Re: [PATCH v3 4/5] mempool: avoid floating point expression in static assertion

[Andrew Rybchenko]

On 1/16/24 21:41, Stephen Hemminger wrote:

Clang does not handle casts in static_assert() expressions.
It doesn't like use of floating point to calculate threshold.
Use a different expression with same effect; yes this will cause
checkpatch nag.

Signed-off-by: Stephen Hemminger 
---
  lib/mempool/rte_mempool.c | 4 +---
  1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/lib/mempool/rte_mempool.c b/lib/mempool/rte_mempool.c
index b7a19bea7185..ba3a54cfc298 100644
--- a/lib/mempool/rte_mempool.c
+++ b/lib/mempool/rte_mempool.c
@@ -50,9 +50,7 @@ static void
  mempool_event_callback_invoke(enum rte_mempool_event event,
  struct rte_mempool *mp);
  
-#define CACHE_FLUSHTHRESH_MULTIPLIER 1.5


drivers/net/mlx5/mlx5_rxq.c:1447:* CACHE_FLUSHTHRESH_MULTIPLIER 
is defined in a C file, so using a



-#define CALC_CACHE_FLUSHTHRESH(c)  \
-   ((typeof(c))((c) * CACHE_FLUSHTHRESH_MULTIPLIER))
+#define CALC_CACHE_FLUSHTHRESH(c) ((c) + (c) / 2)


Maybe ((c) * 3 / 2) to avoid double usage of arg in macro?

  
  #if defined(RTE_ARCH_X86)

  /*

Re: static_assert, sfc, and clang issues

[Andrew Rybchenko]

On 1/17/24 01:49, Stephen Hemminger wrote:

On Tue, 16 Jan 2024 23:14:36 +0100
Morten Brørup  wrote:


+1 for #2 just make it a block.


I prefer that you implement the workaround in the RTE_BUILD_BUG_ON() macro, by 
surrounding it by "do { } while (0)", like this:

#define RTE_BUILD_BUG_ON(condition) do { static_assert(!(condition), 
#condition); } while (0)

And please mention the workaround reason, with the reference to the clang bug, 
in the source code comment describing the function.

The godbolt link in the clang issue seems happy with this workaround.


In the patch series sent, already did that. Didn't need to do { } while(0) hack 
to make it work.
Reference is in commit message.


I'm OK with the solution in the patch series. Thanks a lot.

Re: [PATCH v3 1/1] ethdev: parsing multiple representor devargs string

[Andrew Rybchenko]

On 1/16/24 12:55, Harman Kalra wrote:

Adding support for parsing multiple representor devargs strings
passed to a PCI BDF. There may be scenario where port representors
for various PFs or VFs under PFs are required and all these are
representor ports shall be backed by single pci device. In such
case port representors can be created using devargs string:
,representor=[pf[0-1],pf2vf[1,2-3],[4-5]]

Signed-off-by: Harman Kalra 


see below


diff --git a/lib/ethdev/ethdev_driver.c b/lib/ethdev/ethdev_driver.c
index bd917a15fc..8a49511516 100644
--- a/lib/ethdev/ethdev_driver.c
+++ b/lib/ethdev/ethdev_driver.c
@@ -2,6 +2,7 @@
   * Copyright(c) 2022 Intel Corporation
   */
  
+#include 

  #include 
  #include 
  
@@ -459,9 +460,23 @@ eth_dev_devargs_tokenise(struct rte_kvargs *arglist, const char *str_in)

break;
  
  		case 3: /* Parsing list */

-   if (*letter == ']')
-   state = 2;
-   else if (*letter == '\0')
+   if (*letter == ']') {
+   /* Multiple representor case has ']' dual 
meaning, first end of
+* individual pfvf list and other end of 
consolidated list of
+* representors.
+* Complete multiple representors list to be 
considered as one
+* pair value.
+*/
+   if ((strcmp("representor", pair->key) == 0) &&
+   ((*(letter + 2) == 'p' && *(letter + 3) == 
'f')   ||


Sorry, but it is unclear why it is not out-of-bound access.


+(*(letter + 2) == 'v' && *(letter + 3) == 
'f')   ||
+(*(letter + 2) == 's' && *(letter + 3) == 
'f')   ||


may be it is better to use strncmp() instead? IMHO it is a bit hard to
follow.


+(*(letter + 2) == 'c' && isdigit(*(letter 
+ 3))) ||
+(*(letter + 2) == '[' && isdigit(*(letter 
+ 3)
+   state = 3;
+   else
+   state = 2;
+   } else if (*letter == '\0')
return -EINVAL;
break;
}
@@ -469,16 +484,56 @@ eth_dev_devargs_tokenise(struct rte_kvargs *arglist, 
const char *str_in)
}
  }
  
+static int

+eth_dev_tokenise_representor_list(char *p_val, struct rte_eth_devargs 
*eth_devargs,
+ uint8_t nb_da)
+{
+   struct rte_eth_devargs *eth_da;
+   char da_val[BUFSIZ];
+   char delim[] = "]";
+   int devargs = 0;
+   int result = 0;
+   char *token;
+
+   token = strtok(&p_val[1], delim);


since strtok() is MT-unsafe, I'd recommend to use strtok_r()


+   while (token != NULL) {
+   eth_da = ð_devargs[devargs];
+   memset(eth_da, 0, sizeof(*eth_da));
+   snprintf(da_val, BUFSIZ, "%s%c", (token[0] == ',') ? ++token : 
token, ']');
+   /* Parse the tokenised devarg value */
+   result = rte_eth_devargs_parse_representor_ports(da_val, 
eth_da);
+   if (result < 0)
+   goto parse_cleanup;
+   devargs++;
+   if (devargs > nb_da) {
+   RTE_ETHDEV_LOG_LINE(ERR,
+   "Devargs parsed %d > max array size 
%d",
+   devargs, nb_da);
+   result = -1;
+   goto parse_cleanup;
+   }
+   token = strtok(NULL, delim);
+   }
+
+   result = devargs;
+
+parse_cleanup:
+   return result;
+
+}
+
  int
-rte_eth_devargs_parse(const char *dargs, struct rte_eth_devargs *eth_da)
+rte_eth_devargs_parse(const char *dargs, struct rte_eth_devargs *eth_devargs,
+ uint8_t nb_da)


I see no single reason to limit nb_da to uint8_t type. IMHO it should be
'unsigned int' as an unsigned number of default type.
'unsigned int' is used for number of stats and ptypes in array.

[snip]

Re: [PATCH v4] dts: add Dockerfile

[Juraj Linkeš]

Reviewed-by: Juraj Linkeš 

On Tue, Jan 16, 2024 at 8:18 PM  wrote:
>
> From: Juraj Linkeš 
>
> The Dockerfile defines development and CI runner images.
>
> Signed-off-by: Juraj Linkeš 
> Signed-off-by: Jeremy Spewock 

Re: [PATCH v3 1/5] event/opdl: fix non-constant compile time assertion

[Bruce Richardson]

On Wed, Jan 17, 2024 at 10:58:12AM +0300, Andrew Rybchenko wrote:
> On 1/16/24 21:41, Stephen Hemminger wrote:
> > RTE_BUILD_BUG_ON() was being used with a non-constant value.
> > The inline function rte_is_power_of_2() is not constant since
> > inline expansion happens later in the compile process.
> > Replace it with macro which will be constant.
> > 
> > Fixes: 4236ce9bf5bf ("event/opdl: add OPDL ring infrastructure library")
> > Cc: liang.j...@intel.com
> > Signed-off-by: Stephen Hemminger 
> > Acked-by: Bruce Richardson 
> > Acked-by: Tyler Retzlaff 
> > ---
> >   drivers/event/opdl/opdl_ring.c | 5 -
> >   1 file changed, 4 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/event/opdl/opdl_ring.c b/drivers/event/opdl/opdl_ring.c
> > index 69392b56bbec..24e0bbe3222d 100644
> > --- a/drivers/event/opdl/opdl_ring.c
> > +++ b/drivers/event/opdl/opdl_ring.c
> > @@ -31,6 +31,9 @@
> >   #define OPDL_OPA_MASK(0xFF)
> >   #define OPDL_OPA_OFFSET  (0x38)
> > +/* Equivalent to rte_is_power_of_2() but as macro. */
> > +#define IS_POWER_OF_2(x) (((x) & ((x) - 1)) == 0)
> 
> IMHO adding it in specific driver is a wrong direction. I'm afraid it
> will result in duplication of such macros in code base without clear
> reason why.
> 
> May be it is better to add it with a proper name to EAL?
> 
+1
Even if it's a lower-case name, lets make it a macro in EAL so we can use
it everywhere in asserts.

RE: static_assert, sfc, and clang issues

[Morten Brørup]

> From: Stephen Hemminger [mailto:step...@networkplumber.org]
> Sent: Tuesday, 16 January 2024 23.50
> 
> On Tue, 16 Jan 2024 23:14:36 +0100
> Morten Brørup  wrote:
> 
> > > +1 for #2 just make it a block.
> >
> > I prefer that you implement the workaround in the RTE_BUILD_BUG_ON()
> macro, by surrounding it by "do { } while (0)", like this:
> >
> > #define RTE_BUILD_BUG_ON(condition) do { static_assert(!(condition),
> #condition); } while (0)
> >
> > And please mention the workaround reason, with the reference to the
> clang bug, in the source code comment describing the function.
> >
> > The godbolt link in the clang issue seems happy with this workaround.
> 
> In the patch series sent, already did that. Didn't need to do { }
> while(0) hack to make it work.

It works in the problematic file, but not generally.

Without the do/while, "RTE_BUILD_BUG_ON(condition);" will expand to two lines:

{ static_assert(...); }
;

... which may be problematic when used with if/else without curly braces.

However, I do admit that this problem is probably purely theoretical.

> Reference is in commit message.

Yes, but if someone only looks at the source code, the workaround looks strange 
and unnecessary.

Personally, I prefer not having to dig into commit logs when reviewing code. 
Maybe it's just me. I'll leave the decision to you.

Re: [PATCH] net/gve: Enable stats reporting for GQ format

[Ferruh Yigit]

On 1/16/2024 6:18 AM, Rushil Gupta wrote:
> 
> 
> On Fri, Jan 12, 2024 at 8:36 PM Ferruh Yigit  > wrote:
> 
> On 12/22/2023 3:39 PM, Rushil Gupta wrote:
> > Read from shared region to retrieve imissed statistics for GQ from
> device.
> > Tested using `show port xstats ` in interactive mode.
> > This metric can be triggered by using queues > cores.
> >
> 
> Looks good but please check following comments:
> 
> Checkpatch gives warning on the patch title, and this patch adds
> 'imissed' support so it can be added to the patch title, something like:
> "net/gve: enable imissed stats for GQ format"
> 
> <...>
> 
> > +static int gve_alloc_stats_report(struct gve_priv *priv,
> > +             uint16_t nb_tx_queues, uint16_t nb_rx_queues)
> > +{
> > +     char z_name[RTE_MEMZONE_NAMESIZE];
> > +     int tx_stats_cnt;
> > +     int rx_stats_cnt;
> > +
> > +     tx_stats_cnt = (GVE_TX_STATS_REPORT_NUM +
> NIC_TX_STATS_REPORT_NUM) *
> > +             nb_tx_queues;
> > +     rx_stats_cnt = (GVE_RX_STATS_REPORT_NUM +
> NIC_RX_STATS_REPORT_NUM) *
> > +             nb_rx_queues;
> > +     priv->stats_report_len = sizeof(struct gve_stats_report) +
> > +             sizeof(struct stats) * (tx_stats_cnt + rx_stats_cnt);
> > +
> > +     snprintf(z_name, sizeof(z_name), "stats_report_%s",
> priv->pci_dev->device.name );
> >
> 
> Can you please add 'gve_' prefix to the memzone name, to prevent any
> possible collision.
> 
> Done. 
> 
> 
> <...>
> 
> > +static void gve_free_stats_report(struct rte_eth_dev *dev)
> > +{
> > +     struct gve_priv *priv = dev->data->dev_private;
> > +     rte_memzone_free(priv->stats_report_mem);
> >
> 
> What will happen if user asks stats/xstats after port stopped?
> 
> Good catch. I have added a null check so that the driver doesn't try to
> read stats from memory region that doesn't exist. 
> 
> 
> <...>
> 
> >  gve_dev_stats_get(struct rte_eth_dev *dev, struct rte_eth_stats
> *stats)
> >  {
> >       uint16_t i;
> > +     if (gve_is_gqi(dev->data->dev_private))
> > +             gve_get_imissed_from_nic(dev);
> > 
> 
> This updates imissed in RxQ struct for all queues for basic stats, but
> what if user only calls xstats, I guess in that case stat won't be
> updated.
> 
>  
> Yes; that is expected. Since imissed is a member of rte_eth_stats;
> calling gve_dev_stats_get is the right way to get this stat.
>

I don't think it is expected.
xstats contains the basic stats too, if users calls xstats API,
expectation is to get correct values.

RE: [PATCH v3 1/5] event/opdl: fix non-constant compile time assertion

[Morten Brørup]

> From: Bruce Richardson [mailto:bruce.richard...@intel.com]
> Sent: Wednesday, 17 January 2024 10.27
> 
> On Wed, Jan 17, 2024 at 10:58:12AM +0300, Andrew Rybchenko wrote:
> > On 1/16/24 21:41, Stephen Hemminger wrote:
> > > RTE_BUILD_BUG_ON() was being used with a non-constant value.
> > > The inline function rte_is_power_of_2() is not constant since
> > > inline expansion happens later in the compile process.
> > > Replace it with macro which will be constant.
> > >
> > > Fixes: 4236ce9bf5bf ("event/opdl: add OPDL ring infrastructure
> library")
> > > Cc: liang.j...@intel.com
> > > Signed-off-by: Stephen Hemminger 
> > > Acked-by: Bruce Richardson 
> > > Acked-by: Tyler Retzlaff 
> > > ---
> > >   drivers/event/opdl/opdl_ring.c | 5 -
> > >   1 file changed, 4 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/event/opdl/opdl_ring.c
> b/drivers/event/opdl/opdl_ring.c
> > > index 69392b56bbec..24e0bbe3222d 100644
> > > --- a/drivers/event/opdl/opdl_ring.c
> > > +++ b/drivers/event/opdl/opdl_ring.c
> > > @@ -31,6 +31,9 @@
> > >   #define OPDL_OPA_MASK(0xFF)
> > >   #define OPDL_OPA_OFFSET  (0x38)
> > > +/* Equivalent to rte_is_power_of_2() but as macro. */
> > > +#define IS_POWER_OF_2(x) (((x) & ((x) - 1)) == 0)
> >
> > IMHO adding it in specific driver is a wrong direction. I'm afraid it
> > will result in duplication of such macros in code base without clear
> > reason why.
> >
> > May be it is better to add it with a proper name to EAL?
> >
> +1
> Even if it's a lower-case name, lets make it a macro in EAL so we can
> use
> it everywhere in asserts.

Here's a thought... we could introduce a new code convention for this purpose. 
E.g. either:

1. Macros in lower case are guaranteed to access each parameter exactly once 
(and might not be usable for static_assert; they somewhat resemble inline 
functions), and
macros in upper case may access parameters any number of times (and must be 
usable for static_assert).

Or:

2. Macros that access any parameter zero or multiple times must have their name 
postfixed _UNSAFE (or some other word).

[PATCH v3 00/24] Fixes and improvements in crypto cnxk

[Anoob Joseph]

Add following features
- TLS record processing offload (TLS 1.2-1.3, DTLS 1.2)
- Rx inject to allow lookaside packets to be injected to ethdev Rx
- Use PDCP_CHAIN opcode instead of PDCP opcode for cipher-only and auth
  only cases
- PMD API to submit instructions directly to hardware

Changes in v3
- Addressed Akhil's commments on Rx inject patch
- Updated license year to 2024

Changes in v2
- Addressed checkpatch issue
- Addressed build error with stdatomic

Aakash Sasidharan (1):
  crypto/cnxk: enable digest gen for zero len input

Akhil Goyal (1):
  common/cnxk: fix memory leak

Anoob Joseph (6):
  crypto/cnxk: use common macro
  crypto/cnxk: return microcode completion code
  common/cnxk: update opad-ipad gen to handle TLS
  common/cnxk: add TLS record contexts
  crypto/cnxk: separate IPsec from security common code
  crypto/cnxk: add PMD APIs for raw submission to CPT

Gowrishankar Muthukrishnan (1):
  crypto/cnxk: fix ECDH pubkey verify in cn9k

Rahul Bhansali (2):
  common/cnxk: add Rx inject configs
  crypto/cnxk: Rx inject config update

Tejasree Kondoj (3):
  crypto/cnxk: fallback to SG if headroom is not available
  crypto/cnxk: replace PDCP with PDCP chain opcode
  crypto/cnxk: add CPT SG mode debug

Vidya Sagar Velumuri (10):
  crypto/cnxk: enable Rx inject in security lookaside
  crypto/cnxk: enable Rx inject for 103
  crypto/cnxk: rename security caps as IPsec security caps
  crypto/cnxk: add TLS record session ops
  crypto/cnxk: add TLS record datapath handling
  crypto/cnxk: add TLS capability
  crypto/cnxk: validate the combinations supported in TLS
  crypto/cnxk: use a single function for opad ipad
  crypto/cnxk: add support for TLS 1.3
  crypto/cnxk: add TLS 1.3 capability

 doc/api/doxy-api-index.md |   1 +
 doc/api/doxy-api.conf.in  |   1 +
 doc/guides/cryptodevs/cnxk.rst|  12 +
 doc/guides/cryptodevs/features/cn10k.ini  |   1 +
 doc/guides/rel_notes/release_24_03.rst|   7 +
 drivers/common/cnxk/cnxk_security.c   |  65 +-
 drivers/common/cnxk/cnxk_security.h   |  15 +-
 drivers/common/cnxk/hw/cpt.h  |  12 +-
 drivers/common/cnxk/roc_cpt.c |  14 +-
 drivers/common/cnxk/roc_cpt.h |   7 +-
 drivers/common/cnxk/roc_cpt_priv.h|   2 +-
 drivers/common/cnxk/roc_idev.c|  44 +
 drivers/common/cnxk/roc_idev.h|   5 +
 drivers/common/cnxk/roc_idev_priv.h   |   6 +
 drivers/common/cnxk/roc_ie_ot.c   |  14 +-
 drivers/common/cnxk/roc_ie_ot_tls.h   | 225 +
 drivers/common/cnxk/roc_mbox.h|   2 +
 drivers/common/cnxk/roc_nix.c |   2 +
 drivers/common/cnxk/roc_nix_inl.c |   2 +-
 drivers/common/cnxk/roc_nix_inl_dev.c |   2 +-
 drivers/common/cnxk/roc_se.c  | 379 +++-
 drivers/common/cnxk/roc_se.h  |  38 +-
 drivers/common/cnxk/version.map   |   5 +
 drivers/crypto/cnxk/cn10k_cryptodev.c |   2 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 401 -
 drivers/crypto/cnxk/cn10k_cryptodev_ops.h |  11 +
 drivers/crypto/cnxk/cn10k_cryptodev_sec.c | 134 +++
 drivers/crypto/cnxk/cn10k_cryptodev_sec.h |  68 ++
 drivers/crypto/cnxk/cn10k_ipsec.c | 134 +--
 drivers/crypto/cnxk/cn10k_ipsec.h |  38 +-
 drivers/crypto/cnxk/cn10k_ipsec_la_ops.h  |  19 +-
 drivers/crypto/cnxk/cn10k_tls.c   | 830 ++
 drivers/crypto/cnxk/cn10k_tls.h   |  35 +
 drivers/crypto/cnxk/cn10k_tls_ops.h   | 322 +++
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c  |  68 +-
 drivers/crypto/cnxk/cn9k_cryptodev_ops.h  |  62 ++
 drivers/crypto/cnxk/cn9k_ipsec_la_ops.h   |  16 +-
 drivers/crypto/cnxk/cnxk_cryptodev.c  |   3 +
 drivers/crypto/cnxk/cnxk_cryptodev.h  |  24 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 375 +++-
 drivers/crypto/cnxk/cnxk_cryptodev_devargs.c  |  31 +
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c  | 128 ++-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h  |   7 +
 drivers/crypto/cnxk/cnxk_se.h |  98 +--
 drivers/crypto/cnxk/cnxk_sg.h |   4 +-
 drivers/crypto/cnxk/meson.build   |   4 +-
 drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h |  46 +
 drivers/crypto/cnxk/version.map   |   3 +
 48 files changed, 3018 insertions(+), 706 deletions(-)
 create mode 100644 drivers/common/cnxk/roc_ie_ot_tls.h
 create mode 100644 drivers/crypto/cnxk/cn10k_cryptodev_sec.c
 create mode 100644 drivers/crypto/cnxk/cn10k_cryptodev_sec.h
 create mode 100644 drivers/crypto/cnxk/cn10k_tls.c
 create mode 100644 drivers/crypto/cnxk/cn10k_tls.h
 create mode 100644 drivers/crypto/cnxk/cn10k_tls_ops.h
 create mode 100644 drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h

-- 
2.25.1

[PATCH v3 01/24] common/cnxk: fix memory leak

[Anoob Joseph]

From: Akhil Goyal 

dev_init() acquires some resources which need to be cleaned
in case a failure is observed afterwards.

Fixes: c045d2e5cbbc ("common/cnxk: add CPT configuration")

Signed-off-by: Akhil Goyal 
---
 drivers/common/cnxk/roc_cpt.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/common/cnxk/roc_cpt.c b/drivers/common/cnxk/roc_cpt.c
index 981e85a204..4e23d8c135 100644
--- a/drivers/common/cnxk/roc_cpt.c
+++ b/drivers/common/cnxk/roc_cpt.c
@@ -756,7 +756,7 @@ roc_cpt_dev_init(struct roc_cpt *roc_cpt)
rc = dev_init(dev, pci_dev);
if (rc) {
plt_err("Failed to init roc device");
-   goto fail;
+   return rc;
}
 
cpt->pci_dev = pci_dev;
@@ -788,6 +788,7 @@ roc_cpt_dev_init(struct roc_cpt *roc_cpt)
return 0;
 
 fail:
+   dev_fini(dev, pci_dev);
return rc;
 }
 
-- 
2.25.1

[PATCH v3 02/24] crypto/cnxk: use common macro

[Anoob Joseph]

Having different macros for same purpose may cause issues if one is
updated without updating the other. Use same macro by including the
header.

Signed-off-by: Anoob Joseph 
---
 drivers/crypto/cnxk/cnxk_cryptodev.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h 
b/drivers/crypto/cnxk/cnxk_cryptodev.h
index d0ad881f2f..f5374131bf 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -8,12 +8,12 @@
 #include 
 #include 
 
+#include "roc_ae.h"
 #include "roc_cpt.h"
 
 #define CNXK_CPT_MAX_CAPS   55
 #define CNXK_SEC_CRYPTO_MAX_CAPS 16
 #define CNXK_SEC_MAX_CAPS   9
-#define CNXK_AE_EC_ID_MAX   9
 /**
  * Device private data
  */
@@ -23,8 +23,8 @@ struct cnxk_cpt_vf {
struct rte_cryptodev_capabilities
sec_crypto_caps[CNXK_SEC_CRYPTO_MAX_CAPS];
struct rte_security_capability sec_caps[CNXK_SEC_MAX_CAPS];
-   uint64_t cnxk_fpm_iova[CNXK_AE_EC_ID_MAX];
-   struct roc_ae_ec_group *ec_grp[CNXK_AE_EC_ID_MAX];
+   uint64_t cnxk_fpm_iova[ROC_AE_EC_ID_PMAX];
+   struct roc_ae_ec_group *ec_grp[ROC_AE_EC_ID_PMAX];
uint16_t max_qps_limit;
 };
 
-- 
2.25.1

[PATCH v3 03/24] crypto/cnxk: fallback to SG if headroom is not available

[Anoob Joseph]

From: Tejasree Kondoj 

Falling back to SG mode for cn9k lookaside IPsec
if headroom is not available.

Signed-off-by: Tejasree Kondoj 
---
 drivers/crypto/cnxk/cn9k_ipsec_la_ops.h | 8 +---
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h 
b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
index 85aacb803f..3d0db72775 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
@@ -82,19 +82,13 @@ process_outb_sa(struct cpt_qp_meta_info *m_info, struct 
rte_crypto_op *cop,
extend_tail = rlen - dlen;
pkt_len += extend_tail;
 
-   if (likely(m_src->next == NULL)) {
+   if (likely((m_src->next == NULL) && (hdr_len <= data_off))) {
if (unlikely(extend_tail > rte_pktmbuf_tailroom(m_src))) {
plt_dp_err("Not enough tail room (required: %d, 
available: %d)",
   extend_tail, rte_pktmbuf_tailroom(m_src));
return -ENOMEM;
}
 
-   if (unlikely(hdr_len > data_off)) {
-   plt_dp_err("Not enough head room (required: %d, 
available: %d)", hdr_len,
-  rte_pktmbuf_headroom(m_src));
-   return -ENOMEM;
-   }
-
m_src->data_len = pkt_len;
 
hdr = PLT_PTR_ADD(m_src->buf_addr, data_off - hdr_len);
-- 
2.25.1

[PATCH v3 04/24] crypto/cnxk: return microcode completion code

[Anoob Joseph]

Return microcode completion code in case of errors. This allows
applications to check the failure reasons in more granularity.

