This patch changes RSS rule destroy interface from ice_rem_vsi_rss_cfg()
to ice_rem_rss_cfg(). To coordinate with input set change, it should
destroy a specific flow rule but not all vsi cfg.
Fixes: 5ad3db8d4b ("net/ice: enable advanced RSS")
Signed-off-by: Simei Su <simei.su@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
RSS action validation function checks the queues included in RSS
to make sure they are valid.
A Queue is considered valid if the pointer to the queue (item at
location queue-index of RxQ array) is not a null value.
The queue indices are not checked. If a large value is entered as
queue index, using it as an index in RxQ array will result in a
pointer to memory out of array bounds. If this memory contains a
value which is not null, this queue will be wrongly considered valid.
This patch updates function mlx5_flow_validate_action_rss() with
check of the input queue indices, as done in function
mlx5_flow_validate_action_queue().
Fixes: 23c1d42c71 ("net/mlx5: split flow validation to dedicated function")
Cc: stable@dpdk.org
Signed-off-by: Dekel Peled <dekelp@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
Host adapter attributes are queried from kernel via multiple
DevX calls. The retrieved data were erroneously overwritten,
the order of querying is fixed.
Fixes: 6bc327b94f ("net/mlx5: fill meter capabilities using DevX")
Signed-off-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
As per current support, Scatter Gather is only supported
for out of place input and output buffers.
This patch add support for Scatter Gather for in-place buffers.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Fixes: f64adb6714 ("examples/fips_validation: support HMAC parsing")
Cc: stable@dpdk.org
This patch fixes the incorrect mbuf write and digest memory leak in
fips_validation authentication verify.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
AESNI MB and AESNI GCM PMDs were updated to support
latest IPSec Multi buffer library (v0.53), and the user guide
of hose drivers were updated but not release notes.
Fixes: 4b70152374 ("crypto/aesni_gcm: support in-place chained mbufs")
Fixes: d91dc58356 ("doc: support IPsec Multi-buffer lib v0.53")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Add missing BSD license tag to IPsec examples.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Update default configuration of ipsec-secgw:
1.In ep0.cfg change SPI value used by two inbound IPv6 security
policies from 15 to 115 and 16 to 116 to point to existing inbound
SAs. There are no inbound SAs with SPI value 15, 16.
- In ep1.cfg change SPI value used by two outbound IPv6 security
policies from 15 to 115 and 16 to 116 to point to existing outbound
SAs. There are no outbound SAs with SPI value 15, 16. Add missing
priority parameter in two inbound IPv4 security policies.
Fixes: 60a94afefc ("examples/ipsec-secgw: add sample configuration files")
Cc: stable@dpdk.org
Signed-off-by: Lukasz Bartosik <lbartosik@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
When resize a memory with next element, the original element size grows.
If the orginal element has padding, the real inner element size didn't
grow as well and this causes trailer verification failure when malloc
debug enabled.
Fixes: af75078fec ("first public release")
Cc: stable@dpdk.org
Signed-off-by: Xueming Li <xuemingl@mellanox.com>
Reviewed-by: Anatoly Burakov <anatoly.burakov@intel.com>
In rte_realloc, if the old element has pad and need to allocate a new
memory, the padding size was not deducted, so more data was copied to
new data area.
Fixes: af75078fec ("first public release")
Cc: stable@dpdk.org
Signed-off-by: Xueming Li <xuemingl@mellanox.com>
Reviewed-by: Anatoly Burakov <anatoly.burakov@intel.com>
Clang is the system compiler for FreeBSD and kernel module builds can fail
when built with gcc, e.g. when testing with test-meson-builds.sh.
Therefore, it's safer to always use clang to build the kmods since the
actual flags used are outside of DPDK's control and cannot be guaranteed to
work with all compilers.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
Set the install path for the kernel modules as /boot/modules. This may
ease the integration with the official FreeBSD ports system as all
components should be correctly located in the staging directory after
running "ninja install"
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
Add a travis job to build for 32-bit on 64-bit systems to catch additional
build errors, for example, incorrect use of printf specifiers with uint64_t
types.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Fix these as they are user visible. Found with codespell.
Fixes: af75078fec ("first public release")
Fixes: c2361bab70 ("eal: compute IOVA mode based on PA availability")
Fixes: 0880c40113 ("drivers: advertise kmod dependencies in pmdinfo")
Fixes: 56b6ef874f ("efd: new Elastic Flow Distributor library")
Fixes: 5a5f3178d4 ("power: return error when environment already set")
Cc: stable@dpdk.org
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Fix these as they are user visible. Found with codespell.
