22398 Commits

Author SHA1 Message Date
Linsi Yuan
6ebabb76a5 net/bnxt: fix possible stack smashing
We see a stack smashing as a result of defensive code missing. Once the
nb_pkts is less than RTE_BNXT_DESCS_PER_LOOP, it will be modified to
zero after doing a floor align, and we can not exit the following
receiving packets loop. And the buffers will be overwrite, then the
stack frame was ruined.

Fix the problem by adding defensive code, once the nb_pkts is zero, just
directly return with no packets.

Fixes: bc4a000f2f53 ("net/bnxt: implement SSE vector mode")
Cc: stable@dpdk.org

Signed-off-by: Linsi Yuan <yuanlinsi01@baidu.com>
Signed-off-by: Dongsheng Rong <rongdongsheng@baidu.com>
Acked-by: Lance Richardson <lance.richardson@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
2020-05-11 22:27:39 +02:00
Randy Schacher
34ce841502 net/bnxt: fix build with gcc 10 default no-common
Remove the defensive compile-time checker macro.

Bugzilla ID: 468
Fixes: 8430a8b841c8 ("net/bnxt: add initial TruFlow core session open")

Signed-off-by: Randy Schacher <stuart.schacher@broadcom.com>
Reviewed-by: Peter Spreadborough <peter.spreadborough@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
2020-05-11 22:27:39 +02:00
Stephen Hemminger
c6611b77d0 net/netvsc: do not configure RSS if disabled
This fixes the problem where driver would not start if only
have a single Rx queue and multiple Txq. In that case, RSS
should stay disabled.

Fixes: 92d23a57cafe ("net/netvsc: support configuring RSS parameters")
Cc: stable@dpdk.org

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
2020-05-11 22:27:39 +02:00
Stephen Hemminger
019a28912b net/netvsc: do RSS across Rx queue only
If number of tx queues is greater than the number of rx queues;
the driver ends up allocating more channels than rx queues.
The problem is that the RSS indirection table is programmed such
that some packets will end up on a channel that would never be
polled. The fix is to limit the RSS indirection table by number
of rx queues not channels.

Fixes: 92d23a57cafe ("net/netvsc: support configuring RSS parameters")
Cc: stable@dpdk.org

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
2020-05-11 22:27:39 +02:00
Stephen Hemminger
81938ebb54 net/netvsc: manage VF port under read/write lock
With multiple channels, the primary channel may receive notification
that VF has been added or removed while secondary channel is in
process of doing receive or transmit.  Resolve this race by converting
existing vf_lock to a reader/writer lock.

Users of lock (tx/rx/stats) acquire for read, and actions like
add/remove acquire it for write.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
2020-05-11 22:27:39 +02:00
Stephen Hemminger
33fd81cdb5 net/netvsc: check vmbus ring buffer more often
Since VF notifications are handled as VMBUS notifications on the
primary channel (and not as hotplug). The channel should be checked
before deciding to use VF for Rx or Tx.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
2020-05-11 22:27:39 +02:00
Stephen Hemminger
1c33435a58 bus/vmbus: add missing barrier
The check for event ring being empty needs a barrier
to avoid any over aggressive optimization.
This is same barrier as Linux kernel.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
2020-05-11 22:27:39 +02:00
Stephen Hemminger
3a185ff42e bus/vmbus: fix comment spelling
No code change here.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
2020-05-11 22:27:39 +02:00
Stephen Hemminger
672f4d127b net/netvsc: fix comment spelling
No code change here.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
2020-05-11 22:27:39 +02:00
Wei Hu (Xavier)
9eb974221f app/testpmd: fix statistics after reset
Currently, when running start/clear stats&xstats/stop command many times
based on testpmd application, there are incorrect forward Rx/Tx-packets
stats as below:
---------------------- Forward statistics for port 0  --------------
RX-packets: 18446744073709544808 RX-dropped: 0                <snip>
TX-packets: 18446744073709536616 TX-dropped: 0                <snip>
--------------------------------------------------------------------

The root cause as below:
1. The struct rte_port of testpmd.h has a member variable "struct
   rte_eth_stats stats" to store the last port statistics.
2. When running start command, it execute cmd_start_parsed ->
   start_packet_forwarding -> fwd_stats_reset, which call
   rte_eth_stats_get API function to save current port statistics.
3. When running stop command, it execute fwd_stats_display, which call
   rte_eth_stats_get to get current port statistics, and then minus last
   port statistics.
4. If we run clear stats or xstats after start command, then run stop,
   it may display above incorrect stats because the current
   Rx/Tx-packets is lower than the last saved RX/TX-packets(uint64_t
   overflow).

