Enable cpu-crypto mode testing by adding dedicated environmental
variable CRYPTO_PRIM_TYPE. Setting it to 'type cpu-crypto' allows
to run test scenario with cpu crypto acceleration.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Add support for CPU accelerated crypto. 'cpu-crypto' SA type has
been introduced in configuration allowing to use abovementioned
acceleration.
Legacy mode is not currently supported.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Update library to handle CPU cypto security mode which utilizes
cryptodev's synchronous, CPU accelerated crypto operations.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Introduce CPU crypto action type allowing to differentiate between
regular async 'none security' and synchronous, CPU crypto accelerated
sessions.
This mode is similar to ACTION_TYPE_NONE but crypto processing is
performed synchronously on a CPU.
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add support for CPU crypto mode by introducing required handler.
Authenticated encryption and decryption are supported with tag
generation/verification.
CPU crypto support include both AES-GCM and GMAC algorithms.
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Add new API allowing to process crypto operations in a synchronous
manner. Operations are performed on a set of SG arrays.
Cryptodevs which allows CPU crypto operation mode have to
use RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO capability.
Add a helper method to easily convert mbufs to a SGL form.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
AES XTS support is added to fips application. Parse test-vectors
from input files, populate AES XTS tests and prepare AES XTS
operations for fips validation.
Signed-off-by: Abed Kamaluddin <akamaluddin@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
Cipher length need to be updated in case of AES-GCM decryption.
Fixes: 4aaad2995e13 ("examples/fips_validation: support GCM parsing")
Cc: stable@dpdk.org
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Tag type configuration for the inline processed packets is set during
ethdev configuration, it might conflict with tag type configuration
done during Rx adapter configuration which would be setup later.
This conflict is fixed as part of flow rule creation by updating
tag type config of inline same as Rx adapter configured tag type.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Added new flag for SECURITY in compiler optimized Tx fastpath
framework. With this, compiler autogenerates functions which
have security enabled.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
lookup_mem provides fast accessing of data path fields.
Storing sa indices in lookup_mem which are required in
inline rx data path.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Adding the infrastructure to save one opaque pointer in idev and
implement the consumer-producer in the PMDs which uses it accordingly.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
For enabling outbound inline IPsec, a CPT queue needs to be tied
to a NIX PF_FUNC. Distribute CPT queues fairly among all available
otx2 eth ports.
For inbound, one CPT LF will be assigned and initialized by kernel.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This routine returns true if given rte_eth_dev is security offload
capable and belongs to octeontx2.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Adding the new mbox introduced to configure CPT LF to be used for inline
inbound.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Set mbuf ptype in prepare_one_packet() after parsing ether_type.
Use mbuf ptype after to recognize packet's address family.
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Introduce SAD cache.
Stores the most recent SA in a per lcore cache.
Cache represents flat array containing SA's indexed by SPI.
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Get rid of maximum SP limitation.
Keep parsed SP's into the sorted by SPI value array.
Use binary search in the sorted SP array to find appropriate SP
for a given SPI.
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Get rid of maximum SA limitation.
Keep parsed SA's into the sorted by SPI value array.
Use binary search in the sorted SA array to find appropriate SA
for a given SPI.
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Integrate ipsec SAD support into secgw app:
1. Use SAD library for inbound SA lookup
2. Changes in struct sa_ctx:
- sa array allocates dynamically depending on number of configured sa
- All SA's are kept one by one without using SPI2IDX
3. SP's userdata now contain index of SA in sa_ctx instead of SPI
4. Get rid of SPI2IDX macro
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Add initial support for librte_ipsec SAD library
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Move IPSEC_SAD_NAMESIZE into public header
and rename it to RTE_IPSEC_SAD_NAMESIZE
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
This patch reorganize the members of a structure
used by driver in its data-path to improve
performance.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
DPAA sec driver is using virtual to physical address
translation in its data path and driver is using
dpaax_iova_table_update() API in every address translation
which is very costly.
This patch moves dpaax_iova_table_update() calling to rte_dpaa_mem_ptov(),
only if it fails to found translation from DPAAX table.
Fixes: 12e5842945bf ("crypto/dpaa_sec: fix IOVA table")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add a new CCP PCI device ID for supporting V1000/R1000 processors.
Signed-off-by: Selwin Sebastian <selwin.sebastian@amd.com>
Acked-by: Ravi Kumar <ravi1.kumar@amd.com>
This commit adds cycle-count mode to the compression perf tool.
The new mode enhances the compression performance tool to allow
cycle-count measurement of both hardware and softwate PMDs.
Signed-off-by: Artur Trybula <arturx.trybula@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Armv8 crypto PMD linked to armv8_crypto library created by Marvell.
Maintenance of armv8_crypto library will be discontinued.
