn9k_ipsec.c | 55 ++-
drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +-
drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 40 +
drivers/crypto/cnxk/cnxk_ipsec.h | 6 +++
7 files changed, 118 insertions(+), 27 deletions(-)
diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index 8c4c4ea..c49a779 100644
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -267,6 +267,8 @@ Auth algorithms
* SHA1-HMAC
* SHA256-128-HMAC
+* SHA384-192-HMAC
+* SHA512-256-HMAC
CN10XX Features supported
~
@@ -293,3 +295,5 @@ Auth algorithms
* NULL
* SHA1-HMAC
* SHA256-128-HMAC
+* SHA384-192-HMAC
+* SHA512-256-HMAC
diff --git a/doc/guides/rel_notes/release_22_03.rst
b/doc/guides/rel_notes/release_22_03.rst
index 1639b0e..8df9092 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -58,6 +58,8 @@ New Features
* **Updated Marvell cnxk crypto PMD.**
* Added SHA256-HMAC support in lookaside protocol (IPsec) for CN10K.
+ * Added SHA384-HMAC support in lookaside protocol (IPsec) for CN9K & CN10K.
+ * Added SHA512-HMAC support in lookaside protocol (IPsec) for CN9K & CN10K.
Removed Items
diff --git a/drivers/common/cnxk/cnxk_security.c
b/drivers/common/cnxk/cnxk_security.c
index f39bc1e..1c86f82 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -36,6 +36,14 @@ ipsec_hmac_opad_ipad_gen(struct rte_crypto_sym_xform
*auth_xform,
roc_hash_sha256_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
roc_hash_sha256_gen(ipad, (uint32_t *)&hmac_opad_ipad[64]);
break;
+ case RTE_CRYPTO_AUTH_SHA384_HMAC:
+ roc_hash_sha512_gen(opad, (uint64_t *)&hmac_opad_ipad[0], 384);
+ roc_hash_sha512_gen(ipad, (uint64_t *)&hmac_opad_ipad[64], 384);
+ break;
+ case RTE_CRYPTO_AUTH_SHA512_HMAC:
+ roc_hash_sha512_gen(opad, (uint64_t *)&hmac_opad_ipad[0], 512);
+ roc_hash_sha512_gen(ipad, (uint64_t *)&hmac_opad_ipad[64], 512);
+ break;
default:
break;
}
@@ -125,28 +133,28 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2
*w2,
break;
case RTE_CRYPTO_AUTH_SHA1_HMAC:
w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA1;
- ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
-
- tmp_key = (uint64_t *)hmac_opad_ipad;
- for (i = 0; i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN /
- sizeof(uint64_t));
-i++)
- tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);
break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA2_256;
- ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
-
- tmp_key = (uint64_t *)hmac_opad_ipad;
- for (i = 0; i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN /
- sizeof(uint64_t));
-i++)
- tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);
+ break;
+ case RTE_CRYPTO_AUTH_SHA384_HMAC:
+ w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA2_384;
+ break;
+ case RTE_CRYPTO_AUTH_SHA512_HMAC:
+ w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA2_512;
break;
default:
return -ENOTSUP;
}
+ ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
+
+ tmp_key = (uint64_t *)hmac_opad_ipad;
+ for (i = 0;
+i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN / sizeof(uint64_t));
+i++)
+ tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);
+
key = cipher_xfrm->cipher.key.data;
length = cipher_xfrm->cipher.key.length;
}
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 6455ef9..395b0d5 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -321,14 +321,23 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
ctl->auth_type == ROC_IE_ON_SA_AUTH_NULL) {
template = &out_sa->aes_gcm.template;
[PATCH 12/25] crypto/cnxk: account for CPT CTX updates and flush delays
CPT CTX write with microcode would require CPT flush to complete to have
DRAM updated with the SA. Since datapath requires SA direction field,
introduce a new flag for the same.
Session destroy path is also updated to clear sa.valid bit using CTX
reload operation.
Session is updated with marker to differentiate s/w immutable and s/w
mutable portions.
Signed-off-by: Anoob Joseph
---
drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 4 +--
drivers/crypto/cnxk/cn10k_ipsec.c | 60 ---
drivers/crypto/cnxk/cn10k_ipsec.h | 25 -
drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 18 +-
4 files changed, 76 insertions(+), 31 deletions(-)
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index d25a17c..7617bdc 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -53,7 +53,6 @@ cpt_sec_inst_fill(struct rte_crypto_op *op, struct
cn10k_sec_session *sess,
struct cpt_inflight_req *infl_req, struct cpt_inst_s *inst)
{
struct rte_crypto_sym_op *sym_op = op->sym;
- union roc_ot_ipsec_sa_word2 *w2;
struct cn10k_ipsec_sa *sa;
int ret;
@@ -68,9 +67,8 @@ cpt_sec_inst_fill(struct rte_crypto_op *op, struct
cn10k_sec_session *sess,
}
sa = &sess->sa;
- w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2;
- if (w2->s.dir == ROC_IE_SA_DIR_OUTBOUND)
+ if (sa->is_outbound)
ret = process_outb_sa(op, sa, inst);
else {
infl_req->op_flags |= CPT_OP_FLAGS_IPSEC_DIR_INBOUND;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c
b/drivers/crypto/cnxk/cn10k_ipsec.c
index a11a6b7..b4acbac 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -67,7 +67,7 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct
roc_cpt_lf *lf,
goto sa_dptr_free;
}
- sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa);
+ sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, out_sa);
#ifdef LA_IPSEC_DEBUG
/* Use IV from application in debug mode */
@@ -89,6 +89,8 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct
roc_cpt_lf *lf,
}
#endif
+ sa->is_outbound = true;
+
/* Get Rlen calculation data */
ret = cnxk_ipsec_outb_rlens_get(&rlens, ipsec_xfrm, crypto_xfrm);
if (ret)
@@ -127,6 +129,8 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct
roc_cpt_lf *lf,
/* Copy word0 from sa_dptr to populate ctx_push_sz ctx_size fields */
memcpy(out_sa, sa_dptr, 8);
+ plt_atomic_thread_fence(__ATOMIC_SEQ_CST);
+
/* Write session using microcode opcode */
ret = roc_cpt_ctx_write(lf, sa_dptr, out_sa,
ROC_NIX_INL_OT_IPSEC_OUTB_HW_SZ);
@@ -135,9 +139,11 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct
roc_cpt_lf *lf,
goto sa_dptr_free;
}
- /* Trigger CTX flush to write dirty data back to DRAM */
+ /* Trigger CTX flush so that data is written back to DRAM */
roc_cpt_lf_ctx_flush(lf, out_sa, false);
+ plt_atomic_thread_fence(__ATOMIC_SEQ_CST);
+
sa_dptr_free:
plt_free(sa_dptr);
@@ -178,7 +184,8 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct
roc_cpt_lf *lf,
goto sa_dptr_free;
}
- sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa);
+ sa->is_outbound = false;
+ sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, in_sa);
/* pre-populate CPT INST word 4 */
inst_w4.u64 = 0;
@@ -214,6 +221,8 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct
roc_cpt_lf *lf,
/* Copy word0 from sa_dptr to populate ctx_push_sz ctx_size fields */
memcpy(in_sa, sa_dptr, 8);
+ plt_atomic_thread_fence(__ATOMIC_SEQ_CST);
+
/* Write session using microcode opcode */
ret = roc_cpt_ctx_write(lf, sa_dptr, in_sa,
ROC_NIX_INL_OT_IPSEC_INB_HW_SZ);
@@ -222,9 +231,11 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct
roc_cpt_lf *lf,
goto sa_dptr_free;
}
- /* Trigger CTX flush to write dirty data back to DRAM */
+ /* Trigger CTX flush so that data is written back to DRAM */
roc_cpt_lf_ctx_flush(lf, in_sa, false);
+ plt_atomic_thread_fence(__ATOMIC_SEQ_CST);
+
sa_dptr_free:
plt_free(sa_dptr);
@@ -300,21 +311,46 @@ cn10k_sec_session_create(void *device, struct
rte_security_session_conf *conf,
}
static int
-cn10k_sec_session_destroy(void *device __rte_unused,
- struct rte_security_session *sess)
+cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
{
- struct cn10k_sec_session *priv;
+ struct rte_cryptodev *crypto_dev = dev;
+ union roc_ot_ipsec_sa_word2 *w2;
+ struc
[PATCH 13/25] crypto/cnxk: use struct sizes for ctx writes
CTX writes only require the lengths are 8B aligned. Use the struct size
directly.
