Some places were calling the meson function host_machine.system()
instead of the variables is_windows and is_linux defined
in config/meson.build.
At the same time, the missing "Linux restriction" reason is added to
pfe and octeontx2 crypto PMDs.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Currently rte_mcp_ptr_list is being shared as a variable
across libs. This is only used in control path.
This patch change it to a exported function based access.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
qman caam and pool portal ids are only used in control
path. This patch changes their inter library access to
function call instead of direct shared variable.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
This patch moves the internal symbols to INTERNAL sections
so that any change in them is not reported as ABI breakage.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Since it will check the feature mask before running out-of-place
test cases and the virtio-crypto device supports OOP_LB_IN_LB_OUT mode.
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
The OCTEON TX crypto PMD supports non-byte aligned data as
input for SNOW and ZUC algos. Adding the same to the feature list.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Session configure should return -ENOTSUP in case of unsupported xform
requests. Moving the validation of combinations out of cpt, as the
feature support will not be same across OCTEON TX and OCTEON TX2.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
The OCTEON TX2 crypto PMD supports non-byte aligned data as
input for SNOW and ZUC algos. Adding the same to the feature list.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
The caam_jr_enable_irqs() and caam_jr_disable_irqs() methods maybe return a
negative error. So use int instead of uint32_t int the functions.
Fixes: e7a45f3cc245 ("crypto/caam_jr: add UIO specific operations")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Gagandeep Singh <g.singh@nxp.com>
Zero is a valid fd. It will fail to check the fd if the fd is zero.
The "job_ring->uio_fd" is an fd, so define it as "int".
Fixes: e7a45f3cc245 ("crypto/caam_jr: add UIO specific operations")
Fixes: a5e1018d5e67 ("crypto/caam_jr: add routines to configure HW")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Gagandeep Singh <g.singh@nxp.com>
gcc 10 defaults to -fno-common and as a result when linking
with crypto drivers:
drivers/librte_pmd_dpaa_sec.a(crypto_dpaa_sec_dpaa_sec.c.o):
(.bss+0x4): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here
drivers/librte_pmd_dpaa2_sec.a(crypto_dpaa2_sec_dpaa2_sec_dpseci.c.o):
(.data+0x0): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here
This patch fixes the blunt workaround in the following commit.
Fixes: 50b03f3b8eaf ("drivers/crypto: disable gcc 10 no-common errors")
Bugzilla ID: 469
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Kevin Traynor <ktraynor@redhat.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Update the portal allocation failure log to print the thread id
as well.
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
The latest version of the Intel IPSec Multi-buffer library
adds an API to authenticate multiple buffers in parallel.
The PMD is modified to use this API, improving
performance of the ZUC-EIA3 algorithm.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Some wireless algos like SNOW, ZUC may support input
data in bits which are not byte aligned. However, not
all PMDs can support this requirement. Hence added a
new feature flag RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA
to identify which all PMDs can support non-byte aligned
data.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
gcc 10 defaults to -fno-common and as a result when linking
with crypto drivers:
drivers/librte_pmd_dpaa_sec.a(crypto_dpaa_sec_dpaa_sec.c.o):
(.bss+0x4): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here
drivers/librte_pmd_dpaa2_sec.a(crypto_dpaa2_sec_dpaa2_sec_dpseci.c.o):
(.data+0x0): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here
This is a blunt fix for the issue by enabling fcommon for
dpaa_sec/dpaa2_sec/caam_jr.
Bugzilla ID: 469
Cc: stable@dpdk.org
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The return values in cases of errors were not
specified properly. With this patch appropriate
error numbers are returned.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
The return values in cases of errors were not
specified properly. With this patch appropriate
error numbers are returned.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
gcc 10 defaults to fno-common and it reports:
crypto_kasumi_rte_kasumi_pmd_ops.c.o:(.data.rel+0x0):
multiple definition of `rte_kasumi_pmd_ops';
crypto_kasumi_rte_kasumi_pmd.c.o:(.bss+0x8): first defined here
Fix by making rte_kasumi_pmd_ops extern in the header file.
Fixes: 2773c86d061a ("crypto/kasumi: add driver for KASUMI library")
Cc: stable@dpdk.org
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch repairs 2 memory allocations issues:
1) possible leak of memory
In cryptodev_dpaa_sec_probe() function in case of portal
initialization failure, function exited without cleanup.