Signed-off-by: Anoob Joseph 
---
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 997110e3d3..bef7b75810 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -823,6 +823,7 @@ cn10k_cpt_sec_post_process(struct rte_crypto_op *cop, 
struct cpt_cn10k_res_s *re
break;
default:
cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+   cop->aux_flags = res->uc_compcode;
return;
}
 
@@ -884,6 +885,7 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
plt_dp_info("Request failed with microcode error");
plt_dp_info("MC completion code 0x%x",
res->uc_compcode);
+   cop->aux_flags = uc_compcode;
goto temp_sess_free;
}
 
-- 
2.25.1

[PATCH v3 05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k

[Anoob Joseph]

From: Gowrishankar Muthukrishnan 

Fix ECDH pubkey verify in cn9k.

Fixes: baae0994fa96 ("crypto/cnxk: support ECDH")

Signed-off-by: Gowrishankar Muthukrishnan 
---
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index 34d40b07d4..442cd8e5a9 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -578,7 +578,17 @@ cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, 
struct rte_crypto_op *cop,
if (unlikely(res->uc_compcode)) {
if (res->uc_compcode == ROC_SE_ERR_GC_ICV_MISCOMPARE)
cop->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
-   else
+   else if (cop->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC &&
+cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION &&
+cop->asym->ecdh.ke_type == 
RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY) {
+   if (res->uc_compcode == 
ROC_AE_ERR_ECC_POINT_NOT_ON_CURVE) {
+   cop->status = 
RTE_CRYPTO_OP_STATUS_ERROR;
+   return;
+   } else if (res->uc_compcode == 
ROC_AE_ERR_ECC_PAI) {
+   cop->status = 
RTE_CRYPTO_OP_STATUS_SUCCESS;
+   return;
+   }
+   } else
cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
 
plt_dp_info("Request failed with microcode error");
-- 
2.25.1

[PATCH v3 06/24] crypto/cnxk: enable digest gen for zero len input

[Anoob Joseph]

From: Aakash Sasidharan 

With zero length input, digest generation fails with incorrect
value. Fix this by completely avoiding the gather component
when the input packet has zero data length.

Signed-off-by: Aakash Sasidharan 
---
 drivers/crypto/cnxk/cnxk_se.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index c2a807fa94..1aec7dea9f 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -2479,7 +2479,7 @@ prepare_iov_from_pkt(struct rte_mbuf *pkt, struct 
roc_se_iov_ptr *iovec, uint32_
void *seg_data = NULL;
int32_t seg_size = 0;
 
-   if (!pkt) {
+   if (!pkt || pkt->data_len == 0) {
iovec->buf_cnt = 0;
return 0;
}
-- 
2.25.1

[PATCH v3 08/24] common/cnxk: add Rx inject configs

[Anoob Joseph]

From: Rahul Bhansali 

Add Rx inject config for feature enable/disable, and store
Rx chan value per port.

Signed-off-by: Rahul Bhansali 
---
 drivers/common/cnxk/roc_idev.c  | 44 +
 drivers/common/cnxk/roc_idev.h  |  5 
 drivers/common/cnxk/roc_idev_priv.h |  6 
 drivers/common/cnxk/roc_nix.c   |  2 ++
 drivers/common/cnxk/version.map |  4 +++
 5 files changed, 61 insertions(+)

diff --git a/drivers/common/cnxk/roc_idev.c b/drivers/common/cnxk/roc_idev.c
index e6c6b34d78..48df3518b0 100644
--- a/drivers/common/cnxk/roc_idev.c
+++ b/drivers/common/cnxk/roc_idev.c
@@ -310,3 +310,47 @@ roc_idev_nix_inl_meta_aura_get(void)
return idev->inl_cfg.meta_aura;
return 0;
 }
+
+uint8_t
+roc_idev_nix_rx_inject_get(uint16_t port)
+{
+   struct idev_cfg *idev;
+
+   idev = idev_get_cfg();
+   if (idev != NULL && port < PLT_MAX_ETHPORTS)
+   return idev->inl_rx_inj_cfg.rx_inject_en[port];
+
+   return 0;
+}
+
+void
+roc_idev_nix_rx_inject_set(uint16_t port, uint8_t enable)
+{
+   struct idev_cfg *idev;
+
+   idev = idev_get_cfg();
+   if (idev != NULL && port < PLT_MAX_ETHPORTS)
+   __atomic_store_n(&idev->inl_rx_inj_cfg.rx_inject_en[port], 
enable,
+__ATOMIC_RELEASE);
+}
+
+uint16_t *
+roc_idev_nix_rx_chan_base_get(void)
+{
+   struct idev_cfg *idev = idev_get_cfg();
+
+   if (idev != NULL)
+   return (uint16_t *)&idev->inl_rx_inj_cfg.chan;
+
+   return NULL;
+}
+
+void
+roc_idev_nix_rx_chan_set(uint16_t port, uint16_t chan)
+{
+   struct idev_cfg *idev;
+
+   idev = idev_get_cfg();
+   if (idev != NULL && port < PLT_MAX_ETHPORTS)
+   __atomic_store_n(&idev->inl_rx_inj_cfg.chan[port], chan, 
__ATOMIC_RELEASE);
+}
diff --git a/drivers/common/cnxk/roc_idev.h b/drivers/common/cnxk/roc_idev.h
index aea7f5279d..00664eaed6 100644
--- a/drivers/common/cnxk/roc_idev.h
+++ b/drivers/common/cnxk/roc_idev.h
@@ -22,4 +22,9 @@ struct roc_nix_list *__roc_api roc_idev_nix_list_get(void);
 struct roc_mcs *__roc_api roc_idev_mcs_get(uint8_t mcs_idx);
 void __roc_api roc_idev_mcs_set(struct roc_mcs *mcs);
 void __roc_api roc_idev_mcs_free(struct roc_mcs *mcs);
+
+uint8_t __roc_api roc_idev_nix_rx_inject_get(uint16_t port);
+void __roc_api roc_idev_nix_rx_inject_set(uint16_t port, uint8_t enable);
+uint16_t *__roc_api roc_idev_nix_rx_chan_base_get(void);
+void __roc_api roc_idev_nix_rx_chan_set(uint16_t port, uint16_t chan);
 #endif /* _ROC_IDEV_H_ */
diff --git a/drivers/common/cnxk/roc_idev_priv.h 
b/drivers/common/cnxk/roc_idev_priv.h
index 80f8465e1c..8dc1cb25bf 100644
--- a/drivers/common/cnxk/roc_idev_priv.h
+++ b/drivers/common/cnxk/roc_idev_priv.h
@@ -19,6 +19,11 @@ struct idev_nix_inl_cfg {
uint32_t refs;
 };
 
+struct idev_nix_inl_rx_inj_cfg {
+   uint16_t chan[PLT_MAX_ETHPORTS];
+   uint8_t rx_inject_en[PLT_MAX_ETHPORTS];
+};
+
 struct idev_cfg {
uint16_t sso_pf_func;
uint16_t npa_pf_func;
@@ -35,6 +40,7 @@ struct idev_cfg {
struct nix_inl_dev *nix_inl_dev;
struct idev_nix_inl_cfg inl_cfg;
struct roc_nix_list roc_nix_list;
+   struct idev_nix_inl_rx_inj_cfg inl_rx_inj_cfg;
plt_spinlock_t nix_inl_dev_lock;
plt_spinlock_t npa_dev_lock;
 };
diff --git a/drivers/common/cnxk/roc_nix.c b/drivers/common/cnxk/roc_nix.c
index f64933a1d9..97c0ae3e25 100644
--- a/drivers/common/cnxk/roc_nix.c
+++ b/drivers/common/cnxk/roc_nix.c
@@ -223,6 +223,8 @@ roc_nix_lf_alloc(struct roc_nix *roc_nix, uint32_t nb_rxq, 
uint32_t nb_txq,
nix->nb_rx_queues = nb_rxq;
nix->nb_tx_queues = nb_txq;
 
+   roc_idev_nix_rx_chan_set(roc_nix->port_id, rsp->rx_chan_base);
+
nix->rqs = plt_zmalloc(sizeof(struct roc_nix_rq *) * nb_rxq, 0);
if (!nix->rqs) {
rc = -ENOMEM;
diff --git a/drivers/common/cnxk/version.map b/drivers/common/cnxk/version.map
index aa884a8fe2..f84382c401 100644
--- a/drivers/common/cnxk/version.map
+++ b/drivers/common/cnxk/version.map
@@ -105,6 +105,10 @@ INTERNAL {
roc_idev_num_lmtlines_get;
roc_idev_nix_inl_meta_aura_get;
roc_idev_nix_list_get;
+   roc_idev_nix_rx_chan_base_get;
+   roc_idev_nix_rx_chan_set;
+   roc_idev_nix_rx_inject_get;
+   roc_idev_nix_rx_inject_set;
roc_ml_reg_read64;
roc_ml_reg_write64;
roc_ml_reg_read32;
-- 
2.25.1

[PATCH v3 10/24] crypto/cnxk: enable Rx inject for 103

[Anoob Joseph]

From: Vidya Sagar Velumuri 

Enable Rx inject feature for 103XX

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cnxk_cryptodev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.c 
b/drivers/crypto/cnxk/cnxk_cryptodev.c
index b1684e56a7..1eede2e59c 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.c
@@ -24,7 +24,7 @@ cnxk_cpt_default_ff_get(void)
if (roc_model_is_cn10k())
ff |= RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM | 
RTE_CRYPTODEV_FF_SYM_RAW_DP;
 
-   if (roc_model_is_cn10ka_b0())
+   if (roc_model_is_cn10ka_b0() || roc_model_is_cn10kb())
ff |= RTE_CRYPTODEV_FF_SECURITY_RX_INJECT;
 
return ff;
-- 
2.25.1

[PATCH v3 07/24] crypto/cnxk: enable Rx inject in security lookaside

[Anoob Joseph]

From: Vidya Sagar Velumuri 

Add Rx inject fastpath API.
Add devargs "rx_inject_qp" to specify the QP to be used for Rx inject.
When the RX inject feature flag is enabled:
1. Reserve a queue pair to use for RX Inject mode.
2. Enable RXC and disable full packet mode for that queue pair.

Signed-off-by: Anoob Joseph 
Signed-off-by: Vidya Sagar Velumuri 
---
 doc/guides/cryptodevs/cnxk.rst   |  12 ++
 doc/guides/cryptodevs/features/cn10k.ini |   1 +
 doc/guides/rel_notes/release_24_03.rst   |   4 +
 drivers/common/cnxk/hw/cpt.h |   9 ++
 drivers/common/cnxk/roc_cpt.c|  11 +-
 drivers/common/cnxk/roc_cpt.h|   3 +-
 drivers/common/cnxk/roc_cpt_priv.h   |   2 +-
 drivers/common/cnxk/roc_ie_ot.c  |  14 +--
 drivers/common/cnxk/roc_mbox.h   |   2 +
 drivers/common/cnxk/roc_nix_inl.c|   2 +-
 drivers/common/cnxk/roc_nix_inl_dev.c|   2 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c| 124 +++
 drivers/crypto/cnxk/cn10k_cryptodev_ops.h|   8 ++
 drivers/crypto/cnxk/cn10k_ipsec.c|   4 +
 drivers/crypto/cnxk/cn10k_ipsec.h|   2 +
 drivers/crypto/cnxk/cnxk_cryptodev.c |   3 +
 drivers/crypto/cnxk/cnxk_cryptodev.h |   3 +
 drivers/crypto/cnxk/cnxk_cryptodev_devargs.c |  31 +
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c |  27 +++-
 drivers/crypto/cnxk/version.map  |   3 +
 20 files changed, 252 insertions(+), 15 deletions(-)

diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index fbe67475be..09328927cd 100644
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -187,6 +187,18 @@ Runtime Config Options
With the above configuration, the number of maximum queue pairs supported
by the device is limited to 4.
 
+- ``QP ID for RX injection in case of fallback mechanism`` (default ``60``)
+
+   QP ID for RX Injection in fallback mechanism of security.
+   Can be configured during runtime by using ``rx_inject_qp`` ``devargs`` 
parameter.
+
+   For example::
+
+  -a 0002:20:00.1,rx_inject_qp=20
+
+   With the above configuration, QP 20 will be used by the device for RX 
Injection
+   in security in fallback mechanism scenario.
+
 Debugging Options
 -
 
diff --git a/doc/guides/cryptodevs/features/cn10k.ini 
b/doc/guides/cryptodevs/features/cn10k.ini
index ea8a22eb46..e52c313111 100644
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -19,6 +19,7 @@ RSA PRIV OP KEY QT = Y
 Digest encrypted   = Y
 Sym raw data path API  = Y
 Inner checksum = Y
+Rx Injection   = Y
 
 ;
 ; Supported crypto algorithms of 'cn10k' crypto driver.
diff --git a/doc/guides/rel_notes/release_24_03.rst 
b/doc/guides/rel_notes/release_24_03.rst
index e9c9717706..eb63728cfd 100644
--- a/doc/guides/rel_notes/release_24_03.rst
+++ b/doc/guides/rel_notes/release_24_03.rst
@@ -55,6 +55,10 @@ New Features
  Also, make sure to start the actual text at the margin.
  ===
 
+* **Updated Marvell cnxk crypto driver.**
+
+  * Added support for Rx inject in crypto_cn10k.
+
 
 Removed Items
 -
diff --git a/drivers/common/cnxk/hw/cpt.h b/drivers/common/cnxk/hw/cpt.h
index cf9046bbfb..edab8a5d83 100644
--- a/drivers/common/cnxk/hw/cpt.h
+++ b/drivers/common/cnxk/hw/cpt.h
@@ -237,6 +237,15 @@ struct cpt_inst_s {
uint64_t doneint : 1;
uint64_t nixtx_addr : 60;
} s;
+   struct {
+   uint64_t nixtxl : 3;
+   uint64_t doneint : 1;
+   uint64_t chan : 12;
+   uint64_t l2_len : 8;
+   uint64_t et_offset : 8;
+   uint64_t match_id : 16;
+   uint64_t sso_pf_func : 16;
+   } hw_s;
uint64_t u64;
} w0;
 
diff --git a/drivers/common/cnxk/roc_cpt.c b/drivers/common/cnxk/roc_cpt.c
index 4e23d8c135..9f283ceb2e 100644
--- a/drivers/common/cnxk/roc_cpt.c
+++ b/drivers/common/cnxk/roc_cpt.c
@@ -463,7 +463,7 @@ cpt_available_lfs_get(struct dev *dev, uint16_t *nb_lf)
 
 int
 cpt_lfs_alloc(struct dev *dev, uint8_t eng_grpmsk, uint8_t blkaddr, bool 
inl_dev_sso,
- bool ctx_ilen_valid, uint8_t ctx_ilen)
+ bool ctx_ilen_valid, uint8_t ctx_ilen, bool rxc_ena, uint16_t 
rx_inject_qp)
 {
struct cpt_lf_alloc_req_msg *req;
struct mbox *mbox = mbox_get(dev->mbox);
@@ -489,6 +489,10 @@ cpt_lfs_alloc(struct dev *dev, uint8_t eng_grpmsk, uint8_t 
blkaddr, bool inl_dev
req->blkaddr = blkaddr;
req->ctx_ilen_valid = ctx_ilen_valid;
req->ctx_ilen = ctx_ilen;
+   if (rxc_ena) {
+   req->rxc_ena = 1;
+   req->rxc_ena_lf_id = rx_inject_qp;
+   }
 
rc = mbox_p

[PATCH v3 09/24] crypto/cnxk: Rx inject config update

[Anoob Joseph]

From: Rahul Bhansali 

- Update chan in CPT inst from port's Rx chan
- Set Rx inject config in Idev struct

Signed-off-by: Rahul Bhansali 
---
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 4 +++-
 drivers/crypto/cnxk/cn10k_ipsec.c | 3 +++
 drivers/crypto/cnxk/cnxk_cryptodev.h  | 1 +
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c  | 2 ++
 4 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index e656f47693..03ecf583af 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -15,6 +15,7 @@
 #else
 #include "roc_io_generic.h"
 #endif
+#include "roc_idev.h"
 #include "roc_sso.h"
 #include "roc_sso_dp.h"
 
@@ -1122,6 +1123,7 @@ cn10k_cryptodev_sec_inb_rx_inject(void *dev, struct 
rte_mbuf **pkts,
inst->dptr = dptr;
inst->rptr = dptr;
 
+   inst->w0.hw_s.chan = *(vf->rx_chan_base + m->port);
inst->w0.hw_s.l2_len = l2_len;
inst->w0.hw_s.et_offset = l2_len - 2;
 
@@ -1654,7 +1656,7 @@ cn10k_cryptodev_sec_rx_inject_configure(void *device, 
uint16_t port_id, bool ena
if (ret)
return -ENOTSUP;
 
-   RTE_SET_USED(enable);
+   roc_idev_nix_rx_inject_set(port_id, enable);
 
return 0;
 }
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c 
b/drivers/crypto/cnxk/cn10k_ipsec.c
index 2d098fdd24..d08a1067ca 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -192,6 +192,9 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct 
roc_cpt_lf *lf,
sec_sess->is_outbound = false;
sec_sess->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, in_sa);
 
+   /* Save index/SPI in cookie, specific required for Rx Inject */
+   sa_dptr->w1.s.cookie = 0x;
+
/* pre-populate CPT INST word 4 */
inst_w4.u64 = 0;
inst_w4.s.opcode_major = ROC_IE_OT_MAJOR_OP_PROCESS_INBOUND_IPSEC | 
ROC_IE_OT_INPLACE_BIT;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h 
b/drivers/crypto/cnxk/cnxk_cryptodev.h
index 1ded8911a1..5d974690fc 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -20,6 +20,7 @@
 struct cnxk_cpt_vf {
struct roc_cpt_lmtline rx_inj_lmtline;
uint16_t rx_inj_pf_func;
+   uint16_t *rx_chan_base;
struct roc_cpt cpt;
struct rte_cryptodev_capabilities crypto_caps[CNXK_CPT_MAX_CAPS];
struct rte_cryptodev_capabilities
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c 
b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index cdcfa92e6d..04dbc67fc1 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -10,6 +10,7 @@
 #include "roc_ae_fpm_tables.h"
 #include "roc_cpt.h"
 #include "roc_errata.h"
+#include "roc_idev.h"
 #include "roc_ie_on.h"
 
 #include "cnxk_ae.h"
@@ -117,6 +118,7 @@ cnxk_cpt_dev_config(struct rte_cryptodev *dev, struct 
rte_cryptodev_config *conf
if (rte_security_dynfield_register() < 0)
return -ENOTSUP;
rxc_ena = true;
+   vf->rx_chan_base = roc_idev_nix_rx_chan_base_get();
}
 
ret = roc_cpt_dev_configure(roc_cpt, nb_lf, rxc_ena, vf->rx_inject_qp);
-- 
2.25.1

[PATCH v3 12/24] common/cnxk: update opad-ipad gen to handle TLS

[Anoob Joseph]

For TLS opcodes, ipad is at the offset 64 as compared to the packed
implementation for IPsec. Extend the function to handle TLS contexts as
well.

Signed-off-by: Anoob Joseph 
Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/common/cnxk/cnxk_security.c | 15 ---
 drivers/common/cnxk/cnxk_security.h |  3 ++-
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/drivers/common/cnxk/cnxk_security.c 
b/drivers/common/cnxk/cnxk_security.c
index 81991c4697..bdb04fe142 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -9,7 +9,8 @@
 #include "roc_api.h"
 
 void
-cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t 
*hmac_opad_ipad)
+cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t 
*hmac_opad_ipad,
+  bool is_tls)
 {
const uint8_t *key = auth_xform->auth.key.data;
uint32_t length = auth_xform->auth.key.length;
@@ -29,11 +30,11 @@ cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform 
*auth_xform, uint8_t *hmac_op
switch (auth_xform->auth.algo) {
case RTE_CRYPTO_AUTH_MD5_HMAC:
roc_hash_md5_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
-   roc_hash_md5_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]);
+   roc_hash_md5_gen(ipad, (uint32_t *)&hmac_opad_ipad[is_tls ? 64 
: 24]);
break;
case RTE_CRYPTO_AUTH_SHA1_HMAC:
roc_hash_sha1_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
-   roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]);
+   roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[is_tls ? 64 
: 24]);
break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
roc_hash_sha256_gen(opad, (uint32_t *)&hmac_opad_ipad[0], 256);
@@ -191,7 +192,7 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 
*w2,
const uint8_t *auth_key = auth_xfrm->auth.key.data;
roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
} else {
-   cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
+   cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad, 
false);
}
 
tmp_key = (uint64_t *)hmac_opad_ipad;
@@ -740,7 +741,7 @@ onf_ipsec_sa_common_param_fill(struct roc_ie_onf_sa_ctl 
*ctl, uint8_t *salt,
key = cipher_xfrm->cipher.key.data;
length = cipher_xfrm->cipher.key.length;
 
-   cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
+   cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad, false);
}
 
switch (length) {
@@ -1373,7 +1374,7 @@ cnxk_on_ipsec_outb_sa_create(struct 
rte_security_ipsec_xform *ipsec,
 
roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
} else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) {
-   cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad);
+   cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad, 
false);
}
}
 
@@ -1440,7 +1441,7 @@ cnxk_on_ipsec_inb_sa_create(struct 
rte_security_ipsec_xform *ipsec,
 
roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
} else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) {
-   cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad);
+   cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad, 
false);
}
}
 
diff --git a/drivers/common/cnxk/cnxk_security.h 
b/drivers/common/cnxk/cnxk_security.h
index fabf694df4..86ec657cb0 100644
--- a/drivers/common/cnxk/cnxk_security.h
+++ b/drivers/common/cnxk/cnxk_security.h
@@ -70,6 +70,7 @@ int __roc_api cnxk_on_ipsec_outb_sa_create(struct 
rte_security_ipsec_xform *ipse
   struct roc_ie_on_outb_sa *out_sa);
 
 __rte_internal
-void cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t 
*hmac_opad_ipad);
+void cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t 
*hmac_opad_ipad,
+   bool is_tls);
 
 #endif /* _CNXK_SECURITY_H__ */
-- 
2.25.1

[PATCH v3 13/24] common/cnxk: add TLS record contexts

[Anoob Joseph]

Add TLS record read and write contexts.