Signed-off-by: Anoob Joseph
---
drivers/crypto/cnxk/cn10k_ipsec.c | 12
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c
b/drivers/crypto/cnxk/cn10k_ipsec.c
index b4acbac..0832b53 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -52,14 +52,12 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct
roc_cpt_lf *lf,
out_sa = &sa->out_sa;
/* Allocate memory to be used as dptr for CPT ucode WRITE_SA op */
- sa_dptr = plt_zmalloc(ROC_NIX_INL_OT_IPSEC_OUTB_HW_SZ, 0);
+ sa_dptr = plt_zmalloc(sizeof(struct roc_ot_ipsec_outb_sa), 8);
if (sa_dptr == NULL) {
plt_err("Couldn't allocate memory for SA dptr");
return -ENOMEM;
}
- memset(sa_dptr, 0, sizeof(struct roc_ot_ipsec_outb_sa));
-
/* Translate security parameters to SA */
ret = cnxk_ot_ipsec_outb_sa_fill(sa_dptr, ipsec_xfrm, crypto_xfrm);
if (ret) {
@@ -133,7 +131,7 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct
roc_cpt_lf *lf,
/* Write session using microcode opcode */
ret = roc_cpt_ctx_write(lf, sa_dptr, out_sa,
- ROC_NIX_INL_OT_IPSEC_OUTB_HW_SZ);
+ sizeof(struct roc_ot_ipsec_outb_sa));
if (ret) {
plt_err("Could not write outbound session to hardware");
goto sa_dptr_free;
@@ -169,14 +167,12 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct
roc_cpt_lf *lf,
in_sa = &sa->in_sa;
/* Allocate memory to be used as dptr for CPT ucode WRITE_SA op */
- sa_dptr = plt_zmalloc(ROC_NIX_INL_OT_IPSEC_INB_HW_SZ, 0);
+ sa_dptr = plt_zmalloc(sizeof(struct roc_ot_ipsec_inb_sa), 8);
if (sa_dptr == NULL) {
plt_err("Couldn't allocate memory for SA dptr");
return -ENOMEM;
}
- memset(sa_dptr, 0, sizeof(struct roc_ot_ipsec_inb_sa));
-
/* Translate security parameters to SA */
ret = cnxk_ot_ipsec_inb_sa_fill(sa_dptr, ipsec_xfrm, crypto_xfrm);
if (ret) {
@@ -225,7 +221,7 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct
roc_cpt_lf *lf,
/* Write session using microcode opcode */
ret = roc_cpt_ctx_write(lf, sa_dptr, in_sa,
- ROC_NIX_INL_OT_IPSEC_INB_HW_SZ);
+ sizeof(struct roc_ot_ipsec_inb_sa));
if (ret) {
plt_err("Could not write inbound session to hardware");
goto sa_dptr_free;
--
2.7.4
[PATCH 14/25] crypto/cnxk: add security session stats get
From: Ankur Dwivedi
Adds the security session stats get op for cn10k.
Signed-off-by: Ankur Dwivedi
---
drivers/crypto/cnxk/cn10k_ipsec.c | 55 +++
drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 1 +
drivers/crypto/cnxk/cnxk_cryptodev_sec.c | 1 +
3 files changed, 57 insertions(+)
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c
b/drivers/crypto/cnxk/cn10k_ipsec.c
index 0832b53..a93c211 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -122,6 +122,12 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct
roc_cpt_lf *lf,
sa->inst.w4 = inst_w4.u64;
+ if (ipsec_xfrm->options.stats == 1) {
+ /* Enable mib counters */
+ sa_dptr->w0.s.count_mib_bytes = 1;
+ sa_dptr->w0.s.count_mib_pkts = 1;
+ }
+
memset(out_sa, 0, sizeof(struct roc_ot_ipsec_outb_sa));
/* Copy word0 from sa_dptr to populate ctx_push_sz ctx_size fields */
@@ -212,6 +218,12 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct
roc_cpt_lf *lf,
sa->inst.w4 = inst_w4.u64;
+ if (ipsec_xfrm->options.stats == 1) {
+ /* Enable mib counters */
+ sa_dptr->w0.s.count_mib_bytes = 1;
+ sa_dptr->w0.s.count_mib_pkts = 1;
+ }
+
memset(in_sa, 0, sizeof(struct roc_ot_ipsec_inb_sa));
/* Copy word0 from sa_dptr to populate ctx_push_sz ctx_size fields */
@@ -357,6 +369,48 @@ cn10k_sec_session_get_size(void *device __rte_unused)
return sizeof(struct cn10k_sec_session);
}
+static int
+cn10k_sec_session_stats_get(void *device, struct rte_security_session *sess,
+ struct rte_security_stats *stats)
+{
+ struct rte_cryptodev *crypto_dev = device;
+ struct roc_ot_ipsec_outb_sa *out_sa;
+ struct roc_ot_ipsec_inb_sa *in_sa;
+ union roc_ot_ipsec_sa_word2 *w2;
+ struct cn10k_sec_session *priv;
+ struct cn10k_ipsec_sa *sa;
+ struct cnxk_cpt_qp *qp;
+
+ priv = get_sec_session_private_data(sess);
+ if (priv == NULL)
+ return -EINVAL;
+
+ qp = crypto_dev->data->queue_pairs[0];
+ if (qp == NULL)
+ return -EINVAL;
+
+ sa = &priv->sa;
+ w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2;
+
+ stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC;
+
+ if (w2->s.dir == ROC_IE_SA_DIR_OUTBOUND) {
+ out_sa = &sa->out_sa;
+ roc_cpt_lf_ctx_flush(&qp->lf, out_sa, false);
+ rte_delay_ms(1);
+ stats->ipsec.opackets = out_sa->ctx.mib_pkts;
+ stats->ipsec.obytes = out_sa->ctx.mib_octs;
+ } else {
+ in_sa = &sa->in_sa;
+ roc_cpt_lf_ctx_flush(&qp->lf, in_sa, false);
+ rte_delay_ms(1);
+ stats->ipsec.ipackets = in_sa->ctx.mib_pkts;
+ stats->ipsec.ibytes = in_sa->ctx.mib_octs;
+ }
+
+ return 0;
+}
+
/* Update platform specific security ops */
void
cn10k_sec_ops_override(void)
@@ -365,4 +419,5 @@ cn10k_sec_ops_override(void)
cnxk_sec_ops.session_create = cn10k_sec_session_create;
cnxk_sec_ops.session_destroy = cn10k_sec_session_destroy;
cnxk_sec_ops.session_get_size = cn10k_sec_session_get_size;
+ cnxk_sec_ops.session_stats_get = cn10k_sec_session_stats_get;
}
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 9a55474..0fdd91a 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1073,6 +1073,7 @@ cn10k_sec_caps_update(struct rte_security_capability
*sec_cap)
}
sec_cap->ipsec.options.ip_csum_enable = 1;
sec_cap->ipsec.options.l4_csum_enable = 1;
+ sec_cap->ipsec.options.stats = 1;
}
static void
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_sec.c
b/drivers/crypto/cnxk/cnxk_cryptodev_sec.c
index 2021d5c..e5a5d2d 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_sec.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_sec.c
@@ -15,6 +15,7 @@ struct rte_security_ops cnxk_sec_ops = {
.session_create = NULL,
.session_destroy = NULL,
.session_get_size = NULL,
+ .session_stats_get = NULL,
.set_pkt_metadata = NULL,
.get_userdata = NULL,
.capabilities_get = cnxk_crypto_sec_capabilities_get
--
2.7.4
[PATCH 15/25] crypto/cnxk: add skip for unsupported cases
Add skip for transport mode tests that are not supported. Also, updated the
transport mode path to configure IP version as v4.