Fixes: bacaa27540 ("eal: add channel for multi-process communication")
Fixes: f05e26051c ("eal: add IPC asynchronous request")
Fixes: 0cbce3a167 ("vfio: skip DMA map failure if already mapped")
Fixes: 445c6528b5 ("power: common interface for guest and host")
Fixes: e6c6dc0f96 ("power: add p-state driver compatibility")
Fixes: 8f972312b8 ("vhost: support vhost-user")
Cc: stable@dpdk.org
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
The meson option has been missed when removing this code.
Fixes: 8e35792c53 ("eal: remove dead code on NUMA node detection")
Cc: stable@dpdk.org
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
The name in rte_kni_device_info is passed to the kernel, which allows
interface names with at most 16 bytes (IFNAMSIZ). rte_kni_alloc with a
longer name currently trigger a kernel BUG in alloc_netdev_mqs in
net/core/dev.c. Reduce RTE_KNI_NAMESIZE to prevent this situation.
Signed-off-by: Michael Pfeiffer <michael.pfeiffer@tu-ilmenau.de>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
Currently, mempool will check if IOVA is bad for a segment, and reject
the IOVA if hugepages are also enabled. This check is wrong because now
that we have external memory segments, they are allowed to have their
IOVA's to be invalid. This check also doesn't make much sense in the
first place, because the following code can handle bad IOVA's perfectly
well (and in fact, this check is not triggering a failure when
--no-huge option is enabled), so there is not much sense to check for
this in the first place.
Fixes: 950e8fb4e1 ("mem: allow registering external memory areas")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
Tested-by: Bo Chen <box.c.chen@intel.com>
Currently, when mempool is being populated, we get IOVA address
of every segment using rte_mem_virt2iova(). This works for internal
memory, but does not really work for external memory, and does not
work on platforms which return RTE_BAD_IOVA as a result of this
call (such as FreeBSD). Moreover, even when it works, the function
in question will do unnecessary pagewalks in IOVA as PA mode, as
it falls back to rte_mem_virt2phy() instead of just doing a lookup in
internal memseg table.
To fix it, replace the call to first attempt to look through the
internal memseg table (this takes care of internal and external memory),
and fall back to rte_mem_virt2iova() when unable to perform VA->IOVA
translation via memseg table.
Fixes: 66cc45e293 ("mem: replace memseg with memseg lists")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
Tested-by: Bo Chen <box.c.chen@intel.com>
Now that KNI supports VA (with kernel versions starting 4.6.0), we can
accept IOVA as VA, but KNI must be configured for this.
Pass iova_mode when creating KNI netdevs.
So far, IOVA detection policy forced IOVA as PA when KNI is loaded,
whatever the buses IOVA requirements were.
We can now use IOVA as VA, but this comes with a cost in KNI.
When no constraint is expressed by the buses, keep the current behavior
of choosing PA.
Note: this change supposes that dpdk is built on the same kernel than
the target system kernel; no objection has been expressed on this topic.
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
Signed-off-by: David Marchand <david.marchand@redhat.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>
Patch adds support for kernel module to work in IOVA = VA mode by
providing address translation routines to convert userspace VA to
kernel VA.
KNI performance using PA is not changed by this patch.
But comparing KNI using PA to KNI using VA, the latter will have lower
performance due to the cost of the added translation.
This translation is implemented only with kernel versions starting 4.6.0.
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>
When VHOST_USER_VRING_NOFD_MASK is set, the fd_num is 0,
so validate_msg_fds() will return error. In this case,
the negotiation of vring message between vhost user front end and
back end would fail, and as a result, vhost user link could NOT be up.
How to reproduce:
1.Run dpdk testpmd insides VM, which locates at host with ovs+dpdk.
2.Notice that inside ovs there are endless logs regarding failure to
handle VHOST_USER_SET_VRING_CALL, and link of vm could NOT be up.
Fixes: bf472259dd ("vhost: fix possible denial of service by leaking FDs")
Cc: stable@dpdk.org
Signed-off-by: Zhike Wang <wangzk320@163.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: Tiwei Bie <tiwei.bie@intel.com>
Shoot repeated words in all our guides.
Cc: stable@dpdk.org
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Align the description to what the code snippet shows.
