DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH 00/13] Fixes and unit tests for librte_security
       [not found] <CGME20200312151708eucas1p2a80bb2ac0556c7d7efb3aedd83923e52@eucas1p2.samsung.com>
@ 2020-03-12 15:16 ` Lukasz Wojciechowski
       [not found]   ` <CGME20200312151708eucas1p2acee543b5f9d236b8e43cd4d1fbed489@eucas1p2.samsung.com>
                     ` (13 more replies)
  0 siblings, 14 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-03-12 15:16 UTC (permalink / raw)
  To: dev

Set of patches fix minor issues like proper verification of input parameters
and aligning documentation with code in the matter of return values.
Another fixed issue is invalid decrementation of the session counter which
might cause inconsistency between counter values and a true number of sessions.

All of these issues (and all the librte_security) code is covered with unit
tests. The tests are added to dpdk-test application and can be launched
with "security_autotest" command.

Lukasz Wojciechowski (13):
  librte_security: fix verification of parameters
  librte_security: fix return types in documentation
  librte_security: fix session counter
  app/test: fix macro definition
  app/test: introduce librte_security tests
  app/test: add rte_security_session_update tests
  app/test: add rte_security_session_get_size tests
  app/test: add rte_security_session_stats_get tests
  app/test: add rte_security_session_destroy tests
  app/test: add rte_security_set_pkt_metadata tests
  app/test: add rte_security_get_userdata tests
  app/test: add rte_security_capabilities_get tests
  app/test: add rte_security_capability_get tests

 app/test/Makefile                  |    2 +
 app/test/meson.build               |    3 +
 app/test/test.h                    |    4 +-
 app/test/test_security.c           | 2399 ++++++++++++++++++++++++++++
 lib/librte_security/rte_security.c |   70 +-
 lib/librte_security/rte_security.h |    8 +-
 6 files changed, 2464 insertions(+), 22 deletions(-)
 create mode 100644 app/test/test_security.c

-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH 01/13] librte_security: fix verification of parameters
       [not found]   ` <CGME20200312151708eucas1p2acee543b5f9d236b8e43cd4d1fbed489@eucas1p2.samsung.com>
@ 2020-03-12 15:16     ` Lukasz Wojciechowski
  2020-03-17 12:59       ` Anoob Joseph
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-03-12 15:16 UTC (permalink / raw)
  To: dev

This patch adds verification of the parameters to the ret_security API
functions. All required parameters are checked if they are not NULL.

Checks verify full chain of pointers, e.g. in case of verification of
"instance->ops->session_XXX", they check also "instance" and "instance->ops".

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Change-Id: I1724c926a1a0a13fd16d76f19842a0b40fbea1b2
---
 lib/librte_security/rte_security.c | 58 +++++++++++++++++++++++-------
 1 file changed, 45 insertions(+), 13 deletions(-)

diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index bc81ce15d..40a0e9ce5 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  * Copyright 2017 NXP.
  * Copyright(c) 2017 Intel Corporation.
+ * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
  */
 
 #include <rte_malloc.h>
@@ -9,6 +10,12 @@
 #include "rte_security.h"
 #include "rte_security_driver.h"
 
+/* Macro to check for invalid pointers */
+#define RTE_PTR_OR_ERR_RET(ptr, retval) do {	\
+	if ((ptr) == NULL)			\
+		return retval;			\
+} while (0)
+
 struct rte_security_session *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
@@ -16,10 +23,11 @@ rte_security_session_create(struct rte_security_ctx *instance,
 {
 	struct rte_security_session *sess = NULL;
 
-	if (conf == NULL)
-		return NULL;
-
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_create, NULL);
+	RTE_PTR_OR_ERR_RET(instance, NULL);
+	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
+	RTE_PTR_OR_ERR_RET(instance->ops->session_create, NULL);
+	RTE_PTR_OR_ERR_RET(conf, NULL);
+	RTE_PTR_OR_ERR_RET(mp, NULL);
 
 	if (rte_mempool_get(mp, (void **)&sess))
 		return NULL;
@@ -38,14 +46,20 @@ rte_security_session_update(struct rte_security_ctx *instance,
 			    struct rte_security_session *sess,
 			    struct rte_security_session_conf *conf)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_update, -ENOTSUP);
+	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
+	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
+	RTE_PTR_OR_ERR_RET(instance->ops->session_update, -ENOTSUP);
+	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
+	RTE_PTR_OR_ERR_RET(conf, -EINVAL);
 	return instance->ops->session_update(instance->device, sess, conf);
 }
 
 unsigned int
 rte_security_session_get_size(struct rte_security_ctx *instance)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
+	RTE_PTR_OR_ERR_RET(instance, 0);
+	RTE_PTR_OR_ERR_RET(instance->ops, 0);
+	RTE_PTR_OR_ERR_RET(instance->ops->session_get_size, 0);
 	return instance->ops->session_get_size(instance->device);
 }
 
@@ -54,7 +68,11 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
 			       struct rte_security_session *sess,
 			       struct rte_security_stats *stats)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_stats_get, -ENOTSUP);
+	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
+	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
+	RTE_PTR_OR_ERR_RET(instance->ops->session_stats_get, -ENOTSUP);
+	// Parameter sess can be NULL in case of getting global statistics.
+	RTE_PTR_OR_ERR_RET(stats, -EINVAL);
 	return instance->ops->session_stats_get(instance->device, sess, stats);
 }
 
@@ -64,7 +82,10 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 {
 	int ret;
 
