We see a stack smashing as a result of defensive code missing. Once the
nb_pkts is less than RTE_BNXT_DESCS_PER_LOOP, it will be modified to
zero after doing a floor align, and we can not exit the following
receiving packets loop. And the buffers will be overwrite, then the
stack frame was ruined.
Fix the problem by adding defensive code, once the nb_pkts is zero, just
directly return with no packets.
Fixes: bc4a000f2f53 ("net/bnxt: implement SSE vector mode")
Cc: stable@dpdk.org
Signed-off-by: Linsi Yuan <yuanlinsi01@baidu.com>
Signed-off-by: Dongsheng Rong <rongdongsheng@baidu.com>
Acked-by: Lance Richardson <lance.richardson@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
This fixes the problem where driver would not start if only
have a single Rx queue and multiple Txq. In that case, RSS
should stay disabled.
Fixes: 92d23a57cafe ("net/netvsc: support configuring RSS parameters")
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
If number of tx queues is greater than the number of rx queues;
the driver ends up allocating more channels than rx queues.
The problem is that the RSS indirection table is programmed such
that some packets will end up on a channel that would never be
polled. The fix is to limit the RSS indirection table by number
of rx queues not channels.
Fixes: 92d23a57cafe ("net/netvsc: support configuring RSS parameters")
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
With multiple channels, the primary channel may receive notification
that VF has been added or removed while secondary channel is in
process of doing receive or transmit. Resolve this race by converting
existing vf_lock to a reader/writer lock.
Users of lock (tx/rx/stats) acquire for read, and actions like
add/remove acquire it for write.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Since VF notifications are handled as VMBUS notifications on the
primary channel (and not as hotplug). The channel should be checked
before deciding to use VF for Rx or Tx.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The check for event ring being empty needs a barrier
to avoid any over aggressive optimization.
This is same barrier as Linux kernel.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Currently, when running start/clear stats&xstats/stop command many times
based on testpmd application, there are incorrect forward Rx/Tx-packets
stats as below:
---------------------- Forward statistics for port 0 --------------
RX-packets: 18446744073709544808 RX-dropped: 0 <snip>
TX-packets: 18446744073709536616 TX-dropped: 0 <snip>
--------------------------------------------------------------------
The root cause as below:
1. The struct rte_port of testpmd.h has a member variable "struct
rte_eth_stats stats" to store the last port statistics.
2. When running start command, it execute cmd_start_parsed ->
start_packet_forwarding -> fwd_stats_reset, which call
rte_eth_stats_get API function to save current port statistics.
3. When running stop command, it execute fwd_stats_display, which call
rte_eth_stats_get to get current port statistics, and then minus last
port statistics.
4. If we run clear stats or xstats after start command, then run stop,
it may display above incorrect stats because the current
Rx/Tx-packets is lower than the last saved RX/TX-packets(uint64_t
overflow).
This patch fixes it by clearing last port statistics when executing
"clear stats/xstats" command.
Fixes: af75078fece3 ("first public release")
Cc: stable@dpdk.org
Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Signed-off-by: Wei Hu (Xavier) <xavier.huwei@huawei.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Currently, there is no way to check the aging event or to get the
current aged flows in testpmd, this patch include those implements, it's
included:
- Add new item "flow_aged" to the current print event command arguments.
- Add new command to list all aged flows, meanwhile, we can set
parameter to destroy it.
Signed-off-by: Dong Zhou <dongz@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
Acked-by: Ori Kam <orika@mellanox.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Some PMD do not respect the eth_dev API when allocating their
rte_eth_dev. As a result, on device add event resulting from
rte_eth_dev_probing_finish() call, the eth_dev processed is incomplete.
The segfault is a good way to focus the developer on the issue, but does
not inspire confidence. Instead, warn the user of the error repeatedly.
The failsafe PMD can warn of the issue and continue. It will repeatedly
attempt to initialize the failed port and complain about it, which
should result in the same developer focus but with less crashing.
Signed-off-by: Gaetan Rivet <grive@u256.net>
Zero is a valid fd. The fd won't be closed thus leading fd leak,
when it is zero.
Also the service proxy is initialized at 0. This is assuming that all of
its fields are invalid at 0. The issue is that a file descriptor at 0 is
a valid one.
The value -1 is used as sentinel during cleanup. Initialize the RX proxy
file descriptor to -1.
Fixes: f234e5bd996d ("net/failsafe: register slaves Rx interrupts")
Fixes: 9e0360aebf23 ("net/failsafe: register as Rx interrupt mode")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Signed-off-by: Gaetan Rivet <grive@u256.net>
Tested-by: Ali Alnubani <alialnu@mellanox.com>
This patch adds versioned function rte_cryptodev_info_get()
to prevent some issues with ABI policy.
Node v21 works in same way as before, returning driver capabilities
directly to the API caller. These capabilities may include new elements
not part of the v20 ABI.
Node v20 function maintains compatibility with v20 ABI releases
by stripping out elements not supported in v20 ABI. Because
rte_cryptodev_info_get is called by other API functions,
rte_cryptodev_sym_capability_get function is versioned the same way.