This patch fixes it by clearing last port statistics when executing
"clear stats/xstats" command.

Fixes: af75078fece3 ("first public release")
Cc: stable@dpdk.org

Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Signed-off-by: Wei Hu (Xavier) <xavier.huwei@huawei.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
2020-05-11 22:27:39 +02:00
Dong Zhou
0e459ffa08 app/testpmd: support flow aging
Currently, there is no way to check the aging event or to get the
current aged flows in testpmd, this patch include those implements, it's
included:

- Add new item "flow_aged" to the current print event command arguments.
- Add new command to list all aged flows, meanwhile, we can set
  parameter to destroy it.

Signed-off-by: Dong Zhou <dongz@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
Acked-by: Ori Kam <orika@mellanox.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
2020-05-11 22:27:39 +02:00
Gaetan Rivet
94a6f2def2 net/failsafe: avoid crash on malformed ethdev
Some PMD do not respect the eth_dev API when allocating their
rte_eth_dev. As a result, on device add event resulting from
rte_eth_dev_probing_finish() call, the eth_dev processed is incomplete.

The segfault is a good way to focus the developer on the issue, but does
not inspire confidence. Instead, warn the user of the error repeatedly.

The failsafe PMD can warn of the issue and continue. It will repeatedly
attempt to initialize the failed port and complain about it, which
should result in the same developer focus but with less crashing.

Signed-off-by: Gaetan Rivet <grive@u256.net>
2020-05-11 22:27:39 +02:00
Yunjian Wang
b9663f6035 net/failsafe: fix fd leak
Zero is a valid fd. The fd won't be closed thus leading fd leak,
when it is zero.

Also the service proxy is initialized at 0. This is assuming that all of
its fields are invalid at 0. The issue is that a file descriptor at 0 is
a valid one.

The value -1 is used as sentinel during cleanup. Initialize the RX proxy
file descriptor to -1.

Fixes: f234e5bd996d ("net/failsafe: register slaves Rx interrupts")
Fixes: 9e0360aebf23 ("net/failsafe: register as Rx interrupt mode")
Cc: stable@dpdk.org

Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Signed-off-by: Gaetan Rivet <grive@u256.net>
Tested-by: Ali Alnubani <alialnu@mellanox.com>
2020-05-11 22:27:39 +02:00
Arek Kusztal
a0f0de06d4 cryptodev: fix ABI compatibility for ChaCha20-Poly1305
This patch adds versioned function rte_cryptodev_info_get()
to prevent some issues with ABI policy.
Node v21 works in same way as before, returning driver capabilities
directly to the API caller. These capabilities may include new elements
not part of the v20 ABI.
Node v20 function maintains compatibility with v20 ABI releases
by stripping out elements not supported in v20 ABI. Because
rte_cryptodev_info_get is called by other API functions,
rte_cryptodev_sym_capability_get function is versioned the same way.

Fixes: b922dbd38ced ("cryptodev: add ChaCha20-Poly1305 AEAD algorithm")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-05-11 13:17:43 +02:00
Arek Kusztal
b922dbd38c cryptodev: add ChaCha20-Poly1305 AEAD algorithm
This patch adds Chacha20-Poly1305 AEAD algorithm to Cryptodev.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-05-11 13:17:43 +02:00
Vladimir Medvedkin
e62893f5ec ipsec: check SAD lookup error
Explicitly check return value in add_specific()
CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS)
8. negative_returns: Using variable ret as an index to array sad->cnt_arr

Coverity issue: 357760
Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation")
Cc: stable@dpdk.org

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
2020-05-11 13:17:43 +02:00
Vladimir Medvedkin
04fa1906fc examples/ipsec-secgw: remove limitation for crypto sessions
Get rid of hardcoded limit of cryptodev sessions.

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-05-11 13:17:43 +02:00
Arek Kusztal
a68ba526ba doc: add QAT AES-GCM J0 in release notes
This patch adds missing line about addition of AES-GCM/GMAC J0
capability to 20.05 release notes.

Fixes: 2165e2e9ea56 ("crypto/qat: support AES-GCM J0")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
2020-05-11 13:17:43 +02:00
Pablo de Lara
43608222a7 doc: support IPsec Multi-buffer lib v0.54
Updated SNOW3G and KASUMI PMD documentation guides
with information about the latest Intel IPSec Multi-buffer
library supported.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-05-11 13:17:43 +02:00
Pablo de Lara
0b133c36ad crypto/zuc: support IPsec Multi-buffer lib v0.54
The latest version of the Intel IPSec Multi-buffer library
adds an API to authenticate multiple buffers in parallel.
The PMD is modified to use this API, improving
performance of the ZUC-EIA3 algorithm.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-05-11 13:17:43 +02:00
Akhil Goyal
03db7a513b test/crypto: remove unused variable
dev info is set but not used in
test_queue_pair_descriptor_setup().

