24832 Commits

Author SHA1 Message Date
Ankur Dwivedi
55bc2eadae event/octeontx2: add crypto adapter datapath
In the op new mode of crypto adapter, the completed crypto operation
is submitted to the event device by the OCTEON TX2 crypto PMD.
During event device dequeue the result of crypto operation is checked.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
2020-10-15 22:27:49 +02:00
Ankur Dwivedi
29768f78d5 event/octeontx2: add crypto adapter framework
The crypto adapter callback functions and associated data structures
are added.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
2020-10-15 22:19:33 +02:00
Ankur Dwivedi
97076737e2 crypto/octeontx2: move functions to helper file
Some functions are common across cryptodev pmd and the event
crypto adapter. This patch moves them into a helper file.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
2020-10-15 22:13:35 +02:00
Ankur Dwivedi
07405a00c4 test/event: free resources after crypto adapter test
The resources held by crypto adapter should be freed when the
test suite exits.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
2020-10-15 22:07:39 +02:00
Ankur Dwivedi
45eb85e9bf test/event: fix function arguments for crypto adapter
The arguments passed to rte_event_crypto_adapter_caps_get() and
rte_event_crypto_adapter_create() are incorrect.

In the rte_event_crypto_adapter_caps_get(), event device id should
be the first argument and cryptodev id should be the second argument.
In the rte_event_crypto_adapter_create(), the event device id should
be the second argument.

Fixes: 3c2c535ecfc0 ("test: add event crypto adapter auto-test")
Cc: stable@dpdk.org

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
2020-10-15 22:01:47 +02:00
Ankur Dwivedi
3c56316517 test/event: check unsupported crypto adapter mode
The capability of a hardware event device should be checked before
creating a event crypto adapter in a particular mode. The test case
returns error if the mode is not supported.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
2020-10-15 21:55:53 +02:00
Jay Jayatheerthan
df19eda6b1 test/event: add null dev creation in Rx adapter autotest
Allows creation of net_null if vdev EAL option is not specified and
uninit vdev created in the test. The change also adds error checks
for vdev init and uninit.

Signed-off-by: Jay Jayatheerthan <jay.jayatheerthan@intel.com>
Reviewed-by: Nikhil Rao <nikhil.rao@intel.com>
2020-10-15 21:49:59 +02:00
Jay Jayatheerthan
aaa75327ac test/event: uninit vdevs in Rx adapter autotest
adapter_multi_eth_add_del() does vdev init but doesn't uninit them.
This causes issues when running event_eth_rx_adapter_autotest multiple
times.

The fix does vdev uninit before exiting the test.

Signed-off-by: Jay Jayatheerthan <jay.jayatheerthan@intel.com>
Reviewed-by: Nikhil Rao <nikhil.rao@intel.com>
2020-10-15 21:44:03 +02:00
Yunjian Wang
b7b09dab5e eventdev: fix adapter leak in error path
In rte_event_crypto_adapter_create_ext() allocated memory for
adapter, we should free it when error happens, otherwise it
will lead to memory leak.

Fixes: 7901eac3409a ("eventdev: add crypto adapter implementation")
Cc: stable@dpdk.org

Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
2020-10-15 21:38:09 +02:00
Yunjian Wang
db5e0e7aea event/dpaa2: fix dereference before null check
Coverity flags that 'portal' variable is used before
it's checked for NULL. This patch fixes this issue.

Coverity issue: 323516
Fixes: 4ab57b042e7c ("event/dpaa2: affine portal at runtime during I/O")
Cc: stable@dpdk.org

Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
2020-10-15 21:32:14 +02:00
Pavan Nikhilesh
227f283599 event/octeontx: validate events requested against available
Validate events configured in ssopf against the total number of
events configured across all the RX/TIM event adapters.

Events available to ssopf can be reconfigured by passing the required
amount to kernel bootargs and are only limited by DRAM size.
Example:
	ssopf.max_events= 2097152

Cc: stable@dpdk.org

Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
2020-10-15 21:26:19 +02:00
Yunjian Wang
e3eebdced0 eventdev: check allocation in Tx adapter
The function rte_zmalloc() could return NULL, the return value
need to be checked.

