PDCP descriptors in some cases internally use commands which overwrite
memory with extra '0s' if write-safe is kept enabled. This breaks
correct functional behavior of PDCP apis and they in many cases give
incorrect crypto output. There we disable 'write-safe' bit in FLC for
PDCP cases. If there is a performance drop, then write-safe would be
enabled selectively through a separate patch.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for chained input or output
mbufs for PDCP and ipsec protocol offload cases.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
For sec era 8, NULL auth using protocol command does not add
4 bytes of null MAC-I and treat NULL integrity as no integrity which
is not correct.
Hence converting this particular case of null integrity on 12b SN
on SEC ERA 8 from protocol offload to non-protocol offload case.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Adding minimal support for CAAM HW era 10 (used in LX2)
Primary changes are:
1. increased shard desc length form 6 bit to 7 bits
2. support for several PDCP operations as PROTOCOL offload.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Per packet HFN override is supported in NXP PMDs
(dpaa2_sec and dpaa_sec). DPOVRD register can be
updated with the per packet value if it is enabled
in session configuration. The value is read from
the IV offset.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
HFN can be given as a per packet value also.
As we do not have IV in case of PDCP, and HFN is
used to generate IV. IV field can be used to get the
per packet HFN while enq/deq
If hfn_ovrd field in pdcp_xform is set,
application is expected to set the per packet HFN
in place of IV. Driver will extract the HFN and perform
operations accordingly.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
PDCP u-plane may optionally support integrity as well.
This patch add support for supporting integrity along with
confidentiality.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Added support for 12-bit c-plane. We implement it using 'u-plane for RN'
protocol descriptors. This is because 'c-plane' protocol descriptors
assume 5-bit sequence numbers. Since the crypto processing remains same
irrespective of c-plane or u-plane, we choose 'u-plane for RN' protocol
descriptors to implement 12-bit c-plane. 'U-plane for RN' protocol
descriptors support both confidentiality and integrity (required for
c-plane) for 7/12/15 bit sequence numbers.
For little endian platforms, incorrect IV is generated if MOVE command
is used in pdcp non-proto descriptors. This is because MOVE command
treats data as word. We changed MOVE to MOVEB since we require data to
be treated as byte array. The change works on both ls1046, ls2088.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch adds new performance measurement option --external-mbufs
that allocates and uses memzones as external buffers instead of
putting the data directly inside mbufs.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Adds a new test to verify external buffer in mbuf APIs.
Initialize fields in test_data_params structures by name
for better readability.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds two new tests that cover the stateful
decompression feature.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds the stateful decompression feature
to the DPDK QAT PMD.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds QAT RAM bank definitions and related macros.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
When sending an encrypted packet which size after encapsulation exceeds
MTU, ipsec-secgw application tries to fragment it. If --reassemble
option has not been set it results with a segmantation fault, because
fragmentation buckets have not been initialized.
Fix crashing by adding extra check if --ressemble option has not been
set and packet exceeds MTU after encapsulation - drop it.
Fixes: b01d1cd213 ("examples/ipsec-secgw: support fragmentation and reassembly")
Cc: stable@dpdk.org
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch fixes the aesni-gcm cryptodev documentation by
filling the lacked unsupported chained mbuf description.
Fixes: 6f16aab09a91 ("crypto/aesni_gcm: migrate to Multi-buffer library")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
One issue caught by Coverity 344984
*overrun-local: Overrunning array cperf_test_type_strs of 2 8-byte elements
The array cperf_test_type_strs defined in app/test-compress-perf conflicts
with the same name being defined in app/test-crypto-perf. Due to which
coverity reports error.
The fix is to rename "cperf_test_type_strs" into "comp_perf_test_type_strs"
in app/test-compress-perf to avoid name confusion.
Coverity issue: 344984
Fixes: 424dd6c8c1 ("app/compress-perf: add weak functions for multicore test")
Fixes: 1a9b0f3504 ("app/compress-perf: add --ptest option")
Fixes: 424dd6c8c1 ("app/compress-perf: add weak functions for multicore test")
Cc: stable@dpdk.org
Signed-off-by: Lavanya Govindarajan <lavanyax.govindarajan@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
IPv6 tunnels are already supported in case of inline and
lookaside none cases. In case of protocol offload, the details
for IPv6 header need to be added in session configuration
for security session create.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
outer IP header is formed at the time of session initialization
using the ipsec xform. This outer IP header will be appended by
hardware for each packet.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
outer IP header is formed at the time of session initialization
using the ipsec xform. This outer IP header will be appended by
hardware for each packet.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Like for Ethernet ports, the OCTEON TX crypto engines must
first be unbound from their kernel module, then rebound to
vfio-pci, before being used in DPDK.