Signed-off-by: Anoob Joseph 
Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/common/cnxk/roc_cpt.h   |   4 +-
 drivers/common/cnxk/roc_ie_ot_tls.h | 199 
 drivers/common/cnxk/roc_se.h|  11 ++
 3 files changed, 211 insertions(+), 3 deletions(-)
 create mode 100644 drivers/common/cnxk/roc_ie_ot_tls.h

diff --git a/drivers/common/cnxk/roc_cpt.h b/drivers/common/cnxk/roc_cpt.h
index 9d1173d88a..7ad89bf243 100644
--- a/drivers/common/cnxk/roc_cpt.h
+++ b/drivers/common/cnxk/roc_cpt.h
@@ -55,6 +55,7 @@
 #define ROC_CPT_AES_CBC_IV_LEN 16
 #define ROC_CPT_SHA1_HMAC_LEN  12
 #define ROC_CPT_SHA2_HMAC_LEN  16
+#define ROC_CPT_DES_IV_LEN 8
 
 #define ROC_CPT_DES3_KEY_LEN   24
 #define ROC_CPT_AES128_KEY_LEN 16
@@ -71,9 +72,6 @@
 #define ROC_CPT_DES_BLOCK_LENGTH 8
 #define ROC_CPT_AES_BLOCK_LENGTH 16
 
-#define ROC_CPT_AES_GCM_ROUNDUP_BYTE_LEN 4
-#define ROC_CPT_AES_CBC_ROUNDUP_BYTE_LEN 16
-
 /* Salt length for AES-CTR/GCM/CCM and AES-GMAC */
 #define ROC_CPT_SALT_LEN 4
 
diff --git a/drivers/common/cnxk/roc_ie_ot_tls.h 
b/drivers/common/cnxk/roc_ie_ot_tls.h
new file mode 100644
index 00..206c3104e6
--- /dev/null
+++ b/drivers/common/cnxk/roc_ie_ot_tls.h
@@ -0,0 +1,199 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2024 Marvell.
+ */
+
+#ifndef __ROC_IE_OT_TLS_H__
+#define __ROC_IE_OT_TLS_H__
+
+#include "roc_platform.h"
+
+#define ROC_IE_OT_TLS_CTX_ILEN  1
+#define ROC_IE_OT_TLS_CTX_HDR_SIZE  1
+#define ROC_IE_OT_TLS_AR_WIN_SIZE_MAX   4096
+#define ROC_IE_OT_TLS_LOG_MIN_AR_WIN_SIZE_M1 5
+
+/* u64 array size to fit anti replay window bits */
+#define ROC_IE_OT_TLS_AR_WINBITS_SZ
\
+   (PLT_ALIGN_CEIL(ROC_IE_OT_TLS_AR_WIN_SIZE_MAX, BITS_PER_LONG_LONG) / 
BITS_PER_LONG_LONG)
+
+/* CN10K TLS opcodes */
+#define ROC_IE_OT_TLS_MAJOR_OP_RECORD_ENC 0x16UL
+#define ROC_IE_OT_TLS_MAJOR_OP_RECORD_DEC 0x17UL
+
+#define ROC_IE_OT_TLS_CTX_MAX_OPAD_IPAD_LEN 128
+#define ROC_IE_OT_TLS_CTX_MAX_KEY_IV_LEN48
+#define ROC_IE_OT_TLS_CTX_MAX_IV_LEN   16
+
+enum roc_ie_ot_tls_mac_type {
+   ROC_IE_OT_TLS_MAC_MD5 = 1,
+   ROC_IE_OT_TLS_MAC_SHA1 = 2,
+   ROC_IE_OT_TLS_MAC_SHA2_256 = 4,
+   ROC_IE_OT_TLS_MAC_SHA2_384 = 5,
+   ROC_IE_OT_TLS_MAC_SHA2_512 = 6,
+};
+
+enum roc_ie_ot_tls_cipher_type {
+   ROC_IE_OT_TLS_CIPHER_3DES = 1,
+   ROC_IE_OT_TLS_CIPHER_AES_CBC = 3,
+   ROC_IE_OT_TLS_CIPHER_AES_GCM = 7,
+   ROC_IE_OT_TLS_CIPHER_AES_CCM = 10,
+};
+
+enum roc_ie_ot_tls_ver {
+   ROC_IE_OT_TLS_VERSION_TLS_12 = 1,
+   ROC_IE_OT_TLS_VERSION_DTLS_12 = 2,
+};
+
+enum roc_ie_ot_tls_aes_key_len {
+   ROC_IE_OT_TLS_AES_KEY_LEN_128 = 1,
+   ROC_IE_OT_TLS_AES_KEY_LEN_256 = 3,
+};
+
+enum {
+   ROC_IE_OT_TLS_IV_SRC_DEFAULT = 0,
+   ROC_IE_OT_TLS_IV_SRC_FROM_SA = 1,
+};
+
+struct roc_ie_ot_tls_read_ctx_update_reg {
+   uint64_t ar_base;
+   uint64_t ar_valid_mask;
+   uint64_t hard_life;
+   uint64_t soft_life;
+   uint64_t mib_octs;
+   uint64_t mib_pkts;
+   uint64_t ar_winbits[ROC_IE_OT_TLS_AR_WINBITS_SZ];
+};
+
+union roc_ie_ot_tls_param2 {
+   uint16_t u16;
+   struct {
+   uint8_t msg_type;
+   uint8_t rsvd;
+   } s;
+};
+
+struct roc_ie_ot_tls_read_sa {
+   /* Word0 */
+   union {
+   struct {
+   uint64_t ar_win : 3;
+   uint64_t hard_life_dec : 1;
+   uint64_t soft_life_dec : 1;
+   uint64_t count_glb_octets : 1;
+   uint64_t count_glb_pkts : 1;
+   uint64_t count_mib_bytes : 1;
+
+   uint64_t count_mib_pkts : 1;
+   uint64_t hw_ctx_off : 7;
+
+   uint64_t ctx_id : 16;
+
+   uint64_t orig_pkt_fabs : 1;
+   uint64_t orig_pkt_free : 1;
+   uint64_t pkind : 6;
+
+   uint64_t rsvd0 : 1;
+   uint64_t et_ovrwr : 1;
+   uint64_t pkt_output : 2;
+   uint64_t pkt_format : 1;
+   uint64_t defrag_opt : 2;
+   uint64_t x2p_dst : 1;
+
+   uint64_t ctx_push_size : 7;
+   uint64_t rsvd1 : 1;
+
+   uint64_t ctx_hdr_size : 2;
+   uint64_t aop_valid : 1;
+   uint64_t rsvd2 : 1;
+   uint64_t ctx_size : 4;
+   } s;
+   uint64_t u64;
+   } w0;
+
+   /* Word1 */
+   uint64_t w1_rsvd3;
+
+   /* Word2 */
+   union {
+   struct {
+   uint64_t version_select : 4;
+   uint64_t aes_key_len : 2;
+   uint64_t cipher_select : 4;
+   

[PATCH v3 15/24] crypto/cnxk: add TLS record session ops

[Anoob Joseph]

From: Vidya Sagar Velumuri 

Add TLS record session ops for creating and destroying security
sessions. Add support for both read and write sessions.

Signed-off-by: Anoob Joseph 
Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn10k_cryptodev_sec.h |   8 +
 drivers/crypto/cnxk/cn10k_tls.c   | 758 ++
 drivers/crypto/cnxk/cn10k_tls.h   |  35 +
 drivers/crypto/cnxk/meson.build   |   1 +
 4 files changed, 802 insertions(+)
 create mode 100644 drivers/crypto/cnxk/cn10k_tls.c
 create mode 100644 drivers/crypto/cnxk/cn10k_tls.h

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h 
b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h
index 016fa112e1..703e71475a 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h
@@ -11,6 +11,7 @@
 #include "roc_cpt.h"
 
 #include "cn10k_ipsec.h"
+#include "cn10k_tls.h"
 
 struct cn10k_sec_session {
struct rte_security_session rte_sess;
@@ -28,6 +29,12 @@ struct cn10k_sec_session {
uint8_t ip_csum;
bool is_outbound;
} ipsec;
+   struct {
+   uint8_t enable_padding : 1;
+   uint8_t hdr_len : 4;
+   uint8_t rvsd : 3;
+   bool is_write;
+   } tls;
};
/** Queue pair */
struct cnxk_cpt_qp *qp;
@@ -39,6 +46,7 @@ struct cn10k_sec_session {
 */
union {
struct cn10k_ipsec_sa sa;
+   struct cn10k_tls_record tls_rec;
};
 } __rte_aligned(ROC_ALIGN);
 
diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c
new file mode 100644
index 00..afcf7ba6f1
--- /dev/null
+++ b/drivers/crypto/cnxk/cn10k_tls.c
@@ -0,0 +1,758 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2024 Marvell.
+ */
+
+#include 
+#include 
+#include 
+
+#include 
+
+#include "roc_cpt.h"
+#include "roc_se.h"
+
+#include "cn10k_cryptodev_sec.h"
+#include "cn10k_tls.h"
+#include "cnxk_cryptodev.h"
+#include "cnxk_cryptodev_ops.h"
+#include "cnxk_security.h"
+
+static int
+tls_xform_cipher_verify(struct rte_crypto_sym_xform *crypto_xform)
+{
+   enum rte_crypto_cipher_algorithm c_algo = crypto_xform->cipher.algo;
+   uint16_t keylen = crypto_xform->cipher.key.length;
+
+   if (((c_algo == RTE_CRYPTO_CIPHER_NULL) && (keylen == 0)) ||
+   ((c_algo == RTE_CRYPTO_CIPHER_3DES_CBC) && (keylen == 24)) ||
+   ((c_algo == RTE_CRYPTO_CIPHER_AES_CBC) && ((keylen == 16) || 
(keylen == 32
+   return 0;
+
+   return -EINVAL;
+}
+
+static int
+tls_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform)
+{
+   enum rte_crypto_auth_algorithm a_algo = crypto_xform->auth.algo;
+   uint16_t keylen = crypto_xform->auth.key.length;
+
+   if (((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) && (keylen == 16)) ||
+   ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) && (keylen == 20)) ||
+   ((a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) && (keylen == 32)))
+   return 0;
+
+   return -EINVAL;
+}
+
+static int
+tls_xform_aead_verify(struct rte_security_tls_record_xform *tls_xform,
+ struct rte_crypto_sym_xform *crypto_xform)
+{
+   uint16_t keylen = crypto_xform->aead.key.length;
+
+   if (tls_xform->type == RTE_SECURITY_TLS_SESS_TYPE_WRITE &&
+   crypto_xform->aead.op != RTE_CRYPTO_AEAD_OP_ENCRYPT)
+   return -EINVAL;
+
+   if (tls_xform->type == RTE_SECURITY_TLS_SESS_TYPE_READ &&
+   crypto_xform->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT)
+   return -EINVAL;
+
+   if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
+   if ((keylen == 16) || (keylen == 32))
+   return 0;
+   }
+
+   return -EINVAL;
+}
+
+static int
+cnxk_tls_xform_verify(struct rte_security_tls_record_xform *tls_xform,
+ struct rte_crypto_sym_xform *crypto_xform)
+{
+   struct rte_crypto_sym_xform *auth_xform, *cipher_xform = NULL;
+   int ret = 0;
+
+   if ((tls_xform->ver != RTE_SECURITY_VERSION_TLS_1_2) &&
+   (tls_xform->ver != RTE_SECURITY_VERSION_DTLS_1_2))
+   return -EINVAL;
+
+   if ((tls_xform->type != RTE_SECURITY_TLS_SESS_TYPE_READ) &&
+   (tls_xform->type != RTE_SECURITY_TLS_SESS_TYPE_WRITE))
+   return -EINVAL;
+
+   if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+   return tls_xform_aead_verify(tls_xform, crypto_xform);
+
+   if (tls_xform->type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) {
+   /* Egress */
+
+   /* First should be for auth in Egress */
+   if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AUTH)
+   return -EINVAL;
+
+   /* Next if present, should be for cipher in Egress */
+   if ((crypto_xform->next != NULL) &&

[PATCH v3 11/24] crypto/cnxk: rename security caps as IPsec security caps

[Anoob Joseph]

From: Vidya Sagar Velumuri 

Security capabilities would vary between IPsec and other new offloads.
Rename existing security caps to indicate that they are IPsec specific
ones.

Rename and change the scope of common functions, inorder to avoid code
duplication. These functions can be used by both IPsec and TLS

Signed-off-by: Anoob Joseph 
Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/common/cnxk/cnxk_security.c   | 13 ++--
 drivers/common/cnxk/cnxk_security.h   | 17 +++--
 drivers/common/cnxk/version.map   |  1 +
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 18 -
 drivers/crypto/cnxk/cn10k_ipsec.c | 46 +++-
 drivers/crypto/cnxk/cn10k_ipsec.h |  9 ++-
 drivers/crypto/cnxk/cn10k_ipsec_la_ops.h  | 18 ++---
 drivers/crypto/cnxk/cn9k_ipsec_la_ops.h   |  8 +-
 drivers/crypto/cnxk/cnxk_cryptodev.h  | 10 +--
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 73 ++-
 drivers/crypto/cnxk/cnxk_sg.h |  4 +-
 11 files changed, 123 insertions(+), 94 deletions(-)

diff --git a/drivers/common/cnxk/cnxk_security.c 
b/drivers/common/cnxk/cnxk_security.c
index a8c3ba90cd..81991c4697 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -8,9 +8,8 @@
 
 #include "roc_api.h"
 
-static void
-ipsec_hmac_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform,
-uint8_t *hmac_opad_ipad)
+void
+cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t 
*hmac_opad_ipad)
 {
const uint8_t *key = auth_xform->auth.key.data;
uint32_t length = auth_xform->auth.key.length;
@@ -192,7 +191,7 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 
*w2,
const uint8_t *auth_key = auth_xfrm->auth.key.data;
roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
} else {
-   ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
+   cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
}
 
tmp_key = (uint64_t *)hmac_opad_ipad;
@@ -741,7 +740,7 @@ onf_ipsec_sa_common_param_fill(struct roc_ie_onf_sa_ctl 
*ctl, uint8_t *salt,
key = cipher_xfrm->cipher.key.data;
length = cipher_xfrm->cipher.key.length;
 
-   ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
+   cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
}
 
switch (length) {
@@ -1374,7 +1373,7 @@ cnxk_on_ipsec_outb_sa_create(struct 
rte_security_ipsec_xform *ipsec,
 
roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
} else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) {
-   ipsec_hmac_opad_ipad_gen(auth_xform, hmac_opad_ipad);
+   cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad);
}
}
 
@@ -1441,7 +1440,7 @@ cnxk_on_ipsec_inb_sa_create(struct 
rte_security_ipsec_xform *ipsec,
 
roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
} else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) {
-   ipsec_hmac_opad_ipad_gen(auth_xform, hmac_opad_ipad);
+   cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad);
}
}
 
diff --git a/drivers/common/cnxk/cnxk_security.h 
b/drivers/common/cnxk/cnxk_security.h
index 2277ce9144..fabf694df4 100644
--- a/drivers/common/cnxk/cnxk_security.h
+++ b/drivers/common/cnxk/cnxk_security.h
@@ -61,14 +61,15 @@ bool __roc_api cnxk_onf_ipsec_inb_sa_valid(struct 
roc_onf_ipsec_inb_sa *sa);
 bool __roc_api cnxk_onf_ipsec_outb_sa_valid(struct roc_onf_ipsec_outb_sa *sa);
 
 /* [CN9K] */
-int __roc_api
-cnxk_on_ipsec_inb_sa_create(struct rte_security_ipsec_xform *ipsec,
-   struct rte_crypto_sym_xform *crypto_xform,
-   struct roc_ie_on_inb_sa *in_sa);
+int __roc_api cnxk_on_ipsec_inb_sa_create(struct rte_security_ipsec_xform 
*ipsec,
+ struct rte_crypto_sym_xform 
*crypto_xform,
+ struct roc_ie_on_inb_sa *in_sa);
 
-int __roc_api
-cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipsec,
-struct rte_crypto_sym_xform *crypto_xform,
-struct roc_ie_on_outb_sa *out_sa);
+int __roc_api cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform 
*ipsec,
+  struct rte_crypto_sym_xform 
*crypto_xform,
+  struct roc_ie_on_outb_sa *out_sa);
+
+__rte_internal
+void cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t 
*hmac_opad_ipad);
 
 #endif /* _CNXK_SECURITY_H__ */
diff --git a/drivers/common/cnxk/version.map b/drivers/common/cnxk/version.map
index f84382c401..15fd5710d2 100644

[PATCH v3 17/24] crypto/cnxk: add TLS capability

[Anoob Joseph]

From: Vidya Sagar Velumuri 

Add TLS 1.2 record read and write capability.
Add DTLS 1.2 record read and write capability.

Signed-off-by: Anoob Joseph 
Signed-off-by: Vidya Sagar Velumuri 
---
 doc/guides/rel_notes/release_24_03.rst|   2 +
 drivers/common/cnxk/hw/cpt.h  |   3 +-
 drivers/crypto/cnxk/cnxk_cryptodev.h  |  12 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 210 ++
 4 files changed, 223 insertions(+), 4 deletions(-)

diff --git a/doc/guides/rel_notes/release_24_03.rst 
b/doc/guides/rel_notes/release_24_03.rst
index eb63728cfd..1fd87500ab 100644
--- a/doc/guides/rel_notes/release_24_03.rst
+++ b/doc/guides/rel_notes/release_24_03.rst
@@ -58,6 +58,8 @@ New Features
 * **Updated Marvell cnxk crypto driver.**
 
   * Added support for Rx inject in crypto_cn10k.
+  * Added support for TLS record processing in crypto_cn10k. Supports TLS 1.2
+and DTLS 1.2.
 
 
 Removed Items
diff --git a/drivers/common/cnxk/hw/cpt.h b/drivers/common/cnxk/hw/cpt.h
index edab8a5d83..2620965606 100644
--- a/drivers/common/cnxk/hw/cpt.h
+++ b/drivers/common/cnxk/hw/cpt.h
@@ -80,7 +80,8 @@ union cpt_eng_caps {
uint64_t __io sg_ver2 : 1;
uint64_t __io sm2 : 1;
uint64_t __io pdcp_chain_zuc256 : 1;
-   uint64_t __io reserved_38_63 : 26;
+   uint64_t __io tls : 1;
+   uint64_t __io reserved_39_63 : 25;
};
 };
 
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h 
b/drivers/crypto/cnxk/cnxk_cryptodev.h
index 6f21d91812..45d01b94b3 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -11,9 +11,11 @@
 #include "roc_ae.h"
 #include "roc_cpt.h"
 
-#define CNXK_CPT_MAX_CAPS 55
-#define CNXK_SEC_IPSEC_CRYPTO_MAX_CAPS 16
-#define CNXK_SEC_MAX_CAPS 9
+#define CNXK_CPT_MAX_CAPS   55
+#define CNXK_SEC_IPSEC_CRYPTO_MAX_CAPS  16
+#define CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS 2
+#define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 6
+#define CNXK_SEC_MAX_CAPS   17
 
 /**
  * Device private data
@@ -25,6 +27,10 @@ struct cnxk_cpt_vf {
struct roc_cpt cpt;
struct rte_cryptodev_capabilities crypto_caps[CNXK_CPT_MAX_CAPS];
struct rte_cryptodev_capabilities 
sec_ipsec_crypto_caps[CNXK_SEC_IPSEC_CRYPTO_MAX_CAPS];
+   struct rte_cryptodev_capabilities 
sec_tls_1_3_crypto_caps[CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS];
+   struct rte_cryptodev_capabilities 
sec_tls_1_2_crypto_caps[CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS];
+   struct rte_cryptodev_capabilities
+   sec_dtls_1_2_crypto_caps[CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS];
struct rte_security_capability sec_caps[CNXK_SEC_MAX_CAPS];
uint64_t cnxk_fpm_iova[ROC_AE_EC_ID_PMAX];
struct roc_ae_ec_group *ec_grp[ROC_AE_EC_ID_PMAX];
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c 
b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 178f510a63..73100377d9 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -30,6 +30,16 @@
  RTE_DIM(sec_ipsec_caps_##name)); \
} while (0)
 
+#define SEC_TLS12_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, name)  
\
+   do {   \
+   if ((hw_caps[CPT_ENG_TYPE_SE].name) || \
+   (hw_caps[CPT_ENG_TYPE_IE].name) || \
+   (hw_caps[CPT_ENG_TYPE_AE].name))   \
+   sec_tls12_caps_add(cnxk_caps, cur_pos, \
+  sec_tls12_caps_##name,   
\
+  RTE_DIM(sec_tls12_caps_##name)); 
\
+   } while (0)
+
 static const struct rte_cryptodev_capabilities caps_mul[] = {
{   /* RSA */
.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
@@ -1502,6 +1512,125 @@ static const struct rte_cryptodev_capabilities 
sec_ipsec_caps_null[] = {
},
 };
 
+static const struct rte_cryptodev_capabilities sec_tls12_caps_aes[] = {
+   {   /* AES GCM */
+   .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+   {.sym = {
+   .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+   {.aead = {
+   .algo = RTE_CRYPTO_AEAD_AES_GCM,
+   .block_size = 16,
+   .key_size = {
+   .min = 16,
+   .max = 32,
+   .increment = 16
+   },
+   .digest_size = {
+   .min = 16,
+   .max = 16,
+   .i

[PATCH v3 14/24] crypto/cnxk: separate IPsec from security common code

[Anoob Joseph]

The current structs and functions assume only IPsec offload. Separate it
out to allow for addition of TLS.

Signed-off-by: Anoob Joseph 
Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn10k_cryptodev.c |   2 +-
 drivers/crypto/cnxk/cn10k_cryptodev_sec.c | 127 ++
 drivers/crypto/cnxk/cn10k_cryptodev_sec.h |  61 +++
 drivers/crypto/cnxk/cn10k_ipsec.c | 127 +++---
 drivers/crypto/cnxk/cn10k_ipsec.h |  45 +++-
 drivers/crypto/cnxk/cn10k_ipsec_la_ops.h  |   1 +
 drivers/crypto/cnxk/meson.build   |   1 +
 7 files changed, 218 insertions(+), 146 deletions(-)
 create mode 100644 drivers/crypto/cnxk/cn10k_cryptodev_sec.c
 create mode 100644 drivers/crypto/cnxk/cn10k_cryptodev_sec.h

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev.c 
b/drivers/crypto/cnxk/cn10k_cryptodev.c
index 2fd4df3c5d..5ed918e18e 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev.c
@@ -12,7 +12,7 @@
 
 #include "cn10k_cryptodev.h"
 #include "cn10k_cryptodev_ops.h"
-#include "cn10k_ipsec.h"
+#include "cn10k_cryptodev_sec.h"
 #include "cnxk_cryptodev.h"
 #include "cnxk_cryptodev_capabilities.h"
 #include "cnxk_cryptodev_sec.h"
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_sec.c 
b/drivers/crypto/cnxk/cn10k_cryptodev_sec.c
new file mode 100644
index 00..12e53f18db
--- /dev/null
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_sec.c
@@ -0,0 +1,127 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2024 Marvell.
+ */
+
+#include 
+
+#include "cn10k_cryptodev_ops.h"
+#include "cn10k_cryptodev_sec.h"
+#include "cnxk_cryptodev_ops.h"
+
+static int
+cn10k_sec_session_create(void *dev, struct rte_security_session_conf *conf,
+struct rte_security_session *sess)
+{
+   struct rte_cryptodev *crypto_dev = dev;
+   struct cnxk_cpt_vf *vf;
+   struct cnxk_cpt_qp *qp;
+
+   if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
+   return -EINVAL;
+
+   qp = crypto_dev->data->queue_pairs[0];
+   if (qp == NULL) {
+   plt_err("Setup cryptodev queue pair before creating security 
session");
+   return -EPERM;
+   }
+
+   vf = crypto_dev->data->dev_private;
+
+   if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC) {
+   ((struct cn10k_sec_session *)sess)->userdata = conf->userdata;
+   return cn10k_ipsec_session_create(vf, qp, &conf->ipsec, 
conf->crypto_xform, sess);
+   }
+
+   return -ENOTSUP;
+}
+
+static int
+cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
+{
+   struct cn10k_sec_session *cn10k_sec_sess;
+   struct rte_cryptodev *crypto_dev = dev;
+   struct cnxk_cpt_qp *qp;
+
+   if (unlikely(sec_sess == NULL))
+   return -EINVAL;
+
+   qp = crypto_dev->data->queue_pairs[0];
+   if (unlikely(qp == NULL))
+   return -ENOTSUP;
+
+   cn10k_sec_sess = (struct cn10k_sec_session *)sec_sess;
+
+   if (cn10k_sec_sess->proto == RTE_SECURITY_PROTOCOL_IPSEC)
+   return cn10k_sec_ipsec_session_destroy(qp, cn10k_sec_sess);
+
+   return -EINVAL;
+}
+
+static unsigned int
+cn10k_sec_session_get_size(void *dev __rte_unused)
+{
+   return sizeof(struct cn10k_sec_session) - sizeof(struct 
rte_security_session);
+}
+
+static int
+cn10k_sec_session_stats_get(void *dev, struct rte_security_session *sec_sess,
+   struct rte_security_stats *stats)
+{
+   struct cn10k_sec_session *cn10k_sec_sess;
+   struct rte_cryptodev *crypto_dev = dev;
+   struct cnxk_cpt_qp *qp;
+
+   if (unlikely(sec_sess == NULL))
+   return -EINVAL;
+
+   qp = crypto_dev->data->queue_pairs[0];
+   if (unlikely(qp == NULL))
+   return -ENOTSUP;
+
+   cn10k_sec_sess = (struct cn10k_sec_session *)sec_sess;
+
+   if (cn10k_sec_sess->proto == RTE_SECURITY_PROTOCOL_IPSEC)
+   return cn10k_ipsec_stats_get(qp, cn10k_sec_sess, stats);
+
+   return -ENOTSUP;
+}
+
+static int
+cn10k_sec_session_update(void *dev, struct rte_security_session *sec_sess,
+struct rte_security_session_conf *conf)
+{
+   struct cn10k_sec_session *cn10k_sec_sess;
+   struct rte_cryptodev *crypto_dev = dev;
+   struct cnxk_cpt_qp *qp;
+   struct cnxk_cpt_vf *vf;
+
+   if (sec_sess == NULL)
+   return -EINVAL;
+
+   qp = crypto_dev->data->queue_pairs[0];
+   if (qp == NULL)
+   return -EINVAL;
+
+   vf = crypto_dev->data->dev_private;
+
+   cn10k_sec_sess = (struct cn10k_sec_session *)sec_sess;
+
+   if (cn10k_sec_sess->proto == RTE_SECURITY_PROTOCOL_IPSEC)
+   return cn10k_ipsec_session_update(vf, qp, cn10k_sec_sess, conf);
+
+   return -ENOTSUP;
+}
+
+/* Update platform specific security ops */
+void
+cn10k_sec_ops_override(void)
+{
+   /* Update platform

[PATCH v3 16/24] crypto/cnxk: add TLS record datapath handling

[Anoob Joseph]

From: Vidya Sagar Velumuri 

Add support for TLS record handling in datapath.