Signed-off-by: Anoob Joseph
---
drivers/crypto/cnxk/cn9k_ipsec.c | 53 +++-
1 file changed, 47 insertions(+), 6 deletions(-)
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 395b0d5..3c6c8e9 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -141,11 +141,10 @@ ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
return -EINVAL;
}
- ctl->inner_ip_ver = ctl->outer_ip_ver;
-
- if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT)
+ if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) {
ctl->ipsec_mode = ROC_IE_SA_MODE_TRANSPORT;
- else if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)
+ ctl->outer_ip_ver = ROC_IE_SA_IP_VERSION_4;
+ } else if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)
ctl->ipsec_mode = ROC_IE_SA_MODE_TUNNEL;
else
return -EINVAL;
@@ -548,7 +547,8 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
}
static inline int
-cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec)
+cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec,
+ struct rte_crypto_sym_xform *crypto)
{
if (ipsec->life.bytes_hard_limit != 0 ||
ipsec->life.bytes_soft_limit != 0 ||
@@ -556,6 +556,47 @@ cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform
*ipsec)
ipsec->life.packets_soft_limit != 0)
return -ENOTSUP;
+ if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) {
+ enum rte_crypto_sym_xform_type type = crypto->type;
+
+ if (type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ if ((crypto->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) &&
+ (crypto->aead.key.length == 32)) {
+ plt_err("Transport mode AES-256-GCM is not
supported");
+ return -ENOTSUP;
+ }
+ } else {
+ struct rte_crypto_cipher_xform *cipher;
+ struct rte_crypto_auth_xform *auth;
+
+ if (crypto->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+ cipher = &crypto->cipher;
+ auth = &crypto->next->auth;
+ } else {
+ cipher = &crypto->next->cipher;
+ auth = &crypto->auth;
+ }
+
+ if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
+ (auth->algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) {
+ plt_err("Transport mode AES-CBC SHA1 HMAC 256
is not supported");
+ return -ENOTSUP;
+ }
+
+ if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
+ (auth->algo == RTE_CRYPTO_AUTH_SHA384_HMAC)) {
+ plt_err("Transport mode AES-CBC SHA2 HMAC 384
is not supported");
+ return -ENOTSUP;
+ }
+
+ if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
+ (auth->algo == RTE_CRYPTO_AUTH_SHA512_HMAC)) {
+ plt_err("Transport mode AES-CBC SHA2 HMAC 512
is not supported");
+ return -ENOTSUP;
+ }
+ }
+ }
+
return 0;
}
@@ -580,7 +621,7 @@ cn9k_ipsec_session_create(void *dev,
if (ret)
return ret;
- ret = cn9k_ipsec_xform_verify(ipsec_xform);
+ ret = cn9k_ipsec_xform_verify(ipsec_xform, crypto_xform);
if (ret)
return ret;
--
2.7.4
[PATCH 00/25] New features and improvements in cnxk crypto PMD
New features and fixes to cnxk crypto PMDs - Support for more algorithms in lookaside crypto & protocol - Support for copy & set DF bit - Support for CPT CTX update - Support for security session stats in cn10k Ankur Dwivedi (1): crypto/cnxk: add security session stats get Anoob Joseph (17): common/cnxk: define minor opcodes for MISC opcode common/cnxk: add aes-xcbc key derive common/cnxk: fix reset of fields common/cnxk: verify input args crypto/cnxk: clear session data before populating crypto/cnxk: update max sec crypto caps crypto/cnxk: account for CPT CTX updates and flush delays crypto/cnxk: use struct sizes for ctx writes crypto/cnxk: add skip for unsupported cases crypto/cnxk: handle null chained ops crypto/cnxk: fix inflight cnt calculation crypto/cnxk: use atomics to access cpt res crypto/cnxk: add more info on command timeout crypto/cnxk: fix extend tail calculation crypto/cnxk: add aes xcbc and null cipher crypto/cnxk: add copy and set DF crypto/cnxk: add aes cmac Archana Muniganti (1): common/cnxk: add bit fields for params Shijith Thotton (1): crypto/cnxk: only enable queues that are allocated Tejasree Kondoj (5): crypto/cnxk: add lookaside IPsec AES-CBC-HMAC-SHA256 support crypto/cnxk: write CPT CTX through microcode op crypto/cnxk: support cnxk lookaside IPsec HMAC-SHA384/512 crypto/cnxk: add context reload for IV crypto/cnxk: support lookaside IPsec AES-CTR doc/guides/cryptodevs/cnxk.rst| 50 - doc/guides/cryptodevs/features/cn10k.ini | 37 ++-- doc/guides/cryptodevs/features/cn9k.ini | 37 ++-- doc/guides/rel_notes/release_22_03.rst| 10 + drivers/common/cnxk/cnxk_security.c | 92 ++-- drivers/common/cnxk/hw/cpt.h | 15 ++ drivers/common/cnxk/meson.build | 1 + drivers/common/cnxk/roc_aes.c | 208 ++ drivers/common/cnxk/roc_aes.h | 14 ++ drivers/common/cnxk/roc_api.h | 3 + drivers/common/cnxk/roc_cpt.c | 4 +- drivers/common/cnxk/roc_cpt.h | 24 +-- drivers/common/cnxk/roc_ie_on.h | 40 +++- drivers/common/cnxk/roc_se.h | 14 +- drivers/common/cnxk/version.map | 1 + drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 36 ++-- drivers/crypto/cnxk/cn10k_ipsec.c | 231 drivers/crypto/cnxk/cn10k_ipsec.h | 25 ++- drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 28 ++- drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 29 ++- drivers/crypto/cnxk/cn9k_ipsec.c | 221 ++- drivers/crypto/cnxk/cn9k_ipsec_la_ops.h | 6 +- drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +- drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 155 +- drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 245 +- drivers/crypto/cnxk/cnxk_cryptodev_ops.h | 17 +- drivers/crypto/cnxk/cnxk_cryptodev_sec.c | 1 + drivers/crypto/cnxk/cnxk_ipsec.h | 19 +- drivers/crypto/cnxk/cnxk_se.h | 66 -- 29 files changed, 1283 insertions(+), 348 deletions(-) create mode 100644 drivers/common/cnxk/roc_aes.c create mode 100644 drivers/common/cnxk/roc_aes.h -- 2.7.4
[PATCH 03/25] common/cnxk: add bit fields for params
From: Archana Muniganti
Added new structure with bit fields for params.
Signed-off-by: Archana Muniganti
---
drivers/common/cnxk/roc_ie_on.h | 30 +-
drivers/crypto/cnxk/cn9k_ipsec.c | 16 +---
2 files changed, 42 insertions(+), 4 deletions(-)
diff --git a/drivers/common/cnxk/roc_ie_on.h b/drivers/common/cnxk/roc_ie_on.h
index 53591c6..817ef33 100644
--- a/drivers/common/cnxk/roc_ie_on.h
+++ b/drivers/common/cnxk/roc_ie_on.h
@@ -21,7 +21,6 @@ enum roc_ie_on_ucc_ipsec {
};
/* Helper macros */
-#define ROC_IE_ON_PER_PKT_IV BIT(11)
#define ROC_IE_ON_INB_RPTR_HDR 0x8
enum {
@@ -102,6 +101,35 @@ struct roc_ie_on_ip_template {
};
};
+union roc_on_ipsec_outb_param1 {
+ uint16_t u16;
+ struct {
+ uint16_t frag_num : 4;
+ uint16_t rsvd_4_6 : 3;
+ uint16_t gre_select : 1;
+ uint16_t dsiv : 1;
+ uint16_t ikev2 : 1;
+ uint16_t min_frag_size : 1;
+ uint16_t per_pkt_iv : 1;
+ uint16_t tfc_pad_enable : 1;
+ uint16_t tfc_dummy_pkt : 1;
+ uint16_t rfc_or_override_mode : 1;
+ uint16_t custom_hdr_or_p99 : 1;
+ } s;
+};
+
+union roc_on_ipsec_inb_param2 {
+ uint16_t u16;
+ struct {
+ uint16_t rsvd_0_10 : 11;
+ uint16_t gre_select : 1;
+ uint16_t ikev2 : 1;
+ uint16_t udp_cksum : 1;
+ uint16_t ctx_addr_sel : 1;
+ uint16_t custom_hdr_or_p99 : 1;
+ } s;
+};
+
struct roc_ie_on_sa_ctl {
uint64_t spi : 32;
uint64_t exp_proto_inter_frag : 8;
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index a81130b..6455ef9 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -280,6 +280,7 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
struct rte_crypto_sym_xform *auth_xform = crypto_xform->next;
struct roc_ie_on_ip_template *template = NULL;
struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
+ union roc_on_ipsec_outb_param1 param1;
struct cnxk_cpt_inst_tmpl *inst_tmpl;
struct roc_ie_on_outb_sa *out_sa;
struct cn9k_sec_session *sess;
@@ -407,8 +408,12 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
w4.u64 = 0;
w4.s.opcode_major = ROC_IE_ON_MAJOR_OP_PROCESS_OUTBOUND_IPSEC;
w4.s.opcode_minor = ctx_len >> 3;
- w4.s.param1 = BIT(9);
- w4.s.param1 |= ROC_IE_ON_PER_PKT_IV;
+
+ param1.u16 = 0;
+ param1.s.ikev2 = 1;
+ param1.s.per_pkt_iv = 1;
+ w4.s.param1 = param1.u16;
+
inst_tmpl->w4 = w4.u64;
w7.u64 = 0;
@@ -428,6 +433,7 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
{
struct rte_crypto_sym_xform *auth_xform = crypto_xform;
struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
+ union roc_on_ipsec_inb_param2 param2;
struct cnxk_cpt_inst_tmpl *inst_tmpl;
struct roc_ie_on_inb_sa *in_sa;
struct cn9k_sec_session *sess;
@@ -478,7 +484,11 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
w4.u64 = 0;
w4.s.opcode_major = ROC_IE_ON_MAJOR_OP_PROCESS_INBOUND_IPSEC;
w4.s.opcode_minor = ctx_len >> 3;
- w4.s.param2 = BIT(12);
+
+ param2.u16 = 0;
+ param2.s.ikev2 = 1;
+ w4.s.param2 = param2.u16;
+
inst_tmpl->w4 = w4.u64;
w7.u64 = 0;
--
2.7.4
[PATCH 04/25] common/cnxk: fix reset of fields
Copy DF/DSCP fields would get set based on ipsec_xform in the code
preceding this. Setting it again would cause the options to be reset.