Fixes: a3bbf2e09756 ("eventdev: add eth Tx adapter implementation")
Cc: stable@dpdk.org

Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Reviewed-by: Nikhil Rao <nikhil.rao@intel.com>
2020-10-15 21:20:26 +02:00
Mike Ximing Chen
62303b08b7 eventdev: support telemetry with xstats info
The telemetry library is connected with eventdev xstats and
port link info. The following new telemetry commands are added:

/eventdev/dev_list
/eventdev/port_list,DevID
/eventdev/queue_list,DevID
/eventdev/dev_xstats,DevID
/eventdev/port_xstats,DevID,PortID
/eventdev/queue_xstats,DevID,PortID
/eventdev/queue_links,DevID,PortID

queue_links command displays a list of queues linked with a specified
eventdev port and a service priority associated with each link.

Signed-off-by: Mike Ximing Chen <mike.ximing.chen@intel.com>
Reviewed-by: Ciara Power <ciara.power@intel.com>
Reviewed-by: Gage Eads <gage.eads@intel.com>
2020-10-15 21:09:35 +02:00
Suanming Mou
80d1a9aff7 ethdev: make flow API thread safe
Currently, the rte_flow functions are not defined as thread safe.
DPDK applications either call the functions in single thread or
protect any concurrent calling for the rte_flow operations using
a lock.

For PMDs support the flow operations thread safe natively, the
redundant protection in application hurts the performance of the
rte_flow operation functions.

And the restriction of thread safe is not guaranteed for the
rte_flow functions also limits the applications' expectation.

This feature is going to change the rte_flow functions to be thread
safe. As different PMDs have different flow operations, some may
support thread safe already and others may not. For PMDs don't
support flow thread safe operation, a new lock is defined in ethdev
in order to protects thread unsafe PMDs from rte_flow level.

A new RTE_ETH_DEV_FLOW_OPS_THREAD_SAFE device flag is added to
determine whether the PMD supports thread safe flow operation or not.
For PMDs support thread safe flow operations, set the
RTE_ETH_DEV_FLOW_OPS_THREAD_SAFE flag, rte_flow level functions will
skip the thread safe helper lock for these PMDs. Again the rte_flow
level thread safe lock only works when PMD operation functions are
not thread safe.

For the PMDs which don't want the default mutex lock, just set the
flag in the PMD, and add the prefer type of lock in the PMD. Then
the default mutex lock is easily replaced by the PMD level lock.

The change has no effect on the current DPDK applications. No change
is required for the current DPDK applications. For the standard posix
pthread_mutex, if no lock contention with the added rte_flow level
mutex, the mutex only does the atomic increasing in
pthread_mutex_lock() and decreasing in
pthread_mutex_unlock(). No futex() syscall will be involved.

Signed-off-by: Suanming Mou <suanmingm@nvidia.com>
Acked-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Acked-by: Ori Kam <orika@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
2020-10-16 00:44:58 +02:00
Suanming Mou
96bb99f270 eal/windows: add pthread mutex
Add pthread mutex lock as it is needed for the thread safe rte_flow
functions.

Signed-off-by: Suanming Mou <suanmingm@nvidia.com>
Tested-by: Tal Shnaiderman <talshn@nvidia.com>
Acked-by: Dmitry Kozlyuk <dmitry.kozliuk@gmail.com>
Acked-by: Ranjit Menon <ranjit.menon@intel.com>
Acked-by: Narcisa Vasile <navasile@linux.microsoft.com>
2020-10-16 00:44:58 +02:00
Somnath Kotur
ed94631da7 mbuf: extend meaning of QinQ stripped bit
Clarify the documentation of QinQ flags, and extend the meaning of the
flag: if PKT_RX_QINQ_STRIPPED is set and PKT_RX_VLAN_STRIPPED is unset,
only the outer VLAN is removed from packet data, but both tci are saved
in mbuf->vlan_tci (inner) and mbuf->vlan_tci_outer (outer).

Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com>
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Acked-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
2020-10-15 23:04:55 +02:00
Vikas Gupta
cd5db556ac crypto/bcmfs: optimize crypto request processing
Reduce number of source BDs to submit a request to crypto engine.
This improves the performance as crypto engine fetches all the BDs in
single cycle. Adjust optional metadata (OMD) in continuation of
fixed meta data (FMD).