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_destroy, -ENOTSUP);
+	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
+	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
+	RTE_PTR_OR_ERR_RET(instance->ops->session_destroy, -ENOTSUP);
+	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
 
 	if (instance->sess_cnt)
 		instance->sess_cnt--;
@@ -81,7 +102,11 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 			      struct rte_security_session *sess,
 			      struct rte_mbuf *m, void *params)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -ENOTSUP);
+	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
+	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
+	RTE_PTR_OR_ERR_RET(instance->ops->set_pkt_metadata, -ENOTSUP);
+	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
+	RTE_PTR_OR_ERR_RET(m, -EINVAL);
 	return instance->ops->set_pkt_metadata(instance->device,
 					       sess, m, params);
 }
@@ -91,7 +116,9 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
 {
 	void *userdata = NULL;
 
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
+	RTE_PTR_OR_ERR_RET(instance, NULL);
+	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
+	RTE_PTR_OR_ERR_RET(instance->ops->get_userdata, NULL);
 	if (instance->ops->get_userdata(instance->device, md, &userdata))
 		return NULL;
 
@@ -101,7 +128,9 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
 const struct rte_security_capability *
 rte_security_capabilities_get(struct rte_security_ctx *instance)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
+	RTE_PTR_OR_ERR_RET(instance, NULL);
+	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
+	RTE_PTR_OR_ERR_RET(instance->ops->capabilities_get, NULL);
 	return instance->ops->capabilities_get(instance->device);
 }
 
@@ -113,7 +142,10 @@ rte_security_capability_get(struct rte_security_ctx *instance,
 	const struct rte_security_capability *capability;
 	uint16_t i = 0;
 
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
+	RTE_PTR_OR_ERR_RET(instance, NULL);
+	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
+	RTE_PTR_OR_ERR_RET(instance->ops->capabilities_get, NULL);
+	RTE_PTR_OR_ERR_RET(idx, NULL);
 	capabilities = instance->ops->capabilities_get(instance->device);
 
 	if (capabilities == NULL)
@@ -121,7 +153,7 @@ rte_security_capability_get(struct rte_security_ctx *instance,
 
 	while ((capability = &capabilities[i++])->action
 			!= RTE_SECURITY_ACTION_TYPE_NONE) {
-		if (capability->action  == idx->action &&
+		if (capability->action == idx->action &&
 				capability->protocol == idx->protocol) {
 			if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC) {
 				if (capability->ipsec.proto ==
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH 02/13] librte_security: fix return types in documentation
       [not found]   ` <CGME20200312151708eucas1p12db7c8e402be03dd255d53114217dabd@eucas1p1.samsung.com>
@ 2020-03-12 15:16     ` Lukasz Wojciechowski
  2020-03-17 16:34       ` Anoob Joseph
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-03-12 15:16 UTC (permalink / raw)
  To: dev

Enhance returned values description for rte_security_session_destroy
and some other minor description changes.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Change-Id: Ic18ee9e76507f8888da1a0921b3a2a914a2434d2
---
 lib/librte_security/rte_security.h | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index ef47118fa..747830d67 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -378,7 +378,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
  * @param   conf	update configuration parameters
  * @return
  *  - On success returns 0
- *  - On failure return errno
+ *  - On failure returns a negative errno value.
  */
 __rte_experimental
 int
@@ -403,12 +403,14 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
  * return it to its original mempool.
  *
  * @param   instance	security instance
- * @param   sess	security session to freed
+ * @param   sess	security session to be freed
  *
  * @return
  *  - 0 if successful.
- *  - -EINVAL if session is NULL.
+ *  - -EINVAL if session or context instance is NULL.
  *  - -EBUSY if not all device private data has been freed.
+ *  - -ENOTSUP if destroying private data is not supported.
+ *  - other negative values in case of freeing private data errors.
  */
 int
 rte_security_session_destroy(struct rte_security_ctx *instance,
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH 03/13] librte_security: fix session counter
       [not found]   ` <CGME20200312151708eucas1p2536ef1df74b35ead436db85f8a5628b4@eucas1p2.samsung.com>
@ 2020-03-12 15:16     ` Lukasz Wojciechowski
  2020-03-17 17:08       ` Anoob Joseph
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-03-12 15:16 UTC (permalink / raw)
  To: dev

Fix session counter to be decreased in rte_security_session_destroy
only when session was successfully destoyed.

Formerly session counter was decreased prior session destroying
and returning session object to mempool. It remained decreased even
if session was not destroyed and mempool object released making counter
invalid.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Change-Id: I75ebfc26811ec2159b973fae36b2c9fb08868f11
---
 lib/librte_security/rte_security.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index 40a0e9ce5..74a314903 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -87,14 +87,16 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 	RTE_PTR_OR_ERR_RET(instance->ops->session_destroy, -ENOTSUP);
 	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
 
+	ret = instance->ops->session_destroy(instance->device, sess);
+	if (ret != 0)
+		return ret;
+
+	rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess);
+
 	if (instance->sess_cnt)
 		instance->sess_cnt--;
 
-	ret = instance->ops->session_destroy(instance->device, sess);
-	if (!ret)
-		rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess);
-
-	return ret;
+	return 0;
 }
 
 int
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH 04/13] app/test: fix macro definition
       [not found]   ` <CGME20200312151708eucas1p18d3cde72ccadf22d43b8907ab9de6d97@eucas1p1.samsung.com>
@ 2020-03-12 15:16     ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-03-12 15:16 UTC (permalink / raw)
  To: dev

Wrap RTE_TEST_TRACE_FAILURE macro definition into #ifndef clause
as it might be already defined.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Change-Id: I0da5c66d5a7ae369214acfdfd3f872c2fc417d19
---
 app/test/test.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/test/test.h b/app/test/test.h
index ac0c50616..8ac581cbc 100644
--- a/app/test/test.h
+++ b/app/test/test.h
@@ -22,7 +22,9 @@
 # define TEST_TRACE_FAILURE(_file, _line, _func)
 #endif
 