Fixes: 78d03027f2cc ("common/cnxk: add IPsec common code")
Cc: scha...@marvell.com
Signed-off-by: Anoob Joseph
---
drivers/common/cnxk/cnxk_security.c | 4
1 file changed, 4 deletions(-)
diff --git a/drivers/common/cnxk/cnxk_security.c
b/drivers/common/cnxk/cnxk_security.c
index 30562b4..787138b 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -444,10 +444,6 @@ cnxk_ot_ipsec_outb_sa_fill(struct roc_ot_ipsec_outb_sa *sa,
return -EINVAL;
}
- /* Default options of DSCP and Flow label/DF */
- sa->w2.s.dscp_src = ROC_IE_OT_SA_COPY_FROM_SA;
- sa->w2.s.ipv4_df_src_or_ipv6_flw_lbl_src = ROC_IE_OT_SA_COPY_FROM_SA;
-
skip_tunnel_info:
/* ESN */
sa->w0.s.esn_en = !!ipsec_xfrm->options.esn;
--
2.7.4
[PATCH 05/25] common/cnxk: verify input args
Add input arg verification.
Signed-off-by: Anoob Joseph
---
drivers/common/cnxk/hw/cpt.h | 2 ++
drivers/common/cnxk/roc_cpt.c | 4 +++-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/common/cnxk/hw/cpt.h b/drivers/common/cnxk/hw/cpt.h
index 919f842..ccc7af4 100644
--- a/drivers/common/cnxk/hw/cpt.h
+++ b/drivers/common/cnxk/hw/cpt.h
@@ -64,6 +64,7 @@ union cpt_lf_ctx_flush {
struct {
uint64_t cptr : 46;
uint64_t inval : 1;
+ uint64_t reserved_47_63 : 17;
} s;
};
@@ -71,6 +72,7 @@ union cpt_lf_ctx_reload {
uint64_t u;
struct {
uint64_t cptr : 46;
+ uint64_t reserved_46_63 : 18;
} s;
};
diff --git a/drivers/common/cnxk/roc_cpt.c b/drivers/common/cnxk/roc_cpt.c
index 8f8e6d3..1bc7a29 100644
--- a/drivers/common/cnxk/roc_cpt.c
+++ b/drivers/common/cnxk/roc_cpt.c
@@ -681,8 +681,10 @@ roc_cpt_lf_ctx_flush(struct roc_cpt_lf *lf, void *cptr,
bool inval)
{
union cpt_lf_ctx_flush reg;
- if (lf == NULL)
+ if (lf == NULL) {
+ plt_err("Could not trigger CTX flush");
return -ENOTSUP;
+ }
reg.u = 0;
reg.s.inval = inval;
--
2.7.4
[PATCH 06/25] crypto/cnxk: only enable queues that are allocated
From: Shijith Thotton
Only enable/disable queue pairs that are allocated during cryptodev
start/stop.
Fixes: 6a95dbc1a291 ("crypto/cnxk: add dev start and dev stop")
Signed-off-by: Shijith Thotton
---
drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index a2281fb..21ee09f 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -100,8 +100,13 @@ cnxk_cpt_dev_start(struct rte_cryptodev *dev)
uint16_t nb_lf = roc_cpt->nb_lf;
uint16_t qp_id;
- for (qp_id = 0; qp_id < nb_lf; qp_id++)
+ for (qp_id = 0; qp_id < nb_lf; qp_id++) {
+ /* Application may not setup all queue pair */
+ if (roc_cpt->lf[qp_id] == NULL)
+ continue;
+
roc_cpt_iq_enable(roc_cpt->lf[qp_id]);
+ }
return 0;
}
@@ -114,8 +119,12 @@ cnxk_cpt_dev_stop(struct rte_cryptodev *dev)
uint16_t nb_lf = roc_cpt->nb_lf;
uint16_t qp_id;
- for (qp_id = 0; qp_id < nb_lf; qp_id++)
+ for (qp_id = 0; qp_id < nb_lf; qp_id++) {
+ if (roc_cpt->lf[qp_id] == NULL)
+ continue;
+
roc_cpt_iq_disable(roc_cpt->lf[qp_id]);
+ }
}
int
--
2.7.4
[PATCH 16/25] crypto/cnxk: add context reload for IV
From: Tejasree Kondoj
Adding context reload in datapath for IV in debug mode.
Signed-off-by: Tejasree Kondoj
---
drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 7 ---
drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 10 --
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 7617bdc..638268e 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -49,7 +49,8 @@ cn10k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct
rte_crypto_op *op)
}
static __rte_always_inline int __rte_hot
-cpt_sec_inst_fill(struct rte_crypto_op *op, struct cn10k_sec_session *sess,
+cpt_sec_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
+ struct cn10k_sec_session *sess,
struct cpt_inflight_req *infl_req, struct cpt_inst_s *inst)
{
struct rte_crypto_sym_op *sym_op = op->sym;
@@ -69,7 +70,7 @@ cpt_sec_inst_fill(struct rte_crypto_op *op, struct
cn10k_sec_session *sess,
sa = &sess->sa;
if (sa->is_outbound)
- ret = process_outb_sa(op, sa, inst);
+ ret = process_outb_sa(&qp->lf, op, sa, inst);
else {
infl_req->op_flags |= CPT_OP_FLAGS_IPSEC_DIR_INBOUND;
ret = process_inb_sa(op, sa, inst);
@@ -122,7 +123,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct
rte_crypto_op *ops[],
if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
sec_sess = get_sec_session_private_data(
sym_op->sec_session);
- ret = cpt_sec_inst_fill(op, sec_sess, infl_req,
+ ret = cpt_sec_inst_fill(qp, op, sec_sess, infl_req,
&inst[0]);
if (unlikely(ret))
return 0;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
index cab6a50..f2d8122 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
@@ -48,8 +48,8 @@ ipsec_po_sa_aes_gcm_iv_set(struct cn10k_ipsec_sa *sess,
}
static __rte_always_inline int
-process_outb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sess,
- struct cpt_inst_s *inst)
+process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop,
+ struct cn10k_ipsec_sa *sess, struct cpt_inst_s *inst)
{
struct rte_crypto_sym_op *sym_op = cop->sym;
struct rte_mbuf *m_src = sym_op->m_src;
@@ -61,6 +61,8 @@ process_outb_sa(struct rte_crypto_op *cop, struct
cn10k_ipsec_sa *sess,
return -ENOMEM;
}
+ RTE_SET_USED(lf);
+
#ifdef LA_IPSEC_DEBUG
if (sess->out_sa.w2.s.iv_src == ROC_IE_OT_SA_IV_SRC_FROM_SA) {
if (sess->out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM)
@@ -68,6 +70,10 @@ process_outb_sa(struct rte_crypto_op *cop, struct
cn10k_ipsec_sa *sess,
else
ipsec_po_sa_iv_set(sess, cop);
}
+
+ /* Trigger CTX reload to fetch new data from DRAM */
+ roc_cpt_lf_ctx_reload(lf, &sess->out_sa);
+ rte_delay_ms(1);
#endif
if (m_src->ol_flags & RTE_MBUF_F_TX_IP_CKSUM)
--
2.7.4
[PATCH 17/25] crypto/cnxk: handle null chained ops
Verification doesn't cover cases when NULL auth/cipher is provided as a
chain. Removed the separate function for verification and added a
replacement function which calls the appropriate downstream functions.