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Raveendra Padasalagi <raveendra.padasalagi@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
2020-10-14 22:24:41 +02:00
Franck Lenormand
e7794508ae test/crypto: add PDCP-SDAP cases
A new functions which uses the structure of the test vectors for SDAP
is added and call a functions responsible to call the test_pdcp_proto
with the test vector both for encapsulation and decapsulation.

Signed-off-by: Franck Lenormand <franck.lenormand@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:24:41 +02:00
Franck Lenormand
1ba59ffebe test/crypto: rework PDCP function
The function test_pdcp_proto was relying to heavily on the structure
of test vectors for PDCP making it difficult to be reusable.

The function is changed to take all the test parameters as input and
does not need access to the tests vectors anymore.

Signed-off-by: Franck Lenormand <franck.lenormand@nxp.com>
2020-10-14 22:24:41 +02:00
Franck Lenormand
003afde411 test/crypto: add test vectors for PDCP-SDAP
The test vectors are structured in a more readable way compared
to test vector for PDCP. This structure allows to have all the
information about a test vector at the same place.

Signed-off-by: Franck Lenormand <franck.lenormand@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:24:41 +02:00
Akhil Goyal
5a4954bcd5 crypto/dpaa_sec: enable PDCP-SDAP sessions
Based on the new field in PDCP xform, a decision is made
to create a PDCP session with or without SDAP enabled.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:24:41 +02:00
Akhil Goyal
bd49e11d69 crypto/dpaa2_sec: enable PDCP-SDAP sessions
Based on the new field in PDCP xform, a decision is made
to create a PDCP session with or without SDAP enabled.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:24:41 +02:00
Akhil Goyal
a11aeb0936 doc: remove unnecessary API code from security guide
Various xform structures are being copied in
rte_security guide which can be referred from the
API documentation generated by Doxygen. The security guide
does not talk about specific details of these xforms and
thus are removed from the security guide.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:24:41 +02:00
Akhil Goyal
486f067a41 security: modify PDCP xform to support SDAP
The SDAP is a protocol in the LTE stack on top of PDCP for
QOS. A particular PDCP session may or may not have
SDAP enabled. But if it is enabled, SDAP header should be
authenticated but not encrypted if both confidentiality and
integrity is enabled. Hence, the driver should be intimated
from the xform so that it skip the SDAP header while encryption.

A new field is added in the PDCP xform to specify SDAP is enabled.
The overall size of the xform is not changed, as hfn_ovrd is just
a flag and does not need uint32. Hence, it is converted to uint8_t
and a 16 bit reserved field is added for future.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
2020-10-14 22:24:41 +02:00
Franck Lenormand
3ba2e519ea common/dpaax/caamflib: support PDCP-SDAP
The SDAP is a protocol in the LTE stack on top of PDCP. It is
dedicated to QoS.

The difficulty of implementing this protocol is because the
PDCP change behavior regarding encryption and authentication
of the SDU it receives. In effect PDCP shall not encrypt the
SDAP SDU but must authenticate it (when encryption and
authentication is enabled).

The current version of SEC does not support the SDAP and the
change of behavior of PDCP prevent the use of the PDCP
protocol command available.

The way to do it is to reuse the PDCP implementation but to
not use the PDCP protocol and to have descriptors which
performs the PDCP protocol.

It is implemented by doing small changes of code:
        #ifdef SDAP_SUPPORT
                length += SDAP_BYTE_SIZE;
                offset -= SDAP_BYTE_SIZE;
        #endif
after having computed the size of the SN to read from the
input data, then
        #ifdef SDAP_SUPPORT
                MATHI(p, MATH0, LSHIFT, 8, MATH1, 8, 0);
                MATHB(p, MATH1, AND, sn_mask, MATH1, 8, IFB | IMMED2);
        #else
                MATHB(p, MATH0, AND, sn_mask, MATH1, 8, IFB | IMMED2);
        #endif
It will keep the SN and the SDAP header in MATH0, then shift
it to remove the SDAP header and store the result in MATH1.