As this capability is detected at runtime by dpdk-pmdinfo,
add the info in the PMD registering directives.
Then an external script can be used for bind and unbind.
Fixes: bfe2ae495ee2 ("crypto/octeontx: add PMD skeleton")
Cc: stable@dpdk.org
Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
dpaa_sec needs translations between physical and virtual addresses.
V to P translation is relatively fast, as memory is managed in
contiguous segments.
The result of each V to P translation is used to update the DPAA iova
table, which should be updated by a Mem event callback, but is not.
Then the DPAA iova table has entries for all needed memory ranges.
With this patch, dpaa_mem_ptov will always use dpaax_iova_table_get_va,
which ensures optimal performance.
Fixes: 5a7dbb934d75 ("dpaa: enable dpaax library")
Cc: stable@dpdk.org
Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Up to version 0.52 of the IPSec Multi buffer library,
the chain order for AES-CCM was CIPHER_HASH when encrypting.
However, after this version, the order has been reversed in the library
since, when encrypting, hashing is done first and then ciphering.
Therefore, order is changed to be compatible with newer versions
of the library.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
armv8 cryptodev virtual PMD autotest failed with output:
CRYPTODEV: [CRYPTODEV_NAME_ARMV8_CRYPTO_PMD]
armv8_crypto_pmd_qp_create_processed_ops_ring() line 210:
Unable to reuse existing ring armv8_crypto_pmd_0_qp_0 for processed ops
CRYPTODEV: rte_cryptodev_stop() line 942:
Device with dev_id=0 already stopped
+ TestCase [ 0] : test_AES_chain_armv8_all failed
This is due to the ring size used in ut_setup is bigger than that used
in testsuite_setup.
Fix this issue by enlarge ring size used in testsuite_setup accordingly.
Fixes: 24054e3640a2 ("test/crypto: use separate session mempools")
Cc: stable@dpdk.org
Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Reviewed-by: Gavin Hu <gavin.hu@arm.com>
Replace /**< with /** for multiline doxygen comments.
Fixes: c261d1431bd8 ("security: introduce security API and framework")
Cc: stable@dpdk.org
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
If the application enables the use of ESN in the
ipsec_xform for security session create, pdb options
are set for enabling ESN.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Virtual to physical conversions are optimized using the
DPAAX tables. This patch integrates DPAAX with caam_jr PMD.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Reducing the functional traces from data path and critical session path
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
For unknown/unsupported packets, the packet would get checked for inline
offloads after the packet is freed.
Fixes: 0ccfd14bc10d ("examples/ipsec-secgw: support inline protocol")
Cc: stable@dpdk.org
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch fixes the return value of the test_deflate_comp_decomp
function on capabilities retrieval error to be -ENOTSUP.
It also fixes passing of the test_deflate_comp_decomp function's
return value to the upper level (as the test suite function return
value).
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Artur Trybula <arturx.trybula@intel.com>
Check the return value of the rte_eth_dev_rss_hash_conf_get function.
Coverity issue: 344970
Fixes: 3a690d5a65e2 ("examples/ipsec-secgw: fix first packet with inline crypto")
Cc: stable@dpdk.org
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch fixes the floating point exception that happened
when the number of cores to be used during the benchmark
was zero. After the fix such situation is detected, the error
message is printed and the benchmark application exits.
Fixes: 424dd6c8c1a8 ("app/compress-perf: add weak functions for multicore test")
Cc: stable@dpdk.org
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Artur Trybula <arturx.trybula@intel.com>
This patch fixes the memory deallocation issue which happened
after unsuccessful allocation (e.g. due to the out of memory)
and produced the segmentation fault.
Fixes: 424dd6c8c1 ("app/compress-perf: add weak functions for multicore test")
Cc: stable@dpdk.org
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Artur Trybula <arturx.trybula@intel.com>
This patch shortens the queue pair name created when initializing
the queue pair of the ISAL PIM, based on the device and qp ids.