Signed-off-by: Anoob Joseph
---
drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 189 ---
drivers/crypto/cnxk/cnxk_cryptodev_ops.h | 10 --
drivers/crypto/cnxk/cnxk_se.h| 6 +
3 files changed, 102 insertions(+), 103 deletions(-)
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 21ee09f..b02f070 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -418,84 +418,121 @@ cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev
__rte_unused)
}
static int
-sym_xform_verify(struct rte_crypto_sym_xform *xform)
+cnxk_sess_fill(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
{
- if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
- xform->auth.algo == RTE_CRYPTO_AUTH_NULL &&
- xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
- return -ENOTSUP;
+ struct rte_crypto_sym_xform *aead_xfrm = NULL;
+ struct rte_crypto_sym_xform *c_xfrm = NULL;
+ struct rte_crypto_sym_xform *a_xfrm = NULL;
+ bool ciph_then_auth;
- if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL)
- return CNXK_CPT_CIPHER;
+ if (xform == NULL)
+ return -EINVAL;
- if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next == NULL)
- return CNXK_CPT_AUTH;
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+ c_xfrm = xform;
+ a_xfrm = xform->next;
+ ciph_then_auth = true;
+ } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+ c_xfrm = xform->next;
+ a_xfrm = xform;
+ ciph_then_auth = false;
+ } else {
+ aead_xfrm = xform;
+ }
- if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD && xform->next == NULL)
- return CNXK_CPT_AEAD;
+ if (c_xfrm != NULL && c_xfrm->type != RTE_CRYPTO_SYM_XFORM_CIPHER) {
+ plt_dp_err("Invalid type in cipher xform");
+ return -EINVAL;
+ }
- if (xform->next == NULL)
- return -EIO;
+ if (a_xfrm != NULL && a_xfrm->type != RTE_CRYPTO_SYM_XFORM_AUTH) {
+ plt_dp_err("Invalid type in auth xform");
+ return -EINVAL;
+ }
+
+ if (aead_xfrm != NULL && aead_xfrm->type != RTE_CRYPTO_SYM_XFORM_AEAD) {
+ plt_dp_err("Invalid type in AEAD xform");
+ return -EINVAL;
+ }
- if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
- xform->cipher.algo == RTE_CRYPTO_CIPHER_3DES_CBC &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
- xform->next->auth.algo == RTE_CRYPTO_AUTH_SHA1)
+ if ((c_xfrm == NULL || c_xfrm->cipher.algo == RTE_CRYPTO_CIPHER_NULL) &&
+ a_xfrm != NULL && a_xfrm->auth.algo == RTE_CRYPTO_AUTH_NULL &&
+ a_xfrm->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY) {
+ plt_dp_err("Null cipher + null auth verify is not supported");
return -ENOTSUP;
+ }
+
+ /* Cipher only */
+ if (c_xfrm != NULL &&
+ (a_xfrm == NULL || a_xfrm->auth.algo == RTE_CRYPTO_AUTH_NULL)) {
+ if (fill_sess_cipher(c_xfrm, sess))
+ return -ENOTSUP;
+ else
+ return 0;
+ }
+
+ /* Auth only */
+ if (a_xfrm != NULL &&
+ (c_xfrm == NULL || c_xfrm->cipher.algo == RTE_CRYPTO_CIPHER_NULL)) {
+ if (fill_sess_auth(a_xfrm, sess))
+ return -ENOTSUP;
+ else
+ return 0;
+ }
+
+ /* AEAD */
+ if (aead_xfrm != NULL) {
+ if (fill_sess_aead(aead_xfrm, sess))
+ return -ENOTSUP;
+ else
+ return 0;
+ }
+
+ /* Chained ops */
+ if (c_xfrm == NULL || a_xfrm == NULL) {
+ plt_dp_err("Invalid xforms");
+ return -EINVAL;
+ }
- if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
- xform->auth.algo == RTE_CRYPTO_AUTH_SHA1 &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
- xform->next->cipher.algo == RTE_CRYPTO_CIPHER_3DES_CBC)
+ if (c_xfrm->cipher.algo == RTE_CRYPTO_CIPHER_3DES_CBC &&
+ a_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA1) {
+ plt_dp_err("3DES-CBC + SHA1 is not supported");
return -ENOTSUP;
+ }
- if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
- xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
- xform->next->auth.op ==
[PATCH 18/25] crypto/cnxk: fix inflight cnt calculation
Inflight count calculation is updated to cover wrap around cases where
head can become smaller than tail.
Reported-by: Kiran Kumar K
Signed-off-by: Anoob Joseph
---
drivers/crypto/cnxk/cnxk_cryptodev_ops.h | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index ca363bb..0336ae1 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -156,7 +156,11 @@ pending_queue_retreat(uint64_t *index, const uint64_t
mask, uint64_t nb_entry)
static __rte_always_inline uint64_t
pending_queue_infl_cnt(uint64_t head, uint64_t tail, const uint64_t mask)
{
- return (head - tail) & mask;
+ /*
+* Mask is nb_desc - 1. Add nb_desc to head and mask to account for
+* cases when tail > head, which happens during wrap around.
+*/
+ return ((head + mask + 1) - tail) & mask;
}
static __rte_always_inline uint64_t
--
2.7.4
[PATCH 19/25] crypto/cnxk: use atomics to access cpt res
The memory would be updated by hardware. Use atomics to read the same..
Signed-off-by: Anoob Joseph
---
drivers/common/cnxk/hw/cpt.h | 2 ++
drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 24
drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 28 +++-
3 files changed, 37 insertions(+), 17 deletions(-)
diff --git a/drivers/common/cnxk/hw/cpt.h b/drivers/common/cnxk/hw/cpt.h
index ccc7af4..412dd76 100644
--- a/drivers/common/cnxk/hw/cpt.h
+++ b/drivers/common/cnxk/hw/cpt.h
@@ -215,6 +215,8 @@ union cpt_res_s {
uint64_t reserved_64_127;
} cn9k;
+
+ uint64_t u64[2];
};
/* [CN10K, .) */
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 638268e..f8240e1 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -111,6 +111,10 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct
rte_crypto_op *ops[],
uint64_t w7;
int ret;
+ const union cpt_res_s res = {
+ .cn10k.compcode = CPT_COMP_NOT_DONE,
+ };
+
op = ops[0];
inst[0].w0.u64 = 0;
@@ -174,7 +178,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct
rte_crypto_op *ops[],
}
inst[0].res_addr = (uint64_t)&infl_req->res;
- infl_req->res.cn10k.compcode = CPT_COMP_NOT_DONE;
+ __atomic_store_n(&infl_req->res.u64[0], res.u64[0], __ATOMIC_RELAXED);
infl_req->cop = op;
inst[0].w7.u64 = w7;
@@ -395,9 +399,9 @@ cn10k_cpt_sec_ucc_process(struct rte_crypto_op *cop,
static inline void
cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
struct rte_crypto_op *cop,
- struct cpt_inflight_req *infl_req)
+ struct cpt_inflight_req *infl_req,
+ struct cpt_cn10k_res_s *res)
{
- struct cpt_cn10k_res_s *res = (struct cpt_cn10k_res_s *)&infl_req->res;
const uint8_t uc_compcode = res->uc_compcode;
const uint8_t compcode = res->compcode;
unsigned int sz;
@@ -495,12 +499,15 @@ cn10k_cpt_crypto_adapter_dequeue(uintptr_t get_work1)
struct cpt_inflight_req *infl_req;
struct rte_crypto_op *cop;
struct cnxk_cpt_qp *qp;
+ union cpt_res_s res;
infl_req = (struct cpt_inflight_req *)(get_work1);
cop = infl_req->cop;
qp = infl_req->qp;
- cn10k_cpt_dequeue_post_process(qp, infl_req->cop, infl_req);
+ res.u64[0] = __atomic_load_n(&infl_req->res.u64[0], __ATOMIC_RELAXED);
+
+ cn10k_cpt_dequeue_post_process(qp, infl_req->cop, infl_req, &res.cn10k);
if (unlikely(infl_req->op_flags & CPT_OP_FLAGS_METABUF))
rte_mempool_put(qp->meta_info.pool, infl_req->mdata);
@@ -515,9 +522,9 @@ cn10k_cpt_dequeue_burst(void *qptr, struct rte_crypto_op
**ops, uint16_t nb_ops)
struct cpt_inflight_req *infl_req;
struct cnxk_cpt_qp *qp = qptr;
struct pending_queue *pend_q;
- struct cpt_cn10k_res_s *res;
uint64_t infl_cnt, pq_tail;
struct rte_crypto_op *cop;
+ union cpt_res_s res;
int i;
pend_q = &qp->pend_q;
@@ -534,9 +541,10 @@ cn10k_cpt_dequeue_burst(void *qptr, struct rte_crypto_op
**ops, uint16_t nb_ops)
for (i = 0; i < nb_ops; i++) {
infl_req = &pend_q->req_queue[pq_tail];
- res = (struct cpt_cn10k_res_s *)&infl_req->res;
+ res.u64[0] = __atomic_load_n(&infl_req->res.u64[0],
+__ATOMIC_RELAXED);
- if (unlikely(res->compcode == CPT_COMP_NOT_DONE)) {
+ if (unlikely(res.cn10k.compcode == CPT_COMP_NOT_DONE)) {
if (unlikely(rte_get_timer_cycles() >
pend_q->time_out)) {
plt_err("Request timed out");
@@ -553,7 +561,7 @@ cn10k_cpt_dequeue_burst(void *qptr, struct rte_crypto_op
**ops, uint16_t nb_ops)
ops[i] = cop;
- cn10k_cpt_dequeue_post_process(qp, cop, infl_req);
+ cn10k_cpt_dequeue_post_process(qp, cop, infl_req, &res.cn10k);
if (unlikely(infl_req->op_flags & CPT_OP_FLAGS_METABUF))
rte_mempool_put(qp->meta_info.pool, infl_req->mdata);
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index 449208d..cf80d47 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -221,6 +221,10 @@ cn9k_cpt_enqueue_burst(void *qptr, struct rte_crypto_op
**ops, uint16_t nb_ops)
uint64_t head;
int ret;
+ const union cpt_res_s res = {
+ .cn10k.compcode = CPT_COMP_NOT_DONE,
+ };
+
pend_q = &qp->pend_q;
const uint64_t lmt_base = qp->lf.lmt_base;
@@ -274,10 +278,12 @
[PATCH 21/25] crypto/cnxk: support lookaside IPsec AES-CTR
From: Tejasree Kondoj
Adding AES-CTR support to cnxk CPT in
lookaside IPsec mode.
