Move qat capabilities data into a memzone where it can be
shared by primary and secondary processes.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
As cryptodev driver_id is allocated per-process,
a corner case exists where binaries for primary and
secondary processes could have different driver_ids
if built differently. Add checking in qat PMD to catch and
handle the case where driver_ids are inconsistent.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch refactors qat data into structures
which are local to the process and structures which
are intended to be shared by primary and secondary
processes. This enables qat devices to be used by
multi process applications.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
HFN is set as a uint32_t but the value retrieved is
uint8_t. Fixed the type casting to get the correct value.
Fixes: bef594ec5cc8 ("crypto/dpaa2_sec: support PDCP offload")
Fixes: af61f0750948 ("crypto/dpaa2_sec: support scatter gather for proto offloads")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
The maximum length of job descriptor which is formed
is 13 words and hence rta_inline_query should take
care of the max descriptor(shared + job) lengths and
thus find out of the key can be referenced or immediate.
Fixes: 05b12700cd4c ("crypto/dpaa_sec: support null algos for protocol offload")
Fixes: 13273250eec5 ("crypto/dpaa2_sec: support AES-GCM and CTR")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
In case of RTA_SEC_ERA = 8, where the length of shared desc
is large for some of PDCP cases, the descriptor buffer cannot
hold 2 extra words when HFN override is enabled. As a result,
the descriptor fails.
This patch converts one of the keys from immediate key to
reference key hence reducing the length of the descriptor.
Fixes: 2e4cbdb4b2c2 ("crypto/dpaax_sec: support PDCP U-Plane with integrity")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Populate capabilities based on device features.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
This patch fixes the increment field of the AES-XTS cipher key size.
Fixes: 7d5ef3bb32cd ("crypto/qat: support XTS")
Cc: stable@dpdk.org
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This reverts commit 51f3e107aca23a1cbc1a5ad9fdce7921340307b5.
For SNOW and ZUC algos the offset value for enryption and decryption
is converted to bytes. Hence RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA
feature is not supported by the octeontx2 crypto pmd.
Fixes: 51f3e107aca2 ("crypto/octeontx2: enable non-byte aligned data")
Cc: stable@dpdk.org
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
This reverts commit 32b8f26adf8b26a55230408ff6adffd4b2327e52.
For SNOW and ZUC algos the offset value for enryption and decryption
is converted to bytes. Hence RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA
feature is not supported by the octeontx crypto pmd.
Fixes: 32b8f26adf8b ("crypto/octeontx: enable non-byte aligned data")
Cc: stable@dpdk.org
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
This patch sets the first 32 bytes of session private data
to zero. This prevents garbage data to be used in code logic.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
This patch sets the first 32 bytes of session private data
to zero. This prevents garbage data to be used in code logic.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Add support to the QAT SYM PMD for the DOCSIS protocol, through the
rte_security API. This, therefore, includes adding support for the
rte_security API to this PMD.
Signed-off-by: David Coyle <david.coyle@intel.com>
Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Add support to the AESNI-MB PMD for the DOCSIS protocol, through the
rte_security API. This, therefore, includes adding support for the
rte_security API to this PMD.
Signed-off-by: David Coyle <david.coyle@intel.com>
Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch adds the verification of the crypto session IOVA
that should be known (not zero) to proceed with the
session initialisation. In case of unknown IOVA
the error code -EINVAL is returned.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
ZUC, SNOW3G and KASUMI PMDs support Out-of-place operations,
but their feature flags did not reflect this.
Fixes: 2717246ecd7d ("cryptodev: replace mbuf scatter gather flag")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Now that all libraries have a single version, we can drop the empty
stable blocks that had been added when moving symbols from stable to
internal ABI.
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Introduce the RTE_LOG_REGISTER macro to avoid the code duplication
in the logtype registration process.
It is a wrapper macro for declaring the logtype, registering it and
setting its level in the constructor context.