-#define RTE_TEST_TRACE_FAILURE TEST_TRACE_FAILURE
+#ifndef RTE_TEST_TRACE_FAILURE
+# define RTE_TEST_TRACE_FAILURE TEST_TRACE_FAILURE
+#endif
 
 #include <rte_test.h>
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH 05/13] app/test: introduce librte_security tests
       [not found]   ` <CGME20200312151709eucas1p2df38aed23b7445d3db7d4d3ea8fe3222@eucas1p2.samsung.com>
@ 2020-03-12 15:16     ` Lukasz Wojciechowski
  2020-04-01 17:09       ` Akhil Goyal
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-03-12 15:16 UTC (permalink / raw)
  To: dev

This patch introduces set of unit tests of librte_security API functions.
Tests are added to dpdk-test application and can be run with
"security_autotest" runtime command.

This is the first patch in the series of patches as adding all test cases
for all API functions in a single patch would make it unreadable.

This patch defines structure of the file and necessary test framework
initialization. It also contains first subset of unit tests for
rte_security_session_create API function.

Structure of the tests file is following:
- macros for making tests more readable;
- mockup structures and functions for rte_security_ops;
- test suite and test cases setup and teardown functions;
- tests functions;
- declaration of testcases.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Change-Id: I3a4585f56ef1a75b2984fcea3a3e4a30e4c2d8a6
---
 app/test/Makefile        |   2 +
 app/test/meson.build     |   3 +
 app/test/test_security.c | 670 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 675 insertions(+)
 create mode 100644 app/test/test_security.c

diff --git a/app/test/Makefile b/app/test/Makefile
index 1f080d162..153610a32 100644
--- a/app/test/Makefile
+++ b/app/test/Makefile
@@ -231,6 +231,8 @@ SRCS-$(CONFIG_RTE_LIBRTE_BPF) += test_bpf.c
 