Signed-off-by: Tejasree Kondoj
---
doc/guides/cryptodevs/cnxk.rst| 2 ++
doc/guides/rel_notes/release_22_03.rst| 1 +
drivers/common/cnxk/cnxk_security.c | 6 ++
drivers/crypto/cnxk/cn9k_ipsec.c | 3 +++
drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +-
drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 20
drivers/crypto/cnxk/cnxk_ipsec.h | 3 ++-
7 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index c49a779..1239155 100644
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -261,6 +261,7 @@ Cipher algorithms
+
* AES-128/192/256-CBC
+* AES-128/192/256-CTR
Auth algorithms
+++
@@ -288,6 +289,7 @@ Cipher algorithms
+
* AES-128/192/256-CBC
+* AES-128/192/256-CTR
Auth algorithms
+++
diff --git a/doc/guides/rel_notes/release_22_03.rst
b/doc/guides/rel_notes/release_22_03.rst
index 8df9092..4b272e4 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -60,6 +60,7 @@ New Features
* Added SHA256-HMAC support in lookaside protocol (IPsec) for CN10K.
* Added SHA384-HMAC support in lookaside protocol (IPsec) for CN9K & CN10K.
* Added SHA512-HMAC support in lookaside protocol (IPsec) for CN9K & CN10K.
+ * Added AES-CTR support in lookaside protocol (IPsec) for CN9K & CN10K.
Removed Items
diff --git a/drivers/common/cnxk/cnxk_security.c
b/drivers/common/cnxk/cnxk_security.c
index 1c86f82..0d4baa9 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -123,6 +123,9 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2
*w2,
case RTE_CRYPTO_CIPHER_AES_CBC:
w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CBC;
break;
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CTR;
+ break;
default:
return -ENOTSUP;
}
@@ -630,6 +633,9 @@ onf_ipsec_sa_common_param_fill(struct roc_ie_onf_sa_ctl
*ctl, uint8_t *salt,
case RTE_CRYPTO_CIPHER_AES_CBC:
ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC;
break;
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CTR;
+ break;
default:
return -ENOTSUP;
}
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 3c6c8e9..65f46b2 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -166,6 +166,9 @@ ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
} else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC;
aes_key_len = cipher_xform->cipher.key.length;
+ } else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CTR) {
+ ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CTR;
+ aes_key_len = cipher_xform->cipher.key.length;
} else {
return -ENOTSUP;
}
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h
b/drivers/crypto/cnxk/cnxk_cryptodev.h
index f701c26..4a1e377 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -11,7 +11,7 @@
#include "roc_cpt.h"
#define CNXK_CPT_MAX_CAPS 34
-#define CNXK_SEC_CRYPTO_MAX_CAPS 8
+#define CNXK_SEC_CRYPTO_MAX_CAPS 9
#define CNXK_SEC_MAX_CAPS 5
#define CNXK_AE_EC_ID_MAX 8
/**
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 0fdd91a..fae433e 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -754,6 +754,26 @@ static const struct rte_cryptodev_capabilities
sec_caps_aes[] = {
}, }
}, }
},
+ { /* AES CTR */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_CTR,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .iv_size = {
+ .min = 12,
+
[PATCH 20/25] crypto/cnxk: add more info on command timeout
Print more info when command timeout happens. Print software and
hardware queue information.
Signed-off-by: Anoob Joseph
Signed-off-by: Tejasree Kondoj
---
drivers/common/cnxk/hw/cpt.h | 11
drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 1 +
drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 1 +
drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 43 +++
drivers/crypto/cnxk/cnxk_cryptodev_ops.h | 1 +
5 files changed, 57 insertions(+)
diff --git a/drivers/common/cnxk/hw/cpt.h b/drivers/common/cnxk/hw/cpt.h
index 412dd76..4d9c896 100644
--- a/drivers/common/cnxk/hw/cpt.h
+++ b/drivers/common/cnxk/hw/cpt.h
@@ -91,6 +91,17 @@ union cpt_lf_inprog {
} s;
};
+union cpt_lf_q_inst_ptr {
+ uint64_t u;
+ struct cpt_lf_q_inst_ptr_s {
+ uint64_t dq_ptr : 20;
+ uint64_t reserved_20_31 : 12;
+ uint64_t nq_ptr : 20;
+ uint64_t reserved_52_62 : 11;
+ uint64_t xq_xor : 1;
+ } s;
+};
+
union cpt_lf_q_base {
uint64_t u;
struct cpt_lf_q_base_s {
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index f8240e1..1905ea3 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -548,6 +548,7 @@ cn10k_cpt_dequeue_burst(void *qptr, struct rte_crypto_op
**ops, uint16_t nb_ops)
if (unlikely(rte_get_timer_cycles() >
pend_q->time_out)) {
plt_err("Request timed out");
+ cnxk_cpt_dump_on_err(qp);
pend_q->time_out = rte_get_timer_cycles() +
DEFAULT_COMMAND_TIMEOUT *
rte_get_timer_hz();
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index cf80d47..ac1953b 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -547,6 +547,7 @@ cn9k_cpt_dequeue_burst(void *qptr, struct rte_crypto_op
**ops, uint16_t nb_ops)
if (unlikely(rte_get_timer_cycles() >
pend_q->time_out)) {
plt_err("Request timed out");
+ cnxk_cpt_dump_on_err(qp);
pend_q->time_out = rte_get_timer_cycles() +
DEFAULT_COMMAND_TIMEOUT *
rte_get_timer_hz();
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index b02f070..f63dcdd 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -703,3 +703,46 @@ cnxk_ae_session_cfg(struct rte_cryptodev *dev,
return 0;
}
+
+void
+cnxk_cpt_dump_on_err(struct cnxk_cpt_qp *qp)
+{
+ struct pending_queue *pend_q = &qp->pend_q;
+ uint64_t inflight, enq_ptr, deq_ptr, insts;
+ union cpt_lf_q_inst_ptr inst_ptr;
+ union cpt_lf_inprog lf_inprog;
+
+ plt_print("Lcore ID: %d, LF/QP ID: %d", rte_lcore_id(), qp->lf.lf_id);
+ plt_print("");
+ plt_print("S/w pending queue:");
+ plt_print("\tHead: %ld", pend_q->head);
+ plt_print("\tTail: %ld", pend_q->tail);
+ plt_print("\tMask: 0x%lx", pend_q->pq_mask);
+ plt_print("\tInflight count: %ld",
+ pending_queue_infl_cnt(pend_q->head, pend_q->tail,
+pend_q->pq_mask));
+
+ plt_print("");
+ plt_print("H/w pending queue:");
+
+ lf_inprog.u = plt_read64(qp->lf.rbase + CPT_LF_INPROG);
+ inflight = lf_inprog.s.inflight;
+ plt_print("\tInflight in engines: %ld", inflight);
+
+ inst_ptr.u = plt_read64(qp->lf.rbase + CPT_LF_Q_INST_PTR);
+
+ enq_ptr = inst_ptr.s.nq_ptr;
+ deq_ptr = inst_ptr.s.dq_ptr;
+
+ if (enq_ptr >= deq_ptr)
+ insts = enq_ptr - deq_ptr;
+ else
+ insts = (enq_ptr + pend_q->pq_mask + 1 + 320 + 40) - deq_ptr;
+
+ plt_print("\tNQ ptr: 0x%lx", enq_ptr);
+ plt_print("\tDQ ptr: 0x%lx", deq_ptr);
+ plt_print("Insts waiting in CPT: %ld", insts);
+
+ plt_print("");
+ roc_cpt_afs_print(qp->lf.roc_cpt);
+}
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index 0336ae1..e521f07 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -122,6 +122,7 @@ int cnxk_ae_session_cfg(struct rte_cryptodev *dev,
struct rte_crypto_asym_xform *xform,
struct rte_cryptodev_asym_session *sess,
struct rte_mempool *pool);
+void cnxk_cpt_dump_on_err(struct cnxk_cpt_qp *
[PATCH 22/25] crypto/cnxk: fix extend tail calculation
If the packet size to be incremented after IPsec processing is less
than size of hdr (size incremented before submitting), then extend_tail
can become negative. Allow negative values for the variable.