Fixes: b922dbd38ced ("cryptodev: add ChaCha20-Poly1305 AEAD algorithm")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Explicitly check return value in add_specific()
CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS)
8. negative_returns: Using variable ret as an index to array sad->cnt_arr
Coverity issue: 357760
Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation")
Cc: stable@dpdk.org
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Get rid of hardcoded limit of cryptodev sessions.
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch adds missing line about addition of AES-GCM/GMAC J0
capability to 20.05 release notes.
Fixes: 2165e2e9ea56 ("crypto/qat: support AES-GCM J0")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Updated SNOW3G and KASUMI PMD documentation guides
with information about the latest Intel IPSec Multi-buffer
library supported.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
The latest version of the Intel IPSec Multi-buffer library
adds an API to authenticate multiple buffers in parallel.
The PMD is modified to use this API, improving
performance of the ZUC-EIA3 algorithm.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
dev info is set but not used in
test_queue_pair_descriptor_setup().
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
In test_queue_pair_descriptor_setup() and
test_device_configure_invalid_queue_pair_ids a QAT specific
check is there, however the test case can be run on any PMD.
Hence removed the unnecessary check.
test_queue_pair_descriptor_setup and
test_device_configure_invalid_queue_pair_ids execution
need to be altered as the valid device values should be
configured in the end so that all other tests can be
executed.
Signed-off-by: Apeksha Gupta <apeksha.gupta@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
dpaa_sec and dpaa2_sec PMDs can run generic
cryptodev_testsuite. Hence removing the specific
test suites.
Signed-off-by: Apeksha Gupta <apeksha.gupta@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
cryptodevs which support rte_security PDCP protocol,
can run all PDCP cases if it sets a feature flag
RTE_CRYPTODEV_FF_SECURITY. Previously, only dpaa2_sec
and dpaa_sec test suites were running these tests.
Now it is moved to generic test suite with a check
on the feature flag and the case will be skipped if it
is not supported by the PMD.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
The session init routine rte_cryptodev_sym_session_init(),
could return -ENOTSUP when the requested algo combination
is not supported by the PMD. This should be treated as
unsupported feature.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
There were some PMD specific checks to skip the case if
it is not supported. This patch checks the feature flag
RTE_CRYPTODEV_FF_SYM_SESSIONLESS if PMD supports it or not.
Signed-off-by: Apeksha Gupta <apeksha.gupta@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Checked the PMD feature flag list to identify if
inplace or OOP SGLs are supported or not. If not supported
the cases are skipped.
Signed-off-by: Apeksha Gupta <apeksha.gupta@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Skipped the test cases for the PMDs which do not support
RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA and subsequently
removed the PMD specific checks for running that case.
Signed-off-by: Apeksha Gupta <apeksha.gupta@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Some wireless algos like SNOW, ZUC may support input
data in bits which are not byte aligned. However, not
all PMDs can support this requirement. Hence added a
new feature flag RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA
to identify which all PMDs can support non-byte aligned
data.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
gcc 10 defaults to -fno-common and as a result when linking
with crypto drivers:
drivers/librte_pmd_dpaa_sec.a(crypto_dpaa_sec_dpaa_sec.c.o):
(.bss+0x4): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here
drivers/librte_pmd_dpaa2_sec.a(crypto_dpaa2_sec_dpaa2_sec_dpseci.c.o):
(.data+0x0): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here
This is a blunt fix for the issue by enabling fcommon for
dpaa_sec/dpaa2_sec/caam_jr.
Bugzilla ID: 469
Cc: stable@dpdk.org
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The return values in cases of errors were not
specified properly. With this patch appropriate
error numbers are returned.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
The return values in cases of errors were not
specified properly. With this patch appropriate
error numbers are returned.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
The session init routine rte_cryptodev_sym_session_init(),
could return -ENOTSUP when the requested algo combination
is not supported by the PMD. This should be treated as
unsupported features. For other return values like -EINVAL
or -ENOMEM the test can be treated as failure.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Few of the NIST TDES test files don't contain TDES string.
Added indicators to identify such files. These indicators
are part of only NIST TDES test vector files.
Fixes: 527cbf3d5ee3 ("examples/fips_validation: support TDES parsing")
Cc: stable@dpdk.org
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
This patch removed the non-essential check for NULL pointer.
Coverity issue: 357770
Fixes: c13cecf60f12 ("compress/qat: support IM buffer too small operation")
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch fixes enqueued and dequeued count statistics that should
contain the number of operations enqueued by the end user app
instead of the total number of QAT requests - bigger in case of
a multiple-request dynamic Huffman compression operation.
Fixes: c13cecf60f12 ("compress/qat: support IM buffer too small operation")
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Function create_ipsec_esp_flow returns a negative number in case of any
failure and we are passing this to strerror to display the error message.
But strerror()'s argument cannot be negative.
In case of failure, displaying exact error message to console is handled
in create_ipsec_esp_flow function.
So it is not required to print the error message again using strerror.
