The application may want to store private data along with the
rte_crypto_op that is transparent to the rte_cryptodev layer.
For e.g., If an eventdev based application is submitting a
crypto session-less operation and wants to indicate event
information required to construct a new event that will be
enqueued to eventdev after completion of the crypto
operation. This patch provides a mechanism for the application
to associate this information with the rte_crypto_op in
session-less mode.
Signed-off-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Signed-off-by: Nikhil Rao <nikhil.rao@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
The current code usages the default mempool ops while
creating the mempool for crypto usages. Adding the support
for best_mempool_ops to enable it for devices using
non default mempools.
Signed-off-by: Ashish Jain <ashish.jain@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
If number of available devices are more than logical core,
there is no need to throw an error.
Just use the less number of devices instead.
Fixes: f8be1786b1 ("app/crypto-perf: introduce performance test application")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
op storage in fle is just for reference for post dq.
So, don't convert it to iova mode.
Fixes: 37f96eb01b ("crypto/dpaa2_sec: support scatter gather")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Currently, the context mempools are allocated during device probe. Thus,
even if the DPAA SEC devices are not used, any application would still
allocate the memory required for working with the contexts.
This patch moves the allocation to configuration time so that when the
CAAM devices are configured, this allocation would be done.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Ashish Jain <ashish.jain@nxp.com>
Tested-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Adding a check to do portal configuration if not already
configured before packet enqueue. This check is only done
during dpaa_sec_attach_sess_q for initial packets,
so this change wont affect the data path and hence performance.
Fixes: e79416d10f ("crypto/dpaa_sec: support multiple sessions per queue pair")
Cc: stable@dpdk.org
Signed-off-by: Ashish Jain <ashish.jain@nxp.com>
Auth operations can be performed on CPU without offloading
to CCP if CONFIG_RTE_LIBRTE_PMD_CCP_CPU_AUTH is enabled in
DPDK configuration. CCP PMD skip offloading auth operations
to hardware engines and perform them using openssl APIs.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Add SHA3 family authentication algorithm support for
CCP crypto PMD. This patch defines new macros for SHA3
algorithms in the DPDK crypto framework.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Added CCP cipher support for following algorithms:
AES-CBC-128/192/256
AES-CTR-128/192/256
AES-ECB-128/192/256
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
CCP engines support true hardware random generation feature.
This patch implements api to read random number from CCP to be
used within PMD.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Added support for burst oriented data path.
CCP PMD selects appropriate CCP engine available
on the platform and schedule the batch of crypto ops to a
selected hardware queue of the respective crypto engine.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Added crypto queue pair specific crypto ops callback functions
to setup and manage a CCP crypto queue pair object. CCP PMD
exposes only a single crypto queue pair object and handles the
actual hardware queues underneath.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Added crypto session specific basic crypto ops callback functions.
Added different crypto engine types and definitions.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
CCP PMD is a virtual crypto PMD which schedules a number of available
actual CCP hardware engines underneath. The PMD
manages all devices by its own. The PMD supports CCP_5a and
CCP_5b versions of crypto engines and this patch adds support
to initialize and use such devices.
Signed-off-by: Ravi Kumar <ravi1.kumar@amd.com>
Removing redundant strncmp in parsing long arguments. The getopt library
provides means to identify long options using the "val" field of
structure option. The existing code gets 0 as "val" for all long
arguments and then uses strncmp to figure out which long option was
being referred to. Fixing this.
In addition, the macros and enums used for long arguments have been
renamed and repositioned adhering to the general convention followed in
various other apps, like l3fwd.
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Added support for AES CMAC hash algorithm with 128-bit key,
which has been added in the v0.49 of the IPSec Multi-buffer lib.
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Adds support for the v0.49 of the IPsec Multi-buffer lib,
which now gets compiled and installed as a shared object.
Therefore, there is no need to pass the AESNI_MULTI_BUFFER_LIB_PATH
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Adds support for the v0.49 of the IPsec Multi-buffer lib,
which now gets compiled and installed as a shared object.
Therefore, there is no need to pass the AESNI_MULTI_BUFFER_LIB_PATH
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
rte_cryptodev_pmd_init_params should use NUMA node of the QAT device
for its socket_id rather than the socket_id of the initializing process.
Signed-off-by: Lee Roberts <lee.roberts@hpe.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
While trying to do a shared build one will get linkage error
since a couple of library dependencies are missing from a makefile.
At some point there was a batch update of all PMDs but mrvl crypto was
missed back then.
Necessary makefile changes were introduced in
commit cbc12b0a96 ("mk: do not generate LDLIBS from directory dependencies")
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
MRVL Crypto PMD supports most of the hash algorithms covered
by test suites thus specific bits should be set in pmd_masks.