 SRCS-$(CONFIG_RTE_LIBRTE_RCU) += test_rcu_qsbr.c test_rcu_qsbr_perf.c
 
+SRCS-$(CONFIG_RTE_LIBRTE_SECURITY) += test_security.c
+
 SRCS-$(CONFIG_RTE_LIBRTE_IPSEC) += test_ipsec.c
 SRCS-$(CONFIG_RTE_LIBRTE_IPSEC) += test_ipsec_sad.c
 ifeq ($(CONFIG_RTE_LIBRTE_IPSEC),y)
diff --git a/app/test/meson.build b/app/test/meson.build
index 0a2ce710f..89e4299fd 100644
--- a/app/test/meson.build
+++ b/app/test/meson.build
@@ -103,6 +103,7 @@ test_sources = files('commands.c',
 	'test_ring_perf.c',
 	'test_rwlock.c',
 	'test_sched.c',
+	'test_security.c',
 	'test_service_cores.c',
 	'test_spinlock.c',
 	'test_stack.c',
@@ -150,6 +151,7 @@ test_deps = ['acl',
 	'reorder',
 	'rib',
 	'ring',
+	'security',
 	'stack',
 	'timer'
 ]
@@ -209,6 +211,7 @@ fast_test_names = [
         'rwlock_rds_wrm_autotest',
         'rwlock_rde_wro_autotest',
         'sched_autotest',
+        'security_autotest',
         'spinlock_autotest',
         'stack_autotest',
         'stack_lf_autotest',
diff --git a/app/test/test_security.c b/app/test/test_security.c
new file mode 100644
index 000000000..885281703
--- /dev/null
+++ b/app/test/test_security.c
@@ -0,0 +1,670 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+
+#include <rte_errno.h>
+#include <rte_log.h>
+#include <rte_memory.h>
+#include <rte_mempool.h>
+#include <rte_security.h>
+#include <rte_security_driver.h>
+
+/* Before including rte_test.h file you can define
+ * RTE_TEST_TRACE_FAILURE(_file, _line, _func) macro to better trace/debug test
+ * failures. Mostly useful in development phase.
+ */
+#ifndef RTE_TEST_TRACE_FAILURE
+#define RTE_TEST_TRACE_FAILURE(_file, _line, _func) \
+	RTE_LOG(DEBUG, EAL, "in %s:%d %s\n", _file, _line, _func)
+#endif
+
+#include <rte_test.h>
+#include "test.h"
+
+/**
+ * Security
+ * =======
+ *
+ * Basic unit tests of the librte_security API.
+ *
+ * Structure of the file:
+ * - macros for making tests more readable;
+ * - mockup structures and functions for rte_security_ops;
+ * - test suite and test cases setup and teardown functions;
+ * - tests functions;
+ * - declaration of testcases.
+ */
+
+
+/**
+ * Macros
+ *
+ * Set of macros for making tests easier to read.
+ */
+
+/**
+ * Verify condition inside mocked up function.
+ * Mockup function cannot return a test error, so the failure
+ * of assertion increases counter and print logs.
+ * The counter can be verified later to check if test case should fail.
+ *
+ * @param   fail_counter	fail counter
+ * @param   cond	condition expected to be true
+ * @param   msg	printf style formatting string for custom message
+ */
+#define MOCK_TEST_ASSERT(fail_counter, cond, msg, ...) do {			\
+	if (!(cond)) {								\
+		fail_counter++;							\
+		RTE_LOG(DEBUG, EAL, "Test assert %s line %d failed: "		\
+				msg "\n", __func__, __LINE__, ##__VA_ARGS__);	\
+		RTE_TEST_TRACE_FAILURE(__FILE__, __LINE__, __func__);		\
+	}									\
+} while (0)
+
+/**
+ * Verify equality condition inside mocked up function.
+ * Mockup function cannot return a test error, so the failure
+ * of assertion increases counter and print logs.
+ * The counter can be verified later to check if test case should fail.
+ *
+ * @param   fail_counter	fail counter
+ * @param   a	first value of comparison
+ * @param   b	second value of comparison
+ * @param   msg	printf style formatting string for custom message
+ */
+#define MOCK_TEST_ASSERT_EQUAL(fail_counter, a, b, msg, ...)	\
+	MOCK_TEST_ASSERT(fail_counter, (a) == (b), msg, ##__VA_ARGS__)
+
+
+/**
+ * Verify if parameter of the mocked up function matches expected value.
+ * The expected value is stored in data structure in the field matching
+ * parameter name.
+ *
+ * @param   data	structure with expected values
+ * @param   parameter	name of the parameter (both field and parameter name)
+ * @param   spec	printf style spec for parameter
+ */
+#define MOCK_TEST_ASSERT_PARAMETER(data, parameter, spec)			\
+	MOCK_TEST_ASSERT_EQUAL(data.failed, data.parameter, parameter,		\
+			"Expecting parameter %s to be " spec " but it's " spec,	\
+			RTE_STR(parameter), data.parameter, parameter)
+
+/**
+ * Wrap for MOCK_TEST_ASSERT_PARAMETER macro for pointer type parameters.
+ *
+ * @param   data	structure with expected values
+ * @param   parameter	name of the parameter (both field and parameter name)
+ */
+#define MOCK_TEST_ASSERT_POINTER_PARAMETER(data, parameter)	\
+	MOCK_TEST_ASSERT_PARAMETER(data, parameter, "%p")
+
+/**
+ * Verify number of calls of the mocked up function
+ * and check if there were any fails during execution.
+ * The fails statistics inside mocked up functions are collected
+ * as "failed" field in mockup structures.
+ *
+ * @param   mock_data	structure with statistics (called, failed)
+ * @param   exp_calls	expected number of mockup function calls
+ */
+#define TEST_ASSERT_MOCK_CALLS(mock_data, exp_calls) do {		\
+	TEST_ASSERT_EQUAL(exp_calls, mock_data.called,			\
+			"Expecting sub op to be called %d times, "	\
+			"but it's called %d times",			\
+			exp_calls, mock_data.called);			\
+	TEST_ASSERT_EQUAL(0, mock_data.failed,				\
+			"Expecting sub op asserts not to fail, "	\
+			"but they're failed %d times",			\
+			mock_data.failed);				\
+} while (0)
+
+/**
+ * Assert tested function result match expected value
+ *
+ * @param   f_name	name of tested function
+ * @param   f_ret	value returned by the function
+ * @param   exp_ret	expected returned value
+ */
+#define TEST_ASSERT_MOCK_FUNCTION_CALL_RET(f_name, f_ret, exp_ret,			\
+		ret_spec) do {								\
+	TEST_ASSERT_EQUAL(exp_ret, f_ret, "Expecting " RTE_STR(f_name)			\
+			" to return " ret_spec ", but it returned " ret_spec "\n",	\
+			exp_ret, f_ret);						\
+} while (0)
+
+/**
+ * Assert tested function result is not NULL
+ *
+ * @param   f_name	name of tested function
+ * @param   f_ret	value returned by the function
+ */
+#define TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(f_name, f_ret) do {	\
+	TEST_ASSERT_NOT_NULL(f_ret, "Expecting " RTE_STR(f_name)	\
+			" to return not NULL\n");			\
+} while (0)
+
+/**
+ * Verify that sess_cnt counter value matches expected
+ *
+ * @param   expected_sessions_count	expected counter value
+ */
+#define TEST_ASSERT_SESSION_COUNT(expected_sessions_count) do {			\
+	struct security_unittest_params *ut_params = &unittest_params;		\
+	TEST_ASSERT_EQUAL(expected_sessions_count, ut_params->ctx.sess_cnt,	\
+			"Expecting session counter to be %u but it's %u",	\