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2020-05-11 13:17:43 +02:00
Akhil Goyal
5bf52c656e test/crypto: remove QAT specific check
In test_queue_pair_descriptor_setup() and
test_device_configure_invalid_queue_pair_ids a QAT specific
check is there, however the test case can be run on any PMD.
Hence removed the unnecessary check.

test_queue_pair_descriptor_setup and
test_device_configure_invalid_queue_pair_ids execution
need to be altered as the valid device values should be
configured in the end so that all other tests can be
executed.

Signed-off-by: Apeksha Gupta <apeksha.gupta@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2020-05-11 13:17:43 +02:00
Akhil Goyal
33c9e904fb test/crypto: remove dpaaX_sec specific test suites
dpaa_sec and dpaa2_sec PMDs can run generic
cryptodev_testsuite. Hence removing the specific
test suites.

Signed-off-by: Apeksha Gupta <apeksha.gupta@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2020-05-11 13:17:43 +02:00
Akhil Goyal
e8c54147a7 test/crypto: run PDCP cases if supported
cryptodevs which support rte_security PDCP protocol,
can run all PDCP cases if it sets a feature flag
RTE_CRYPTODEV_FF_SECURITY. Previously, only dpaa2_sec
and dpaa_sec test suites were running these tests.
Now it is moved to generic test suite with a check
on the feature flag and the case will be skipped if it
is not supported by the PMD.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2020-05-11 13:17:43 +02:00
Akhil Goyal
e9703a54e4 test/crypto: skip unsupported session
The session init routine rte_cryptodev_sym_session_init(),
could return -ENOTSUP when the requested algo combination
is not supported by the PMD. This should be treated as
unsupported feature.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2020-05-11 13:17:43 +02:00
Akhil Goyal
554bb73c25 test/crypto: skip unsupported session-less cases
There were some PMD specific checks to skip the case if
it is not supported. This patch checks the feature flag
RTE_CRYPTODEV_FF_SYM_SESSIONLESS if PMD supports it or not.

Signed-off-by: Apeksha Gupta <apeksha.gupta@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2020-05-11 13:17:43 +02:00
Akhil Goyal
c87ba0f079 test/crypto: skip unsupported scatter/gather cases
Checked the PMD feature flag list to identify if
inplace or OOP SGLs are supported or not. If not supported
the cases are skipped.

Signed-off-by: Apeksha Gupta <apeksha.gupta@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2020-05-11 13:17:43 +02:00
Akhil Goyal
30563510a5 test/crypto: skip unsupported non-byte aligned cases
Skipped the test cases for the PMDs which do not support
RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA and subsequently
removed the PMD specific checks for running that case.

Signed-off-by: Apeksha Gupta <apeksha.gupta@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2020-05-11 13:17:43 +02:00
Akhil Goyal
e11bdd3774 cryptodev: add feature flag for non-byte aligned data
Some wireless algos like SNOW, ZUC may support input
data in bits which are not byte aligned. However, not
all PMDs can support this requirement. Hence added a
new feature flag RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA
to identify which all PMDs can support non-byte aligned
data.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2020-05-11 13:17:43 +02:00
Kevin Traynor
50b03f3b8e drivers/crypto: disable gcc 10 no-common errors
gcc 10 defaults to -fno-common and as a result when linking
with crypto drivers:

drivers/librte_pmd_dpaa_sec.a(crypto_dpaa_sec_dpaa_sec.c.o):
(.bss+0x4): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here

drivers/librte_pmd_dpaa2_sec.a(crypto_dpaa2_sec_dpaa2_sec_dpseci.c.o):
(.data+0x0): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here

This is a blunt fix for the issue by enabling fcommon for
dpaa_sec/dpaa2_sec/caam_jr.

