Previously, anything that prevented the CQs from being drained
would hang the PMD for an unacceptably long time. This commit updates
the drain logic to be resource and time based, thus eliminating
the potential for a long hang when draining the queues in preparation
for a reset.
Fixes: 1857f1922ce2 ("event/dlb2: use new implementation of resource file")
Cc: stable@dpdk.org
Signed-off-by: Timothy McDaniel <timothy.mcdaniel@intel.com>
If user tried to send 64 events, it will take 64 credits. Enqueue API
only gets 32 credits each time. If it does not have sufficient credits,
it just fails and returns. Enqueue API does not retry. On next enqueue,
it will get 32 more and send will work. This results in alternate
enqueues failing.
Add check to make sure DLB2_MAX_ENQUEUE_DEPTH <=
both DLB2_SW_CREDIT_QUANTA_DEFAULT and DLB2_SW_CREDIT_BATCH_SZ.
Add enough retires in the driver to satisfy max enqueue depth credits
based on set quanta. Note the credit quanta size is different for each
port. Retry count = Max enqueue depth / credit quanta in driver before
returning no credit.
Fixes: 3a6d0c04e7fb ("event/dlb2: add port setup")
Cc: stable@dpdk.org
Signed-off-by: Timothy McDaniel <timothy.mcdaniel@intel.com>
Segmentation fault is observed as soon as any application
with ethdev event is launched as ev->mbuf was not set properly.
Fixing sub event type violation as in OCTEONTX event device
sub_event_type is used to store the ethernet port identifier
when work is received from OCTEONTX ethernet device. This violates
the event device spec as sub_event_type should be 0 in the initial
receive stage. Setting sub_event_type to 0 after copying the port id
in single workslot mode.
Fixes: 44a2cebbd489 ("crypto/octeontx: add crypto adapter data path")
Cc: stable@dpdk.org
Signed-off-by: Harman Kalra <hkalra@marvell.com>
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Since openssl 3.0 now deprecates the low level API QAT required to
perform partial hash & AES operation when creating the session. This
patch add in qat_ipsec_mb_lib driver parameter to allow QAT PMD to
switch APIs between openssl and intel ipsec-mb library.
Signed-off-by: Kai Ji <kai.ji@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Ciara Power <ciara.power@intel.com>
This patch initializes with 0 rte_ipsec_sa_prm inside the
ipsec_sa struct.
Before it was passed uninitialized to rte_ipsec_sa_init(),
which does not check whether prm->ipsec_xform.esn.value is
greater than sa->sqn_mask.
Bugzilla ID: 1023
Fixes: f7f3ac6dcbe2 ("test/ipsec: add performance cases")
Cc: stable@dpdk.org
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
The cipher offset in bits was not being used in ZUC encryption test
functions when creating the operation, it was hardcoded to 0.
This is fixed to use the offset from the test vector as intended.
Fixes: fd01a9be38d5 ("test/crypto: move IV to crypto op private data")
Cc: stable@dpdk.org
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
This patch updates asymmetric DSA routine in crypto openssl pmd
to adopt openssl 3.0 EVP apis. Divided the single combined DSA sign
test to two individual DSA sign and DSA verfiy tests.
Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch updates asymmetric DH routine in crypto openssl pmd
to adopt openssl 3.0 EVP apis.
Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch updates asymmetric RSA routine in crypto openssl pmd
to adopt openssl 3.0 EVP apis.
Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch update the symmetric HMAC routine in crypto openssl
pmd to adopt openssl 3.0 EVP apis.
Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Make sure that ipsec_perf_autotest checks if there are any crypto
devices available before it starts performance testing.
Same test is performed in the ipsec_autotest so it seems prudent to do
it here too to not introduce false failures.
Signed-off-by: Stanislaw Kardach <kda@semihalf.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Add hardware supported flow control checks before enqueueing to CPT.
Since both poll mode and event mode can be used at the same time, add
hardware flow control checks to make sure s/w doesn't over submit to
hardware queues. For cn9k, queue depth usage is not high and so FC check
is omitted for poll mode.
To allow for more accurate updates, flow control hardware setting is
updated to give an update per 32 packets. In case of crypto adapter,
multiple cores can enqueue to the same CPT LF at the same time. To
allow such a case, flow control threshold is updated when the adapter
is configured.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Adding support for zuc, snow3g and aes-ctr-cmac
chained operations on cn9k using key and IV scheme
in microcode.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Remove SA & packet accesses in dequeue path by adjusting the headers in
the enqueue path for outbound packets. For inbound packets, add extra
esn_en flag in the SA to minimize cache line accesses in the datapath.