Fixes: 2474f57fc45c ("crypto/cnxk: add cn9k lookaside IPsec datapath")
Cc: march...@marvell.com
Signed-off-by: Anoob Joseph
---
drivers/crypto/cnxk/cn9k_ipsec_la_ops.h | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
index 2dc8913..2b0261e 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
@@ -77,9 +77,10 @@ process_outb_sa(struct rte_crypto_op *cop, struct
cn9k_ipsec_sa *sa,
const unsigned int hdr_len = sizeof(struct roc_ie_on_outb_hdr);
struct rte_crypto_sym_op *sym_op = cop->sym;
struct rte_mbuf *m_src = sym_op->m_src;
- uint32_t dlen, rlen, extend_tail;
struct roc_ie_on_outb_sa *out_sa;
struct roc_ie_on_outb_hdr *hdr;
+ uint32_t dlen, rlen;
+ int32_t extend_tail;
out_sa = &sa->out_sa;
@@ -88,7 +89,8 @@ process_outb_sa(struct rte_crypto_op *cop, struct
cn9k_ipsec_sa *sa,
extend_tail = rlen - dlen;
if (unlikely(extend_tail > rte_pktmbuf_tailroom(m_src))) {
- plt_dp_err("Not enough tail room");
+ plt_dp_err("Not enough tail room (required: %d, available: %d",
+ extend_tail, rte_pktmbuf_tailroom(m_src));
return -ENOMEM;
}
--
2.7.4
[PATCH 23/25] crypto/cnxk: add aes xcbc and null cipher
Add support for AES XCBC and NULL cipher.
Signed-off-by: Anoob Joseph
---
doc/guides/cryptodevs/cnxk.rst| 4 +
doc/guides/rel_notes/release_22_03.rst| 2 +
drivers/common/cnxk/cnxk_security.c | 48
drivers/common/cnxk/roc_ie_on.h | 10 +++
drivers/crypto/cnxk/cn9k_ipsec.c | 93 ---
drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +-
drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 45 +++
drivers/crypto/cnxk/cnxk_ipsec.h | 7 ++
8 files changed, 169 insertions(+), 42 deletions(-)
diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index 1239155..6e844f5 100644
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -260,6 +260,7 @@ AEAD algorithms
Cipher algorithms
+
+* NULL
* AES-128/192/256-CBC
* AES-128/192/256-CTR
@@ -270,6 +271,7 @@ Auth algorithms
* SHA256-128-HMAC
* SHA384-192-HMAC
* SHA512-256-HMAC
+* AES-XCBC-96
CN10XX Features supported
~
@@ -288,6 +290,7 @@ AEAD algorithms
Cipher algorithms
+
+* NULL
* AES-128/192/256-CBC
* AES-128/192/256-CTR
@@ -299,3 +302,4 @@ Auth algorithms
* SHA256-128-HMAC
* SHA384-192-HMAC
* SHA512-256-HMAC
+* AES-XCBC-96
diff --git a/doc/guides/rel_notes/release_22_03.rst
b/doc/guides/rel_notes/release_22_03.rst
index 4b272e4..e8fec00 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -61,6 +61,8 @@ New Features
* Added SHA384-HMAC support in lookaside protocol (IPsec) for CN9K & CN10K.
* Added SHA512-HMAC support in lookaside protocol (IPsec) for CN9K & CN10K.
* Added AES-CTR support in lookaside protocol (IPsec) for CN9K & CN10K.
+ * Added NULL cipher support in lookaside protocol (IPsec) for CN9K & CN10K.
+ * Added AES-XCBC support in lookaside protocol (IPsec) for CN9K & CN10K.
Removed Items
diff --git a/drivers/common/cnxk/cnxk_security.c
b/drivers/common/cnxk/cnxk_security.c
index 0d4baa9..6ebf084 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -120,6 +120,9 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2
*w2,
}
} else {
switch (cipher_xfrm->cipher.algo) {
+ case RTE_CRYPTO_CIPHER_NULL:
+ w2->s.enc_type = ROC_IE_OT_SA_ENC_NULL;
+ break;
case RTE_CRYPTO_CIPHER_AES_CBC:
w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CBC;
break;
@@ -146,11 +149,19 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2
*w2,
case RTE_CRYPTO_AUTH_SHA512_HMAC:
w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA2_512;
break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ w2->s.auth_type = ROC_IE_OT_SA_AUTH_AES_XCBC_128;
+ break;
default:
return -ENOTSUP;
}
- ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
+ if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) {
+ const uint8_t *auth_key = auth_xfrm->auth.key.data;
+ roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
+ } else {
+ ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
+ }
tmp_key = (uint64_t *)hmac_opad_ipad;
for (i = 0;
@@ -174,18 +185,26 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2
*w2,
for (i = 0; i < (int)(ROC_CTX_MAX_CKEY_LEN / sizeof(uint64_t)); i++)
tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);
- switch (length) {
- case ROC_CPT_AES128_KEY_LEN:
- w2->s.aes_key_len = ROC_IE_SA_AES_KEY_LEN_128;
- break;
- case ROC_CPT_AES192_KEY_LEN:
- w2->s.aes_key_len = ROC_IE_SA_AES_KEY_LEN_192;
- break;
- case ROC_CPT_AES256_KEY_LEN:
- w2->s.aes_key_len = ROC_IE_SA_AES_KEY_LEN_256;
- break;
- default:
- return -EINVAL;
+ /* Set AES key length */
+ if (w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_CBC ||
+ w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_CCM ||
+ w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_CTR ||
+ w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM ||
+ w2->s.auth_type == ROC_IE_OT_SA_AUTH_AES_GMAC) {
+ switch (length) {
+ case ROC_CPT_AES128_KEY_LEN:
+ w2->s.aes_key_len = ROC_IE_SA_AES_KEY_LEN_128;
+ break;
+ case ROC_CPT_AES192_KEY_LEN:
+ w2->s.aes_key_len = ROC_IE_SA_AES_KEY_LEN_192;
+ break;
+ case ROC_CPT_
[PATCH 24/25] crypto/cnxk: add copy and set DF
Add support for copy and set DF bit.
Signed-off-by: Anoob Joseph
---
drivers/crypto/cnxk/cn9k_ipsec.c | 7 ++-
drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 1 +
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 06f6c20..5bc0a50 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -246,6 +246,8 @@ ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
if (ipsec->options.udp_encap == 1)
ctl->encap_type = ROC_IE_ON_SA_ENCAP_UDP;
+ ctl->copy_df = ipsec->options.copy_df;
+
ctl->spi = rte_cpu_to_be_32(ipsec->spi);
rte_io_wmb();
@@ -376,13 +378,16 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ uint16_t frag_off = 0;
ctx_len += sizeof(template->ip4);
ip4->version_ihl = RTE_IPV4_VHL_DEF;
ip4->time_to_live = ipsec->tunnel.ipv4.ttl;
ip4->type_of_service |= (ipsec->tunnel.ipv4.dscp << 2);
if (ipsec->tunnel.ipv4.df)
- ip4->fragment_offset = BIT(14);
+ frag_off |= RTE_IPV4_HDR_DF_FLAG;
+ ip4->fragment_offset = rte_cpu_to_be_16(frag_off);
+
memcpy(&ip4->src_addr, &ipsec->tunnel.ipv4.src_ip,
sizeof(struct in_addr));
memcpy(&ip4->dst_addr, &ipsec->tunnel.ipv4.dst_ip,
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index a0b2a1f..69ee0d9 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1121,6 +1121,7 @@ static void
cnxk_sec_caps_update(struct rte_security_capability *sec_cap)
{
sec_cap->ipsec.options.udp_encap = 1;
+ sec_cap->ipsec.options.copy_df = 1;
}
static void
--
2.7.4
[PATCH 25/25] crypto/cnxk: add aes cmac
Add support for AES CMAC auth algorithm.
Signed-off-by: Anoob Joseph
---
doc/guides/cryptodevs/cnxk.rst| 1 +
doc/guides/cryptodevs/features/cn10k.ini | 37 +++---
doc/guides/cryptodevs/features/cn9k.ini | 37 +++---
doc/guides/rel_notes/release_22_03.rst| 1 +
drivers/common/cnxk/roc_se.h | 8 +--
drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 20
drivers/crypto/cnxk/cnxk_se.h | 60 ++-
7 files changed, 103 insertions(+), 61 deletions(-)
diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index 6e844f5..3c58517 100644
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -61,6 +61,7 @@ Hash algorithms:
* ``RTE_CRYPTO_AUTH_SHA512_HMAC``
* ``RTE_CRYPTO_AUTH_SNOW3G_UIA2``
* ``RTE_CRYPTO_AUTH_ZUC_EIA3``
+* ``RTE_CRYPTO_AUTH_AES_CMAC``
AEAD algorithms:
diff --git a/doc/guides/cryptodevs/features/cn10k.ini
b/doc/guides/cryptodevs/features/cn10k.ini
index ab21d9d..c8193c2 100644
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -41,23 +41,26 @@ ZUC EEA3 = Y
; Supported authentication algorithms of 'cn10k' crypto driver.