Signed-off-by: Jerin Jacob <jerinj@marvell.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Sachin Saxena <sachin.saxena@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Some compilers raise an error when declaring a variable
in the middle of a function. This is a C99 allowance.
Even if DPDK switches globally to C99 or C11 standard,
the coding rules are for declarations at the beginning
of a block:
http://doc.dpdk.org/guides/contributing/coding_style.html#local-variables
This coding style is enforced by adding a check of
the common patterns like "for (int i;"
The occurrences of the checked pattern are fixed:
'for *(\(char\|u\?int\|unsigned\|s\?size_t\)'
In the file dpaa2_sparser.c, the fix is to remove the unused macros.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: David Marchand <david.marchand@redhat.com>
Some places were calling the meson function host_machine.system()
instead of the variables is_windows and is_linux defined
in config/meson.build.
At the same time, the missing "Linux restriction" reason is added to
pfe and octeontx2 crypto PMDs.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Currently rte_mcp_ptr_list is being shared as a variable
across libs. This is only used in control path.
This patch change it to a exported function based access.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
qman caam and pool portal ids are only used in control
path. This patch changes their inter library access to
function call instead of direct shared variable.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
This patch moves the internal symbols to INTERNAL sections
so that any change in them is not reported as ABI breakage.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Since it will check the feature mask before running out-of-place
test cases and the virtio-crypto device supports OOP_LB_IN_LB_OUT mode.
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
The OCTEON TX crypto PMD supports non-byte aligned data as
input for SNOW and ZUC algos. Adding the same to the feature list.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Session configure should return -ENOTSUP in case of unsupported xform
requests. Moving the validation of combinations out of cpt, as the
feature support will not be same across OCTEON TX and OCTEON TX2.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
The OCTEON TX2 crypto PMD supports non-byte aligned data as
input for SNOW and ZUC algos. Adding the same to the feature list.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
The caam_jr_enable_irqs() and caam_jr_disable_irqs() methods maybe return a
negative error. So use int instead of uint32_t int the functions.
Fixes: e7a45f3cc245 ("crypto/caam_jr: add UIO specific operations")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Gagandeep Singh <g.singh@nxp.com>
Zero is a valid fd. It will fail to check the fd if the fd is zero.
The "job_ring->uio_fd" is an fd, so define it as "int".
Fixes: e7a45f3cc245 ("crypto/caam_jr: add UIO specific operations")
Fixes: a5e1018d5e67 ("crypto/caam_jr: add routines to configure HW")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Gagandeep Singh <g.singh@nxp.com>
gcc 10 defaults to -fno-common and as a result when linking
with crypto drivers:
drivers/librte_pmd_dpaa_sec.a(crypto_dpaa_sec_dpaa_sec.c.o):
(.bss+0x4): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here
drivers/librte_pmd_dpaa2_sec.a(crypto_dpaa2_sec_dpaa2_sec_dpseci.c.o):
(.data+0x0): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here
This patch fixes the blunt workaround in the following commit.
Fixes: 50b03f3b8eaf ("drivers/crypto: disable gcc 10 no-common errors")
Bugzilla ID: 469
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Kevin Traynor <ktraynor@redhat.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Update the portal allocation failure log to print the thread id
as well.
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
The latest version of the Intel IPSec Multi-buffer library
adds an API to authenticate multiple buffers in parallel.
The PMD is modified to use this API, improving
performance of the ZUC-EIA3 algorithm.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Some wireless algos like SNOW, ZUC may support input
data in bits which are not byte aligned. However, not
all PMDs can support this requirement. Hence added a
new feature flag RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA
to identify which all PMDs can support non-byte aligned
data.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
gcc 10 defaults to -fno-common and as a result when linking
with crypto drivers:
drivers/librte_pmd_dpaa_sec.a(crypto_dpaa_sec_dpaa_sec.c.o):
(.bss+0x4): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here
drivers/librte_pmd_dpaa2_sec.a(crypto_dpaa2_sec_dpaa2_sec_dpseci.c.o):
(.data+0x0): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here
This is a blunt fix for the issue by enabling fcommon for
dpaa_sec/dpaa2_sec/caam_jr.