Also, use seq_lo for IPID. IPID just need to be unique. Instead of
incrementing per packet, use ESN low bits.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Move the IPsec SA creation to common.
The code can be used by fastpath also to create the SAs
Add changes to support new full context microcode
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This commit fixes missing guards for size of memcpy,
it is needed to prevent faulty access when incorrect length
passed from the user.
Fixes: 3b78aa7b2317 ("crypto/qat: refactor asymmetric crypto functions")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
This commit fixes wrong qp_id value in cryptodev scheduler in failover
mode.
Fixes: 37f075dad1e9 ("crypto/scheduler: add fail-over scheduling mode")
Cc: stable@dpdk.org
Signed-off-by: Jakub Wysocki <jakubx.wysocki@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Full cookie data should be cleared by default if not algorithm
specified. This is protection in case algorithm specific cleanup
is not implemented.
Fixes: 3b78aa7b2317 ("crypto/qat: refactor asymmetric crypto functions")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When compiling this example out of DPDK, linking the executable fails
with:
## Building fips_validation
/usr/bin/ld: /tmp/ccQjeHBg.o: in function `fips_test_init':
fips_validation.c:(.text+0x7ab): undefined reference to `json_loadf'
/usr/bin/ld: /tmp/ccQjeHBg.o: in function
`fips_test_parse_one_json_vector_set':
fips_validation.c:(.text+0xc2e): undefined reference to `json_object_get'
/usr/bin/ld: fips_validation.c:(.text+0xc36): undefined reference to
`json_string_value'
/usr/bin/ld: /tmp/ccQjeHBg.o: in function `fips_test_parse_one_json_group':
fips_validation.c:(.text+0xd00): undefined reference to `json_object_get'
/usr/bin/ld: fips_validation.c:(.text+0xd14): undefined reference to
`json_integer_value'
...
Code in an example can't rely on RTE_HAS_JANSSON, because it only
indicates that the jansson library was available at the time of dpdk
compilation.
Prefer a local build flag (like what is done in vm_power_manager).
And add linking to libjansson, if available.
Fixes: f556293fd58e ("examples/fips_validation: add JSON info to header")
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
GCC 12 raises the following warning:
In function ‘_mm256_loadu_si256’,
inlined from ‘rte_mov32’ at
../lib/eal/x86/include/rte_memcpy.h:319:9,
inlined from ‘rte_mov128’ at
../lib/eal/x86/include/rte_memcpy.h:344:2,
inlined from ‘rte_memcpy_generic’ at
../lib/eal/x86/include/rte_memcpy.h:438:4,
inlined from ‘rte_memcpy’ at
../lib/eal/x86/include/rte_memcpy.h:882:10,
inlined from ‘setup_test_string.constprop’ at
../app/test/test_ipsec.c:572:4:
/usr/lib/gcc/x86_64-redhat-linux/12/include/avxintrin.h:929:10: error:
array subscript ‘__m256i_u[3]’ is partly outside array bounds of
‘const char[108]’ [-Werror=array-bounds]
929 | return *__P;
| ^~~~
../app/test/test_ipsec.c: In function ‘setup_test_string.constprop’:
../app/test/test_ipsec.c:539:12: note: at offset 96 into object
‘null_plain_data’ of size 108
539 | const char null_plain_data[] =
| ^~~~~~~~~~~~~~~
Add a hint so that the compiler understands the copied data is within
the passed string boundaries.
Bugzilla ID: 848
Fixes: 05fe65eb66b2 ("test/ipsec: introduce functional test")
Cc: stable@dpdk.org
Signed-off-by: David Marchand <david.marchand@redhat.com>
The following warning is observed with GCC 12 compilation:
In file included from ../drivers/crypto/cnxk/cn10k_cryptodev_ops.c:17:
In function ‘fill_sg_comp_from_iov’,
inlined from ‘cpt_pdcp_chain_alg_prep’ at
../drivers/crypto/cnxk/cnxk_se.h:1194:8,
inlined from ‘cpt_fc_enc_hmac_prep’ at
../drivers/crypto/cnxk/cnxk_se.h:1871:9,
inlined from ‘fill_digest_params’ at
../drivers/crypto/cnxk/cnxk_se.h:2829:8,
inlined from ‘cpt_sym_inst_fill’ at
../drivers/crypto/cnxk/cn10k_cryptodev_ops.c:92:9,
inlined from ‘cn10k_cpt_fill_inst.constprop’ at
../drivers/crypto/cnxk/cn10k_cryptodev_ops.c:146:10:
../drivers/crypto/cnxk/cnxk_se.h:222:52: warning: array subscript 0 is
outside array bounds of ‘struct roc_se_buf_ptr[0]’ [-Warray-bounds]
222 | e_vaddr = (uint64_t)bufs[j].vaddr;
| ~~~~~~~^~~~~~
../drivers/crypto/cnxk/cnxk_se.h:223:48: warning: array subscript 0 is
outside array bounds of ‘struct roc_se_buf_ptr[0]’ [-Warray-bounds]
223 | e_len = (size > bufs[j].size) ? bufs[j].size : size;
| ~~~~~~~^~~~~
This patch resolves the warning.