Fixes: 0a92e63fc4 ("raw/ioat: add local API to perform copies")
Cc: stable@dpdk.org
Signed-off-by: Xiao Wang <xiao.w.wang@intel.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Using external explicit references to http://doc.dpdk.org makes older
releases documentation point to the current master documentation pages.
Switch to internal references.
Fixes: 59ad25fe21 ("doc: add overview of qat guide")
Fixes: 30e7fbd628 ("doc: add event timer adapter guide")
Fixes: b7f859c9a9 ("doc: add switch representation documentation")
Fixes: f714a18885 ("app/testbbdev: add test application for bbdev")
Cc: stable@dpdk.org
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
The OSS-security project functions as a single point of contact for
pre-release, embargoed security notifications. Distributions and major
vendors are subscribed to this private list, so that they can be warned
in advance and schedule the work required to fix the vulnerability.
List and link this process in the DPDK security process document.
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Caught while investigating timeouts on a ARM64 server.
Stracing a test process running the eal_flags_autotest, we can see that
the fork helper is checking all possible file descriptors from
getdtablesize() to 2, and close the existing ones.
We can do better by inspecting this forked process /proc/self/fd
directory.
Besides, checking file descriptors via /proc/self/fd only makes sense for
Linux. This code was a noop on FreeBSD.
Fixes: af75078fec ("first public release")
Cc: stable@dpdk.org
Signed-off-by: Krzysztof Kanas <kkanas@marvell.com>
Signed-off-by: David Marchand <david.marchand@redhat.com>
Tested-by: Krzysztof Kanas <kkanas@marvell.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Currently, the next address picked by PCI mapping infrastructure
may be page-unaligned due to BAR length being smaller than page size.
This leads to a situation where the requested map address is invalid,
resulting in mmap() call returning an arbitrary address,
which will later interfere with device BAR mapping in secondary processes.
Fix it by always aligning the next requested address on page boundary.
Fixes: c752998b5e ("pci: introduce library and driver")
Cc: stable@dpdk.org
Signed-off-by: Xiaofeng Deng <dengxiaofeng@huawei.com>
Signed-off-by: Wangyu (Eric) <seven.wangyu@huawei.com>
Acked-by: Wei Hu (Xavier) <xavier.huwei@huawei.com>
Acked-by: Min Hu (Connor) <humin29@huawei.com>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Gavin Hu <gavin.hu@arm.com>
The #ifdef to conditionally include <sys/socket.h> on BSD
is unnecessary. It is harmless to include the header on other
OS's. An extra include is better than an #ifdef.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
Caught when compiling this example with pkg-config:
## Building l2fwd
...
main.c: In function ‘main’:
main.c:716:3: warning: ‘rte_eth_dev_set_ptypes’ is deprecated: Symbol
is not yet part of stable ABI [-Wdeprecated-declarations]
716 | ret = rte_eth_dev_set_ptypes(portid, RTE_PTYPE_UNKNOWN, NULL,
| ^~~
In file included from main.c:38:
...build-x86-default/install-root/usr/local/include/rte_ethdev.h:2661:5:
note: declared here
2661 | int rte_eth_dev_set_ptypes(uint16_t port_id, uint32_t
ptype_mask,
| ^~~~~~~~~~~~~~~~~~~~~~
ln -sf l2fwd-shared build/l2fwd
Fixes: 9731df2e75 ("examples/l2fwd: disable packet type parsing")
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
A malicious Vhost-user master could send in loop hand-crafted
vhost-user messages containing more file descriptors the
vhost-user slave expects. Doing so causes the application using
the vhost-user library to run out of FDs.
This issue has been assigned CVE-2019-14818
Fixes: 8f972312b8 ("vhost: support vhost-user")
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
vhost_user_set_vring_num() performs multiple allocations
without checking whether data were previously allocated.
It may cause a denial of service because of the memory leaks
that happen if a malicious vhost-user master keeps sending
VHOST_USER_SET_VRING_NUM request until the slave runs out
of memory.
This issue has been assigned CVE-2019-14818
Fixes: b0a985d1f3 ("vhost: add dequeue zero copy")
Reported-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Updates to the ABI versioning guide, to account for the changes to the DPDK
ABI/API policy. Fixes for references to abi versioning and policy guides.
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: John McNamara <john.mcnamara@intel.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
This policy change introduces major ABI versions, these are
declared every year, typically aligned with the LTS release
and are supported by subsequent releases in the following year.
This change is intended to improve ABI stabilty for those projects
consuming DPDK.