Suggested-by: Paul Luse <paul.e.luse@intel.com>
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Lee Daly <lee.daly@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Just open the sysfs file and handle failure, rather than using access().
This eliminates Coverity warnings about TOCTOU
"time of check versus time of use"; although for this sysfs file that is
not really an issue anyway.
Coverity issue: 347276
Fixes: 54a328f552ff ("bus/pci: forbid IOVA mode if IOMMU address width too small")
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Dumping every object file for every symbol is too heavy.
Use a temporary storage.
Before:
$ rm -rf master && make defconfig O=master
$ time make EXTRA_CFLAGS=-g O=master
[...]
real 2m24.063s
user 1m16.985s
sys 1m46.372s
After:
$ rm -rf master && make defconfig O=master
$ time make EXTRA_CFLAGS=-g O=master
[...]
real 1m37.110s
user 0m49.417s
sys 0m51.803s
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Restrict this header inclusion to its real users.
Fixes: 028669bc9f0d ("eal: hide shared memory config")
Cc: stable@dpdk.org
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
David will be co-maintaining the top level tree with Thomas,
Welcome and best luck J
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
When trying to compile some examples with libdpdk.pc,
the right environment (for default target) was not loaded.
The consequence is to not detect some dependencies because
of missing directories in PKG_CONFIG_PATH.
The environment preparation is moved to a dedicate function,
and called for the default target (cc),
before testing the install output of the default build.
Fixes: 272236741258 ("devtools: load target-specific compilation environment")
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
The nfb PMD is disabled by default because of its dependency
on netcope-common package.
The variable DPDK_DEP_NFB was introduced but not used to notify
the dependency availability in the build test script.
The AF_XDP PMD is disabled by default because of its dependency
on libbpf on Linux.
An option was missing to notify the dependency availability
in the build test script.
Fixes: 6435f9a0ac22 ("net/nfb: add new netcope driver")
Fixes: f1debd77efaf ("net/af_xdp: introduce AF_XDP PMD")
Cc: stable@dpdk.org
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Because the eal interrupt framework can race when invoking the callback
and a separate unregister call, the test needs to accommodate the chance
that the two collide. Do this by checking the return value of unregister
against the race-condition flag (EAGAIN).
Fixes: f1a6c22424ce ("app/test: update interrupts test")
Cc: stable@dpdk.org
Signed-off-by: Aaron Conole <aconole@redhat.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
-e is preferrable so that we can catch errors in the middle of this
script.
An example is this Travis job [1] that should have errored at the meson
install step rather than go to the build step.
Adding debug mode as it can help post-mortem.
1: https://travis-ci.com/DPDK/dpdk/jobs/223511683
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Michael Santana <msantana@redhat.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Install missing dependencies so that doc can be generated.
While at it, explicitly configure that we want the doc to be generated.
Missing dependencies are then reported as an error rather than silently
ignored.
Because of these extra dependencies, only build them in dedicated travis
jobs.
Fixes: ad2b2cfb1ea3 ("ci: enable unit tests with Travis")
Cc: stable@dpdk.org
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Aaron Conole <aconole@redhat.com>
The meson build test fails if ccache is not available.
The use of ccache must be optional.
And if used, the compiler to check is the last word of $CC.
Fixes: e0ae780e6569 ("devtools: test compiler availability only once")
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Luca Boccassi <bluca@debian.org>
In order to re-use the same test environment as with
test-build.sh, the configuration file is loaded at each build,
after adjusting the variable DPDK_TARGET.
This is especially useful to set the variable PKG_CONFIG_PATH,
or define some meson options (without -D) in DPDK_MESON_OPTIONS.
The DPDK_TARGET values can be
aarch64-*, powerpc64-*, x86_64-*.
The matching DPDK_TARGET values for test-build.sh are
arm64-*, ppc_64-*, x86_64-*.
The advised expressions to use in the common configuration file are:
if echo $DPDK_TARGET | grep -q '^a.*64-' ; then
elif echo $DPDK_TARGET | grep -q '^p.*pc.*64' ; then
elif echo $DPDK_TARGET | grep -q '^x86_64' ; then
fi
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Luca Boccassi <bluca@debian.org>