+			expected_sessions_count, ut_params->ctx.sess_cnt);	\
+} while (0)
+
+/**
+ * Verify usage of mempool by checking if number of allocated objects matches
+ * expectations. The mempool is used to manage objects for sessions data.
+ * A single object is acquired from mempool during session_create
+ * and put back in session_destroy.
+ *
+ * @param   expected_mempool_usage	expected number of mempool objects in use
+ */
+#define TEST_ASSERT_MEMPOOL_USAGE(expected_mempool_usage) do {			\
+	struct security_testsuite_params *ts_params = &testsuite_params;	\
+	unsigned int mempool_usage;						\
+	mempool_usage = rte_mempool_in_use_count(ts_params->session_mpool);	\
+	TEST_ASSERT_EQUAL(expected_mempool_usage, mempool_usage,		\
+			"Expecting %u mempool allocations, "			\
+			"but there are %u allocated objects",			\
+			expected_mempool_usage, mempool_usage);			\
+} while (0)
+
+
+/**
+ * Mockup structures and functions for rte_security_ops;
+ *
+ * Set of structures for controlling mockup functions calls.
+ * Every mockup function X has its corresponding X_data structure
+ * and an instance of that structure X_exp.
+ * Structure contains parameters that a mockup function is expected
+ * to be called with, a value to return (.ret) and 2 statistics:
+ * .called (number of times the mockup function was called)
+ * and .failed (number of assertion fails during mockup function call).
+ *
+ * Mockup functions verify that the parameters they are called with match
+ * expected values. The expected values should be stored in corresponding
+ * structures prior to mockup functions call. Every failure of such
+ * verification increases .failed counter. Every call of mockup function
+ * increases .called counter. Function returns value stored in .ret field
+ * of the structure.
+ * In case of some parameters in some functions the expected value is unknown
+ * and cannot be detrmined prior to call. Such parameters are stored
+ * in structure and can be compared or analyzed later in test case code.
+ *
+ * Below structures and functions follow the rules just described.
+ * Additional remarks and exceptions are added in comments.
+ */
+
+/**
+ * session_create mockup
+ *
+ * Verified parameters: device, conf, mp.
+ * Saved, not verified parameters: sess.
+ */
+static struct mock_session_create_data {
+	void *device;
+	struct rte_security_session_conf *conf;
+	struct rte_security_session *sess;
+	struct rte_mempool *mp;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_session_create_exp = {NULL, NULL, NULL, NULL, 0, 0, 0};
+
+static int
+mock_session_create(void *device,
+		struct rte_security_session_conf *conf,
+		struct rte_security_session *sess,
+		struct rte_mempool *mp) {
+	mock_session_create_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, conf);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, mp);
+
+	mock_session_create_exp.sess = sess;
+
+	return mock_session_create_exp.ret;
+}
+
+/**
+ * session_destroy mockup
+ *
+ * Verified parameters: device, sess.
+ */
+static struct mock_session_destroy_data {
+	void *device;
+	struct rte_security_session *sess;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_session_destroy_exp = {NULL, NULL, 0, 0, 0};
+
+static int
+mock_session_destroy(void *device,
+		struct rte_security_session *sess) {
+	mock_session_destroy_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, device);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, sess);
+
+	return mock_session_destroy_exp.ret;
+}
+
+/**
+ * empty_ops
+ *
+ * is an empty security operations set (all function pointers set to NULL)
+ */
+struct rte_security_ops empty_ops = { NULL };
+
+/**
+ * mock_ops
+ *
+ * is a security operations set using mockup functions
+ */
+struct rte_security_ops mock_ops = {
+	.session_create = mock_session_create,
+	.session_destroy = mock_session_destroy,
+};
+
+
+/**
+ * Test suite and test cases setup and teardown functions.
+ */
+
+/**
+ * struct security_testsuite_params defines parameters initialized once
+ * for whole tests suite.
+ * Currently the only stored parameter is session_mpool a mempool created
+ * once in testsuite_setup and released in testsuite_teardown.
+ * The instance of this structure is stored in testsuite_params variable.
+ */
+static struct security_testsuite_params {
+	struct rte_mempool *session_mpool;
+} testsuite_params = { NULL };
+
+/**
+ * struct security_unittest_params defines parameters initialized
+ * for every test case. The parameters are initialized in ut_setup
+ * and released in ut_teardown.
+ * The instance of this structure is stored in unittest_params variable.
+ */
+static struct security_unittest_params {
+	struct rte_security_ctx ctx;
+	struct rte_security_session_conf conf;
+	struct rte_security_session *sess;
+} unittest_params = {
+	.ctx = {
+		.device = NULL,
+		.ops = &mock_ops,
+		.sess_cnt = 0,
+	},
+	.sess = NULL,
+};
+
+#define SECURITY_TEST_MEMPOOL_NAME "SecurityTestsMempoolName"
+#define SECURITY_TEST_MEMPOOL_SIZE 15
+#define SECURITY_TEST_SESSION_OBJECT_SIZE sizeof(struct rte_security_session)
+
+/**
+ * testsuite_setup initializes whole test suite parameters.
+ * It creates a new mempool used in all test cases
+ * and verifies if it properly created.
+ */
+static int
+testsuite_setup(void) {
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	ts_params->session_mpool = rte_mempool_create(
+			SECURITY_TEST_MEMPOOL_NAME,
+			SECURITY_TEST_MEMPOOL_SIZE,
+			SECURITY_TEST_SESSION_OBJECT_SIZE,
+			0, 0, NULL, NULL, NULL, NULL,
+			SOCKET_ID_ANY, 0);
+	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
+			"Cannot create mempool %s\n", rte_strerror(rte_errno));
+	return TEST_SUCCESS;
+}
+
+/**
+ * testsuite_teardown releases test suite wide parameters.
+ */
+static void
+testsuite_teardown(void) {
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	if (ts_params->session_mpool) {
+		rte_mempool_free(ts_params->session_mpool);
+		ts_params->session_mpool = NULL;
+	}
+}
+
+/**
+ * ut_setup initializes test case parameters to default values.
+ * It resets alse any .called and .failed statistics of mockup functions
+ * usage.
+ */
+static int
+ut_setup(void) {
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.device = NULL;
+	ut_params->ctx.ops = &mock_ops;
+	ut_params->ctx.sess_cnt = 0;
+	ut_params->sess = NULL;
+
+	mock_session_create_exp.called = 0;
+	mock_session_destroy_exp.called = 0;
+
+	mock_session_create_exp.failed = 0;