This patch will remove the unnecessary calling of strerror function
to fix the negative argument passing to strerror issue.
Coverity issue: 357691
Fixes: 6738c0a95695 ("examples/ipsec-secgw: support flow director")
Signed-off-by: Praveen Shetty <praveen.shetty@intel.com>
Acked-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
gcc 10 defaults to fno-common and it reports:
crypto_kasumi_rte_kasumi_pmd_ops.c.o:(.data.rel+0x0):
multiple definition of `rte_kasumi_pmd_ops';
crypto_kasumi_rte_kasumi_pmd.c.o:(.bss+0x8): first defined here
Fix by making rte_kasumi_pmd_ops extern in the header file.
Fixes: 2773c86d061a ("crypto/kasumi: add driver for KASUMI library")
Cc: stable@dpdk.org
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
For null cipher the iv length should be set to zero.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch repairs 2 memory allocations issues:
1) possible leak of memory
In cryptodev_dpaa_sec_probe() function in case of portal
initialization failure, function exited without cleanup.
The patch redirects flow to out label, which provides
proper cleanup in case of error: freeing cryptodevice private
data and releasing cryptodevice.
2) double free of cryptodev private data
The function dpaa_sec_dev_init() in case of failure called
dpaa_sec_uninit() which freed both private data and security
context. However one layer above in cryptodev_dpaa_sec_probe()
function, the private data were freed one more time.
The patch limits cleanup of the dpaa_sec_dev_init() function
to freeing only the security context.
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch fixes management of memory for authentication
and encryption keys.
There were two issues with former state of implementation:
1) Invalid access to dpaa_sec_session union members
The dpaa_sec_session structure includes an anonymous union:
union {
struct {...} aead_key;
struct {
struct {...} cipher_key;
struct {...} auth_key;
};
};
Depending on the used algorithm a rte_zmalloc() function
allocated memory that was kept in aead_key, cipher_key
or auth_key. However every time the memory was released,
rte_free() was called only on cipher and auth keys, even
if pointer to allocated memory was stored in aead_key.
The C language specification defines such behavior as undefined.
As the cipher_key and aead_key are similar, have same sizes and
alignment, it has worked, but it's directly against C specification.
This patch fixes this, providing a free_session_data() function
to free the keys data. It verifies which algorithm was used
(aead or auth+cipher) and frees proper part of the union.
2) Some keys might have been freed multiple times
In functions like: dpaa_sec_cipher_init(), dpaa_sec_auth_init(),
dpaa_sec_chain_init(), dpaa_sec_aead_init() keys data were freed
before returning due to some error conditions. However the pointers
were not zeroed causing another calls to ret_free from higher
layers of code. This causes an error log about invalid memory address
to be printed.
This patch fixes it by making only one layer responsible for freeing
memory
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch fixes missing queue head update that occurred when
a multiple-request dynamic Huffman compression operation was not
complete within one qat_dequeue_op_burst function call.
Fixes: c13cecf60f12 ("compress/qat: support IM buffer too small operation")
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Tested-by: Xinfeng Zhao <xinfengx.zhao@intel.com>
As more test cases are defined for execution, test scripts structure
needs to be reorganized, so fewer files are needed to describe the test.
To achieve that, new environment variables are incorporated into the
scripts.
Additionally, tests for mixed tunnel protocols are added.
Signed-off-by: Mariusz Drost <mariuszx.drost@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Offset of cd pointer is too big by state1size + state2size, so few extra
unnecessary bytes will be copied into cd. Snow offset was improved as well.
Fixes: d9b7d5bbc845 ("crypto/qat: add ZUC EEA3/EIA3 capability")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch disables displaying sample test vector contents when
executing throughput and latency tests as the sample data is not
used in those tests (not copied to input mbuf in order to achieve
better performance).
Fixes: f8be1786b1b8 ("app/crypto-perf: introduce performance test application")
Cc: stable@dpdk.org
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Zero is a valid fd. When ccp_probe_device() is failed, the uio_fd won't be
closed thus leading fd leak.
Fixes: ef4b04f87fa6 ("crypto/ccp: support device init")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Ravi Kumar <ravi1.kumar@amd.com>
For SA outbound packets, rte_atomic64_add_return is used to generate
SQN atomically. Use C11 atomics with RELAXED ordering for outbound SQN
update instead of rte_atomic ops which enforce unnecessary barriers on
aarch64.
Signed-off-by: Phil Yang <phil.yang@arm.com>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>
Reviewed-by: Gavin Hu <gavin.hu@arm.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
After re-enabling checks for non-implemented ops in non-debug mode
in librte_security set_pkt_metadata and get_userdata functions,
tests verifying proper work of tests can be enabled also.
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
When adding support for DOCSIS AES-256,
when setting the cipher parameters, all key sizes
were accepted, but only 128-bit and 256-bit keys
are supported.
Fixes: 9536622b86c8 ("crypto/aesni_mb: support DOCSIS AES-256")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Add new test-case to measure performance of
IPsec data-path functions.
Signed-off-by: Savinay Dharmappa <savinay.dharmappa@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>