Bugzilla ID: 469
Cc: stable@dpdk.org
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The return values in cases of errors were not
specified properly. With this patch appropriate
error numbers are returned.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
The return values in cases of errors were not
specified properly. With this patch appropriate
error numbers are returned.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
gcc 10 defaults to fno-common and it reports:
crypto_kasumi_rte_kasumi_pmd_ops.c.o:(.data.rel+0x0):
multiple definition of `rte_kasumi_pmd_ops';
crypto_kasumi_rte_kasumi_pmd.c.o:(.bss+0x8): first defined here
Fix by making rte_kasumi_pmd_ops extern in the header file.
Fixes: 2773c86d061a ("crypto/kasumi: add driver for KASUMI library")
Cc: stable@dpdk.org
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch repairs 2 memory allocations issues:
1) possible leak of memory
In cryptodev_dpaa_sec_probe() function in case of portal
initialization failure, function exited without cleanup.
The patch redirects flow to out label, which provides
proper cleanup in case of error: freeing cryptodevice private
data and releasing cryptodevice.
2) double free of cryptodev private data
The function dpaa_sec_dev_init() in case of failure called
dpaa_sec_uninit() which freed both private data and security
context. However one layer above in cryptodev_dpaa_sec_probe()
function, the private data were freed one more time.
The patch limits cleanup of the dpaa_sec_dev_init() function
to freeing only the security context.
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch fixes management of memory for authentication
and encryption keys.
There were two issues with former state of implementation:
1) Invalid access to dpaa_sec_session union members
The dpaa_sec_session structure includes an anonymous union:
union {
struct {...} aead_key;
struct {
struct {...} cipher_key;
struct {...} auth_key;
};
};
Depending on the used algorithm a rte_zmalloc() function
allocated memory that was kept in aead_key, cipher_key
or auth_key. However every time the memory was released,
rte_free() was called only on cipher and auth keys, even
if pointer to allocated memory was stored in aead_key.
The C language specification defines such behavior as undefined.
As the cipher_key and aead_key are similar, have same sizes and
alignment, it has worked, but it's directly against C specification.
This patch fixes this, providing a free_session_data() function
to free the keys data. It verifies which algorithm was used
(aead or auth+cipher) and frees proper part of the union.
2) Some keys might have been freed multiple times
In functions like: dpaa_sec_cipher_init(), dpaa_sec_auth_init(),
dpaa_sec_chain_init(), dpaa_sec_aead_init() keys data were freed
before returning due to some error conditions. However the pointers
were not zeroed causing another calls to ret_free from higher
layers of code. This causes an error log about invalid memory address
to be printed.
This patch fixes it by making only one layer responsible for freeing
memory
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Offset of cd pointer is too big by state1size + state2size, so few extra
unnecessary bytes will be copied into cd. Snow offset was improved as well.
Fixes: d9b7d5bbc845 ("crypto/qat: add ZUC EEA3/EIA3 capability")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Zero is a valid fd. When ccp_probe_device() is failed, the uio_fd won't be
closed thus leading fd leak.
Fixes: ef4b04f87fa6 ("crypto/ccp: support device init")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Ravi Kumar <ravi1.kumar@amd.com>
When adding support for DOCSIS AES-256,
when setting the cipher parameters, all key sizes
were accepted, but only 128-bit and 256-bit keys
are supported.
Fixes: 9536622b86c8 ("crypto/aesni_mb: support DOCSIS AES-256")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Check if session is valid after getting operation
out of the internal IPSec MB manager, in case the
session has been freed while the operation was still
inside the manager.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch adds support for plain SHA-1, SHA-224, SHA-256,
SHA-384 and SHA-512 hashes to QAT PMD.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Add feature flag for symmetric sessionless support,
so it can be checked by applications.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Tested-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