Signed-off-by: Anoob Joseph 
Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c |  57 +++-
 drivers/crypto/cnxk/cn10k_cryptodev_sec.c |   7 +
 drivers/crypto/cnxk/cn10k_tls_ops.h   | 322 ++
 3 files changed, 380 insertions(+), 6 deletions(-)
 create mode 100644 drivers/crypto/cnxk/cn10k_tls_ops.h

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 084c8d3a24..843a111b0e 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -20,11 +20,14 @@
 #include "roc_sso_dp.h"
 
 #include "cn10k_cryptodev.h"
-#include "cn10k_cryptodev_ops.h"
 #include "cn10k_cryptodev_event_dp.h"
+#include "cn10k_cryptodev_ops.h"
+#include "cn10k_cryptodev_sec.h"
 #include "cn10k_eventdev.h"
 #include "cn10k_ipsec.h"
 #include "cn10k_ipsec_la_ops.h"
+#include "cn10k_tls.h"
+#include "cn10k_tls_ops.h"
 #include "cnxk_ae.h"
 #include "cnxk_cryptodev.h"
 #include "cnxk_cryptodev_ops.h"
@@ -101,6 +104,18 @@ cpt_sec_ipsec_inst_fill(struct cnxk_cpt_qp *qp, struct 
rte_crypto_op *op,
return ret;
 }
 
+static __rte_always_inline int __rte_hot
+cpt_sec_tls_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
+ struct cn10k_sec_session *sess, struct cpt_inst_s *inst,
+ struct cpt_inflight_req *infl_req, const bool is_sg_ver2)
+{
+   if (sess->tls.is_write)
+   return process_tls_write(&qp->lf, op, sess, &qp->meta_info, 
infl_req, inst,
+is_sg_ver2);
+   else
+   return process_tls_read(op, sess, &qp->meta_info, infl_req, 
inst, is_sg_ver2);
+}
+
 static __rte_always_inline int __rte_hot
 cpt_sec_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, struct 
cn10k_sec_session *sess,
  struct cpt_inst_s *inst, struct cpt_inflight_req *infl_req, 
const bool is_sg_ver2)
@@ -108,6 +123,8 @@ cpt_sec_inst_fill(struct cnxk_cpt_qp *qp, struct 
rte_crypto_op *op, struct cn10k
 
if (sess->proto == RTE_SECURITY_PROTOCOL_IPSEC)
return cpt_sec_ipsec_inst_fill(qp, op, sess, &inst[0], 
infl_req, is_sg_ver2);
+   else if (sess->proto == RTE_SECURITY_PROTOCOL_TLS_RECORD)
+   return cpt_sec_tls_inst_fill(qp, op, sess, &inst[0], infl_req, 
is_sg_ver2);
 
return 0;
 }
@@ -812,7 +829,7 @@ cn10k_cpt_sg_ver2_crypto_adapter_enqueue(void *ws, struct 
rte_event ev[], uint16
 }
 
 static inline void
-cn10k_cpt_sec_post_process(struct rte_crypto_op *cop, struct cpt_cn10k_res_s 
*res)
+cn10k_cpt_ipsec_post_process(struct rte_crypto_op *cop, struct cpt_cn10k_res_s 
*res)
 {
struct rte_mbuf *mbuf = cop->sym->m_src;
const uint16_t m_len = res->rlen;
@@ -849,10 +866,38 @@ cn10k_cpt_sec_post_process(struct rte_crypto_op *cop, 
struct cpt_cn10k_res_s *re
 }
 
 static inline void
-cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
-  struct rte_crypto_op *cop,
-  struct cpt_inflight_req *infl_req,
-  struct cpt_cn10k_res_s *res)
+cn10k_cpt_tls_post_process(struct rte_crypto_op *cop, struct cpt_cn10k_res_s 
*res)
+{
+   struct rte_mbuf *mbuf = cop->sym->m_src;
+   const uint16_t m_len = res->rlen;
+
+   if (!res->uc_compcode) {
+   if (mbuf->next == NULL)
+   mbuf->data_len = m_len;
+   mbuf->pkt_len = m_len;
+   } else {
+   cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+   cop->aux_flags = res->uc_compcode;
+   plt_err("crypto op failed with UC compcode: 0x%x", 
res->uc_compcode);
+   }
+}
+
+static inline void
+cn10k_cpt_sec_post_process(struct rte_crypto_op *cop, struct cpt_cn10k_res_s 
*res)
+{
+   struct rte_crypto_sym_op *sym_op = cop->sym;
+   struct cn10k_sec_session *sess;
+
+   sess = sym_op->session;
+   if (sess->proto == RTE_SECURITY_PROTOCOL_IPSEC)
+   cn10k_cpt_ipsec_post_process(cop, res);
+   else if (sess->proto == RTE_SECURITY_PROTOCOL_TLS_RECORD)
+   cn10k_cpt_tls_post_process(cop, res);
+}
+
+static inline void
+cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op 
*cop,
+  struct cpt_inflight_req *infl_req, struct 
cpt_cn10k_res_s *res)
 {
const uint8_t uc_compcode = res->uc_compcode;
const uint8_t compcode = res->compcode;
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_sec.c 
b/drivers/crypto/cnxk/cn10k_cryptodev_sec.c
index 12e53f18db..cb013986c4 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_sec.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_sec.c
@@ -32,6 +32,10 @@ cn10k_sec_session_create(void *dev, struct 
rte_security_session_conf *conf,
return cn10k_ipsec_session_create(vf, qp, &conf->ipsec, 
conf->c

[PATCH v3 18/24] crypto/cnxk: add PMD APIs for raw submission to CPT

[Anoob Joseph]

Add PMD APIs to allow applications to directly submit CPT instructions
to hardware.

Signed-off-by: Anoob Joseph 
---
 doc/api/doxy-api-index.md |  1 +
 doc/api/doxy-api.conf.in  |  1 +
 doc/guides/rel_notes/release_24_03.rst|  1 +
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 75 -
 drivers/crypto/cnxk/cn10k_cryptodev_ops.h |  3 +
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c  | 56 -
 drivers/crypto/cnxk/cn9k_cryptodev_ops.h  | 62 ++
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c  | 99 +++
 drivers/crypto/cnxk/meson.build   |  2 +-
 drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h | 46 +++
 10 files changed, 252 insertions(+), 94 deletions(-)
 create mode 100644 drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h

diff --git a/doc/api/doxy-api-index.md b/doc/api/doxy-api-index.md
index a6a768bd7c..69f1a54511 100644
--- a/doc/api/doxy-api-index.md
+++ b/doc/api/doxy-api-index.md
@@ -49,6 +49,7 @@ The public API headers are grouped by topics:
   [iavf](@ref rte_pmd_iavf.h),
   [bnxt](@ref rte_pmd_bnxt.h),
   [cnxk](@ref rte_pmd_cnxk.h),
+  [cnxk_crypto](@ref rte_pmd_cnxk_crypto.h),
   [cnxk_eventdev](@ref rte_pmd_cnxk_eventdev.h),
   [cnxk_mempool](@ref rte_pmd_cnxk_mempool.h),
   [dpaa](@ref rte_pmd_dpaa.h),
diff --git a/doc/api/doxy-api.conf.in b/doc/api/doxy-api.conf.in
index e94c9e4e46..6d11de580e 100644
--- a/doc/api/doxy-api.conf.in
+++ b/doc/api/doxy-api.conf.in
@@ -6,6 +6,7 @@ PROJECT_NUMBER  = @VERSION@
 USE_MDFILE_AS_MAINPAGE  = @TOPDIR@/doc/api/doxy-api-index.md
 INPUT   = @TOPDIR@/doc/api/doxy-api-index.md \
   @TOPDIR@/drivers/bus/vdev \
+  @TOPDIR@/drivers/crypto/cnxk \
   @TOPDIR@/drivers/crypto/scheduler \
   @TOPDIR@/drivers/dma/dpaa2 \
   @TOPDIR@/drivers/event/dlb2 \
diff --git a/doc/guides/rel_notes/release_24_03.rst 
b/doc/guides/rel_notes/release_24_03.rst
index 1fd87500ab..8fc6e9fb6d 100644
--- a/doc/guides/rel_notes/release_24_03.rst
+++ b/doc/guides/rel_notes/release_24_03.rst
@@ -60,6 +60,7 @@ New Features
   * Added support for Rx inject in crypto_cn10k.
   * Added support for TLS record processing in crypto_cn10k. Supports TLS 1.2
 and DTLS 1.2.
+  * Added PMD API to allow raw submission of instructions to CPT.
 
 
 Removed Items
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 843a111b0e..9f4be20ff5 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -34,13 +34,12 @@
 #include "cnxk_eventdev.h"
 #include "cnxk_se.h"
 
-#define PKTS_PER_LOOP  32
-#define PKTS_PER_STEORL 16
+#include "rte_pmd_cnxk_crypto.h"
 
 /* Holds information required to send crypto operations in one burst */
 struct ops_burst {
-   struct rte_crypto_op *op[PKTS_PER_LOOP];
-   uint64_t w2[PKTS_PER_LOOP];
+   struct rte_crypto_op *op[CN10K_PKTS_PER_LOOP];
+   uint64_t w2[CN10K_PKTS_PER_LOOP];
struct cn10k_sso_hws *ws;
struct cnxk_cpt_qp *qp;
uint16_t nb_ops;
@@ -252,7 +251,7 @@ cn10k_cpt_enqueue_burst(void *qptr, struct rte_crypto_op 
**ops, uint16_t nb_ops,
goto pend_q_commit;
}
 
-   for (i = 0; i < RTE_MIN(PKTS_PER_LOOP, nb_ops); i++) {
+   for (i = 0; i < RTE_MIN(CN10K_PKTS_PER_LOOP, nb_ops); i++) {
infl_req = &pend_q->req_queue[head];
infl_req->op_flags = 0;
 
@@ -267,23 +266,21 @@ cn10k_cpt_enqueue_burst(void *qptr, struct rte_crypto_op 
**ops, uint16_t nb_ops,
pending_queue_advance(&head, pq_mask);
}
 
-   if (i > PKTS_PER_STEORL) {
-   lmt_arg = ROC_CN10K_CPT_LMT_ARG | (PKTS_PER_STEORL - 1) << 12 |
+   if (i > CN10K_PKTS_PER_STEORL) {
+   lmt_arg = ROC_CN10K_CPT_LMT_ARG | (CN10K_PKTS_PER_STEORL - 1) 
<< 12 |
  (uint64_t)lmt_id;
roc_lmt_submit_steorl(lmt_arg, io_addr);
-   lmt_arg = ROC_CN10K_CPT_LMT_ARG |
- (i - PKTS_PER_STEORL - 1) << 12 |
- (uint64_t)(lmt_id + PKTS_PER_STEORL);
+   lmt_arg = ROC_CN10K_CPT_LMT_ARG | (i - CN10K_PKTS_PER_STEORL - 
1) << 12 |
+ (uint64_t)(lmt_id + CN10K_PKTS_PER_STEORL);
roc_lmt_submit_steorl(lmt_arg, io_addr);
} else {
-   lmt_arg = ROC_CN10K_CPT_LMT_ARG | (i - 1) << 12 |
- (uint64_t)lmt_id;
+   lmt_arg = ROC_CN10K_CPT_LMT_ARG | (i - 1) << 12 | 
(uint64_t)lmt_id;
roc_lmt_submit_steorl(lmt_arg, io_addr);
}
 
rte_io_wmb();
 
-   if (nb_ops - i > 0 && i == PKTS_PER_LOOP) {
+   if (nb_ops - i > 0 && i == CN10K_PKTS_PER_LOOP) {
nb_ops -= i;
ops += i;
count += i;
@@ -487,7 +484,7 @@ cn10k_cpt

[PATCH v3 19/24] crypto/cnxk: replace PDCP with PDCP chain opcode

[Anoob Joseph]

From: Tejasree Kondoj 

Replacing PDCP opcode with PDCP chain opcode.

Signed-off-by: Tejasree Kondoj 
---
 drivers/common/cnxk/roc_se.c  | 331 +-
 drivers/common/cnxk/roc_se.h  |  18 +-
 drivers/crypto/cnxk/cnxk_se.h |  96 +-
 3 files changed, 135 insertions(+), 310 deletions(-)

diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c
index 6ced4ef789..4e00268149 100644
--- a/drivers/common/cnxk/roc_se.c
+++ b/drivers/common/cnxk/roc_se.c
@@ -88,13 +88,20 @@ cpt_ciph_type_set(roc_se_cipher_type type, struct 
roc_se_ctx *ctx, uint16_t key_
fc_type = ROC_SE_FC_GEN;
break;
case ROC_SE_ZUC_EEA3:
-   if (chained_op) {
-   if (unlikely(key_len != 16))
+   if (unlikely(key_len != 16)) {
+   /*
+* ZUC 256 is not supported with older microcode
+* where pdcp_iv_offset is 16
+*/
+   if (chained_op || (ctx->pdcp_iv_offset == 16)) {
+   plt_err("ZUC 256 is not supported with chained 
operations");
return -1;
+   }
+   }
+   if (chained_op)
fc_type = ROC_SE_PDCP_CHAIN;
-   } else {
+   else
fc_type = ROC_SE_PDCP;
-   }
break;
case ROC_SE_SNOW3G_UEA2:
if (unlikely(key_len != 16))
@@ -197,33 +204,6 @@ cpt_hmac_opad_ipad_gen(roc_se_auth_type auth_type, const 
uint8_t *key, uint16_t
}
 }
 
-static int
-cpt_pdcp_key_type_set(struct roc_se_zuc_snow3g_ctx *zs_ctx, uint16_t key_len)
-{
-   roc_se_aes_type key_type = 0;
-
-   if (roc_model_is_cn9k()) {
-   if (key_len != 16) {
-   plt_err("Only key len 16 is supported on cn9k");
-   return -ENOTSUP;
-   }
-   }
-
-   switch (key_len) {
-   case 16:
-   key_type = ROC_SE_AES_128_BIT;
-   break;
-   case 32:
-   key_type = ROC_SE_AES_256_BIT;
-   break;
-   default:
-   plt_err("Invalid AES key len");
-   return -ENOTSUP;
-   }
-   zs_ctx->zuc.otk_ctx.w0.s.key_len = key_type;
-   return 0;
-}
-
 static int
 cpt_pdcp_chain_key_type_get(uint16_t key_len)
 {
@@ -247,36 +227,6 @@ cpt_pdcp_chain_key_type_get(uint16_t key_len)
return key_type;
 }
 
-static int
-cpt_pdcp_mac_len_set(struct roc_se_zuc_snow3g_ctx *zs_ctx, uint16_t mac_len)
-{
-   roc_se_pdcp_mac_len_type mac_type = 0;
-
-   if (roc_model_is_cn9k()) {
-   if (mac_len != 4) {
-   plt_err("Only mac len 4 is supported on cn9k");
-   return -ENOTSUP;
-   }
-   }
-
-   switch (mac_len) {
-   case 4:
-   mac_type = ROC_SE_PDCP_MAC_LEN_32_BIT;
-   break;
-   case 8:
-   mac_type = ROC_SE_PDCP_MAC_LEN_64_BIT;
-   break;
-   case 16:
-   mac_type = ROC_SE_PDCP_MAC_LEN_128_BIT;
-   break;
-   default:
-   plt_err("Invalid ZUC MAC len");
-   return -ENOTSUP;
-   }
-   zs_ctx->zuc.otk_ctx.w0.s.mac_len = mac_type;
-   return 0;
-}
-
 static void
 cpt_zuc_const_update(uint8_t *zuc_const, int key_len, int mac_len)
 {
@@ -300,32 +250,27 @@ cpt_zuc_const_update(uint8_t *zuc_const, int key_len, int 
mac_len)
 }
 
 int
-roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type,
-   const uint8_t *key, uint16_t key_len, uint16_t mac_len)
+roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type, const 
uint8_t *key,
+   uint16_t key_len, uint16_t mac_len)
 {
-   struct roc_se_zuc_snow3g_chain_ctx *zs_ch_ctx;
-   struct roc_se_zuc_snow3g_ctx *zs_ctx;
struct roc_se_kasumi_ctx *k_ctx;
+   struct roc_se_pdcp_ctx *pctx;
struct roc_se_context *fctx;
uint8_t opcode_minor;
-   uint8_t pdcp_alg;
bool chained_op;
-   int ret;
 
if (se_ctx == NULL)
return -1;
 
-   zs_ctx = &se_ctx->se_ctx.zs_ctx;
-   zs_ch_ctx = &se_ctx->se_ctx.zs_ch_ctx;
+   pctx = &se_ctx->se_ctx.pctx;
k_ctx = &se_ctx->se_ctx.k_ctx;
fctx = &se_ctx->se_ctx.fctx;
 
chained_op = se_ctx->ciph_then_auth || se_ctx->auth_then_ciph;
 
if ((type >= ROC_SE_ZUC_EIA3) && (type <= ROC_SE_KASUMI_F9_ECB)) {
-   uint8_t *zuc_const;
uint32_t keyx[4];
-   uint8_t *ci_key;
+   int key_type;
 
if (!key_len)
return -1;
@@ -335,98 +280,64 @@ roc_se_auth_key_set(struct roc_se_ctx *se_ctx, 
roc_se_auth_type type,
return -1;
}
 
-   if

[PATCH v3 20/24] crypto/cnxk: validate the combinations supported in TLS

[Anoob Joseph]

From: Vidya Sagar Velumuri 

Validate the cipher and auth combination to allow only the
ones supported by hardware.

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn10k_tls.c | 35 -
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c
index afcf7ba6f1..3c2e0feb2a 100644
--- a/drivers/crypto/cnxk/cn10k_tls.c
+++ b/drivers/crypto/cnxk/cn10k_tls.c
@@ -17,6 +17,36 @@
 #include "cnxk_cryptodev_ops.h"
 #include "cnxk_security.h"
 
+static int
+tls_xform_cipher_auth_verify(struct rte_crypto_sym_xform *cipher_xform,
+struct rte_crypto_sym_xform *auth_xform)
+{
+   enum rte_crypto_cipher_algorithm c_algo = cipher_xform->cipher.algo;
+   enum rte_crypto_auth_algorithm a_algo = auth_xform->auth.algo;
+   int ret = -ENOTSUP;
+
+   switch (c_algo) {
+   case RTE_CRYPTO_CIPHER_NULL:
+   if ((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) || (a_algo == 
RTE_CRYPTO_AUTH_SHA1_HMAC) ||
+   (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC))
+   ret = 0;
+   break;
+   case RTE_CRYPTO_CIPHER_3DES_CBC:
+   if (a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC)
+   ret = 0;
+   break;
+   case RTE_CRYPTO_CIPHER_AES_CBC:
+   if ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) ||
+   (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC))
+   ret = 0;
+   break;
+   default:
+   break;
+   }
+
+   return ret;
+}
+
 static int
 tls_xform_cipher_verify(struct rte_crypto_sym_xform *crypto_xform)
 {
@@ -138,7 +168,10 @@ cnxk_tls_xform_verify(struct rte_security_tls_record_xform 
*tls_xform,
ret = tls_xform_cipher_verify(cipher_xform);
 
if (!ret)
-   return tls_xform_auth_verify(auth_xform);
+   ret = tls_xform_auth_verify(auth_xform);
+
+   if (cipher_xform && !ret)
+   return tls_xform_cipher_auth_verify(cipher_xform, auth_xform);
 
return ret;
 }
-- 
2.25.1

[PATCH v3 21/24] crypto/cnxk: use a single function for opad ipad

[Anoob Joseph]

From: Vidya Sagar Velumuri 

Use a single function for opad and ipad generation for IPsec, TLS and
flexi crypto.

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/common/cnxk/cnxk_security.c | 65 ++---
 drivers/common/cnxk/cnxk_security.h |  5 ---
 drivers/common/cnxk/roc_se.c| 48 ++---
 drivers/common/cnxk/roc_se.h|  9 
 drivers/common/cnxk/version.map |  2 +-
 drivers/crypto/cnxk/cn10k_tls.c |  8 +++-
 6 files changed, 61 insertions(+), 76 deletions(-)

diff --git a/drivers/common/cnxk/cnxk_security.c 
b/drivers/common/cnxk/cnxk_security.c
index bdb04fe142..64c901a57a 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -8,55 +8,9 @@
 
 #include "roc_api.h"
 
-void
-cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t 
*hmac_opad_ipad,
-  bool is_tls)
-{
-   const uint8_t *key = auth_xform->auth.key.data;
-   uint32_t length = auth_xform->auth.key.length;
-   uint8_t opad[128] = {[0 ... 127] = 0x5c};
-   uint8_t ipad[128] = {[0 ... 127] = 0x36};
-   uint32_t i;
-
-   /* HMAC OPAD and IPAD */
-   for (i = 0; i < 128 && i < length; i++) {
-   opad[i] = opad[i] ^ key[i];
-   ipad[i] = ipad[i] ^ key[i];
-   }
-
-   /* Precompute hash of HMAC OPAD and IPAD to avoid
-* per packet computation
-*/
-   switch (auth_xform->auth.algo) {
-   case RTE_CRYPTO_AUTH_MD5_HMAC:
-   roc_hash_md5_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
-   roc_hash_md5_gen(ipad, (uint32_t *)&hmac_opad_ipad[is_tls ? 64 
: 24]);
-   break;
-   case RTE_CRYPTO_AUTH_SHA1_HMAC:
-   roc_hash_sha1_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
-   roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[is_tls ? 64 
: 24]);
-   break;
-   case RTE_CRYPTO_AUTH_SHA256_HMAC:
-   roc_hash_sha256_gen(opad, (uint32_t *)&hmac_opad_ipad[0], 256);
-   roc_hash_sha256_gen(ipad, (uint32_t *)&hmac_opad_ipad[64], 256);
-   break;
-   case RTE_CRYPTO_AUTH_SHA384_HMAC:
-   roc_hash_sha512_gen(opad, (uint64_t *)&hmac_opad_ipad[0], 384);
-   roc_hash_sha512_gen(ipad, (uint64_t *)&hmac_opad_ipad[64], 384);
-   break;
-   case RTE_CRYPTO_AUTH_SHA512_HMAC:
-   roc_hash_sha512_gen(opad, (uint64_t *)&hmac_opad_ipad[0], 512);
-   roc_hash_sha512_gen(ipad, (uint64_t *)&hmac_opad_ipad[64], 512);
-   break;
-   default:
-   break;
-   }
-}
-
 static int
-ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
- uint8_t *cipher_key, uint8_t *salt_key,
- uint8_t *hmac_opad_ipad,
+ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, uint8_t 
*cipher_key,
+ uint8_t *salt_key, uint8_t *hmac_opad_ipad,
  struct rte_security_ipsec_xform *ipsec_xfrm,
  struct rte_crypto_sym_xform *crypto_xfrm)
 {
@@ -192,7 +146,9 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 
*w2,
const uint8_t *auth_key = auth_xfrm->auth.key.data;
roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
} else {
-   cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad, 
false);
+   roc_se_hmac_opad_ipad_gen(w2->s.auth_type, 
auth_xfrm->auth.key.data,
+ auth_xfrm->auth.key.length, 
&hmac_opad_ipad[0],
+ ROC_SE_IPSEC);
}
 
tmp_key = (uint64_t *)hmac_opad_ipad;
@@ -741,7 +697,8 @@ onf_ipsec_sa_common_param_fill(struct roc_ie_onf_sa_ctl 
*ctl, uint8_t *salt,
key = cipher_xfrm->cipher.key.data;
length = cipher_xfrm->cipher.key.length;
 
-   cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad, false);
+   roc_se_hmac_opad_ipad_gen(ctl->auth_type, 
auth_xfrm->auth.key.data,
+ auth_xfrm->auth.key.length, 
hmac_opad_ipad, ROC_SE_IPSEC);
}
 
switch (length) {
@@ -1374,7 +1331,9 @@ cnxk_on_ipsec_outb_sa_create(struct 
rte_security_ipsec_xform *ipsec,
 
roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
} else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) {
-   cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad, 
false);
+   roc_se_hmac_opad_ipad_gen(
+   out_sa->common_sa.ctl.auth_type, 
auth_xform->auth.key.data,
+   auth_xform->auth.key.length, 
&hmac_opad_ipad[0], ROC_SE_IPSEC);
}
}
 
@@ -1441,7 +1400,9 @@ cnxk_on_ipsec_inb_sa_creat

[PATCH v3 22/24] crypto/cnxk: add support for TLS 1.3

[Anoob Joseph]

From: Vidya Sagar Velumuri 

Add support for TLS-1.3.