The patch redirects flow to out label, which provides
proper cleanup in case of error: freeing cryptodevice private
data and releasing cryptodevice.
2) double free of cryptodev private data
The function dpaa_sec_dev_init() in case of failure called
dpaa_sec_uninit() which freed both private data and security
context. However one layer above in cryptodev_dpaa_sec_probe()
function, the private data were freed one more time.
The patch limits cleanup of the dpaa_sec_dev_init() function
to freeing only the security context.
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch fixes management of memory for authentication
and encryption keys.
There were two issues with former state of implementation:
1) Invalid access to dpaa_sec_session union members
The dpaa_sec_session structure includes an anonymous union:
union {
struct {...} aead_key;
struct {
struct {...} cipher_key;
struct {...} auth_key;
};
};
Depending on the used algorithm a rte_zmalloc() function
allocated memory that was kept in aead_key, cipher_key
or auth_key. However every time the memory was released,
rte_free() was called only on cipher and auth keys, even
if pointer to allocated memory was stored in aead_key.
The C language specification defines such behavior as undefined.
As the cipher_key and aead_key are similar, have same sizes and
alignment, it has worked, but it's directly against C specification.
This patch fixes this, providing a free_session_data() function
to free the keys data. It verifies which algorithm was used
(aead or auth+cipher) and frees proper part of the union.
2) Some keys might have been freed multiple times
In functions like: dpaa_sec_cipher_init(), dpaa_sec_auth_init(),
dpaa_sec_chain_init(), dpaa_sec_aead_init() keys data were freed
before returning due to some error conditions. However the pointers
were not zeroed causing another calls to ret_free from higher
layers of code. This causes an error log about invalid memory address
to be printed.
This patch fixes it by making only one layer responsible for freeing
memory
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Offset of cd pointer is too big by state1size + state2size, so few extra
unnecessary bytes will be copied into cd. Snow offset was improved as well.
Fixes: d9b7d5bbc845 ("crypto/qat: add ZUC EEA3/EIA3 capability")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Zero is a valid fd. When ccp_probe_device() is failed, the uio_fd won't be
closed thus leading fd leak.
Fixes: ef4b04f87fa6 ("crypto/ccp: support device init")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Ravi Kumar <ravi1.kumar@amd.com>
When adding support for DOCSIS AES-256,
when setting the cipher parameters, all key sizes
were accepted, but only 128-bit and 256-bit keys
are supported.
Fixes: 9536622b86c8 ("crypto/aesni_mb: support DOCSIS AES-256")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Check if session is valid after getting operation
out of the internal IPSec MB manager, in case the
session has been freed while the operation was still
inside the manager.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch adds support for plain SHA-1, SHA-224, SHA-256,
SHA-384 and SHA-512 hashes to QAT PMD.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Add feature flag for symmetric sessionless support,
so it can be checked by applications.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Tested-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
When authenticating after encrypting, if the operation
is out-of-place, the destination buffer is the one
that will get authenticated.
If the cipher offset is higher than the authentication
offset, it means that part of the text to authenticate
will be plaintext, so this needs to get copied to the
destination buffer, or the result will be incorrect.
Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add support for CPU crypto mode by introducing required handler.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch adds support for DOCSIS AES-256 when using AESNI-MB
Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
The four crypto drivers: kasumi, mvsam, snow3g and zuc define logtype
variables in their header file. As the header files are included
in more than one compilation unit, it might cause appearance
of multiple instances of the variable and a linker error.
Such situation can occur, when no common section is allowed
by the compiler settings and tentative definitions are placed
in BSS section.
Fixes: 2cba3814932e ("crypto/kasumi: add dynamic logging")
Fixes: a05a450f42fd ("crypto/mvsam: add dynamic logging")
Fixes: f3af5f9d1325 ("crypto/zuc: add dynamic logging")
Fixes: a3277ad47feb ("cryptodev: remove crypto device driver name")
Cc: stable@dpdk.org
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
The zlib compression driver, as well as the aesni-gcm, aesni-mb and openssl
crypto drivers all defined the logtype variable in the header file
directly. This gives errors with gcc 10, due to -fno-common being the
default, so we need to apply the same fix in all cases:
* move the variable definition to a suitable .c file
* mark the forward declaration of the variable in the header as "extern"
Fixes: 0c4e4c16b004 ("compress/zlib: introduce zlib PMD")
Fixes: 90c8a2d02a31 ("crypto/aesni_gcm: add dynamic logging")
Fixes: 276624ae2ef6 ("crypto/aesni_mb: add dynamic logging")
Fixes: 094b2386f461 ("crypto/openssl: add dynamic logging")
Cc: stable@dpdk.org
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
This NULL check is unnecessary, container_of is never NULL.