Otherwise blockcipher authonly test returns success even though no
real tests have been executed.
Fixes: 84e0ded38a ("test/crypto: add mrvl crypto unit tests")
Cc: stable@dpdk.org
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Pass an rte_driver to the RTE_PMD_REGISTER_CRYPTO_DRIVER macro
rather than an unspecified container which holds an rte_driver.
All the macro actually needs is the rte_driver, not the
container holding it.
This paves the way for a later patch in which a driver
will be registered which does not naturally derive from a
container and so avoids having to create an arbitrary container
to pass in the rte_driver.
This patch changes the cryptodev lib macro and all the
PMDs which use it.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch marks rte_vhost_gpa_to_vva() as deprecated because
it is unsafe. Application relying on this API should move
to the new rte_vhost_va_from_guest_pa() API, and check
returned length to avoid out-of-bound accesses.
This issue has been assigned CVE-2018-1059.
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
This patch uses the new rte_vhost_va_from_guest_pa() API
to ensure all the descriptor buffer is mapped contiguously
in the application virtual address space.
It does not handle buffers discontiguous in host virtual
address space, but only return an error.
This issue has been assigned CVE-2018-1059.
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
This patch uses the new rte_vhost_va_from_guest_pa() API
to ensure all the descriptor buffer is mapped contiguously
in the application virtual address space.
As the application did not checked return of previous API,
this patch just print an error if the buffer address isn't in
the vhost memory regions or if it is scattered. Ideally, it
should handle scattered buffers gracefully.
This issue has been assigned CVE-2018-1059.
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
This patch uses the new rte_vhost_va_from_guest_pa() API
to ensure the application doesn't perform out-of-bound
accesses either because of a malicious guest providing an
incorrect descriptor length, or because the buffer is
contiguous in guest physical address space but not in the
host process virtual address space.
This issue has been assigned CVE-2018-1059.
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
This patch enables the handling of buffers non-contiguous in
process virtual address space in the enqueue path when mergeable
buffers are used.
When virtio-net header doesn't fit in a single chunck, it is
computed in a local variable and copied to the buffer chuncks
afterwards.
For packet content, the copy length is limited to the chunck
size, next chuncks VAs being fetched afterward.
This issue has been assigned CVE-2018-1059.
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
This patch enables the handling of buffers non-contiguous in
process virtual address space in the enqueue path when mergeable
buffers aren't used.
When virtio-net header doesn't fit in a single chunck, it is
computed in a local variable and copied to the buffer chuncks
afterwards.
For packet content, the copy length is limited to the chunck
size, next chuncks VAs being fetched afterward.
This issue has been assigned CVE-2018-1059.
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
This patch enables the handling of buffers non-contiguous in
process virtual address space in the dequeue path.
When virtio-net header doesn't fit in a single chunck, it is
copied into a local variablei before being processed.
For packet content, the copy length is limited to the chunck
size, next chuncks VAs being fetched afterward.
This issue has been assigned CVE-2018-1059.
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
This patch adds support for non-contiguous indirect descriptor
tables in VA space.
When it happens, which is unlikely, a table is allocated and the
non-contiguous content is copied into it.
This issue has been assigned CVE-2018-1059.
Reported-by: Yongji Xie <xieyongji@baidu.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
This patch ensures that all the address range is mapped when
translating addresses from master's addresses (e.g. QEMU host
addressess) to process VAs.
This issue has been assigned CVE-2018-1059.
Reported-by: Yongji Xie <xieyongji@baidu.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
This new rte_vhost_va_from_guest_pa API takes an extra len
parameter, used to specify the size of the range to be mapped.
Effective mapped range is returned via len parameter.
This issue has been assigned CVE-2018-1059.
Reported-by: Yongji Xie <xieyongji@baidu.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
There is currently no check done on the length when translating
guest addresses into host virtual addresses. Also, there is no
guanrantee that the guest addresses range is contiguous in
the host virtual address space.
This patch prepares vhost_iova_to_vva() and its callers to
return and check the mapped size. If the mapped size is smaller
than the requested size, the caller handle it as an error.
This issue has been assigned CVE-2018-1059.
Reported-by: Yongji Xie <xieyongji@baidu.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
This patch fixes the size passed at the indirect descriptor
table translation time, which is the len field of the descriptor,
and not a single descriptor.
This issue has been assigned CVE-2018-1059.
Fixes: 62fdb8255a ("vhost: use the guest IOVA to host VA helper")
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Support of strlcpy has recently been added to DPDK.
This replacement has been generated by the coccinelle script:
devtools/cocci.sh devtools/cocci/strlcpy.cocci
Fixes: 0d0f478d04 ("eal/linux: add uevent parse and process")
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