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/common/cnxk/roc_ie_ot_tls.h   |  50 +--
 drivers/crypto/cnxk/cn10k_cryptodev_sec.h |   3 +-
 drivers/crypto/cnxk/cn10k_tls.c   | 159 +-
 3 files changed, 136 insertions(+), 76 deletions(-)

diff --git a/drivers/common/cnxk/roc_ie_ot_tls.h 
b/drivers/common/cnxk/roc_ie_ot_tls.h
index 206c3104e6..b85d075e86 100644
--- a/drivers/common/cnxk/roc_ie_ot_tls.h
+++ b/drivers/common/cnxk/roc_ie_ot_tls.h
@@ -17,8 +17,10 @@
(PLT_ALIGN_CEIL(ROC_IE_OT_TLS_AR_WIN_SIZE_MAX, BITS_PER_LONG_LONG) / 
BITS_PER_LONG_LONG)
 
 /* CN10K TLS opcodes */
-#define ROC_IE_OT_TLS_MAJOR_OP_RECORD_ENC 0x16UL
-#define ROC_IE_OT_TLS_MAJOR_OP_RECORD_DEC 0x17UL
+#define ROC_IE_OT_TLS_MAJOR_OP_RECORD_ENC   0x16UL
+#define ROC_IE_OT_TLS_MAJOR_OP_RECORD_DEC   0x17UL
+#define ROC_IE_OT_TLS13_MAJOR_OP_RECORD_ENC 0x18UL
+#define ROC_IE_OT_TLS13_MAJOR_OP_RECORD_DEC 0x19UL
 
 #define ROC_IE_OT_TLS_CTX_MAX_OPAD_IPAD_LEN 128
 #define ROC_IE_OT_TLS_CTX_MAX_KEY_IV_LEN48
@@ -42,6 +44,7 @@ enum roc_ie_ot_tls_cipher_type {
 enum roc_ie_ot_tls_ver {
ROC_IE_OT_TLS_VERSION_TLS_12 = 1,
ROC_IE_OT_TLS_VERSION_DTLS_12 = 2,
+   ROC_IE_OT_TLS_VERSION_TLS_13 = 3,
 };
 
 enum roc_ie_ot_tls_aes_key_len {
@@ -131,11 +134,23 @@ struct roc_ie_ot_tls_read_sa {
/* Word4 - Word9 */
uint8_t cipher_key[ROC_IE_OT_TLS_CTX_MAX_KEY_IV_LEN];
 
-   /* Word10 - Word25 */
-   uint8_t opad_ipad[ROC_IE_OT_TLS_CTX_MAX_OPAD_IPAD_LEN];
+   union {
+   struct {
+   /* Word10 */
+   uint64_t w10_rsvd6;
+
+   /* Word11 - Word25 */
+   struct roc_ie_ot_tls_read_ctx_update_reg ctx;
+   } tls_13;
+
+   struct {
+   /* Word10 - Word25 */
+   uint8_t opad_ipad[ROC_IE_OT_TLS_CTX_MAX_OPAD_IPAD_LEN];
 
-   /* Word26 - Word32 */
-   struct roc_ie_ot_tls_read_ctx_update_reg ctx;
+   /* Word26 - Word95 */
+   struct roc_ie_ot_tls_read_ctx_update_reg ctx;
+   } tls_12;
+   };
 };
 
 struct roc_ie_ot_tls_write_sa {
@@ -187,13 +202,24 @@ struct roc_ie_ot_tls_write_sa {
/* Word4 - Word9 */
uint8_t cipher_key[ROC_IE_OT_TLS_CTX_MAX_KEY_IV_LEN];
 
-   /* Word10 - Word25 */
-   uint8_t opad_ipad[ROC_IE_OT_TLS_CTX_MAX_OPAD_IPAD_LEN];
+   union {
+   struct {
+   /* Word10 */
+   uint64_t w10_rsvd7;
+
+   uint64_t seq_num;
+   } tls_13;
+
+   struct {
+   /* Word10 - Word25 */
+   uint8_t opad_ipad[ROC_IE_OT_TLS_CTX_MAX_OPAD_IPAD_LEN];
 
-   /* Word26 */
-   uint64_t w26_rsvd7;
+   /* Word26 */
+   uint64_t w26_rsvd7;
 
-   /* Word27 */
-   uint64_t seq_num;
+   /* Word27 */
+   uint64_t seq_num;
+   } tls_12;
+   };
 };
 #endif /* __ROC_IE_OT_TLS_H__ */
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h 
b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h
index 703e71475a..20a260d9ff 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h
@@ -31,8 +31,7 @@ struct cn10k_sec_session {
} ipsec;
struct {
uint8_t enable_padding : 1;
-   uint8_t hdr_len : 4;
-   uint8_t rvsd : 3;
+   uint8_t rvsd : 7;
bool is_write;
} tls;
};
diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c
index c30e04a7c0..879e0ea978 100644
--- a/drivers/crypto/cnxk/cn10k_tls.c
+++ b/drivers/crypto/cnxk/cn10k_tls.c
@@ -105,7 +105,8 @@ cnxk_tls_xform_verify(struct rte_security_tls_record_xform 
*tls_xform,
int ret = 0;
 
if ((tls_xform->ver != RTE_SECURITY_VERSION_TLS_1_2) &&
-   (tls_xform->ver != RTE_SECURITY_VERSION_DTLS_1_2))
+   (tls_xform->ver != RTE_SECURITY_VERSION_DTLS_1_2) &&
+   (tls_xform->ver != RTE_SECURITY_VERSION_TLS_1_3))
return -EINVAL;
 
if ((tls_xform->type != RTE_SECURITY_TLS_SESS_TYPE_READ) &&
@@ -115,6 +116,12 @@ cnxk_tls_xform_verify(struct rte_security_tls_record_xform 
*tls_xform,
if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
return tls_xform_aead_verify(tls_xform, crypto_xform);
 
+   /* TLS-1.3 only support AEAD.
+* Control should not reach here for TLS-1.3
+*/
+   if (tls_xform->ver == RTE_SECURITY_VERSION_TLS_1_3)
+   return -EINVAL;
+
if (tls_xform->type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) {
/* Egress */
 
@@ -259,7 +266,7 @@ tls_write_sa_init(struct

[PATCH v3 23/24] crypto/cnxk: add TLS 1.3 capability

[Anoob Joseph]

From: Vidya Sagar Velumuri 

Add TLS 1.3 record read and write capability

Signed-off-by: Vidya Sagar Velumuri 
---
 doc/guides/rel_notes/release_24_03.rst|  4 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 92 +++
 2 files changed, 94 insertions(+), 2 deletions(-)

diff --git a/doc/guides/rel_notes/release_24_03.rst 
b/doc/guides/rel_notes/release_24_03.rst
index 8fc6e9fb6d..dc53e313f1 100644
--- a/doc/guides/rel_notes/release_24_03.rst
+++ b/doc/guides/rel_notes/release_24_03.rst
@@ -58,8 +58,8 @@ New Features
 * **Updated Marvell cnxk crypto driver.**
 
   * Added support for Rx inject in crypto_cn10k.
-  * Added support for TLS record processing in crypto_cn10k. Supports TLS 1.2
-and DTLS 1.2.
+  * Added support for TLS record processing in crypto_cn10k. Supports TLS 1.2,
+DTLS 1.2 and TLS 1.3.
   * Added PMD API to allow raw submission of instructions to CPT.
 
 
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c 
b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 73100377d9..db50de5d58 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -40,6 +40,16 @@
   RTE_DIM(sec_tls12_caps_##name)); 
\
} while (0)
 
+#define SEC_TLS13_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, name)  
\
+   do {   \
+   if ((hw_caps[CPT_ENG_TYPE_SE].name) || \
+   (hw_caps[CPT_ENG_TYPE_IE].name) || \
+   (hw_caps[CPT_ENG_TYPE_AE].name))   \
+   sec_tls13_caps_add(cnxk_caps, cur_pos, \
+  sec_tls13_caps_##name,   
\
+  RTE_DIM(sec_tls13_caps_##name)); 
\
+   } while (0)
+
 static const struct rte_cryptodev_capabilities caps_mul[] = {
{   /* RSA */
.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
@@ -1631,6 +1641,40 @@ static const struct rte_cryptodev_capabilities 
sec_tls12_caps_sha1_sha2[] = {
},
 };
 
+static const struct rte_cryptodev_capabilities sec_tls13_caps_aes[] = {
+   {   /* AES GCM */
+   .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+   {.sym = {
+   .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+   {.aead = {
+   .algo = RTE_CRYPTO_AEAD_AES_GCM,
+   .block_size = 16,
+   .key_size = {
+   .min = 16,
+   .max = 32,
+   .increment = 16
+   },
+   .digest_size = {
+   .min = 16,
+   .max = 16,
+   .increment = 0
+   },
+   .aad_size = {
+   .min = 5,
+   .max = 5,
+   .increment = 0
+   },
+   .iv_size = {
+   .min = 0,
+   .max = 0,
+   .increment = 0
+   }
+   }, }
+   }, }
+   },
+};
+
+
 static const struct rte_security_capability sec_caps_templ[] = {
{   /* IPsec Lookaside Protocol ESP Tunnel Ingress */
.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
@@ -1760,6 +1804,26 @@ static const struct rte_security_capability 
sec_caps_templ[] = {
},
.crypto_capabilities = NULL,
},
+   {   /* TLS 1.3 Record Read */
+   .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+   .protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD,
+   .tls_record = {
+   .ver = RTE_SECURITY_VERSION_TLS_1_3,
+   .type = RTE_SECURITY_TLS_SESS_TYPE_READ,
+   .ar_win_size = 0,
+   },
+   .crypto_capabilities = NULL,
+   },
+   {   /* TLS 1.3 Record Write */
+   .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+   .protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD,
+   .tls_record = {
+   .ver = RTE_SECURITY_VERSION_TLS_1_3,
+   .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+   .ar_win_size = 0,
+   },
+   .crypto_capabilities = NULL,
+   },
{
.action = RTE_SECURITY_ACTION_TYPE_NONE
   

[PATCH v3 24/24] crypto/cnxk: add CPT SG mode debug

[Anoob Joseph]

From: Tejasree Kondoj 

Adding CPT SG mode debug dump.

Signed-off-by: Tejasree Kondoj 
---
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 135 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h  |   7 ++
 2 files changed, 141 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 9f4be20ff5..8991150c05 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -2,9 +2,10 @@
  * Copyright(C) 2021 Marvell.
  */
 
-#include 
 #include 
+#include 
 #include 
+#include 
 #include 
 
 #include 
@@ -103,6 +104,104 @@ cpt_sec_ipsec_inst_fill(struct cnxk_cpt_qp *qp, struct 
rte_crypto_op *op,
return ret;
 }
 
+#ifdef CPT_INST_DEBUG_ENABLE
+static inline void
+cpt_request_data_sgv2_mode_dump(uint8_t *in_buffer, bool glist, uint16_t 
components)
+{
+   struct roc_se_buf_ptr list_ptr[ROC_MAX_SG_CNT];
+   const char *list = glist ? "glist" : "slist";
+   struct roc_sg2list_comp *sg_ptr = NULL;
+   uint16_t list_cnt = 0;
+   char suffix[64];
+   int i, j;
+
+   sg_ptr = (void *)in_buffer;
+   for (i = 0; i < components; i++) {
+   for (j = 0; j < sg_ptr->u.s.valid_segs; j++) {
+   list_ptr[i * 3 + j].size = sg_ptr->u.s.len[j];
+   list_ptr[i * 3 + j].vaddr = (void *)sg_ptr->ptr[j];
+   list_ptr[i * 3 + j].vaddr = list_ptr[i * 3 + j].vaddr;
+   list_cnt++;
+   }
+   sg_ptr++;
+   }
+
+   printf("Current %s: %u\n", list, list_cnt);
+
+   for (i = 0; i < list_cnt; i++) {
+   snprintf(suffix, sizeof(suffix), "%s[%d]: vaddr 0x%" PRIx64 ", 
vaddr %p len %u",
+list, i, (uint64_t)list_ptr[i].vaddr, 
list_ptr[i].vaddr, list_ptr[i].size);
+   rte_hexdump(stdout, suffix, list_ptr[i].vaddr, 
list_ptr[i].size);
+   }
+}
+
+static inline void
+cpt_request_data_sg_mode_dump(uint8_t *in_buffer, bool glist)
+{
+   struct roc_se_buf_ptr list_ptr[ROC_MAX_SG_CNT];
+   const char *list = glist ? "glist" : "slist";
+   struct roc_sglist_comp *sg_ptr = NULL;
+   uint16_t list_cnt, components;
+   char suffix[64];
+   int i;
+
+   sg_ptr = (void *)(in_buffer + 8);
+   list_cnt = rte_be_to_cpu_16uint16_t *)in_buffer)[2]));
+   if (!glist) {
+   components = list_cnt / 4;
+   if (list_cnt % 4)
+   components++;
+   sg_ptr += components;
+   list_cnt = rte_be_to_cpu_16uint16_t *)in_buffer)[3]));
+   }
+
+   printf("Current %s: %u\n", list, list_cnt);
+   components = list_cnt / 4;
+   for (i = 0; i < components; i++) {
+   list_ptr[i * 4 + 0].size = rte_be_to_cpu_16(sg_ptr->u.s.len[0]);
+   list_ptr[i * 4 + 1].size = rte_be_to_cpu_16(sg_ptr->u.s.len[1]);
+   list_ptr[i * 4 + 2].size = rte_be_to_cpu_16(sg_ptr->u.s.len[2]);
+   list_ptr[i * 4 + 3].size = rte_be_to_cpu_16(sg_ptr->u.s.len[3]);
+   list_ptr[i * 4 + 0].vaddr = (void 
*)rte_be_to_cpu_64(sg_ptr->ptr[0]);
+   list_ptr[i * 4 + 1].vaddr = (void 
*)rte_be_to_cpu_64(sg_ptr->ptr[1]);
+   list_ptr[i * 4 + 2].vaddr = (void 
*)rte_be_to_cpu_64(sg_ptr->ptr[2]);
+   list_ptr[i * 4 + 3].vaddr = (void 
*)rte_be_to_cpu_64(sg_ptr->ptr[3]);
+   list_ptr[i * 4 + 0].vaddr = list_ptr[i * 4 + 0].vaddr;
+   list_ptr[i * 4 + 1].vaddr = list_ptr[i * 4 + 1].vaddr;
+   list_ptr[i * 4 + 2].vaddr = list_ptr[i * 4 + 2].vaddr;
+   list_ptr[i * 4 + 3].vaddr = list_ptr[i * 4 + 3].vaddr;
+   sg_ptr++;
+   }
+
+   components = list_cnt % 4;
+   switch (components) {
+   case 3:
+   list_ptr[i * 4 + 2].size = rte_be_to_cpu_16(sg_ptr->u.s.len[2]);
+   list_ptr[i * 4 + 2].vaddr = (void 
*)rte_be_to_cpu_64(sg_ptr->ptr[2]);
+   list_ptr[i * 4 + 2].vaddr = list_ptr[i * 4 + 2].vaddr;
+   /* FALLTHROUGH */
+   case 2:
+   list_ptr[i * 4 + 1].size = rte_be_to_cpu_16(sg_ptr->u.s.len[1]);
+   list_ptr[i * 4 + 1].vaddr = (void 
*)rte_be_to_cpu_64(sg_ptr->ptr[1]);
+   list_ptr[i * 4 + 1].vaddr = list_ptr[i * 4 + 1].vaddr;
+   /* FALLTHROUGH */
+   case 1:
+   list_ptr[i * 4 + 0].size = rte_be_to_cpu_16(sg_ptr->u.s.len[0]);
+   list_ptr[i * 4 + 0].vaddr = (void 
*)rte_be_to_cpu_64(sg_ptr->ptr[0]);
+   list_ptr[i * 4 + 0].vaddr = list_ptr[i * 4 + 0].vaddr;
+   break;
+   default:
+   break;
+   }
+
+   for (i = 0; i < list_cnt; i++) {
+   snprintf(suffix, sizeof(suffix), "%s[%d]: vaddr 0x%" PRIx64 ", 
vaddr %p len %u",
+list, i, (uint64_t)list_ptr[i].vaddr, 
list_ptr[i].vaddr, li

RE: [PATCH] doc: update command scope information

[Rakesh Kudurumalla]

Acked-by: Rakesh Kudurumalla 

> -Original Message-
> From: sk...@marvell.com 
> Sent: Monday, January 8, 2024 1:04 PM
> To: Sunil Kumar Kori ; Rakesh Kudurumalla
> 
> Cc: dev@dpdk.org
> Subject: [PATCH] doc: update command scope information
> 
> From: Sunil Kumar Kori 
> 
> Set of CLI commands are classified into following types;
> 
> - Commands which must be used in script only.
> - Commands which must be used via telnet session only.
> - Commands which can be used either in script or via telnet session.
> 
> Rename "Dynamic" column to "Scope" to provide clear scope of commands.
> 
> Signed-off-by: Sunil Kumar Kori 
> ---
>  doc/guides/tools/graph.rst | 211 +++--
>  1 file changed, 108 insertions(+), 103 deletions(-)
> 
> diff --git a/doc/guides/tools/graph.rst b/doc/guides/tools/graph.rst index
> 1855d12891..6c559afe35 100644
> --- a/doc/guides/tools/graph.rst
> +++ b/doc/guides/tools/graph.rst
> @@ -154,109 +154,114 @@ file to express the requested use case
> configuration.
>  .. table:: Exposed CLIs
> :widths: auto
> 
> -   
> +--+---+-+-
> -+
> -   |   Command| Description  
>  | Dynamic |
> Optional |
> -
> +==+
> ===+=+==+
> -   | | graph  [bsz ]  | | Command to express the desired 
>  |
> No|No|
> -   | | [tmo ] [coremask ]| | use case. Also enables/disable 
>  |
> |  |
> -   | | model  pcap_enable| | pcap capturing.
>  |
> |  |
> -   | | <0/1> num_pcap_pkts  pcap_file|  
>  | |
> |
> -   | |   |  
>  | |  |
> -   
> +--+---+-+-
> -+
> -   | graph start  | | Command to start the graph.
>  |   No|
> No|
> -   |  | | This command triggers that no  
>  | |  |
> -   |  | | more commands are left to be   
>  | |  |
> -   |  | | parsed and graph 
> initialization | |  |
> -   |  | | can be started now. It must be 
>  | |  |
> -   |  | | the last command in 
> usecase.cli | |  |
> -   
> +--+---+-+-
> -+
> -   | graph stats show | | Command to dump current graph  
>  |
> Yes   |Yes   |
> -   |  | | statistics.
>  | |  |
> -   
> +--+---+-+-
> -+
> -   | help graph   | | Command to dump graph help 
>  |   Yes   |
> Yes   |
> -   |  | | message.   
>  | |  |
> -   
> +--+---+-+-
> -+
> -   | | mempool  size| | Command to create mempool
> which |   No|No|
> -   | |  buffers| | will be further associated to  
>  | |
> |
> -   | | | | RxQ to dequeue the packets.
>  |
> |  |
> -   | | cache  numa   |  
>  | |
> |
> -   
> +--+---+-+-
> -+
> -   | help mempool | | Command to dump mempool help   
>  |
> Yes   |Yes   |
> -   |  | | message.   
>  | |  |
> -   
> +--+---+-+-
> -+
> -   | | ethdev  rxq | | Command to create DPDK
> port with|   No|No|
> -   | | txq| | given number of Rx and Tx
> queues| |  |
> -   |  | | . Also attach RxQ with given   
>  | |  |
> -   |  | | mempool. Each port can have
>  | |  |
> -   |  | | single mempool only i.e. all   
>  | |  |
> -   |  | | RxQs will share the same 
> mempool| |  |
> -   |  | | .  
>  | |  |
> -   
> +--+---+-+-
> -+
> -   | ethdev  mtu | | Command to configure MTU

[PATCH] net/iavf: fix application reset callback calls

[David Marchand]

Don't trigger an application reset callback if the port is not started.

Bugzilla ID: 1337
Fixes: 675a104e2e94 ("net/iavf: fix abnormal disable HW interrupt")
Cc: sta...@dpdk.org

Signed-off-by: David Marchand 
---
 drivers/net/iavf/iavf_vchnl.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/net/iavf/iavf_vchnl.c b/drivers/net/iavf/iavf_vchnl.c
index 0a3e1d082c..14dfe313b7 100644
--- a/drivers/net/iavf/iavf_vchnl.c
+++ b/drivers/net/iavf/iavf_vchnl.c
@@ -88,7 +88,10 @@ iavf_dev_event_handle(void *param __rte_unused)
continue;
}
 
-   rte_eth_dev_callback_process(pos->dev, pos->event, 
pos->param);
+   /* Don't invoke an application reset callback if not 
started yet. */
+   if (pos->event != RTE_ETH_EVENT_INTR_RESET ||
+   pos->dev->data->dev_started != 0)
+   rte_eth_dev_callback_process(pos->dev, 
pos->event, pos->param);
rte_free(pos);
}
}
-- 
2.43.0

RE: [V1 0/2] use traffic class PRM field for IPv6 modification

[Raslan Darawsheh]

Hi,
> -Original Message-
> From: Gavin Li 
> Sent: Friday, January 12, 2024 9:51 AM
> To: dev@dpdk.org; Dariusz Sosnowski ; Slava
> Ovsiienko ; Ori Kam ;
> Suanming Mou ; Matan Azrad
> 
> Cc: Jiawei(Jonny) Wang ; Raslan Darawsheh
> 
> Subject: [V1 0/2] use traffic class PRM field for IPv6 modification
> 
> New field ID OUT_IPV6_TRAFFIC_CLASS for IPv6 was defined and will be used
> by both IPv6 ECN and DSCP.
> 
> To apply the new ID and keep backward compatibility with different RDMA
> core and FW releases
> 1) detect the support of the new ID in RDMA core and FW.
> 2) apply the new ID if possible otherwise, keep using the old ID.
> 
> Gavin Li (2):
>   net/mlx5: discover IPv6 traffic class support in RDMA core
>   net/mlx5: use traffic class PRM field for IPv6 modification
> 
>  drivers/common/mlx5/mlx5_devx_cmds.c |  3 ++
> drivers/common/mlx5/mlx5_devx_cmds.h |  1 +
>  drivers/common/mlx5/mlx5_prm.h   |  8 ++-
>  drivers/net/mlx5/linux/mlx5_os.c |  5 ++
>  drivers/net/mlx5/mlx5.h  |  1 +
>  drivers/net/mlx5/mlx5_flow.c | 42 +++
>  drivers/net/mlx5/mlx5_flow.h |  4 ++
>  drivers/net/mlx5/mlx5_flow_dv.c  | 78 
>  drivers/net/mlx5/mlx5_flow_hw.c  |  7 +++
>  9 files changed, 138 insertions(+), 11 deletions(-)
> 
> --
> 2.39.1
Series applied to next-net-mlx
Kindest regards
Raslan Darawsheh

[PATCH v2 2/2] event/cnxk: use WFE LDP loop for getwork routine

[pbhagavatula]

From: Pavan Nikhilesh 

Use WFE LDP loop while polling for GETWORK completion for better
power savings.
Disabled by default and can be enabled by configuring meson with
-Dc_args='-DRTE_ARM_USE_WFE'.

Signed-off-by: Pavan Nikhilesh 
---
 doc/guides/eventdevs/cnxk.rst |  9 ++
 drivers/event/cnxk/cn10k_worker.h | 52 +--
 2 files changed, 52 insertions(+), 9 deletions(-)

diff --git a/doc/guides/eventdevs/cnxk.rst b/doc/guides/eventdevs/cnxk.rst
index cccb8a0304..04f5b5025b 100644
--- a/doc/guides/eventdevs/cnxk.rst
+++ b/doc/guides/eventdevs/cnxk.rst
@@ -198,6 +198,15 @@ Runtime Config Options
 
 -a 0002:0e:00.0,tim_eclk_freq=12288-10-0
 
+Power Savings on CN10K
+--
+
+ARM cores can additionally use WFE when polling for transactions on SSO bus
+to save power i.e., in the event dequeue call ARM core can enter WFE and exit
+when either work has been scheduled or dequeue timeout has reached.
+This can be enabled by configuring meson with the following option
+``-Dc_args='-DRTE_ARM_USE_WFE'``.
+
 Debugging Options
 -
 
diff --git a/drivers/event/cnxk/cn10k_worker.h 
b/drivers/event/cnxk/cn10k_worker.h
index 8aa916fa12..92d5190842 100644
--- a/drivers/event/cnxk/cn10k_worker.h
+++ b/drivers/event/cnxk/cn10k_worker.h
@@ -250,23 +250,57 @@ cn10k_sso_hws_get_work(struct cn10k_sso_hws *ws, struct 
rte_event *ev,
 
gw.get_work = ws->gw_wdata;
 #if defined(RTE_ARCH_ARM64)
-#if !defined(__clang__)
-   asm volatile(
-   PLT_CPU_FEATURE_PREAMBLE
-   "caspal %[wdata], %H[wdata], %[wdata], %H[wdata], [%[gw_loc]]\n"
-   : [wdata] "+r"(gw.get_work)
-   : [gw_loc] "r"(ws->base + SSOW_LF_GWS_OP_GET_WORK0)
-   : "memory");
-#else
+#if defined(__clang__)
register uint64_t x0 __asm("x0") = (uint64_t)gw.u64[0];
register uint64_t x1 __asm("x1") = (uint64_t)gw.u64[1];
+#if defined(RTE_ARM_USE_WFE)
+   plt_write64(gw.u64[0], ws->base + SSOW_LF_GWS_OP_GET_WORK0);
+   asm volatile(PLT_CPU_FEATURE_PREAMBLE
+"  ldp %[x0], %[x1], [%[tag_loc]]  \n"
+"  tbz %[x0], %[pend_gw], done%=   \n"
+"  sevl\n"
+"rty%=:wfe \n"
+"  ldp %[x0], %[x1], [%[tag_loc]]  \n"
+"  tbnz %[x0], %[pend_gw], rty%=   \n"
+"done%=:   \n"
+"  dmb ld  \n"
+: [x0] "+r" (x0), [x1] "+r" (x1)
+: [tag_loc] "r"(ws->base + SSOW_LF_GWS_WQE0),
+  [pend_gw] "i"(SSOW_LF_GWS_TAG_PEND_GET_WORK_BIT)
+: "memory");
+#else
asm volatile(".arch armv8-a+lse\n"
 "caspal %[x0], %[x1], %[x0], %[x1], [%[dst]]\n"
-: [x0] "+r"(x0), [x1] "+r"(x1)
+: [x0] "+r" (x0), [x1] "+r" (x1)
 : [dst] "r"(ws->base + SSOW_LF_GWS_OP_GET_WORK0)
 : "memory");
+#endif
gw.u64[0] = x0;
gw.u64[1] = x1;
+#else
+#if defined(RTE_ARM_USE_WFE)
+   plt_write64(gw.u64[0], ws->base + SSOW_LF_GWS_OP_GET_WORK0);
+   asm volatile(PLT_CPU_FEATURE_PREAMBLE
+"  ldp %[wdata], %H[wdata], [%[tag_loc]]   \n"
+"  tbz %[wdata], %[pend_gw], done%=\n"
+"  sevl\n"
+"rty%=:wfe \n"
+"  ldp %[wdata], %H[wdata], [%[tag_loc]]   \n"
+"  tbnz %[wdata], %[pend_gw], rty%=\n"
+"done%=:   \n"
+"  dmb ld  \n"
+: [wdata] "=&r"(gw.get_work)
+: [tag_loc] "r"(ws->base + SSOW_LF_GWS_WQE0),
+  [pend_gw] "i"(SSOW_LF_GWS_TAG_PEND_GET_WORK_BIT)
+: "memory");
+#else
+   asm volatile(
+   PLT_CPU_FEATURE_PREAMBLE
+   "caspal %[wdata], %H[wdata], %[wdata], %H[wdata], [%[gw_loc]]\n"
+   : [wdata] "+r"(gw.get_work)
+   : [gw_loc] "r"(ws->base + SSOW_LF_GWS_OP_GET_WORK0)
+   : "memory");
+#endif
 #endif
 #else
plt_write64(gw.u64[0], ws->base + SSOW_LF_GWS_OP_GET_WORK0);
-- 
2.25.1

[PATCH v2 1/2] config/arm: allow WFE to be enabled config time

[pbhagavatula]

From: Pavan Nikhilesh 

Allow RTE_ARM_USE_WFE to be enabled at meson configuration
time by passing it via c_args instead of modifying
`config/arm/meson.build`.