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: John McNamara <john.mcnamara@intel.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
Separate versioning.rst into abi versioning and abi policy guidance, in
preparation for adding more detail to the abi policy. Add an entry to the
maintainer file for the abi policy.
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: John McNamara <john.mcnamara@intel.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
If there are no ports available to the guest cli application, it will
exit when setting up the default policy because it fails to set the mac
address. This should not be the case, as this example can be used for
many other use cases that do not need ports.
If ports not found, simply set nb_mac_to_monitor in the policy to zero
and continue.
Fixes: 70febdcfd6 ("examples: check status of getting MAC address")
Signed-off-by: David Hunt <david.hunt@intel.com>
Acked-by: Lei Yao <lei.a.yao@intel.com>
The branch ratio algorithm in the vm_power_manager sample application
can be very sensitive at patricular loads in a workload, causing
oscillations between min and max frequency. For example, if a
workload is at 50%, scaling up may change the ratio
enough that it immediately thinks it needs to scale down again.
This patch introduces a sliding window recording the scale up/down
direction for the last 32 samples, and scales up if any samples indicate
we should scale up, otherwise scale down. Each core has it's own window.
Fixes: 4b1a631b8a ("examples/vm_power: add oob monitoring functions")
Cc: stable@dpdk.org
Signed-off-by: David Hunt <david.hunt@intel.com>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
There is a rte_flow API which expands a RSS flow pattern to multiple
patterns according to the RSS hash types in the RSS action
configuration.
As part of the expansion, detection of the last item of the flow uses
the "next proto" field of the last configured item in the pattern list.
Wrongly, the mask of this field was not considered in order to validate
the field.
Ignore "next proto" fields when their corresponded masks invalidate them.
Fixes: fc2dd8dd49 ("ethdev: fix expand RSS flows")
Cc: stable@dpdk.org
Signed-off-by: Matan Azrad <matan@mellanox.com>
Acked-by: Xiaoyu Min <jackmin@mellanox.com>
Acked-by: Ori Kam <orika@mellanox.com>
This patch implements use of the API for LRO aggregated packet
max size.
It adds command-line and runtime commands to configure this value,
and adds option to show the supported value.
Documentation is updated accordingly.
Signed-off-by: Dekel Peled <dekelp@mellanox.com>
Acked-by: Bernard Iremonger <bernard.iremonger@intel.com>
Acked-by: Matan Azrad <matan@mellanox.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
This patch implements use of the API for LRO aggregated packet
max size.
Rx queue create is updated to use the relevant configuration.
Documentation is updated accordingly.
Signed-off-by: Dekel Peled <dekelp@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
This patch implements API for configuration and
validation of max size for LRO aggregated packet.
Signed-off-by: Dekel Peled <dekelp@mellanox.com>
Reviewed-by: Andrew Rybchenko <arybchenko@solarflare.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Matan Azrad <matan@mellanox.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
The struct rte_eventdev and rte_eventdev_data are supposed
to be used internally only, but there is a chance that
increasing their size would break ABI for some applications.
In order to allow smooth addition of features without breaking
ABI compatibility, some space is reserved.
Signed-off-by: Jerin Jacob <jerinj@marvell.com>
The JUMBO frame handling in dpaa2_dev_mtu_set api was not correct.
When frame_size is greater than RTE_ETHER_MAX_LEN, the
intention is to add JUMBO flag in rx offload while it was resetting
all other flags other than JUMBO as AND operator was used instead of OR.
Fixes: 0ebce6129b ("net/dpaa2: support new ethdev offload APIs")
Cc: stable@dpdk.org
Signed-off-by: Sachin Saxena <sachin.saxena@nxp.com>
Reviewed-by: Gagandeep Singh <g.singh@nxp.com>
In order to allow smooth addition of features without breaking
ABI compatibility, some space is reserved in several core structs
of ethdev API.
The struct rte_eth_dev and rte_eth_dev_data are supposed
to be used internally only, but there is a chance that
increasing their size would break ABI for some applications.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
Allow to configure the default MAC address of a VF
via its representor port in the host.
An API was proposed to specify explicitly the VF as a
target: https://patches.dpdk.org/patch/62176/
It has been rejected by the technical board in order to
keep compatibility with behavior in Intel PMDs.
http://mails.dpdk.org/archives/dev/2019-November/150588.html
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Signed-off-by: Raslan Darawsheh <rasland@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
Disable packey type parsing on port init, user can enable ptype parsing
by issuing set ptype command.
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>