Signed-off-by: Franck Lenormand <franck.lenormand@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:24:41 +02:00
Arek Kusztal
3a6f835b33 cryptodev: remove algo lists end
This patch removes enumerators RTE_CRYPTO_CIPHER_LIST_END,
RTE_CRYPTO_AUTH_LIST_END, RTE_CRYPTO_AEAD_LIST_END to prevent
ABI breakage that may arise when adding new crypto algorithms.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:22:06 +02:00
Abhinandan Gujjar
7444937523 test/event_crypto_adapter: fix configuration
This patch updates the xform with right configuration.
For session based ops, sym session pool is created with
valid userdata size.

Fixes: 24054e3640a2 ("test/crypto: use separate session mempools")
Cc: stable@dpdk.org

Signed-off-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:22:06 +02:00
Fan Zhang
4868f6591c test/crypto: add cases for raw datapath API
This patch adds the cryptodev raw API test support to unit test.
In addition a new test-case for QAT PMD for the test type is
enabled.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:22:06 +02:00
Fan Zhang
728c76b0e5 crypto/qat: support raw datapath API
This patch updates QAT PMD to add raw data-path API support.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
2020-10-14 22:22:06 +02:00
Fan Zhang
eb7eed345c cryptodev: add raw crypto datapath API
This patch adds raw data-path APIs for enqueue and dequeue
operations to cryptodev. The APIs support flexible user-define
enqueue and dequeue behaviors.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:22:06 +02:00
Fan Zhang
8d928d47a2 cryptodev: change crypto symmetric vector structure
This patch updates ``rte_crypto_sym_vec`` structure to add
support for both cpu_crypto synchronous operation and
asynchronous raw data-path APIs. The patch also includes
AESNI-MB and AESNI-GCM PMD changes, unit test changes and
documentation updates.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:22:06 +02:00
Pablo de Lara
a141f0c7e7 crypto/aesni_mb: support AES-CCM-256
This patch adds support for AES-CCM-256 when using AESNI-MB

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-10-14 22:22:06 +02:00
Pablo de Lara
010230a154 crypto/aesni_mb: support Chacha20-Poly1305
Add support for Chacha20-Poly1305 AEAD algorithm.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-10-14 22:22:06 +02:00
Pablo de Lara
e45847d8fd crypto/aesni_mb: fix GCM digest size check
GCM digest sizes should be between 1 and 16 bytes.

Fixes: 7b2d4706c90e ("crypto/aesni_mb: support newer library version only")
Cc: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-10-14 22:22:06 +02:00
Pablo de Lara
07bfb9047b crypto/aesni_mb: fix CCM digest size check
Digest size for CCM was being checked for other algorithms
apart from CCM.

Fixes: c4c0c312a823 ("crypto/aesni_mb: check for invalid digest size")
Cc: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-10-14 22:22:06 +02:00
Pablo de Lara
dcdd01691f test/crypto: add GMAC SGL
Add Scatter-Gather List tests for AES-GMAC.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-10-14 22:22:06 +02:00
Pablo de Lara
515a6cc299 crypto/aesni_gcm: support SGL on AES-GMAC
Add Scatter-gather list support for AES-GMAC.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
2020-10-14 22:22:06 +02:00
Fan Zhang
d09abf2d10 examples/fips_validation: update GCM test
This patch updates fips validation GCM test capabilities:

- In NIST GCMVS spec GMAC test vectors are the GCM ones with
plaintext length as 0 and uses AAD as input data. Originally
fips_validation tests treats them both as GCM test vectors.
This patch introduce automatic test type recognition between
the two: when plaintext length is 0 the prepare_gmac_xform
and prepare_auth_op functions are called, otherwise
prepare_gcm_xform and prepare_aead_op functions are called.