;
[Auth]
-NULL = Y
-AES GMAC = Y
-KASUMI F9= Y
-MD5 = Y
-MD5 HMAC = Y
-SHA1 = Y
-SHA1 HMAC= Y
-SHA224 = Y
-SHA224 HMAC = Y
-SHA256 = Y
-SHA256 HMAC = Y
-SHA384 = Y
-SHA384 HMAC = Y
-SHA512 = Y
-SHA512 HMAC = Y
-SNOW3G UIA2 = Y
-ZUC EIA3 = Y
+NULL= Y
+AES GMAC= Y
+KASUMI F9 = Y
+MD5 = Y
+MD5 HMAC= Y
+SHA1= Y
+SHA1 HMAC = Y
+SHA224 = Y
+SHA224 HMAC = Y
+SHA256 = Y
+SHA256 HMAC = Y
+SHA384 = Y
+SHA384 HMAC = Y
+SHA512 = Y
+SHA512 HMAC = Y
+SNOW3G UIA2 = Y
+ZUC EIA3= Y
+AES CMAC (128) = Y
+AES CMAC (192) = Y
+AES CMAC (256) = Y
;
; Supported AEAD algorithms of 'cn10k' crypto driver.
diff --git a/doc/guides/cryptodevs/features/cn9k.ini
b/doc/guides/cryptodevs/features/cn9k.ini
index d834659..f215ee0 100644
--- a/doc/guides/cryptodevs/features/cn9k.ini
+++ b/doc/guides/cryptodevs/features/cn9k.ini
@@ -40,23 +40,26 @@ ZUC EEA3 = Y
; Supported authentication algorithms of 'cn9k' crypto driver.
;
[Auth]
-NULL = Y
-AES GMAC = Y
-KASUMI F9= Y
-MD5 = Y
-MD5 HMAC = Y
-SHA1 = Y
-SHA1 HMAC= Y
-SHA224 = Y
-SHA224 HMAC = Y
-SHA256 = Y
-SHA256 HMAC = Y
-SHA384 = Y
-SHA384 HMAC = Y
-SHA512 = Y
-SHA512 HMAC = Y
-SNOW3G UIA2 = Y
-ZUC EIA3 = Y
+NULL= Y
+AES GMAC= Y
+KASUMI F9 = Y
+MD5 = Y
+MD5 HMAC= Y
+SHA1= Y
+SHA1 HMAC = Y
+SHA224 = Y
+SHA224 HMAC = Y
+SHA256 = Y
+SHA256 HMAC = Y
+SHA384 = Y
+SHA384 HMAC = Y
+SHA512 = Y
+SHA512 HMAC = Y
+SNOW3G UIA2 = Y
+ZUC EIA3= Y
+AES CMAC (128) = Y
+AES CMAC (192) = Y
+AES CMAC (256) = Y
;
; Supported AEAD algorithms of 'cn9k' crypto driver.
diff --git a/doc/guides/rel_notes/release_22_03.rst
b/doc/guides/rel_notes/release_22_03.rst
index e8fec00..72e758e 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -63,6 +63,7 @@ New Features
* Added AES-CTR support in lookaside protocol (IPsec) for CN9K & CN10K.
* Added NULL cipher support in lookaside protocol (IPsec) for CN9K & CN10K.
* Added AES-XCBC support in lookaside protocol (IPsec) for CN9K & CN10K.
+ * Added AES-CMAC support in CN9K & CN10K.
Removed Items
diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h
index 253575a..145a182 100644
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -11,10 +11,10 @@
#define ROC_SE_FC_MINOR_OP_DECRYPT0x1
#define ROC_SE_FC_MINOR_OP_HMAC_FIRST 0x10
-#define ROC_SE_MAJOR_OP_HASH 0x34
-#define ROC_SE_MAJOR_OP_HMAC 0x35
-#define ROC_SE_MAJOR_OP_ZUC_SNOW3G 0x37
-#define ROC_SE_MAJOR_OP_KASUMI0x38
+#define ROC_SE_MAJOR_OP_HASH 0x34
+#define ROC_SE_MAJOR_OP_HMAC 0x35
+#define ROC_SE_MAJOR_OP_PDCP 0x37
+#define ROC_SE_MAJOR_OP_KASUMI 0x38
#define ROC_SE_MAJOR_OP_MISC0x01
#define ROC_SE_MISC_MINOR_OP_PASSTHROUGH 0x03
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 69ee0d9..457e166 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -568,6 +568,26 @@ static const struct rte_cryptodev_capabilities caps_aes[]
= {
}, }
}, }
},
+ { /* AES CMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM
Re: [dpdk-dev] [PATCH v1] drivers: remove octeontx2 drivers
On Mon, Dec 6, 2021 at 7:05 PM Ferruh Yigit wrote:
>
> On 12/6/2021 8:35 AM, jer...@marvell.com wrote:
> > From: Jerin Jacob
> >
> > As per the deprecation notice, In the view of enabling unified driver
> > for octeontx2(cn9k)/octeontx3(cn10k), removing drivers/octeontx2
> > drivers and replace with drivers/cnxk/ which
> > supports both octeontx2(cn9k) and octeontx3(cn10k) SoCs.
> >
> > This patch does the following
> >
> > - Replace drivers/common/octeontx2/ with drivers/common/cnxk/
> > - Replace drivers/mempool/octeontx2/ with drivers/mempool/cnxk/
> > - Replace drivers/net/octeontx2/ with drivers/net/cnxk/
> > - Replace drivers/event/octeontx2/ with drivers/event/cnxk/
> > - Replace drivers/crypto/octeontx2/ with drivers/crypto/cnxk/
> > - Rename config/arm/arm64_octeontx2_linux_gcc as
> >config/arm/arm64_cn9k_linux_gcc
> > - Update the documentation and MAINTAINERS to reflect the same.
> > - Change the reference to OCTEONTX2 as OCTEON 9. The kernel related
> > documentation is not accounted for this change as kernel documentation
> > still uses OCTEONTX2.
> >
> > Depends-on: series-20804 ("common/cnxk: add REE HW definitions")
> > Signed-off-by: Jerin Jacob
> > ---
> > MAINTAINERS | 37 -
> > app/test/meson.build |1 -
> > app/test/test_cryptodev.c |7 -
> > app/test/test_cryptodev.h |1 -
> > app/test/test_cryptodev_asym.c| 17 -
> > app/test/test_eventdev.c |8 -
> > config/arm/arm64_cn10k_linux_gcc |1 -
> > ...teontx2_linux_gcc => arm64_cn9k_linux_gcc} |3 +-
> > config/arm/meson.build| 10 +-
> > devtools/check-abi.sh |4 +
> > doc/guides/cryptodevs/features/octeontx2.ini | 87 -
> > doc/guides/cryptodevs/index.rst |1 -
> > doc/guides/cryptodevs/octeontx2.rst | 188 -
> > doc/guides/dmadevs/cnxk.rst |2 +-
> > doc/guides/eventdevs/features/octeontx2.ini | 30 -
> > doc/guides/eventdevs/index.rst|1 -
> > doc/guides/eventdevs/octeontx2.rst| 178 -
> > doc/guides/mempool/index.rst |1 -
> > doc/guides/mempool/octeontx2.rst | 92 -
> > doc/guides/nics/cnxk.rst |4 +-
> > doc/guides/nics/features/octeontx2.ini| 97 -
> > doc/guides/nics/features/octeontx2_vec.ini| 48 -
> > doc/guides/nics/features/octeontx2_vf.ini | 45 -
> > doc/guides/nics/index.rst |1 -
> > doc/guides/nics/octeontx2.rst | 465 ---
> > doc/guides/nics/octeontx_ep.rst |4 +-
> > doc/guides/platform/cnxk.rst | 12 +
> > .../octeontx2_packet_flow_hw_accelerators.svg | 2804 --
> > .../img/octeontx2_resource_virtualization.svg | 2418
> > doc/guides/platform/index.rst |1 -
> > doc/guides/platform/octeontx2.rst | 520 ---
> > doc/guides/rel_notes/deprecation.rst | 17 -
> > doc/guides/rel_notes/release_19_08.rst| 12 +-
> > doc/guides/rel_notes/release_19_11.rst|6 +-
> > doc/guides/rel_notes/release_20_02.rst|8 +-
> > doc/guides/rel_notes/release_20_05.rst|4 +-
> > doc/guides/rel_notes/release_20_08.rst|6 +-
> > doc/guides/rel_notes/release_20_11.rst|8 +-
> > doc/guides/rel_notes/release_21_02.rst| 10 +-
> > doc/guides/rel_notes/release_21_05.rst|6 +-
> > doc/guides/rel_notes/release_21_11.rst|2 +-
>
> Not sure about updating old release notes files, using 'octeontx2' still can
> make
> sense for the context of those releases.
OK. I will send v2 with keeping octeontx2 in OLD release notes.
>
> Also search still gives some instances of 'octeontx2', like
> 'devtools/check-abi.sh'
> one, can you please confirm if OK to have them:
> $git grep -i octeontx2
This change to skip octeontx2 driver for ABI check as it is removed.
This change is needed.
if grep -qE "\
> Except from above items, agree with change in principal and build test looks
> good:
> Acked-by: Ferruh Yigit