Example usage:
 meson build -Dc_args='-DRTE_ARM_USE_WFE' \
--cross-file config/arm/arm64_cn10k_linux_gcc

Signed-off-by: Pavan Nikhilesh 
---
 config/arm/meson.build | 1 -
 1 file changed, 1 deletion(-)

diff --git a/config/arm/meson.build b/config/arm/meson.build
index 36f21d2259..a63711e986 100644
--- a/config/arm/meson.build
+++ b/config/arm/meson.build
@@ -17,7 +17,6 @@ flags_common = [
 #['RTE_ARM64_MEMCPY_ALIGN_MASK', 0xF],
 #['RTE_ARM64_MEMCPY_STRICT_ALIGN', false],
 
-['RTE_ARM_USE_WFE', false],
 ['RTE_ARCH_ARM64', true],
 ['RTE_CACHE_LINE_SIZE', 128]
 ]
-- 
2.25.1

[PATCH] doc: update LTS maintenance to 3 years

[Kevin Traynor]

The existing official policy was to maintain LTS releases for 2 years.

19.11 and 20.11 LTS releases were maintained for 3 years and there was
not significant issues caused by code divergence from main etc.

Update the policy to indicate 3 years maintenance for LTS releases, but
note that it dependents on community support.

Signed-off-by: Kevin Traynor 
---
 doc/guides/contributing/stable.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/guides/contributing/stable.rst 
b/doc/guides/contributing/stable.rst
index 8156b72b20..289769a61d 100644
--- a/doc/guides/contributing/stable.rst
+++ b/doc/guides/contributing/stable.rst
@@ -54,5 +54,6 @@ LTS Release
 A stable release can be designated as an LTS release based on community
 agreement and a commitment from a maintainer. The current policy is that each
-year's November (X.11) release will be maintained as an LTS for 2 years.
+year's November (X.11) release will be maintained as an LTS for 3 years,
+however that is dependent on continued community support for validation.
 
 After the X.11 release, an LTS branch will be created for it at
-- 
2.43.0

RE: [External] : Re: [PATCH] net/tap: Modified TAP BPF program as per the Kernel-version upgrade requirements.

[Madhuker Mythri]

No, I did not run with Cilium.

Thanks,
Madhuker.

-Original Message-
From: Stephen Hemminger  
Sent: 17 January 2024 08:56
To: Madhuker Mythri 
Cc: dev@dpdk.org; ferruh.yi...@amd.com
Subject: Re: [External] : Re: [PATCH] net/tap: Modified TAP BPF program as per 
the Kernel-version upgrade requirements.

On Tue, 16 Jan 2024 05:43:00 +
Madhuker Mythri  wrote:

> Hi Stephen,
> 
> Yes, I found that the Kernel we use has more Verification added for safe 
> execution:
> https://blogs.oracle.com/linux/post/bpf-in-depth-the-bpf-bytecode-and-the-bpf-verifier
> 
> Here they mentioned about SKB pointer direct access, math on pointer and 
> array with undefined access is denied on BPF code.

Have you tried running Cilium? I would expect those custom changes would break 
that

[PATCH v2] doc: update LTS maintenance to 3 years

[Kevin Traynor]

The existing official policy was to maintain LTS releases for 2 years.

19.11 and 20.11 LTS releases were maintained for 3 years and there was
not significant issues caused by code divergence from main etc.

Update the policy to indicate 3 years maintenance for LTS releases, but
note that it depends on community support.

Signed-off-by: Kevin Traynor 

---

v2: fix typo in commit message
---
 doc/guides/contributing/stable.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/guides/contributing/stable.rst 
b/doc/guides/contributing/stable.rst
index 8156b72b20..289769a61d 100644
--- a/doc/guides/contributing/stable.rst
+++ b/doc/guides/contributing/stable.rst
@@ -54,5 +54,6 @@ LTS Release
 A stable release can be designated as an LTS release based on community
 agreement and a commitment from a maintainer. The current policy is that each
-year's November (X.11) release will be maintained as an LTS for 2 years.
+year's November (X.11) release will be maintained as an LTS for 3 years,
+however that is dependent on continued community support for validation.
 
 After the X.11 release, an LTS branch will be created for it at
-- 
2.43.0

Re: [PATCH v3 5/5] eal: replace out of bounds VLA with static_assert

[Stephen Hemminger]

On Wed, 17 Jan 2024 08:53:44 +0100
Mattias Rönnblom  wrote:

> >* Triggers an error at compilation time if the condition is true.
> >*/
> > -#define RTE_BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 
> > 2*!!(condition)]))
> > +#define RTE_BUILD_BUG_ON(condition) { static_assert(!(condition), 
> > #condition); }
> >   
> >   /*** Cache line related macros /
> > 
> 
> Should one use RTE_BUILD_BUG_ON() or static_assert() in new DPDK code?
> 
> If static_assert() occasionally needs a work-around, it sounds like 
> keeping using RTE_BUILD_BUG_ON() everywhere is the better choice.

Either choice is the same. Keeping the macro instead of directly using
static_assert will reduce the effort to change when the next C standard
introduces something different.

But using static_assert() can allow for a better warning message.

RE: [PATCH] net/mlx5/hws: fix ESP matching validation

[Raslan Darawsheh]

Hi,
> -Original Message-
> From: Michael Baum 
> Sent: Monday, January 15, 2024 2:10 PM
> To: dev@dpdk.org
> Cc: Matan Azrad ; Dariusz Sosnowski
> ; Raslan Darawsheh ; Slava
> Ovsiienko ; Ori Kam ;
> Suanming Mou ; Hamdan Igbaria
> ; sta...@dpdk.org
> Subject: [PATCH] net/mlx5/hws: fix ESP matching validation
> 
> The "mlx5dr_definer_conv_item_esp()" function validates first whether
> "ipsec_offload" PRM flag is on, if the flag is off the function returns
> error.
> 
> The "ipsec_offload" PRM flag indicates whether IPsec encrypt/decrypt is
> supported, IPsec matching may be supported even when this flag is off.
> 
> This patch removes this validation.
> 
> Fixes: 81cf20a25abf ("net/mlx5/hws: support match on ESP item")
> Cc: hamd...@nvidia.com
> Cc: sta...@dpdk.org
> 
> Signed-off-by: Michael Baum 
> Acked-by: Hamdan Igbaria 
> Acked-by: Matan Azrad 
Patch applied to next-net-mlx,

Kindest regards
Raslan Darawsheh

RE: [PATCH] net/mlx5: fix GENEVE TLV option management

[Raslan Darawsheh]

Hi,
> -Original Message-
> From: Michael Baum 
> Sent: Monday, January 15, 2024 2:13 PM
> To: dev@dpdk.org
> Cc: Matan Azrad ; Dariusz Sosnowski
> ; Raslan Darawsheh ; Slava
> Ovsiienko ; Ori Kam ;
> Suanming Mou ; Shiri Kuzin ;
> sta...@dpdk.org
> Subject: [PATCH] net/mlx5: fix GENEVE TLV option management
> 
> In SW steering, the GENEVE TLV option matching flows must be created using
> a translation function.
> This function checks whether this option has already created a DevX object for
> the matching and either creates the objects or updates the reference counter.
> After translation, a flag in flow structure is turned on indicating the 
> destroy
> function to release this DevX object.
> 
> When the flow rule has meter, the rule may be split, and call translate 
> function
> more than once per flow causing object reference counter to increase each
> time without updating the flow flag accordingly.
> 
> This patch uses this flag as a reference counter which is increased every
> translation and indicates the destroy function how many destroy DevX to do.
> 
> Fixes: f15f0c3806d0 ("net/mlx5: create GENEVE TLV option management")
> Fixes: e440d6cf589e ("net/mlx5: add GENEVE TLV option flow translation")
> Cc: shi...@nvidia.com
> Cc: sta...@dpdk.org
> 
> Signed-off-by: Michael Baum 
> Acked-by: Matan Azrad 
Patch applied to next-net-mlx,

Kindest regards
Raslan Darawsheh

Re: [PATCH v3 5/5] eal: replace out of bounds VLA with static_assert

[Stephen Hemminger]

On Wed, 17 Jan 2024 10:52:40 +0300
Andrew Rybchenko  wrote:

> On 1/16/24 21:41, Stephen Hemminger wrote:
> > Both Gcc, clang and MSVC have better way to do compile time
> > assertions rather than using out of bounds array access.
> > The old method would fail if -Wvla is enabled because compiler
> > can't determine size in that code.  Also, the use of new
> > _Static_assert will catch broken code that is passing non-constant
> > expression to RTE_BUILD_BUG_ON().
> > 
> > Need to add brackets {} around the static_assert() to workaround
> > a bug in clang. Clang was not handling static_assert() in
> > a switch case properly.
> > 
> > Signed-off-by: Stephen Hemminger 
> > Acked-by: Morten Brørup 
> > Acked-by: Tyler Retzlaff   
> 
> Acked-by: Andrew Rybchenko 
> 
> Does it imply any limitations on Gcc / Clang versions to
> be used? Is it documented somewhere in DPDK?

No new language versions problems.  There are already direct
usages of static_assert() in some drivers.

[PATCH v4 0/6] use static assert to cathc build errors

[Stephen Hemminger]

This series fixes a couple places where expressions that could not
be evaluated as constant early in compiler passes were used.
Then converts RTE_BUILD_BUG_ON() with static_assert.

static_assert() is more picky about the expression has to
be a constant, which also catches some existing undefined
behavior that pre-existed.

v4 - incorporate review feedback
 add RTE_MIN_T and RTE_MAX_T macros

Stephen Hemminger (6):
  eal: introduce RTE_MIN_T() and RTE_MAX_T() macros
  event/opdl: fix non-constant compile time assertion
  net/sfc: fix non-constant expression in RTE_BUILD_BUG_ON()
  net/i40e: avoid using const variable in assertion
  mempool: avoid floating point expression in static assertion
  eal: replace out of bounds VLA with static_assert

 drivers/event/opdl/opdl_ring.c   |  2 +-
 drivers/net/i40e/i40e_ethdev.h   |  1 +
 drivers/net/i40e/i40e_rxtx_vec_sse.c | 10 --
 drivers/net/mlx5/mlx5_rxq.c  |  2 +-
 drivers/net/sfc/sfc_ef100_tx.c   |  4 +---
 lib/eal/include/rte_common.h | 19 ++-
 lib/mempool/rte_mempool.c|  7 ---
 7 files changed, 30 insertions(+), 15 deletions(-)

-- 
2.43.0

[PATCH v4 1/6] eal: introduce RTE_MIN_T() and RTE_MAX_T() macros

[Stephen Hemminger]

These macros work like RTE_MIN and RTE_MAX but take an explicit
type. Necessary when being used in static assertions since
RTE_MIN and RTE_MAX use temporary variables which confuses
compilers constant expression checks. These macros could also
be useful in other scenarios when bounded range is useful.

Naming is chosen to be similar to Linux kernel conventions.

Signed-off-by: Stephen Hemminger 
---
 lib/eal/include/rte_common.h | 16 
 1 file changed, 16 insertions(+)

diff --git a/lib/eal/include/rte_common.h b/lib/eal/include/rte_common.h
index c1ba32d00e47..33680e818bfb 100644
--- a/lib/eal/include/rte_common.h
+++ b/lib/eal/include/rte_common.h
@@ -585,6 +585,14 @@ __extension__ typedef uint64_t RTE_MARKER64[0];
_a < _b ? _a : _b; \
})
 
+/**
+ * Macro to return the minimum of two numbers
+ * does not use temporarys so not safe if a or b is expression
+ * but is guaranteed to be constant for use in static_assert()
+ */
+#define RTE_MIN_T(a, b, t) \
+   ((t)(a) < (t)(b) ? (t)(a) : (t)(b))
+
 /**
  * Macro to return the maximum of two numbers
  */
@@ -595,6 +603,14 @@ __extension__ typedef uint64_t RTE_MARKER64[0];
_a > _b ? _a : _b; \
})
 
+/**
+ * Macro to return the maxiimum of two numbers
+ * does not use temporarys so not safe if a or b is expression
+ * but is guaranteed to be constant for use in static_assert()
+ */
+#define RTE_MAX_T(a, b, t) \
+   ((t)(a) > (t)(b) ? (t)(a) : (t)(b))
+
 /*** Other general functions / macros /
 
 #ifndef offsetof
-- 
2.43.0

[PATCH v4 2/6] event/opdl: fix non-constant compile time assertion

[Stephen Hemminger]

RTE_BUILD_BUG_ON() was being used with a non-constant value.
The inline function rte_is_power_of_2() is not constant since
inline expansion happens later in the compile process.
Replace it with the macro which will be constant.

Fixes: 4236ce9bf5bf ("event/opdl: add OPDL ring infrastructure library")
Cc: liang.j...@intel.com
Signed-off-by: Stephen Hemminger 
Acked-by: Bruce Richardson 
Acked-by: Tyler Retzlaff 
---
 drivers/event/opdl/opdl_ring.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/event/opdl/opdl_ring.c b/drivers/event/opdl/opdl_ring.c
index 69392b56bbec..da5ea02d1928 100644
--- a/drivers/event/opdl/opdl_ring.c
+++ b/drivers/event/opdl/opdl_ring.c
@@ -910,7 +910,7 @@ opdl_ring_create(const char *name, uint32_t num_slots, 
uint32_t slot_size,
RTE_CACHE_LINE_MASK) != 0);
RTE_BUILD_BUG_ON((offsetof(struct opdl_ring, slots) &
RTE_CACHE_LINE_MASK) != 0);
-   RTE_BUILD_BUG_ON(!rte_is_power_of_2(OPDL_DISCLAIMS_PER_LCORE));
+   RTE_BUILD_BUG_ON(!RTE_IS_POWER_OF_2(OPDL_DISCLAIMS_PER_LCORE));
 
/* Parameter checking */
if (name == NULL) {
-- 
2.43.0

[PATCH v4 3/6] net/sfc: fix non-constant expression in RTE_BUILD_BUG_ON()

[Stephen Hemminger]

The macro RTE_MIN has some hidden assignments to provide type
safety which means the statement can not be fully evaluated in
first pass of compiler. Replace RTE_MIN() with equivalent macro.

Fixes: 4f93d790 ("net/sfc: support TSO for EF100 native datapath")
Cc: ivan.ma...@oktetlabs.ru
Signed-off-by: Stephen Hemminger 
Acked-by: Tyler Retzlaff 
---
 drivers/net/sfc/sfc_ef100_tx.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/net/sfc/sfc_ef100_tx.c b/drivers/net/sfc/sfc_ef100_tx.c
index 1b6374775f07..c49d004113d3 100644
--- a/drivers/net/sfc/sfc_ef100_tx.c
+++ b/drivers/net/sfc/sfc_ef100_tx.c
@@ -26,7 +26,6 @@
 #include "sfc_ef100.h"
 #include "sfc_nic_dma_dp.h"
 
-
 #define sfc_ef100_tx_err(_txq, ...) \
SFC_DP_LOG(SFC_KVARG_DATAPATH_EF100, ERR, &(_txq)->dp.dpq, __VA_ARGS__)
 
@@ -563,8 +562,7 @@ sfc_ef100_tx_pkt_descs_max(const struct rte_mbuf *m)
 * (split into many Tx descriptors).
 */
RTE_BUILD_BUG_ON(SFC_EF100_TX_SEND_DESC_LEN_MAX <
-RTE_MIN((unsigned int)EFX_MAC_PDU_MAX,
-SFC_MBUF_SEG_LEN_MAX));
+RTE_MIN_T(EFX_MAC_PDU_MAX, 
SFC_MBUF_SEG_LEN_MAX, uint32_t));
}
 
if (m->ol_flags & sfc_dp_mport_override) {
-- 
2.43.0

[PATCH v4 4/6] net/i40e: avoid using const variable in assertion

[Stephen Hemminger]

Clang does not allow const variable in a static_assert
expression.

Signed-off-by: Stephen Hemminger 
---
 drivers/net/i40e/i40e_ethdev.h   |  1 +
 drivers/net/i40e/i40e_rxtx_vec_sse.c | 10 --
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/drivers/net/i40e/i40e_ethdev.h b/drivers/net/i40e/i40e_ethdev.h
index 1bbe7ad37600..445e1c0b381f 100644
--- a/drivers/net/i40e/i40e_ethdev.h
+++ b/drivers/net/i40e/i40e_ethdev.h
@@ -278,6 +278,7 @@ enum i40e_flxpld_layer_idx {
 #define I40E_DEFAULT_DCB_APP_PRIO   3
 
 #define I40E_FDIR_PRG_PKT_CNT   128
+#define I40E_FDIR_ID_BIT_SHIFT 13
 
 /*
  * Struct to store flow created.
diff --git a/drivers/net/i40e/i40e_rxtx_vec_sse.c 
b/drivers/net/i40e/i40e_rxtx_vec_sse.c
index 9200a23ff662..2d4480a7651b 100644
--- a/drivers/net/i40e/i40e_rxtx_vec_sse.c
+++ b/drivers/net/i40e/i40e_rxtx_vec_sse.c
@@ -143,10 +143,9 @@ descs_to_fdir_32b(volatile union i40e_rx_desc *rxdp, 
struct rte_mbuf **rx_pkt)
/* convert fdir_id_mask into a single bit, then shift as required for
 * correct location in the mbuf->olflags
 */
-   const uint32_t FDIR_ID_BIT_SHIFT = 13;
-   RTE_BUILD_BUG_ON(RTE_MBUF_F_RX_FDIR_ID != (1 << FDIR_ID_BIT_SHIFT));
+   RTE_BUILD_BUG_ON(RTE_MBUF_F_RX_FDIR_ID != (1 << 
I40E_FDIR_ID_BIT_SHIFT));
v_fd_id_mask = _mm_srli_epi32(v_fd_id_mask, 31);
-   v_fd_id_mask = _mm_slli_epi32(v_fd_id_mask, FDIR_ID_BIT_SHIFT);
+   v_fd_id_mask = _mm_slli_epi32(v_fd_id_mask, I40E_FDIR_ID_BIT_SHIFT);
 
/* The returned value must be combined into each mbuf. This is already
 * being done for RSS and VLAN mbuf olflags, so return bits to OR in.
@@ -205,10 +204,9 @@ descs_to_fdir_16b(__m128i fltstat, __m128i descs[4], 
struct rte_mbuf **rx_pkt)
descs[0] = _mm_blendv_epi8(descs[0], _mm_setzero_si128(), v_desc0_mask);
 
/* Shift to 1 or 0 bit per u32 lane, then to RTE_MBUF_F_RX_FDIR_ID 
offset */
-   const uint32_t FDIR_ID_BIT_SHIFT = 13;
-   RTE_BUILD_BUG_ON(RTE_MBUF_F_RX_FDIR_ID != (1 << FDIR_ID_BIT_SHIFT));
+   RTE_BUILD_BUG_ON(RTE_MBUF_F_RX_FDIR_ID != (1 << 
I40E_FDIR_ID_BIT_SHIFT));
__m128i v_mask_one_bit = _mm_srli_epi32(v_fdir_id_mask, 31);
-   return _mm_slli_epi32(v_mask_one_bit, FDIR_ID_BIT_SHIFT);
+   return _mm_slli_epi32(v_mask_one_bit, I40E_FDIR_ID_BIT_SHIFT);
 }
 #endif
 
-- 
2.43.0

[PATCH v4 5/6] mempool: avoid floating point expression in static assertion

[Stephen Hemminger]

Clang does not handle casts in static_assert() expressions.
It doesn't like use of floating point to calculate threshold.
Use a different expression with same effect.

Modify comment in mlx5 so that developers don't go searching
for old value.

Signed-off-by: Stephen Hemminger 
---
 drivers/net/mlx5/mlx5_rxq.c | 2 +-
 lib/mempool/rte_mempool.c   | 7 ---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/drivers/net/mlx5/mlx5_rxq.c b/drivers/net/mlx5/mlx5_rxq.c
index 1bb036afebb3..7d972b6d927c 100644
--- a/drivers/net/mlx5/mlx5_rxq.c
+++ b/drivers/net/mlx5/mlx5_rxq.c
@@ -1444,7 +1444,7 @@ mlx5_mprq_alloc_mp(struct rte_eth_dev *dev)
/*
 * rte_mempool_create_empty() has sanity check to refuse large cache
 * size compared to the number of elements.
-* CACHE_FLUSHTHRESH_MULTIPLIER is defined in a C file, so using a
+* CALC_CACHE_FLUSHTHRESH() is defined in a C file, so using a
 * constant number 2 instead.
 */
obj_num = RTE_MAX(obj_num, MLX5_MPRQ_MP_CACHE_SZ * 2);
diff --git a/lib/mempool/rte_mempool.c b/lib/mempool/rte_mempool.c
index b7a19bea7185..12390a2c8155 100644
--- a/lib/mempool/rte_mempool.c
+++ b/lib/mempool/rte_mempool.c
@@ -50,9 +50,10 @@ static void
 mempool_event_callback_invoke(enum rte_mempool_event event,
  struct rte_mempool *mp);
 
-#define CACHE_FLUSHTHRESH_MULTIPLIER 1.5
-#define CALC_CACHE_FLUSHTHRESH(c)  \
-   ((typeof(c))((c) * CACHE_FLUSHTHRESH_MULTIPLIER))
+/* Note: avoid using floating point since that compiler
+ * may not think that is constant.
+ */
+#define CALC_CACHE_FLUSHTHRESH(c) (((c) * 3) / 2)
 
 #if defined(RTE_ARCH_X86)
 /*
-- 
2.43.0

[PATCH v4 6/6] eal: replace out of bounds VLA with static_assert

[Stephen Hemminger]

Both Gcc, clang and MSVC have better way to do compile time
assertions rather than using out of bounds array access.
The old method would fail if -Wvla is enabled because compiler
can't determine size in that code.  Also, the use of new
_Static_assert will catch broken code that is passing non-constant
expression to RTE_BUILD_BUG_ON().

Need to add brackets {} around the static_assert() to workaround
a bug in clang. Clang was not handling static_assert() in
a switch case properly.