- NIST GCMVS also specified externally or internally IV
generation. When IV is to be generated by IUT internally IUT
shall store the generated IV in the response file. This patch
also adds the support to that.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Weqaar Janjua <weqaar.a.janjua@intel.com>
Acked-by: John Griffin <john.griffin@intel.com>
2020-10-14 22:22:06 +02:00
Fan Zhang
952e10cdad examples/fips_validation: support scatter gather list
This patch adds SGL support to FIPS sample application.
Originally the application allocates single mbuf of 64KB - 1
bytes data room. With the change the user may reduce the
mbuf dataroom size by using the add cmdline option. If the
input test data is longer than the user provided data room
size the application will automatically build chained mbufs
for the target cryptodev PMD to test.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: John Griffin <john.griffin@intel.com>
2020-10-14 22:22:06 +02:00
Michael Shamis
8bd98b8d85 crypto/mvsam: remove algo lists end
Remove enumerators RTE_CRYPTO_CIPHER_LIST_END,
RTE_CRYPTO_AUTH_LIST_END, RTE_CRYPTO_AEAD_LIST_END to prevent
ABI breakages that may arise when adding new crypto algorithms.

Signed-off-by: Michael Shamis <michaelsh@marvell.com>
2020-10-14 22:22:06 +02:00
Ruifeng Wang
087ed97592 crypto/armv8: remove algo lists end
Removed references to RTE_CRYPTO_CIPHER_LIST_END and
RTE_CRYPTO_AUTH_LIST_END to prevent ABI breakages
that may arise when adding new crypto algorithms.

Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Reviewed-by: Phil Yang <phil.yang@arm.com>
2020-10-14 22:22:06 +02:00
David Coyle
8f6187ecf8 crypto/aesni_mb: fix security session clearing
When destroying a security session, the AESNI-MB PMD attempted to clear
the private aesni_mb session object to remove any key material. However,
the function aesni_mb_pmd_sec_sess_destroy() cleared the security session
object instead of the private session object.

This patch fixes this issue by now clearing the private session object.

Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")
Cc: stable@dpdk.org

Signed-off-by: David Coyle <david.coyle@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-10-14 22:22:06 +02:00
Akhil Goyal
ca635a5899 crypto/dpaa2_sec: change descriptor sharing for ERA10
In case of LX2160 or SEC ERA 10, share wait has performance
optimizations wrt to ok-to-share signal which allows multiple
DECOs to work together even in case of single queue and single SA.
Hence updated the descriptor sharing only in case of ERA10.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2020-10-14 22:22:06 +02:00
Akhil Goyal
55a4438f8e crypto/dpaa2_sec: increase max anti-replay window size
In case of LX2160 or SEC ERA >= 10, max anti replay window
size supported is 1024. For all other versions of SEC, the
maximum value is capped at 128 even if application gives
more than that.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Yi Liu <yi.liu@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2020-10-14 22:22:06 +02:00
Akhil Goyal
a054c627a1 crypto/dpaa2_sec: support non-HMAC auth algo versions
added support for non-HMAC for auth algorithms
(SHA1, SHA2, MD5).
Corresponding capabilities are enabled so that test
application can enable those test cases.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:22:06 +02:00
Akhil Goyal
a6e892f427 crypto/dpaa2_sec: support DES-CBC
add DES-CBC support for cipher_only, chain and ipsec protocol.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:22:06 +02:00
Hemant Agrawal
1fb9115a80 crypto/dpaa2_sec: support stats for secondary process
DPAA2 crypto object access need availability of MCP object
pointer. In case of secondary process, we need to use local
MCP pointer instead of primary process.

Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:22:06 +02:00
Hemant Agrawal
356bcac8f1 crypto/dpaa2_sec: fix stats query without queue pair
dpdk-procinfo calls the crypto stats API, which results segmentation
fault on DPAA2_SEC.
The queue pair array will be NULL, when it is used without
configuring the SEC device.

Fixes: 02f35eee264b ("crypto/dpaa2_sec: support statistics")
Cc: stable@dpdk.org

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:22:06 +02:00
Ankur Dwivedi
d698fa5469 net/octeontx2: add replay check for inline inbound packets
The function handling anti replay is added. If replay window
is enabled the rx packets will be validated against the window. The
rx offload fails in case of error.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:22:06 +02:00
Ankur Dwivedi
e91b4f45ff net/octeontx2: support anti-replay for security session
Initialize the inbound session for anti replay. The replay
window is allocated during session create and freed in session destroy.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-14 22:22:06 +02:00