+	mock_session_destroy_exp.failed = 0;
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * destroy_session_with_check is a helper function releasing session
+ * created with rte_security_session_create and stored in test case parameters.
+ * It's used both to release sessions created in test cases' bodies
+ * which are assigned to ut_params->sess
+ */
+static int
+destroy_session_with_check(void) {
+	struct security_unittest_params *ut_params = &unittest_params;
+	if (ut_params->sess != NULL) {
+		//assure that mockup function for destroy operation is set.
+		ut_params->ctx.ops = &mock_ops;
+
+		mock_session_destroy_exp.device = NULL;
+		mock_session_destroy_exp.sess = ut_params->sess;
+		mock_session_destroy_exp.ret = 0;
+		mock_session_destroy_exp.called = 0;
+		mock_session_destroy_exp.failed = 0;
+
+		int ret = rte_security_session_destroy(&ut_params->ctx,
+				ut_params->sess);
+		TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+				ret, 0, "%d");
+		TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
+
+		ut_params->sess = NULL;
+	}
+	return TEST_SUCCESS;
+}
+
+/**
+ * ut_teardown releases test case parameters.
+ */
+static void
+ut_teardown(void) {
+	destroy_session_with_check();
+}
+
+
+/**
+ * Test functions
+ *
+ * Each test function is related to a single test case.
+ * They are arranged by tested rte_security API function
+ * and by rte_security execution paths sequence in code.
+ */
+
+/**
+ * rte_security_session_create tests
+ */
+
+/**
+ * Test execution of rte_security_session_create with NULL instance
+ */
+static int
+test_rte_security_session_create_inv_param_context(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	sess = rte_security_session_create(NULL, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_rte_security_session_create_inv_param_context_ops(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	ut_params->ctx.ops = NULL;
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create with empty
+ * security operations
+ */
+static int
+test_rte_security_session_create_inv_param_context_ops_fun(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	ut_params->ctx.ops = &empty_ops;
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create with NULL conf parameter
+ */
+static int
+test_rte_security_session_create_inv_param_configuration(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	sess = rte_security_session_create(&ut_params->ctx, NULL,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create with NULL mp parameter
+ */
+static int
+test_rte_security_session_create_inv_param_mempool(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create in case when mempool
+ * is fully used and no object can be got from it
+ */
+static int
+test_rte_security_session_create_mempool_empty(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
+	struct rte_security_session *sess;
+
+	// Get all available objects from mempool
+	int i, ret;
+	for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i) {
+		ret = rte_mempool_get(ts_params->session_mpool, (void **)(&tmp[i]));
+		TEST_ASSERT_EQUAL(0, ret,
+				"Expect getting %d object from mempool to succeed", i);
+	}
+	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	// Put objects back to the pool.
+	for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i) {
+		rte_mempool_put(ts_params->session_mpool, (void *)(tmp[i]));
+	}
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create when session_create
+ * security operation fails
+ */
+static int
+test_rte_security_session_create_ops_failure(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	mock_session_create_exp.device = NULL;
+	mock_session_create_exp.conf = &ut_params->conf;
+	mock_session_create_exp.mp = ts_params->session_mpool;
+	mock_session_create_exp.ret = -1;	// return failure status
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create in successful execution path
+ */
+static int
+test_rte_security_session_create_success(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	mock_session_create_exp.device = NULL;
+	mock_session_create_exp.conf = &ut_params->conf;
+	mock_session_create_exp.mp = ts_params->session_mpool;
+	mock_session_create_exp.ret = 0;	// return success status
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create, sess);
+	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
+			"Expecting session_create to be called with %p sess parameter, "
+			"but it's called %p sess parameter",
+			sess, mock_session_create_exp.sess);
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	// Store created session in test case parameters, so it can be released
+	// after test case in ut_teardown by destroy_session_with_check.
+	ut_params->sess = sess;
+
+	return TEST_SUCCESS;
+}
+
+
+/**
+ * Declaration of testcases
+ */
+static struct unit_test_suite security_testsuite  = {
+	.suite_name = "generic security",
+	.setup = testsuite_setup,
+	.teardown = testsuite_teardown,
+	.unit_test_cases = {
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_rte_security_session_create_inv_param_context),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_rte_security_session_create_inv_param_context_ops),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_rte_security_session_create_inv_param_context_ops_fun),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_rte_security_session_create_inv_param_configuration),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_rte_security_session_create_inv_param_mempool),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_rte_security_session_create_mempool_empty),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_rte_security_session_create_ops_failure),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_rte_security_session_create_success),
+
+		TEST_CASES_END() /**< NULL terminate unit test array */
+	}
+};
+
+static int
+test_security(void)
+{
+	rte_log_set_global_level(RTE_LOG_DEBUG);
+	rte_log_set_level(RTE_LOGTYPE_EAL, RTE_LOG_DEBUG);
+
+	return unit_test_suite_runner(&security_testsuite);
+}
+
+REGISTER_TEST_COMMAND(security_autotest, test_security);
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH 06/13] app/test: add rte_security_session_update tests
       [not found]   ` <CGME20200312151709eucas1p1a01f789059de888cb2d719526434e4f9@eucas1p1.samsung.com>
@ 2020-03-12 15:16     ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-03-12 15:16 UTC (permalink / raw)
  To: dev