Signed-off-by: Stephen Hemminger 
Acked-by: Morten Brørup 
Acked-by: Tyler Retzlaff 
Acked-by: Andrew Rybchenko 

---
 lib/eal/include/rte_common.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/eal/include/rte_common.h b/lib/eal/include/rte_common.h
index 33680e818bfb..f63119b444fa 100644
--- a/lib/eal/include/rte_common.h
+++ b/lib/eal/include/rte_common.h
@@ -16,6 +16,7 @@
 extern "C" {
 #endif
 
+#include 
 #include 
 #include 
 
@@ -495,7 +496,7 @@ rte_is_aligned(const void * const __rte_restrict ptr, const 
unsigned int align)
 /**
  * Triggers an error at compilation time if the condition is true.
  */
-#define RTE_BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))
+#define RTE_BUILD_BUG_ON(condition) { static_assert(!(condition), #condition); 
}
 
 /*** Cache line related macros /
 
-- 
2.43.0

RE: [PATCH v4 5/6] mempool: avoid floating point expression in static assertion

[Morten Brørup]

> From: Stephen Hemminger [mailto:step...@networkplumber.org]
> Sent: Wednesday, 17 January 2024 19.20
> 
> Clang does not handle casts in static_assert() expressions.
> It doesn't like use of floating point to calculate threshold.
> Use a different expression with same effect.
> 
> Modify comment in mlx5 so that developers don't go searching
> for old value.
> 
> Signed-off-by: Stephen Hemminger 

Acked-by: Morten Brørup 

[dpdk-dev] [PATCH v2] eal: refactor rte_eal_init into sub-functions

[Rahul Gupta]

From: Rahul Gupta 

In continuation to the following email, I am sending this patch.
(https://inbox.dpdk.org/dev/20231110172523.ga17...@microsoft.com/)

Initialization requires rte_eal_init + rte_pktmbuf_pool_create which
can consume a total time of 500-600 ms:
a) For many devices FLR may take a significant chunk of time
   (200-250 ms in our use-case), this FLR is triggered during device
   probe in rte_eal_init().
b) rte_pktmbuf_pool_create() can consume up to 300-350 ms for
applications that require huge memory.

This cost is incurred on each restart (which happens in our use-case
during binary updates for servicing).
This patch provides an optimization using pthreads that applications
can use and which can save 200-230ms.

In this patch, rte_eal_init() is refactored into two parts-
a) 1st part is dependent code ie- it’s a perquisite of the FLR and
   mempool creation. So this code needs to be executed before any
   pthreads. Its named as rte_eal_init_setup()
b) 2nd part of code is independent code ie- it can execute in parallel
   to mempool creation in a pthread. Its named as rte_eal_init_async().

Existing applications requires to just call-
rte_eal_init_wait_async_complete() after rte_eal_init() unless they wish
to leverage the optimization.

If the application wants to leverage this optimization, then it should
create a thread using rte_eal_remote_launch() to schedule a task it would
like todo in parallel rte_eal_init_async(), this task can be a mbuf pool
creation using- rte_pktmbuf_pool_create()

After both the above tasks, if next operations require completion of
above thread a), then user can use rte_eal_init_wait_async_complete(),
or if user wants to just check status of that thread, then use-
rte_eal_init_async_done()

Signed-off-by: Rahul Gupta 
Signed-off-by: Rahul Gupta 
---
v2: Address Stephen Hemminger's comment

 app/test-pmd/testpmd.c| 20 +++
 lib/eal/include/rte_eal.h | 48 
 lib/eal/linux/eal.c   | 52 ---
 lib/eal/version.map   |  6 +
 4 files changed, 123 insertions(+), 3 deletions(-)

diff --git a/app/test-pmd/testpmd.c b/app/test-pmd/testpmd.c
index 9e4e99e53b..94d667eb77 100644
--- a/app/test-pmd/testpmd.c
+++ b/app/test-pmd/testpmd.c
@@ -4531,6 +4531,7 @@ main(int argc, char** argv)
portid_t port_id;
uint16_t count;
int ret;
+   int lcore_id;
 
 #ifdef RTE_EXEC_ENV_WINDOWS
signal(SIGINT, signal_handler);
@@ -4555,6 +4556,25 @@ main(int argc, char** argv)
rte_exit(EXIT_FAILURE, "Cannot init EAL: %s\n",
 rte_strerror(rte_errno));
 
+   lcore_id = rte_lcore_id();
+   lcore_id = rte_get_next_lcore(lcore_id, 0, 1);
+   /* Gives status of rte_eal_init_async() */
+   while (rte_eal_init_async_done(lcore_id) == 0)
+   ;
+
+   /*
+* Use rte_eal_init_wait_async_complete() to get return value of
+* rte_eal_init_async().
+* Or
+* if testpmd application dont want to know progress/status of
+* rte_eal_init_async() and just want to wait till it finishes
+* then use following function.
+*/
+   ret = rte_eal_init_wait_async_complete();
+   if (ret < 0)
+   rte_exit(EXIT_FAILURE, "Cannot init EAL: "
+"rte_eal_init_async() failed: %s\n",
+strerror(ret));
/* allocate port structures, and init them */
init_port();
 
diff --git a/lib/eal/include/rte_eal.h b/lib/eal/include/rte_eal.h
index c2256f832e..91ed80e292 100644
--- a/lib/eal/include/rte_eal.h
+++ b/lib/eal/include/rte_eal.h
@@ -111,6 +111,54 @@ int rte_eal_iopl_init(void);
  */
 int rte_eal_init(int argc, char **argv);
 
+/**
+ * Initialize the Environment Abstraction Layer (EAL): Initial setup
+ *
+ * Its called from rte_eal_init() on MASTER lcore only and must NOT be directly
+ * called by user application.
+ * The driver dependent code is present in this function, ie before calling 
any other
+ * function eal library function this function must be complete successfully.
+ *
+ * return value is same as rte_eal_init().
+ */
+__rte_experimental int rte_eal_init_setup(int argc, char **argv);
+
+/**
+ * Initialize the Environment Abstraction Layer (EAL): FLR and probe device
+ *
+ * Its thread is forked by rte_eal_init() and must NOT be directly called by 
user application.
+ * Launched on next available worker lcore.
+ * In this function initialisation needed for memory pool creation is 
completed,
+ * so this code can be executed in parallel to non device related operations
+ * like mbuf pool creation.
+ *
+ * return value is same as rte_eal_init().
+ */
+__rte_experimental int rte_eal_init_async(__attribute__((unused)) void *arg);
+
+/**
+ * Initialize the Environment Abstraction Layer (EAL): Indication of 
rte_eal_init() completion
+ *
+ * It waits for rte_eal_init_async() to finish. It MUST be called 

[PATCH v1] gro : packets not getting flushed in heavy-weight mode API

[Kumara Parameshwaran]

In heavy-weight mode GRO which is based on timer, the GRO packets will not be
flushed inspite of timer expiry if there is no packet in the current poll.
If timer mode GRO is enabled the rte_gro_timeout_flush API should be invoked.

Signed-off-by: Kumara Parameshwaran 
---
v1:
Changes to make sure that the GRO flush API is invoked if there are no 
packets in 
current poll and timer expiry.

 app/test-pmd/csumonly.c | 16 
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/app/test-pmd/csumonly.c b/app/test-pmd/csumonly.c
index c103e54111..42f105ac16 100644
--- a/app/test-pmd/csumonly.c
+++ b/app/test-pmd/csumonly.c
@@ -863,16 +863,24 @@ pkt_burst_checksum_forward(struct fwd_stream *fs)
 
/* receive a burst of packet */
nb_rx = common_fwd_stream_receive(fs, pkts_burst, nb_pkt_per_burst);
-   if (unlikely(nb_rx == 0))
+   if (unlikely(nb_rx == 0)) {
+#ifdef RTE_LIB_GRO
+   gro_enable = gro_ports[fs->rx_port].enable;
+   if (unlikely(gro_enable && (gro_flush_cycles != 
GRO_DEFAULT_FLUSH_CYCLES))) {
+   goto init;
+   } else {
+   return false;
+   }
+#else
return false;
+#endif
+   }
 
+init:
rx_bad_ip_csum = 0;
rx_bad_l4_csum = 0;
rx_bad_outer_l4_csum = 0;
rx_bad_outer_ip_csum = 0;
-#ifdef RTE_LIB_GRO
-   gro_enable = gro_ports[fs->rx_port].enable;
-#endif
 
txp = &ports[fs->tx_port];
tx_offloads = txp->dev_conf.txmode.offloads;
-- 
2.25.1

Re: [PATCH v1] gro : packets not getting flushed in heavy-weight mode API

[kumaraparameshwaran rathinavel]

On Thu, Jan 18, 2024 at 1:22 AM Kumara Parameshwaran <
kumaraparames...@gmail.com> wrote:

> In heavy-weight mode GRO which is based on timer, the GRO packets will not
> be
> flushed inspite of timer expiry if there is no packet in the current poll.
> If timer mode GRO is enabled the rte_gro_timeout_flush API should be
> invoked.
>
> Signed-off-by: Kumara Parameshwaran 
> ---
> v1:
> Changes to make sure that the GRO flush API is invoked if there are no
> packets in
> current poll and timer expiry.
>
>  app/test-pmd/csumonly.c | 16 
>  1 file changed, 12 insertions(+), 4 deletions(-)
>
> diff --git a/app/test-pmd/csumonly.c b/app/test-pmd/csumonly.c
> index c103e54111..42f105ac16 100644
> --- a/app/test-pmd/csumonly.c
> +++ b/app/test-pmd/csumonly.c
> @@ -863,16 +863,24 @@ pkt_burst_checksum_forward(struct fwd_stream *fs)
>
> /* receive a burst of packet */
> nb_rx = common_fwd_stream_receive(fs, pkts_burst,
> nb_pkt_per_burst);
> -   if (unlikely(nb_rx == 0))
> +   if (unlikely(nb_rx == 0)) {
> +#ifdef RTE_LIB_GRO
> +   gro_enable = gro_ports[fs->rx_port].enable;
> +   if (unlikely(gro_enable && (gro_flush_cycles !=
> GRO_DEFAULT_FLUSH_CYCLES))) {
> +   goto init;
> +   } else {
> +   return false;
> +   }
> +#else
> return false;
> +#endif
> +   }
>
> +init:
> rx_bad_ip_csum = 0;
> rx_bad_l4_csum = 0;
> rx_bad_outer_l4_csum = 0;
> rx_bad_outer_ip_csum = 0;
> -#ifdef RTE_LIB_GRO
> -   gro_enable = gro_ports[fs->rx_port].enable;
> -#endif
>
> txp = &ports[fs->tx_port];
> tx_offloads = txp->dev_conf.txmode.offloads;
> --
> 2.25.1
> >>Please ignore this patch, this has an issue will raise a new one.
>
>

[PATCH v9] gro: fix reordering of packets in GRO layer

[Kumara Parameshwaran]

In the current implementation when a packet is received with
special TCP flag(s) set, only that packet is delivered out of order.
There could be already coalesced packets in the GRO table
belonging to the same flow but not delivered.
This fix makes sure that the entire segment is delivered with the
special flag(s) set which is how the Linux GRO is also implemented

Signed-off-by: Kumara Parameshwaran 
Co-authored-by: Kumara Parameshwaran 
---
If the received packet is not a pure ACK packet, we check if
there are any previous packets in the flow, if present we indulge
the received packet also in the coalescing logic and update the flags
of the last recived packet to the entire segment which would avoid
re-ordering.

Lets say a case where P1(PSH), P2(ACK), P3(ACK)  are received in burst 
mode,
P1 contains PSH flag and since it does not contain any prior packets in 
the flow
we copy it to unprocess_packets and P2(ACK) and P3(ACK) are merged 
together.
In the existing case the  P2,P3 would be delivered as single segment 
first and the
unprocess_packets will be copied later which will cause reordering. 
With the patch
copy the unprocess packets first and then the packets from the GRO 
table.

Testing done
The csum test-pmd was modified to support the following
GET request of 10MB from client to server via test-pmd (static arp 
entries added in client
and server). Enable GRO and TSO in test-pmd where the packets recived 
from the client mac
would be sent to server mac and vice versa.
In above testing, without the patch the client observerd re-ordering of 
25 packets
and with the patch there were no packet re-ordering observerd.

v2: 
Fix warnings in commit and comment.
Do not consider packet as candidate to merge if it contains SYN/RST 
flag.

v3:
Fix warnings.

v4:
Rebase with master.

v5:
Adding co-author email
v6:
Address review comments from the maintainer to restructure the code 
and handle only special flags PSH,FIN

v7:
Fix warnings and errors

v8:
Fix warnings and errors

v9:
Fix commit message 

 lib/gro/gro_tcp.h  | 11 
 lib/gro/gro_tcp4.c | 67 +-
 2 files changed, 54 insertions(+), 24 deletions(-)

diff --git a/lib/gro/gro_tcp.h b/lib/gro/gro_tcp.h
index d926c4b8cc..137a03bc96 100644
--- a/lib/gro/gro_tcp.h
+++ b/lib/gro/gro_tcp.h
@@ -187,4 +187,15 @@ is_same_common_tcp_key(struct cmn_tcp_key *k1, struct 
cmn_tcp_key *k2)
return (!memcmp(k1, k2, sizeof(struct cmn_tcp_key)));
 }
 
+static inline void
+update_tcp_hdr_flags(struct rte_tcp_hdr *tcp_hdr, struct rte_mbuf *pkt)
+{
+   struct rte_tcp_hdr *merged_tcp_hdr;
+
+   merged_tcp_hdr = rte_pktmbuf_mtod_offset(pkt, struct rte_tcp_hdr *, 
pkt->l2_len +
+   pkt->l3_len);
+   merged_tcp_hdr->tcp_flags |= tcp_hdr->tcp_flags;
+
+}
+
 #endif
diff --git a/lib/gro/gro_tcp4.c b/lib/gro/gro_tcp4.c
index 6645de592b..8af5a8d8a9 100644
--- a/lib/gro/gro_tcp4.c
+++ b/lib/gro/gro_tcp4.c
@@ -126,6 +126,7 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
uint32_t item_idx;
uint32_t i, max_flow_num, remaining_flow_num;
uint8_t find;
+   uint32_t item_start_idx;
 
/*
 * Don't process the packet whose TCP header length is greater
@@ -139,13 +140,6 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
tcp_hdr = (struct rte_tcp_hdr *)((char *)ipv4_hdr + pkt->l3_len);
hdr_len = pkt->l2_len + pkt->l3_len + pkt->l4_len;
 
-   /*
-* Don't process the packet which has FIN, SYN, RST, PSH, URG, ECE
-* or CWR set.
-*/
-   if (tcp_hdr->tcp_flags != RTE_TCP_ACK_FLAG)
-   return -1;
-
/* trim the tail padding bytes */
ip_tlen = rte_be_to_cpu_16(ipv4_hdr->total_length);
if (pkt->pkt_len > (uint32_t)(ip_tlen + pkt->l2_len))
@@ -183,6 +177,7 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
if (tbl->flows[i].start_index != INVALID_ARRAY_INDEX) {
if (is_same_tcp4_flow(tbl->flows[i].key, key)) {
find = 1;
+   item_start_idx = tbl->flows[i].start_index;
break;
}
remaining_flow_num--;
@@ -190,28 +185,52 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
}
 
if (find == 0) {
-   sent_seq = rte_be_to_cpu_32(tcp_hdr->sent_seq);
-   item_idx = insert_new_tcp_item(pkt, tbl->items, &tbl->item_num,
-   tbl->max_item_num, start_time,
-   INVALID_ARRAY_INDEX, sent_seq, 
ip_id,
-   is_atomic);
-   if (

Re: [PATCH v9] gro: fix reordering of packets in GRO layer

[kumaraparameshwaran rathinavel]

On Thu, Jan 18, 2024 at 1:40 AM Kumara Parameshwaran <
kumaraparames...@gmail.com> wrote:

> In the current implementation when a packet is received with
> special TCP flag(s) set, only that packet is delivered out of order.
> There could be already coalesced packets in the GRO table
> belonging to the same flow but not delivered.
> This fix makes sure that the entire segment is delivered with the
> special flag(s) set which is how the Linux GRO is also implemented
>
> Signed-off-by: Kumara Parameshwaran 
> Co-authored-by: Kumara Parameshwaran 
> ---
> If the received packet is not a pure ACK packet, we check if
> there are any previous packets in the flow, if present we indulge
> the received packet also in the coalescing logic and update the
> flags
> of the last recived packet to the entire segment which would avoid
> re-ordering.
>
> Lets say a case where P1(PSH), P2(ACK), P3(ACK)  are received in
> burst mode,
> P1 contains PSH flag and since it does not contain any prior
> packets in the flow
> we copy it to unprocess_packets and P2(ACK) and P3(ACK) are merged
> together.
> In the existing case the  P2,P3 would be delivered as single
> segment first and the
> unprocess_packets will be copied later which will cause
> reordering. With the patch
> copy the unprocess packets first and then the packets from the GRO
> table.
>
> Testing done
> The csum test-pmd was modified to support the following
> GET request of 10MB from client to server via test-pmd (static arp
> entries added in client
> and server). Enable GRO and TSO in test-pmd where the packets
> recived from the client mac
> would be sent to server mac and vice versa.
> In above testing, without the patch the client observerd
> re-ordering of 25 packets
> and with the patch there were no packet re-ordering observerd.
>
> v2:
> Fix warnings in commit and comment.
> Do not consider packet as candidate to merge if it contains
> SYN/RST flag.
>
> v3:
> Fix warnings.
>
> v4:
> Rebase with master.
>
> v5:
> Adding co-author email
> v6:
> Address review comments from the maintainer to restructure the
> code
> and handle only special flags PSH,FIN
>
> v7:
> Fix warnings and errors
>
> v8:
> Fix warnings and errors
>
> v9:
> Fix commit message
>
>  lib/gro/gro_tcp.h  | 11 
>  lib/gro/gro_tcp4.c | 67 +-
>  2 files changed, 54 insertions(+), 24 deletions(-)
>
> diff --git a/lib/gro/gro_tcp.h b/lib/gro/gro_tcp.h
> index d926c4b8cc..137a03bc96 100644
> --- a/lib/gro/gro_tcp.h
> +++ b/lib/gro/gro_tcp.h
> @@ -187,4 +187,15 @@ is_same_common_tcp_key(struct cmn_tcp_key *k1, struct
> cmn_tcp_key *k2)
> return (!memcmp(k1, k2, sizeof(struct cmn_tcp_key)));
>  }
>
> +static inline void
> +update_tcp_hdr_flags(struct rte_tcp_hdr *tcp_hdr, struct rte_mbuf *pkt)
> +{
> +   struct rte_tcp_hdr *merged_tcp_hdr;
> +
> +   merged_tcp_hdr = rte_pktmbuf_mtod_offset(pkt, struct rte_tcp_hdr
> *, pkt->l2_len +
> +   pkt->l3_len);
> +   merged_tcp_hdr->tcp_flags |= tcp_hdr->tcp_flags;
> +
> +}
> +
>  #endif
> diff --git a/lib/gro/gro_tcp4.c b/lib/gro/gro_tcp4.c
> index 6645de592b..8af5a8d8a9 100644
> --- a/lib/gro/gro_tcp4.c
> +++ b/lib/gro/gro_tcp4.c
> @@ -126,6 +126,7 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
> uint32_t item_idx;
> uint32_t i, max_flow_num, remaining_flow_num;
> uint8_t find;
> +   uint32_t item_start_idx;
>
> /*
>  * Don't process the packet whose TCP header length is greater
> @@ -139,13 +140,6 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
> tcp_hdr = (struct rte_tcp_hdr *)((char *)ipv4_hdr + pkt->l3_len);
> hdr_len = pkt->l2_len + pkt->l3_len + pkt->l4_len;
>
> -   /*
> -* Don't process the packet which has FIN, SYN, RST, PSH, URG, ECE
> -* or CWR set.
> -*/
> -   if (tcp_hdr->tcp_flags != RTE_TCP_ACK_FLAG)
> -   return -1;
> -
> /* trim the tail padding bytes */
> ip_tlen = rte_be_to_cpu_16(ipv4_hdr->total_length);
> if (pkt->pkt_len > (uint32_t)(ip_tlen + pkt->l2_len))
> @@ -183,6 +177,7 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
> if (tbl->flows[i].start_index != INVALID_ARRAY_INDEX) {
> if (is_same_tcp4_flow(tbl->flows[i].key, key)) {
> find = 1;
> +   item_start_idx = tbl->flows[i].start_index;
> break;
> }
> remaining_flow_num--;
> @@ -190,28 +185,52 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
> }
>
> if (find == 0) {
> -   sent_seq = rte_be_to_cpu_32(tcp_hdr->sent_seq);
> - 

[PATCH v2] gro : packets not getting flushed in heavy-weight mode API

[Kumara Parameshwaran]

In heavy-weight mode GRO which is based on timer, the GRO packets will not be
flushed inspite of timer expiry if there is no packet in the current poll.
If timer mode GRO is enabled the rte_gro_timeout_flush API should be invoked.

Signed-off-by: Kumara Parameshwaran 
---
v1:
Changes to make sure that the GRO flush API is invoked if there are no 
packets in 
current poll and timer expiry.

v2:
Fix code organisation issue

 app/test-pmd/csumonly.c | 15 ---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/app/test-pmd/csumonly.c b/app/test-pmd/csumonly.c
index c103e54111..c1fde50126 100644
--- a/app/test-pmd/csumonly.c
+++ b/app/test-pmd/csumonly.c
@@ -863,16 +863,25 @@ pkt_burst_checksum_forward(struct fwd_stream *fs)
 
/* receive a burst of packet */
nb_rx = common_fwd_stream_receive(fs, pkts_burst, nb_pkt_per_burst);
+#ifdef RTE_LIB_GRO
+   gro_enable = gro_ports[fs->rx_port].enable;
+   if (unlikely(nb_rx == 0)) {
+   if (gro_enable && (gro_flush_cycles != 
GRO_DEFAULT_FLUSH_CYCLES)) {
+   goto init;
+   } else {
+   return false;
+   }
+   }
+#else
if (unlikely(nb_rx == 0))
return false;
+#endif
 
+init:
rx_bad_ip_csum = 0;
rx_bad_l4_csum = 0;
rx_bad_outer_l4_csum = 0;
rx_bad_outer_ip_csum = 0;
-#ifdef RTE_LIB_GRO
-   gro_enable = gro_ports[fs->rx_port].enable;
-#endif
 
txp = &ports[fs->tx_port];
tx_offloads = txp->dev_conf.txmode.offloads;
-- 
2.25.1

[PATCH v3] gro : packets not getting flushed in heavy-weight mode API

[Kumara Parameshwaran]

In heavy-weight mode GRO which is based on timer, the GRO packets will not be
flushed inspite of timer expiry if there is no packet in the current poll.
If timer mode GRO is enabled the rte_gro_timeout_flush API should be invoked.

Signed-off-by: Kumara Parameshwaran 
---
v1:
Changes to make sure that the GRO flush API is invoked if there are no 
packets in 
current poll and timer expiry.

v2:
Fix code organisation issue

v3:
Fix warnings

 app/test-pmd/csumonly.c | 14 +++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/app/test-pmd/csumonly.c b/app/test-pmd/csumonly.c
index c103e54111..b50f1b01d0 100644
--- a/app/test-pmd/csumonly.c
+++ b/app/test-pmd/csumonly.c
@@ -863,16 +863,24 @@ pkt_burst_checksum_forward(struct fwd_stream *fs)
 
/* receive a burst of packet */
nb_rx = common_fwd_stream_receive(fs, pkts_burst, nb_pkt_per_burst);
+#ifdef RTE_LIB_GRO
+   gro_enable = gro_ports[fs->rx_port].enable;
+   if (unlikely(nb_rx == 0)) {
+   if (gro_enable && (gro_flush_cycles != 
GRO_DEFAULT_FLUSH_CYCLES))
+   goto init;
+   else 
+   return false;
+   }
+#else
if (unlikely(nb_rx == 0))
return false;
+#endif
 
+init:
rx_bad_ip_csum = 0;
rx_bad_l4_csum = 0;
rx_bad_outer_l4_csum = 0;
rx_bad_outer_ip_csum = 0;
-#ifdef RTE_LIB_GRO
-   gro_enable = gro_ports[fs->rx_port].enable;
-#endif
 
txp = &ports[fs->tx_port];
tx_offloads = txp->dev_conf.txmode.offloads;
-- 
2.25.1

[PATCH v4] gro : packets not getting flushed in heavy-weight mode API

[Kumara Parameshwaran]

In heavy-weight mode GRO which is based on timer, the GRO packets will not be
flushed in spite of timer expiry if there is no packet in the current poll.
If timer mode GRO is enabled the rte_gro_timeout_flush API should be invoked.