Fixes: 3de331795f73 ("crypto/cnxk: add flexi cipher encryption")
Cc: stable@dpdk.org
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Reviewed-by: Anoob Joseph <anoobj@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>
Tested-by: David Marchand <david.marchand@redhat.com>
The following warning is observed with GCC 12 compilation:
In function ‘fill_sg_comp_from_iov’,
inlined from ‘cpt_zuc_snow3g_enc_prep’ at
../drivers/common/cpt/cpt_ucode.h:1672:9,
inlined from ‘cpt_fc_enc_hmac_prep’ at
../drivers/common/cpt/cpt_ucode.h:2472:3,
inlined from ‘fill_digest_params’ at
../drivers/common/cpt/cpt_ucode.h:3548:14,
inlined from ‘otx_cpt_enq_single_sym’ at
../drivers/crypto/octeontx/otx_cryptodev_ops.c:541:9,
inlined from ‘otx_cpt_enq_single_sym_sessless’ at
../drivers/crypto/octeontx/otx_cryptodev_ops.c:584:8,
inlined from ‘otx_cpt_enq_single’ at
../drivers/crypto/octeontx/otx_cryptodev_ops.c:611:11,
inlined from ‘otx_cpt_pkt_enqueue’ at
../drivers/crypto/octeontx/otx_cryptodev_ops.c:643:9,
inlined from ‘otx_cpt_enqueue_sym’ at
../drivers/crypto/octeontx/otx_cryptodev_ops.c:668:9:
../drivers/common/cpt/cpt_ucode.h:415:36: warning: array subscript 0 is
outside array bounds of ‘buf_ptr_t[0]’ {aka ‘struct buf_ptr[]’}
[-Warray-bounds]
415 | e_dma_addr = bufs[j].dma_addr;
| ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~
../drivers/common/cpt/cpt_ucode.h:416:48: warning: array subscript 0 is
outside array bounds of ‘buf_ptr_t[0]’ {aka ‘struct buf_ptr[]’}
[-Warray-bounds]
416 | e_len = (size > bufs[j].size) ?
| ~~~~~~~^~~~~
This patch resolves the warning.
Bugzilla ID: 861
Fixes: 9be415daf469 ("common/cpt: add common defines for microcode")
Fixes: b74652f3a91f ("common/cpt: add microcode interface for encryption")
Cc: stable@dpdk.org
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Reviewed-by: Anoob Joseph <anoobj@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>
Tested-by: David Marchand <david.marchand@redhat.com>
Response info may have valid sub_event_type. Pass this to the event
generated by CPT.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Reviewed-by: Shijith Thotton <sthotton@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>
Response info may have valid sub_event_type. Pass this to the event
generated by CPT.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Reviewed-by: Shijith Thotton <sthotton@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>
The value of ec_mdata cannot be NULL, instead check that value of
private_data_offset was set.
Coverity issue: 378861, 378865
Fixes: 97ebfda82910 ("crypto/cnxk: add event metadata set operation")
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
The microcode expects the IV to be in reverse of what is provided
by dpdk test app. Also the first 8 bytes of reversed IV is
compressed to 6 bytes.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>
The microcode expects zuc-256 key to be in reverse of what is
provided by dpdk test app. This patch swaps the zuc-256 key.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>
Add new packet type flags instead of overwriting.
Fixes: d04bb1c52647 ("examples/ipsec-secgw: use HW parsed packet type in poll mode")
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Added option to configure number of queue pair descriptors via command
line (--desc-nb NUMBER_OF_DESC).