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Change-Id: I3d5df17a33913a94e6ad6806de91c7157184e3b4
---
 app/test/test_security.c | 225 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 225 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index 885281703..cf13b8080 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -234,6 +234,35 @@ mock_session_create(void *device,
 	return mock_session_create_exp.ret;
 }
 
+/**
+ * session_update mockup
+ *
+ * Verified parameters: device, sess, conf.
+ */
+static struct mock_session_update_data {
+	void *device;
+	struct rte_security_session *sess;
+	struct rte_security_session_conf *conf;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_session_update_exp = {NULL, NULL, NULL, 0, 0, 0};
+
+static int
+mock_session_update(void *device,
+		struct rte_security_session *sess,
+		struct rte_security_session_conf *conf) {
+	mock_session_update_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_update_exp, device);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_update_exp, sess);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_update_exp, conf);
+
+	return mock_session_update_exp.ret;
+}
+
 /**
  * session_destroy mockup
  *
@@ -274,6 +303,7 @@ struct rte_security_ops empty_ops = { NULL };
  */
 struct rte_security_ops mock_ops = {
 	.session_create = mock_session_create,
+	.session_update = mock_session_update,
 	.session_destroy = mock_session_destroy,
 };
 
@@ -296,6 +326,7 @@ static struct security_testsuite_params {
 /**
  * struct security_unittest_params defines parameters initialized
  * for every test case. The parameters are initialized in ut_setup
+ * or ut_setup_with_session (depending on the testcase)
  * and released in ut_teardown.
  * The instance of this structure is stored in unittest_params variable.
  */
@@ -361,9 +392,11 @@ ut_setup(void) {
 	ut_params->sess = NULL;
 
 	mock_session_create_exp.called = 0;
+	mock_session_update_exp.called = 0;
 	mock_session_destroy_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
+	mock_session_update_exp.failed = 0;
 	mock_session_destroy_exp.failed = 0;
 
 	return TEST_SUCCESS;
@@ -374,6 +407,7 @@ ut_setup(void) {
  * created with rte_security_session_create and stored in test case parameters.
  * It's used both to release sessions created in test cases' bodies
  * which are assigned to ut_params->sess
+ * as well as sessions created in ut_setup_with_session.
  */
 static int
 destroy_session_with_check(void) {
@@ -407,6 +441,43 @@ ut_teardown(void) {
 	destroy_session_with_check();
 }
 
+/**
+ * ut_setup_with_session initializes test case parameters by
+ * - calling standard ut_setup,
+ * - creating a session that can be used in test case.
+ */
+static int
+ut_setup_with_session(void) {
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct rte_security_session *sess;
+
+	int ret = ut_setup();
+	if (ret != TEST_SUCCESS) {
+		return ret;
+	}
+
+	mock_session_create_exp.device = NULL;
+	mock_session_create_exp.conf = &ut_params->conf;
+	mock_session_create_exp.mp = ts_params->session_mpool;
+	mock_session_create_exp.ret = 0;
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create, sess);
+	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
+			"Expecting session_create to be called with %p sess parameter, "
+			"but it's called %p sess parameter",
+			sess, mock_session_create_exp.sess);
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
+
+	// store created session in test case parameters so it can be released
+	// after test case in ut_teardown by destroy_session_with_check.
+	ut_params->sess = sess;
+
+	return TEST_SUCCESS;
+}
+
 
 /**
  * Test functions
@@ -629,6 +700,145 @@ test_rte_security_session_create_success(void)
 }
 
 
+/**
+ * rte_security_session_update tests
+ */
+
+/**
+ * Test execution of rte_security_session_update with NULL instance
+ */
+static int
+test_rte_security_session_update_inv_param_context(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	int ret = rte_security_session_update(NULL, ut_params->sess,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_rte_security_session_update_inv_param_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = NULL;
+
+	int ret = rte_security_session_update(&ut_params->ctx, ut_params->sess,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update with empty
+ * security operations
+ */
+static int
+test_rte_security_session_update_inv_param_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = &empty_ops;
+
+	int ret = rte_security_session_update(&ut_params->ctx, ut_params->sess,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -ENOTSUP, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update with NULL conf parameter
+ */
+static int
+test_rte_security_session_update_inv_param_configuration(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	int ret = rte_security_session_update(&ut_params->ctx, ut_params->sess,
+			NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update with NULL sess parameter
+ */
+static int
+test_rte_security_session_update_inv_param_session(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	int ret = rte_security_session_update(&ut_params->ctx, NULL,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update when session_update
+ * security operation fails
+ */
+static int
+test_rte_security_session_update_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_update_exp.device = NULL;
+	mock_session_update_exp.sess = ut_params->sess;
+	mock_session_update_exp.conf = &ut_params->conf;
+	mock_session_update_exp.ret = -1;	// return failure status
+
+	int ret = rte_security_session_update(&ut_params->ctx, ut_params->sess,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -1, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update in successful execution path
+ */
+static int
+test_rte_security_session_update_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_update_exp.device = NULL;
+	mock_session_update_exp.sess = ut_params->sess;
+	mock_session_update_exp.conf = &ut_params->conf;
+	mock_session_update_exp.ret = 0;	// return success status
+
+	int ret = rte_security_session_update(&ut_params->ctx, ut_params->sess,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, 0, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -654,6 +864,21 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_rte_security_session_create_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_update_inv_param_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_update_inv_param_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_update_inv_param_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_update_inv_param_configuration),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_update_inv_param_session),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_update_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_update_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH 07/13] app/test: add rte_security_session_get_size tests
       [not found]   ` <CGME20200312151709eucas1p139311cecb925f566cbbf1444d14c31b1@eucas1p1.samsung.com>
@ 2020-03-12 15:16     ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-03-12 15:16 UTC (permalink / raw)
  To: dev

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Change-Id: I1d1238d38c0cca5ba9c14c8ba395a16d686ae110
---
 app/test/test_security.c | 131 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 131 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index cf13b8080..d4b3e9515 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -263,6 +263,29 @@ mock_session_update(void *device,
 	return mock_session_update_exp.ret;
 }
 
+/**
+ * session_get_size mockup
+ *
+ * Verified parameters: device.
+ */
+static struct mock_session_get_size_data {
+	void *device;
+
+	unsigned int ret;
+
+	int called;
+	int failed;
+} mock_session_get_size_exp = {NULL, 0U, 0, 0};
+
+static unsigned int
+mock_session_get_size(void *device) {
+	mock_session_get_size_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_get_size_exp, device);
+
+	return mock_session_get_size_exp.ret;
+}
+
 /**
  * session_destroy mockup
  *
@@ -304,6 +327,7 @@ struct rte_security_ops empty_ops = { NULL };
 struct rte_security_ops mock_ops = {
 	.session_create = mock_session_create,
 	.session_update = mock_session_update,
+	.session_get_size = mock_session_get_size,
 	.session_destroy = mock_session_destroy,
 };
 