Signed-off-by: Kumara Parameshwaran 
---
v1:
Changes to make sure that the GRO flush API is invoked if there are no 
packets in 
current poll and timer expiry.

v2:
Fix code organisation issue

v3:
Fix warnings

v4:
Fix error and warnings
 app/test-pmd/csumonly.c | 14 +++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/app/test-pmd/csumonly.c b/app/test-pmd/csumonly.c
index c103e54111..4265f98c15 100644
--- a/app/test-pmd/csumonly.c
+++ b/app/test-pmd/csumonly.c
@@ -863,16 +863,24 @@ pkt_burst_checksum_forward(struct fwd_stream *fs)
 
/* receive a burst of packet */
nb_rx = common_fwd_stream_receive(fs, pkts_burst, nb_pkt_per_burst);
+#ifdef RTE_LIB_GRO
+   gro_enable = gro_ports[fs->rx_port].enable;
+   if (unlikely(nb_rx == 0)) {
+   if (gro_enable && (gro_flush_cycles != 
GRO_DEFAULT_FLUSH_CYCLES))
+   goto init;
+   else
+   return false;
+   }
+#else
if (unlikely(nb_rx == 0))
return false;
+#endif
 
+init:
rx_bad_ip_csum = 0;
rx_bad_l4_csum = 0;
rx_bad_outer_l4_csum = 0;
rx_bad_outer_ip_csum = 0;
-#ifdef RTE_LIB_GRO
-   gro_enable = gro_ports[fs->rx_port].enable;
-#endif
 
txp = &ports[fs->tx_port];
tx_offloads = txp->dev_conf.txmode.offloads;
-- 
2.25.1

Re: [dpdk-dev] [PATCH v2] eal: refactor rte_eal_init into sub-functions

[Stephen Hemminger]

On Wed, 17 Jan 2024 11:25:02 -0800
Rahul Gupta  wrote:

> + lcore_id = rte_lcore_id();
> + lcore_id = rte_get_next_lcore(lcore_id, 0, 1);
> + /* Gives status of rte_eal_init_async() */
> + while (rte_eal_init_async_done(lcore_id) == 0)
> + ;

Will this all work if application is run with single lcore?
It would work before this.

Re: [PATCH v2 1/2] config/arm: allow WFE to be enabled config time

[Ruifeng Wang]

On 2024/1/17 10:25 PM, pbhagavat...@marvell.com wrote:

From: Pavan Nikhilesh 

Allow RTE_ARM_USE_WFE to be enabled at meson configuration
time by passing it via c_args instead of modifying
`config/arm/meson.build`.

Example usage:
  meson build -Dc_args='-DRTE_ARM_USE_WFE' \
--cross-file config/arm/arm64_cn10k_linux_gcc

Signed-off-by: Pavan Nikhilesh 
---
  config/arm/meson.build | 1 -
  1 file changed, 1 deletion(-)

diff --git a/config/arm/meson.build b/config/arm/meson.build
index 36f21d2259..a63711e986 100644
--- a/config/arm/meson.build
+++ b/config/arm/meson.build
@@ -17,7 +17,6 @@ flags_common = [
  #['RTE_ARM64_MEMCPY_ALIGN_MASK', 0xF],
  #['RTE_ARM64_MEMCPY_STRICT_ALIGN', false],
  
-['RTE_ARM_USE_WFE', false],


What about commenting this line out instead?
It will be easier to track the configurables.


  ['RTE_ARCH_ARM64', true],
  ['RTE_CACHE_LINE_SIZE', 128]
  ]

Re: [PATCH 1/2] config/arm: fix CN10K minimum march requirement

[Ruifeng Wang]

On 2024/1/4 5:18 PM, pbhagavat...@marvell.com wrote:

From: Pavan Nikhilesh 

Meson selects march and mcpu based on compiler support and
partnumber, only the minimum required march should be defined
in cross compile configuration file.

Fixes: 1b4c86a721c9 ("config/arm: add Marvell CN10K")
Cc: sta...@dpdk.org

Signed-off-by: Pavan Nikhilesh 
---
  config/arm/arm64_cn10k_linux_gcc | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/arm/arm64_cn10k_linux_gcc b/config/arm/arm64_cn10k_linux_gcc
index fa904af5d0..801a7ededd 100644
--- a/config/arm/arm64_cn10k_linux_gcc
+++ b/config/arm/arm64_cn10k_linux_gcc
@@ -10,7 +10,7 @@ cmake = 'cmake'
  [host_machine]
  system = 'linux'
  cpu_family = 'aarch64'
-cpu = 'armv8.6-a'
+cpu = 'armv8-a'
  endian = 'little'
  
  [properties]


The host_machine.cpu in cross file doesn't take effect.
There is an effort to remove the confusion. Can you have a review?
https://patches.dpdk.org/project/dpdk/patch/20231205035259.3516625-3-joyce.k...@arm.com/

Re: [PATCH 2/2] config/arm: add armv9-a march

[Ruifeng Wang]

On 2024/1/4 5:18 PM, pbhagavat...@marvell.com wrote:

From: Pavan Nikhilesh 

Now that major versions of GCC recognize armv9-a march option,
add it to the list of supported march.
Update neoverse-n2 part number to include march as armv9-a.

Signed-off-by: Pavan Nikhilesh 
---
  config/arm/meson.build | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/arm/meson.build b/config/arm/meson.build
index 36f21d2259..0804877b57 100644
--- a/config/arm/meson.build
+++ b/config/arm/meson.build
@@ -92,6 +92,7 @@ part_number_config_arm = {
  'march': 'armv8.4-a',
  },
  '0xd49': {
+'march': 'armv9-a',
  'march_features': ['sve2'],
  'compiler_options': ['-mcpu=neoverse-n2'],
  'flags': [
@@ -701,7 +702,7 @@ if update_flags
  if part_number_config.get('force_march', false)
  candidate_march = part_number_config['march']
  else
-supported_marchs = ['armv8.6-a', 'armv8.5-a', 'armv8.4-a', 
'armv8.3-a',
+supported_marchs = ['armv9-a', 'armv8.6-a', 'armv8.5-a', 
'armv8.4-a', 'armv8.3-a',


armv9.x-a have some overlap with armv8.x-a.
For armv9.0, the next candidate fallback should be armv8.4-a instead of 
armv8.6-a.

armv9 should be treated differently for fallback support.


  'armv8.2-a', 'armv8.1-a', 'armv8-a']
  check_compiler_support = false
  foreach supported_march: supported_marchs

FreeBSD 14.0 build failure

[Stephen Hemminger]

DPDK will not build on FreeBSD 14.0

[2/2] Generating kernel/freebsd/nic_uio with a custom command
FAILED: kernel/freebsd/nic_uio.ko 
/usr/bin/make -f ../kernel/freebsd/BSDmakefile.meson KMOD_OBJDIR=kernel/freebsd 
KMOD_SRC=../kernel/freebsd/nic_uio/nic_uio.c KMOD=nic_uio 
'KMOD_CFLAGS=-I/home/shemminger/dpdk/build -I/home/shemminger/dpdk/config 
-include rte_config.h' CC=clang
clang  -O2 -pipe -include rte_config.h  -fno-strict-aliasing -Werror -D_KERNEL 
-DKLD_MODULE -nostdinc  -I/home/shemminger/dpdk/build 
-I/home/shemminger/dpdk/config -include 
/home/shemminger/dpdk/build/kernel/freebsd/opt_global.h -I. -I/usr/src/sys 
-I/usr/src/sys/contrib/ck/include -fno-common  -fno-omit-frame-pointer 
-mno-omit-leaf-frame-pointer 
-fdebug-prefix-map=./machine=/usr/src/sys/amd64/include 
-fdebug-prefix-map=./x86=/usr/src/sys/x86/include 
-fdebug-prefix-map=./i386=/usr/src/sys/i386/include -MD  
-MF.depend.nic_uio.o -MTnic_uio.o -mcmodel=kernel -mno-red-zone -mno-mmx 
-mno-sse -msoft-float  -fno-asynchronous-unwind-tables -ffreestanding -fwrapv 
-fstack-protector -Wall -Wstrict-prototypes -Wmissing-prototypes 
-Wpointer-arith -Wcast-qual -Wundef -Wno-pointer-sign 
-D__printf__=__freebsd_kprintf__ -Wmissing-include-dirs 
-fdiagnostics-show-option -Wno-unknown-pragmas -Wno-error=tautological-compare 
-Wno-error=empty-body -Wno-error=parentheses-equality -Wno-error=unused-functi
 on -Wno-error=pointer-sign -Wno-error=shift-negative-value 
-Wno-address-of-packed-member -Wno-format-zero-length   -mno-aes -mno-avx  
-std=gnu99 -c /home/shemminger/dpdk/kernel/freebsd/nic_uio/nic_uio.c -o 
nic_uio.o
/home/shemminger/dpdk/kernel/freebsd/nic_uio/nic_uio.c:84:81: error: too many 
arguments provided to function-like macro invocation
DRIVER_MODULE(nic_uio, pci, nic_uio_driver, nic_uio_devclass, nic_uio_modevent, 
0);

^
/usr/src/sys/sys/bus.h:832:9: note: macro 'DRIVER_MODULE' defined here
#define DRIVER_MODULE(name, busname, driver, evh, arg)  \
^
/home/shemminger/dpdk/kernel/freebsd/nic_uio/nic_uio.c:84:1: error: type 
specifier missing, defaults to 'int'; ISO C99 and later do not support implicit 
int [-Werror,-Wimplicit-int]
DRIVER_MODULE(nic_uio, pci, nic_uio_driver, nic_uio_devclass, nic_uio_modevent, 
0);
^

[RFC 1/2] config/arm: add Neoverse V2 part number

[Honnappa Nagarahalli]

Add Arm Neoverse V2 part number

Signed-off-by: Honnappa Nagarahalli 
---
 config/arm/meson.build | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/config/arm/meson.build b/config/arm/meson.build
index 36f21d2259..18b595ead1 100644
--- a/config/arm/meson.build
+++ b/config/arm/meson.build
@@ -100,6 +100,16 @@ part_number_config_arm = {
 ['RTE_MAX_LCORE', 128],
 ['RTE_MAX_NUMA_NODES', 2]
 ]
+},
+'0xd4f': {
+'march_features': ['sve2'],
+'compiler_options': ['-mcpu=neoverse-v2'],
+'flags': [
+['RTE_MACHINE', '"neoverse-v2"'],
+['RTE_ARM_FEATURE_ATOMICS', true],
+['RTE_MAX_LCORE', 144],
+['RTE_MAX_NUMA_NODES', 2]
+]
 }
 }
 implementer_arm = {
-- 
2.25.1

[RFC 2/2] config/arm: add NVIDIA Grace CPU

[Honnappa Nagarahalli]

Add meson build configuration for NVIDIA Grace platform
with 64-bit Arm Neoverse V2 cores.

Signed-off-by: Honnappa Nagarahalli 
---
 config/arm/arm64_grace_linux_gcc | 16 
 config/arm/meson.build   | 10 ++
 2 files changed, 26 insertions(+)
 create mode 100644 config/arm/arm64_grace_linux_gcc

diff --git a/config/arm/arm64_grace_linux_gcc b/config/arm/arm64_grace_linux_gcc
new file mode 100644
index 00..bde55b17a8
--- /dev/null
+++ b/config/arm/arm64_grace_linux_gcc
@@ -0,0 +1,16 @@
+[binaries]
+c = ['ccache', 'aarch64-linux-gnu-gcc']
+cpp = ['ccache', 'aarch64-linux-gnu-g++']
+ar = 'aarch64-linux-gnu-gcc-ar'
+strip = 'aarch64-linux-gnu-strip'
+pkgconfig = 'aarch64-linux-gnu-pkg-config'
+pcap-config = ''
+
+[host_machine]
+system = 'linux'
+cpu_family = 'aarch64'
+cpu = 'armv9-a'
+endian = 'little'
+
+[properties]
+platform = 'grace'
diff --git a/config/arm/meson.build b/config/arm/meson.build
index 18b595ead1..345a9dbf6b 100644
--- a/config/arm/meson.build
+++ b/config/arm/meson.build
@@ -424,6 +424,14 @@ soc_tys2500 = {
 'numa': true
 }
 
+soc_grace = {
+'description': 'NVIDIA Grace',
+'implementer': '0x41',
+'part_number': '0xd4f',
+'extra_march_features': ['crypto'],
+'numa': true
+}
+
 soc_graviton2 = {
 'description': 'AWS Graviton2',
 'implementer': '0x41',
@@ -544,6 +552,7 @@ dpaa:NXP DPAA
 emag:Ampere eMAG
 ft2000plus:  Phytium FT-2000+
 tys2500: Phytium TengYun S2500
+grace:   NVIDIA Grace
 graviton2:   AWS Graviton2
 graviton3:   AWS Graviton3
 hip10:   HiSilicon HIP10
@@ -575,6 +584,7 @@ socs = {
 'emag': soc_emag,
 'ft2000plus': soc_ft2000plus,
 'tys2500': soc_tys2500,
+'grace': soc_grace,
 'graviton2': soc_graviton2,
 'graviton3': soc_graviton3,
 'hip10': soc_hip10,
-- 
2.25.1

Re: [RFC 1/2] config/arm: add Neoverse V2 part number

[Ruifeng Wang]

On 2024/1/18 10:32 AM, Honnappa Nagarahalli wrote:

Add Arm Neoverse V2 part number

Signed-off-by: Honnappa Nagarahalli 
---
  config/arm/meson.build | 10 ++
  1 file changed, 10 insertions(+)

diff --git a/config/arm/meson.build b/config/arm/meson.build
index 36f21d2259..18b595ead1 100644
--- a/config/arm/meson.build
+++ b/config/arm/meson.build
@@ -100,6 +100,16 @@ part_number_config_arm = {
  ['RTE_MAX_LCORE', 128],
  ['RTE_MAX_NUMA_NODES', 2]
  ]
+},
+'0xd4f': {
+'march_features': ['sve2'],
+'compiler_options': ['-mcpu=neoverse-v2'],
+'flags': [
+['RTE_MACHINE', '"neoverse-v2"'],
+['RTE_ARM_FEATURE_ATOMICS', true],
+['RTE_MAX_LCORE', 144],
+['RTE_MAX_NUMA_NODES', 2]
+]
  }
  }
  implementer_arm = {

Acked-by: Ruifeng Wang 

Re: [RFC 2/2] config/arm: add NVIDIA Grace CPU

[Ruifeng Wang]

On 2024/1/18 10:32 AM, Honnappa Nagarahalli wrote:

Add meson build configuration for NVIDIA Grace platform
with 64-bit Arm Neoverse V2 cores.

Signed-off-by: Honnappa Nagarahalli 
---
  config/arm/arm64_grace_linux_gcc | 16 
  config/arm/meson.build   | 10 ++
  2 files changed, 26 insertions(+)
  create mode 100644 config/arm/arm64_grace_linux_gcc

diff --git a/config/arm/arm64_grace_linux_gcc b/config/arm/arm64_grace_linux_gcc
new file mode 100644
index 00..bde55b17a8
--- /dev/null
+++ b/config/arm/arm64_grace_linux_gcc
@@ -0,0 +1,16 @@
+[binaries]
+c = ['ccache', 'aarch64-linux-gnu-gcc']
+cpp = ['ccache', 'aarch64-linux-gnu-g++']
+ar = 'aarch64-linux-gnu-gcc-ar'
+strip = 'aarch64-linux-gnu-strip'
+pkgconfig = 'aarch64-linux-gnu-pkg-config'
+pcap-config = ''
+
+[host_machine]
+system = 'linux'
+cpu_family = 'aarch64'
+cpu = 'armv9-a'
+endian = 'little'
+
+[properties]
+platform = 'grace'
diff --git a/config/arm/meson.build b/config/arm/meson.build
index 18b595ead1..345a9dbf6b 100644
--- a/config/arm/meson.build
+++ b/config/arm/meson.build
@@ -424,6 +424,14 @@ soc_tys2500 = {
  'numa': true
  }
  
+soc_grace = {

+'description': 'NVIDIA Grace',
+'implementer': '0x41',
+'part_number': '0xd4f',
+'extra_march_features': ['crypto'],
+'numa': true
+}
+
  soc_graviton2 = {
  'description': 'AWS Graviton2',
  'implementer': '0x41',
@@ -544,6 +552,7 @@ dpaa:NXP DPAA
  emag:Ampere eMAG
  ft2000plus:  Phytium FT-2000+
  tys2500: Phytium TengYun S2500
+grace:   NVIDIA Grace
  graviton2:   AWS Graviton2
  graviton3:   AWS Graviton3
  hip10:   HiSilicon HIP10
@@ -575,6 +584,7 @@ socs = {
  'emag': soc_emag,
  'ft2000plus': soc_ft2000plus,
  'tys2500': soc_tys2500,
+'grace': soc_grace,
  'graviton2': soc_graviton2,
  'graviton3': soc_graviton3,
  'hip10': soc_hip10,

Acked-by: Ruifeng Wang 

Ubuntu Upgrade 20.04.6 to 22.04 Jammy 23.06 HomeGateway example

[James Tervit]

Dear DPDK Folks,

I am following the latest build of home gateway 
https://s3-docs.fd.io/vpp/23.06/usecases/home_gateway.html for testing and 
development.

Running
Linux PXC-SM-002 5.15.0-91-generic #101-Ubuntu
vpp/jammy,now 23.10-release amd64 [installed]
PRETTY_NAME="Ubuntu 22.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.3 LTS (Jammy Jellyfish)"

In my vpp startup.conf, which is calling setup.gate and, in turn, runs 
setup.tmpl I get an error on systemd in bold below.

Jan 18 04:23:34 PXC-SM-002 vpp[224896]: set interface l2 bridge: unknown 
interface `GigabitEthernetb7/0/0 1'
Jan 18 04:23:34 PXC-SM-002 vpp[224896]: exec: CLI line error: 
GigabitEthernetb7/0/0 1 (this is related to setup.tmpl section)
Jan 18 04:23:34 PXC-SM-002 vpp[224896]: exec: CLI line error:

setup.gate runs

define HOSTNAME Gate-001
define TRUNK GigabitEthernet65/0/0

comment { Specific MAC address yields a constant IP address }
define TRUNK_MACADDR 3c:ec:ef:da:89:58
define BVI_MACADDR 3c:ce:fe:ad:01:02

comment { inside subnet 192.168..0/24 }
define INSIDE_SUBNET 1

comment { Adjust as needed to match PCI addresses of inside network ports }
define INSIDE_PORT1 GigabitEthernet65/0/1
define INSIDE_PORT2 GigabitEthernet65/0/2
define INSIDE_PORT3 GigabitEthernet65/0/3
define INSIDE_PORT4 GigabitEthernetb7/0/0
define INSIDE_PORT5 GigabitEthernetb7/0/1
define INSIDE_PORT6 GigabitEthernetb7/0/3

comment { feature selections }
define FEATURE_ADL uncomment
define FEATURE_NAT44 uncomment
define FEATURE_CNAT comment
define FEATURE_DNS comment
define FEATURE_IP6 comment
define FEATURE_IKE_RESPONDER comment
define FEATURE_MACTIME uncomment
define FEATURE_OVPN uncomment
define FEATURE_MODEM_ROUTE uncomment

exec /home/pxcghost/VPP/pxc-gate/setup.tmpl

The setup.tmpl tries to create inside ports and, for some reason, fails on one 
port and stops processing.

show macro

set int mac address $(TRUNK) $(TRUNK_MACADDR)
set dhcp client intfc $(TRUNK) hostname $(HOSTNAME)
set int state $(TRUNK) up

bvi create instance 0
set int mac address bvi0 $(BVI_MACADDR)
set int l2 bridge bvi0 1 bvi
set int ip address bvi0 192.168.$(INSIDE_SUBNET).1/24
set int state bvi0 up

set int l2 bridge $(INSIDE_PORT1) 1
set int state $(INSIDE_PORT1) up
set int l2 bridge $(INSIDE_PORT2) 1
set int state $(INSIDE_PORT2) up
set int l2 bridge $(INSIDE_PORT3) 1
set int state $(INSIDE_PORT3) up
set int l2 bridge $(INSIDE_PORT4) 1
set int state $(INSIDE_PORT4) up
set int l2 bridge $(INSIDE_PORT5) 1
set int state $(INSIDE_PORT5) up
set int l2 bridge $(INSIDE_PORT6) 1
set int state $(INSIDE_PORT6) up



comment { dhcp server and host-stack access }
create tap host-if-name lstack host-ip4-addr 192.168.$(INSIDE_SUBNET).2/24 
host-ip4-gw 192.168.$(INSIDE_SUBNET).1
set int l2 bridge tap0 1
set int state tap0 up

service restart isc-dhcp-server

$(FEATURE_ADL) { bin adl_interface_enable_disable $(TRUNK) }
$(FEATURE_ADL) { ip table 1 }
$(FEATURE_ADL) { ip route add table 1 0.0.0.0/0 via local }

$(FEATURE_NAT44) { nat44 forwarding enable }
$(FEATURE_NAT44) { nat44 plugin enable sessions 63000 }
$(FEATURE_NAT44) { nat44 add interface address $(TRUNK) }
$(FEATURE_NAT44) { set interface nat44 in bvi0 out $(TRUNK) }

comment { iPhones seem to need lots of RA messages... }
$(FEATURE_IP6) { ip6 nd bvi0 ra-managed-config-flag ra-other-config-flag 
ra-interval 30 20 ra-lifetime 180 }
comment { ip6 nd bvi0 prefix 0::0/0  ra-lifetime 10 }


comment { if using the mactime plugin, configure it }
$(FEATURE_MACTIME) { bin mactime_add_del_range name roku mac 3c:ec:ef:da:89:58 
allow-static }
$(FEATURE_MACTIME) { bin mactime_enable_disable $(INSIDE_PORT1) }
$(FEATURE_MACTIME) { bin mactime_enable_disable $(INSIDE_PORT2) }
$(FEATURE_MACTIME) { bin mactime_enable_disable $(INSIDE_PORT3) }
$(FEATURE_MACTIME) { bin mactime_enable_disable $(INSIDE_PORT4) }

$(FEATURE_MODEM_ROUTE) { ip route add 192.168.1.1/23 via $(TRUNK) }
for some reason, port4 fails as per the system, and I think it fails on the 
DHCP part of the script; any pointers are appreciated. I can bind ports and 
unbind back to kernel with no problem, and I can see the interfaces inside vpp 
and bvi look ok.

sudo vppctl show interface, ip addresses not assigned as I think that’s because 
the script doesn’t process the lstack and dhcp portion due to crashing.

  Name   IdxState  MTU (L3/IP4/IP6/MPLS) 
Counter  Count
GigabitEthernet65/0/0 1  up  9000/0/0/0 rx packets  
 585
rx bytes
   72405
tx packets  
   3
tx bytes
1002
drops   
 585
ip4 

Re: [PATCH v3] event/dsw: optimize serving port logic

[Jerin Jacob]

On Wed, Jan 17, 2024 at 3:14 PM Mattias Rönnblom
 wrote:
>
> To reduce flow migration overhead, replace the array-based
> representation of which set of ports are bound to a particular queue
> by a bitmask-based one.
>
> The maximum number of DSW event ports remains 64, but after this
> change can no longer easily be increased by modifying DSW_MAX_PORTS
> and recompiling.
>
> RFC v3:
>  * supply mandantory message to static_assert().
> RFC v2:
>  * accidentally left out the contents, which instead was included in v3.
>
> Signed-off-by: Mattias Rönnblom 

Applied to dpdk-next-eventdev/for-main. Thanks

[Bug 1367] net/mlx5 Tx stuck if mbuf has too many segments

[bugzilla]

https://bugs.dpdk.org/show_bug.cgi?id=1367

Bug ID: 1367
   Summary: net/mlx5 Tx stuck if mbuf has too many segments
   Product: DPDK
   Version: 23.11
  Hardware: All
OS: All
Status: UNCONFIRMED
  Severity: normal
  Priority: Normal
 Component: ethdev
  Assignee: dev@dpdk.org
  Reporter: andrew.rybche...@oktetlabs.ru
  Target Milestone: ---

net/mlx5 Tx stuck if mbuf has too many segments

net/mlx5 reports maximum number of Tx segments in device info, but it does not
check it on Tx prepare and simply do not send it on Tx burst.

As the result if such packet is encountered, app does not know (without extra
efforts) why it fails to send the packet after successful Tx prepare. In theory
the reason could be fully occupied Tx queue and application should simply retry
forever.

Found by test run at UNH IOL:

1. Test checks reported maximum segments count: tx_desc_lim.nb_mtu_seg_max=40
https://ts-factory.io/bublik/v2/log/477842?focusId=479564&mode=treeAndinfoAndlog&experimental=true&lineNumber=1_25

2. Test splits the packet into 60 segments:
https://ts-factory.io/bublik/v2/log/477842?focusId=479564&mode=treeAndinfoAndlog&experimental=true&lineNumber=1_49

3. Test logs expectations for the packet to be rejected by Tx prepare:
https://ts-factory.io/bublik/v2/log/477842?focusId=479564&mode=treeAndinfoAndlog&experimental=true&lineNumber=1_60

4. Tx prepare accepts the packet and the test logs error:
https://ts-factory.io/bublik/v2/log/477842?focusId=479564&mode=treeAndinfoAndlog&experimental=true&lineNumber=1_62

5. Test tries to Tx burst the packet, but it returns 0. One more error is
logged.
https://ts-factory.io/bublik/v2/log/477842?focusId=479564&mode=treeAndinfoAndlog&experimental=true&lineNumber=1_62

IMHO better behaviour here would be to accept the packet bug simply drop it in
SW on Tx before passing to HW. Just avoid Tx stuck.

Of course Tx prepare should reject the packet at step 4.

-- 
You are receiving this mail because:
You are the assignee for the bug.