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
There is a common macro __rte_unused, avoiding warnings,
which is now used where appropriate for consistency.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
There is a common macro __rte_packed for packing structs,
which is now used where appropriate for consistency.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
There is a common macro __rte_aligned for alignment,
which is now used where appropriate for consistency.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Reviewed-by: David Christensen <drc@linux.vnet.ibm.com>
Remove setting ALLOW_EXPERIMENTAL_API individually for each Makefile and
meson.build. Instead, enable ALLOW_EXPERIMENTAL_API flag across app, lib
and drivers.
This changes reduces the clutter across the project while still
maintaining the functionality of ALLOW_EXPERIMENTAL_API i.e. warning
external applications about experimental API usage.
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: David Marchand <david.marchand@redhat.com>
In nitrox_sym_pmd_create() the name array will overflow if the pci
device name is greater than 57 bytes. To fix this issue subtract pci
device name length from array length while appending substring to the
name.
Coverity issue: 349926
Fixes: 9fdef0cc2385 ("crypto/nitrox: create symmetric cryptodev")
Cc: stable@dpdk.org
Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
If the NPS_PKT ring/port is greater than 8191 the NPS_PKT*() macros will
evaluate to incorrect values due to unintended sign extension from int
to unsigned long. To fix this, add UL suffix to the constants in these
macros. The same problem is with AQMQ_QSZX() macro also.
Coverity issue: 349899, 349905, 349911, 349921, 349923
Fixes: 32e4930d5a3b ("crypto/nitrox: add hardware queue management")
Fixes: 0a8fc2423bff ("crypto/nitrox: introduce Nitrox driver")
Cc: stable@dpdk.org
Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch adds handling of mixed hash-cipher algorithms
available on GEN2 QAT in particular firmware versions.
Also the documentation is updated to show the mixed crypto
algorithms are supported on QAT GEN2.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
To detect if sgl, use nb_segs > 1, instead of checking for next pointer,
as nb_segs is in first cache-line while next is in second cache-line.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Improve case where application set m_dst to same as m_src
so really an in-place operation, though would have been treated
as out-of-place. No functional change but this path can now benefit
from DMA alignment.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
This commit removes unused function pointer (queue_pair_count)
from struct rte_cryptodev_ops. Related functions removed as well.
Signed-off-by: Artur Trybula <arturx.trybula@intel.com>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
This patch adds support for DOCSIS AES-256 when using qat
Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
The EAL API (with doxygen documentation) is moved from
common/include/ to include/, which makes more clear that
it is the global API for all environments and architectures.
Note that the arch-specific and OS-specific include files are not
in this global include directory, but include/generic/ should
cover the doxygen documentation for them.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: David Marchand <david.marchand@redhat.com>
In the check for the version of intel-ipsec-mb library,
there is a backslash in front of the #include.
This backslash is for escaping the hash sign parsed as
a number sign in make.
Since make-4.3, escaping is not required for the number sign.
As a consequence, it resolves now to '\#':
syntax error near unexpected token `|'
`grep -e "IMB_VERSION_STR" \#include <intel-ipsec-mb.h> | cut -d'"' -f2'
syntax error near unexpected token `|'
`grep -e "IMB_VERSION_NUM" \#include <intel-ipsec-mb.h> | cut -d' ' -f3'
The makefiles are fixed by using a variable for the hash sign,
as recommended in make-4.3 changelog:
https://lists.gnu.org/archive/html/info-gnu/2020-01/msg00004.html
Fixes: 3067c8ce77ac ("crypto/aesni_mb: fix build with custom dependency path")
Fixes: 457b8e372975 ("crypto/aesni_gcm: check dependency version with make")
Fixes: bf6eb2c22fd1 ("crypto/kasumi: use IPsec library")
Fixes: 7c87e2d7b359 ("crypto/snow3g: use IPsec library")
Fixes: 61f7c988e39e ("crypto/zuc: use IPsec library")
Cc: stable@dpdk.org
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