Bugzilla ID: 469
Cc: stable@dpdk.org

Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-05-11 13:17:43 +02:00
Akhil Goyal
c08ced9a9a crypto/dpaa_sec: improve error handling
The return values in cases of errors were not
specified properly. With this patch appropriate
error numbers are returned.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2020-05-11 13:17:43 +02:00
Akhil Goyal
94ae7667f7 crypto/dpaa2_sec: improve error handling
The return values in cases of errors were not
specified properly. With this patch appropriate
error numbers are returned.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2020-05-11 13:17:43 +02:00
Ankur Dwivedi
439d222ba0 test/crypto: handle unsupported error on session init
The session init routine rte_cryptodev_sym_session_init(),
could return -ENOTSUP when the requested algo combination
is not supported by the PMD. This should be treated as
unsupported features. For other return values like -EINVAL
or -ENOMEM the test can be treated as failure.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-05-11 13:17:43 +02:00
Archana Muniganti
90ecace4f6 examples/fips_validation: fix parsing of algorithms
Few of the NIST TDES test files don't contain TDES string.
Added indicators to identify such files. These indicators
are part of only NIST TDES test vector files.

Fixes: 527cbf3d5ee3 ("examples/fips_validation: support TDES parsing")
Cc: stable@dpdk.org

Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2020-05-11 13:17:43 +02:00
Adam Dybkowski
b5d704b92a common/qat: remove redundant check
This patch removed the non-essential check for NULL pointer.

Coverity issue: 357770
Fixes: c13cecf60f12 ("compress/qat: support IM buffer too small operation")

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2020-05-11 13:17:43 +02:00
Adam Dybkowski
7277e63f59 common/qat: fix enqueue/dequeue statistics
This patch fixes enqueued and dequeued count statistics that should
contain the number of operations enqueued by the end user app
instead of the total number of QAT requests - bigger in case of
a multiple-request dynamic Huffman compression operation.

Fixes: c13cecf60f12 ("compress/qat: support IM buffer too small operation")

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2020-05-11 13:17:43 +02:00
Praveen Shetty
5ec3eb3b83 examples/ipsec-secgw: fix ESP flow error log
Function create_ipsec_esp_flow returns a negative number in case of any
failure and we are passing this to strerror to display the error message.
But strerror()'s argument cannot be negative.
In case of failure, displaying exact error message to console is handled
in create_ipsec_esp_flow function.
So it is not required to print the error message again using strerror.
This patch will remove the unnecessary calling of strerror function
to fix the negative argument passing to strerror issue.

Coverity issue: 357691
Fixes: 6738c0a95695 ("examples/ipsec-secgw: support flow director")

Signed-off-by: Praveen Shetty <praveen.shetty@intel.com>
Acked-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2020-05-11 13:17:43 +02:00
Kevin Traynor
6a6b5d5616 crypto/kasumi: fix extern declaration
gcc 10 defaults to fno-common and it reports:

crypto_kasumi_rte_kasumi_pmd_ops.c.o:(.data.rel+0x0):
multiple definition of `rte_kasumi_pmd_ops';
crypto_kasumi_rte_kasumi_pmd.c.o:(.bss+0x8): first defined here

Fix by making rte_kasumi_pmd_ops extern in the header file.

Fixes: 2773c86d061a ("crypto/kasumi: add driver for KASUMI library")
Cc: stable@dpdk.org

Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-05-11 13:17:43 +02:00
Ankur Dwivedi
d954825a24 test/crypto: set null cipher IV length to zero
For null cipher the iv length should be set to zero.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2020-05-11 13:17:43 +02:00
Lukasz Wojciechowski
2eaf352d3d crypto/dpaa_sec: repair memory allocations
This patch repairs 2 memory allocations issues:

1) possible leak of memory
    In cryptodev_dpaa_sec_probe() function in case of portal
    initialization failure, function exited without cleanup.

    The patch redirects flow to out label, which provides
    proper cleanup in case of error: freeing cryptodevice private
    data and releasing cryptodevice.

2) double free of cryptodev private data
    The function dpaa_sec_dev_init() in case of failure called
    dpaa_sec_uninit() which freed both private data and security
    context. However one layer above in cryptodev_dpaa_sec_probe()
    function, the private data were freed one more time.

    The patch limits cleanup of the dpaa_sec_dev_init() function
    to freeing only the security context.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-05-11 13:17:43 +02:00
Lukasz Wojciechowski
6290de2c3f crypto/dpaa_sec: improve memory freeing
This patch fixes management of memory for authentication
and encryption keys.
There were two issues with former state of implementation:

1) Invalid access to dpaa_sec_session union members
    The dpaa_sec_session structure includes an anonymous union:
    union {
        struct {...} aead_key;
        struct {
            struct {...} cipher_key;
            struct {...} auth_key;
        };
    };
    Depending on the used algorithm a rte_zmalloc() function
    allocated memory that was kept in aead_key, cipher_key
    or auth_key. However every time the memory was released,
    rte_free() was called only on cipher and auth keys, even
    if pointer to allocated memory was stored in aead_key.