Change Armv8 PMD to link to AArch64 crypto library hosted by Arm.
Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Reviewed-by: Honnappa Nagarahalli <honnappa.nagarahalli@arm.com>
Reviewed-by: Gavin Hu <gavin.hu@arm.com>
Reviewed-by: Ola Liljedahl <ola.liljedahl@arm.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch refactors most of unit tests to be contained in one
combined array, and run depending on the PMD capabilities instead of
providing multiple array with tests for individual PMDs.
Only a subset of unit tests was merged into one array - it combines
all tests originally meant to be run on these PMDs:
null, aesni_mb, aesni_gcm, openssl, qat, sw_snow3g, sw_kasumi, sw_zuc.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch adds capability checks to many tests meant to be run
in the future on various PMDs. This way the code is prepared for
more thorough refactoring in order to create one big central
unit tests array.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch gets rid of individual functions that all call
test_blockcipher_all_tests separately for every PMD and instead
provides just one set universal for all PMDs that's basing on the
driver id from the global variable gbl_driver_id.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Akhil Goyal <akhil.goyal@nxp.com>
Link against Intel IPsec Multi-buffer library, which
added support for SNOW3G-UEA2 and SNOW3G-UIA2 from version v0.53,
moving from libSSO SNOW3G library.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Link against Intel IPsec Multi-buffer library, which
added support for KASUMI-F8 and KASUMI-F9 from version v0.53,
moving from libSSO KASUMI library.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Link against Intel IPsec Multi-buffer library, which
added support for ZUC-EEA3 and ZUC-EIA3 from version v0.53,
moving from libSSO ZUC library.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch catches an overflow that could happen if an
invalid region size or page alignment is provided by the
guest via the VHOST_USER_SET_MEM_TABLE request.
If the sum of the size to mmap and the alignment overflows
uint64_t, then RTE_ALIGN_CEIL(mmap_size, alignment) macro
will return 0. This value was passed as is as size argument
to mmap().
While kernel handling of mmap() syscall returns an error
if size is 0, it is better to catch it earlier and provide
a meaningful error log.
Fixes: ec09c280b839 ("vhost: fix mmap not aligned with hugepage size")
Cc: stable@dpdk.org
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: Tiwei Bie <tiwei.bie@intel.com>
Consider a virtqueue ready when, apart from the descriptor area,
both event suppression areas have been mapped.
Fixes: 2d1541e2b6b3 ("vhost: add vring address setup for packed queues")
Cc: stable@dpdk.org
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Reviewed-by: Tiwei Bie <tiwei.bie@intel.com>
The current implementation of vhost_net in packed vring tries to fill
the shadow vector before send any actual changes to the guest. While
this can be beneficial for the throughput, it conflicts with some
bufferfloats methods like the linux kernel napi, that stops
transmitting packets if there are too much bytes/buffers in the
driver.
To solve it, we flush the shadow packets at the end of
virtio_dev_tx_packed if we have starved the vring, i.e. the next
buffer is not available for the device.
Since this last check can be expensive because of the atomic, we only
check it if we have not obtained the expected "count" packets. If it
happens to obtain "count" packets and there is no more available
packets the caller needs to keep call virtio_dev_tx_packed again.
Fixes: 31d6c6a5b820 ("vhost: optimize packed ring dequeue")
Cc: stable@dpdk.org
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
According to recvmsg() specification, 0 is a valid
return code when client is disconnecting.
Therefore, it should not be reported as error, unless there
are other dependencies that require message to not be empty.
But there are none, since the next immediate caller of recvmsg()
reports "vhost peer closed" info (not error) when message is empty.
This patch changes return code check for recvmsg() so that
misleading error message is not printed when the code is 0.
Fixes: 8f972312b8f4 ("vhost: support vhost-user")
Cc: stable@dpdk.org
Signed-off-by: Vitaliy Mysak <vitaliy.mysak@intel.com>
Reviewed-by: Tiwei Bie <tiwei.bie@intel.com>
The vhost_user_read_cb() and rte_vhost_driver_unregister()
can be called at the same time by 2 threads. Eg thread1
calls vhost_user_read_cb() and removes the vsocket from
conn_list, then thread2 calls rte_vhost_driver_unregister()
and frees the vsocket since it is NOT in the conn_list.
So thread1 will access invalid memory when trying to
reconnect.
The fix is to move the "removing of vsocket from conn_list"
to end of the vhost_user_read_cb(), then avoid the race
condition.
The core trace is:
Program terminated with signal 11, Segmentation fault.
Fixes: af1475918124 ("vhost: introduce API to start a specific driver")
Cc: stable@dpdk.org
Signed-off-by: Zhike Wang <wangzhike@jd.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