When the crypto processing takes longer durations, small queue pair size
would result in cryptodev enqueue failures. Larger queue pair size would
allow more packets to stay in flight simultaneously and reduce enqueue
failures.
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Fix ESN option flag and initial value for the rte_ipsec library path.
Fixes: 560029d5cfc9 ("examples/ipsec-secgw: define initial ESN value")
Cc: stable@dpdk.org
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Fail IPSec ESN and antireplay cases, if there are no packets. Fixes
following warning when using optimization=1 build flag with GCC 11.
../app/test/test_cryptodev.c: In function ‘test_ipsec_pkt_replay’:
../app/test/test_cryptodev.c:10074:15: warning: ‘td_outb’ may be used uninitialized [-Wmaybe-uninitialized]
ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
&flags);
~~~~~~~
../app/test/test_cryptodev.c:9150:1: note: by argument 1 of type ‘const struct ipsec_test_data[]’ to ‘test_ipsec_proto_process’ declared here
test_ipsec_proto_process(const struct ipsec_test_data td[],
^~~~~~~~~~~~~~~~~~~~~~~~
../app/test/test_cryptodev.c:10056:32: note: ‘td_outb’ declared here
struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX];
^~~~~~~
Bugzilla ID: 1032
Fixes: d02c6bfcb99a ("test/crypto: add ESN and antireplay cases")
Cc: stable@dpdk.org
Reported-by: Daxue Gao <daxuex.gao@intel.com>
Signed-off-by: Rahul Lakkireddy <rahul.lakkireddy@chelsio.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Correct the length calculation used for NAT-T
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: stable@dpdk.org
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Use the proper IP protocol (UDP instead of ESP) and set the ports when
UDP encapsulation is enabled.
Fixes: 9ae86b4cfc77 ("examples/ipsec-secgw: support UDP encap for inline crypto")
Cc: stable@dpdk.org
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Fix the UDP header fields, wrong byte order used for src and dst port
and wrong offset used when updating UDP datagram length.
Fixes: 01eef5907fc3 ("ipsec: support NAT-T")
Cc: stable@dpdk.org
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Adding companion function common to ACC100/ACC101 which
can be called from bbdev-test when running from PF.
Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
The validation requirement is different for the two
devices.
Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Reviewed-by: Hernan Vargas <hernan.vargas@intel.com>
Added support for ACC101 as a derivative of ACC100.
Integrated in unified driver and reusing existing code when possible.
Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Cosmetic update to remove RTE_ prefix for a define
kept internal.
Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Catch exception in PMD in case of invalid input parameter.
Fixes: 5ad5060f8f7a ("baseband/acc100: add LDPC processing functions")
Cc: stable@dpdk.org
Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Update of the device configuration function from PF used for bbdev-test
to latest sequence for ACC199 PRQ device and matching version in
pf_bb_config 22.03.
Fixes: b17d70922d5d ("baseband/acc100: add configure function")
Cc: stable@dpdk.org
Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Reviewed-by: Hernan Vargas <hernan.vargas@intel.com>
ALIGNMENT_MASK is only used internally.
Besides it lacks a DPDK-related prefix.
Hide it from external eyes.
Fixes: f5472703c0bd ("eal: optimize aligned memcpy on x86")
Cc: stable@dpdk.org
Reported-by: Morten Brørup <mb@smartsharesystems.com>
Signed-off-by: David Marchand <david.marchand@redhat.com>
The function rte_pie_drop was attempting to do a random probability
drop, but because of incorrect usage of fixed point divide
it would always return 1.
Change to use new rte_drand() instead.
Fixes: 44c730b0e379 ("sched: add PIE based congestion management")
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Jasvinder Singh <jasvinder.singh@intel.com>
The qdelay variable is derived from and compared to 64 bit
value so it doesn't have to be floating point.
Fixes: 44c730b0e379 ("sched: add PIE based congestion management")
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Jasvinder Singh <jasvinder.singh@intel.com>
The PIE code and other applications can benefit from having a
fast way to get a random floating point value. This new function
is equivalent to drand() in the standard library.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Add support for toggling modes between ETH and CPRI on
newer MACs (RPM).
Signed-off-by: Tomasz Duszynski <tduszynski@marvell.com>
Reviewed-by: Jakub Palider <jpalider@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>
Layout of eth mode change command defined by firmware has been changed
recently. So in order to retain compatibility between ROC and firmware
update existing codebase.
Signed-off-by: Tomasz Duszynski <tduszynski@marvell.com>
Reviewed-by: Jakub Palider <jpalider@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>