    The C language specification defines such behavior as undefined.
    As the cipher_key and aead_key are similar, have same sizes and
    alignment, it has worked, but it's directly against C specification.

    This patch fixes this, providing a free_session_data() function
    to free the keys data. It verifies which algorithm was used
    (aead or auth+cipher) and frees proper part of the union.

2) Some keys might have been freed multiple times
    In functions like: dpaa_sec_cipher_init(), dpaa_sec_auth_init(),
    dpaa_sec_chain_init(), dpaa_sec_aead_init() keys data were freed
    before returning due to some error conditions. However the pointers
    were not zeroed causing another calls to ret_free from higher
    layers of code. This causes an error log about invalid memory address
    to be printed.

    This patch fixes it by making only one layer responsible for freeing
    memory

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-05-11 13:17:43 +02:00
Adam Dybkowski
e703b80152 common/qat: fix queue head update
This patch fixes missing queue head update that occurred when
a multiple-request dynamic Huffman compression operation was not
complete within one qat_dequeue_op_burst function call.

Fixes: c13cecf60f12 ("compress/qat: support IM buffer too small operation")

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Tested-by: Xinfeng Zhao <xinfengx.zhao@intel.com>
2020-05-11 13:17:43 +02:00
Mariusz Drost
9dbc4e21e7 examples/ipsec-secgw: clean up test scripts
As more test cases are defined for execution, test scripts structure
needs to be reorganized, so fewer files are needed to describe the test.
To achieve that, new environment variables are incorporated into the
scripts.
Additionally, tests for mixed tunnel protocols are added.

Signed-off-by: Mariusz Drost <mariuszx.drost@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
2020-05-11 13:17:43 +02:00
Arek Kusztal
fae347cb34 crypto/qat: fix cipher descriptor for ZUC and SNOW
Offset of cd pointer is too big by state1size + state2size, so few extra
unnecessary bytes will be copied into cd. Snow offset was improved as well.

Fixes: d9b7d5bbc845 ("crypto/qat: add ZUC EEA3/EIA3 capability")
Cc: stable@dpdk.org

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2020-05-11 13:17:43 +02:00
Adam Dybkowski
16f25ee0bf app/crypto-perf: fix display of sample test vector
This patch disables displaying sample test vector contents when
executing throughput and latency tests as the sample data is not
used in those tests (not copied to input mbuf in order to achieve
better performance).

Fixes: f8be1786b1b8 ("app/crypto-perf: introduce performance test application")
Cc: stable@dpdk.org

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2020-05-11 13:17:43 +02:00
Yunjian Wang
4f429be4c0 crypto/ccp: fix fd leak on probe failure
Zero is a valid fd. When ccp_probe_device() is failed, the uio_fd won't be
closed thus leading fd leak.

Fixes: ef4b04f87fa6 ("crypto/ccp: support device init")
Cc: stable@dpdk.org

Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Ravi Kumar <ravi1.kumar@amd.com>
2020-05-11 13:17:43 +02:00
Phil Yang
1a805dee01 ipsec: optimize SA outbound sequence update
For SA outbound packets, rte_atomic64_add_return is used to generate
SQN atomically. Use C11 atomics with RELAXED ordering for outbound SQN
update instead of rte_atomic ops which enforce unnecessary barriers on
aarch64.

Signed-off-by: Phil Yang <phil.yang@arm.com>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>
Reviewed-by: Gavin Hu <gavin.hu@arm.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
2020-05-11 13:17:43 +02:00
Lukasz Wojciechowski
34e0ec71e4 test/security: enable tests for non-implemented ops
After re-enabling checks for non-implemented ops in non-debug mode
in librte_security set_pkt_metadata and get_userdata functions,
tests verifying proper work of tests can be enabled also.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-05-11 13:17:43 +02:00
Pablo de Lara
6ab5245040 crypto/aesni_mb: fix DOCSIS AES-256
When adding support for DOCSIS AES-256,
when setting the cipher parameters, all key sizes
were accepted, but only 128-bit and 256-bit keys
are supported.

Fixes: 9536622b86c8 ("crypto/aesni_mb: support DOCSIS AES-256")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
2020-05-11 13:17:43 +02:00
Savinay Dharmappa
f7f3ac6dcb test/ipsec: add performance cases
Add new test-case to measure performance of
IPsec data-path functions.

Signed-off-by: Savinay Dharmappa <savinay.dharmappa@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
2020-05-11 13:17:43 +02:00