@@ -393,10 +417,12 @@ ut_setup(void) {
 
 	mock_session_create_exp.called = 0;
 	mock_session_update_exp.called = 0;
+	mock_session_get_size_exp.called = 0;
 	mock_session_destroy_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
 	mock_session_update_exp.failed = 0;
+	mock_session_get_size_exp.failed = 0;
 	mock_session_destroy_exp.failed = 0;
 
 	return TEST_SUCCESS;
@@ -839,6 +865,100 @@ test_rte_security_session_update_success(void)
 }
 
 
+/**
+ * rte_security_session_get_size tests
+ */
+
+/**
+ * Test execution of rte_security_session_get_size with NULL instance
+ */
+static int
+test_rte_security_session_get_size_inv_param_context(void)
+{
+	unsigned int ret = rte_security_session_get_size(NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_get_size,
+			ret, 0, "%u");
+	TEST_ASSERT_MOCK_CALLS(mock_session_get_size_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_get_size with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_rte_security_session_get_size_inv_param_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = NULL;
+
+	unsigned int ret = rte_security_session_get_size(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_get_size,
+			ret, 0, "%u");
+	TEST_ASSERT_MOCK_CALLS(mock_session_get_size_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_get_size with empty
+ * security operations
+ */
+static int
+test_rte_security_session_get_size_inv_param_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = &empty_ops;
+
+	unsigned int ret = rte_security_session_get_size(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_get_size,
+			ret, 0, "%u");
+	TEST_ASSERT_MOCK_CALLS(mock_session_get_size_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_get_size when session_get_size
+ * security operation fails
+ */
+static int
+test_rte_security_session_get_size_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_get_size_exp.device = NULL;
+	mock_session_get_size_exp.ret = 0;
+
+	unsigned int ret = rte_security_session_get_size(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_get_size,
+			ret, 0, "%u");
+	TEST_ASSERT_MOCK_CALLS(mock_session_get_size_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_get_size in successful execution path
+ */
+static int
+test_rte_security_session_get_size_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_get_size_exp.device = NULL;
+	mock_session_get_size_exp.ret = 1024;
+
+	unsigned int ret = rte_security_session_get_size(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_get_size,
+			ret, 1024U, "%u");
+	TEST_ASSERT_MOCK_CALLS(mock_session_get_size_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -879,6 +999,17 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_rte_security_session_update_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_get_size_inv_param_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_get_size_inv_param_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_get_size_inv_param_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_get_size_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_get_size_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH 08/13] app/test: add rte_security_session_stats_get tests
       [not found]   ` <CGME20200312151709eucas1p15263f75e2ad73aa9b8d2fb2d4cf51439@eucas1p1.samsung.com>
@ 2020-03-12 15:16     ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-03-12 15:16 UTC (permalink / raw)
  To: dev

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Change-Id: Ib373d2e01aba2924e2f21ff2d5edfa1643e9eff4
---
 app/test/test_security.c | 172 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 172 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index d4b3e9515..647a2dd0a 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -286,6 +286,35 @@ mock_session_get_size(void *device) {
 	return mock_session_get_size_exp.ret;
 }
 
+/**
+ * session_stats_get mockup
+ *
+ * Verified parameters: device, sess, stats.
+ */
+static struct mock_session_stats_get_data {
+	void *device;
+	struct rte_security_session *sess;
+	struct rte_security_stats *stats;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_session_stats_get_exp = {NULL, NULL, NULL, 0, 0, 0};
+
+static int
+mock_session_stats_get(void *device,
+		struct rte_security_session *sess,
+		struct rte_security_stats *stats) {
+	mock_session_stats_get_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_stats_get_exp, device);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_stats_get_exp, sess);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_stats_get_exp, stats);
+
+	return mock_session_stats_get_exp.ret;
+}
+
 /**
  * session_destroy mockup
  *
@@ -328,6 +357,7 @@ struct rte_security_ops mock_ops = {
 	.session_create = mock_session_create,
 	.session_update = mock_session_update,
 	.session_get_size = mock_session_get_size,
+	.session_stats_get = mock_session_stats_get,
 	.session_destroy = mock_session_destroy,
 };
 
@@ -418,11 +448,13 @@ ut_setup(void) {
 	mock_session_create_exp.called = 0;
 	mock_session_update_exp.called = 0;
 	mock_session_get_size_exp.called = 0;
+	mock_session_stats_get_exp.called = 0;
 	mock_session_destroy_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
 	mock_session_update_exp.failed = 0;
 	mock_session_get_size_exp.failed = 0;
+	mock_session_stats_get_exp.failed = 0;
 	mock_session_destroy_exp.failed = 0;
 
 	return TEST_SUCCESS;
@@ -959,6 +991,133 @@ test_rte_security_session_get_size_success(void)
 }
 
 
+/**
+ * rte_security_session_stats_get tests
+ */
+
+/**
+ * Test execution of rte_security_session_stats_get with NULL instance
+ */
+static int
+test_rte_security_session_stats_get_inv_param_context(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_stats stats;
+
+	int ret = rte_security_session_stats_get(NULL, ut_params->sess, &stats);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_stats_get with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_rte_security_session_stats_get_inv_param_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_stats stats;
+	ut_params->ctx.ops = NULL;
+
+	int ret = rte_security_session_stats_get(&ut_params->ctx, ut_params->sess,
+			&stats);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_stats_get with empty
+ * security operations
+ */
+static int
+test_rte_security_session_stats_get_inv_param_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_stats stats;
+	ut_params->ctx.ops = &empty_ops;
+
+	int ret = rte_security_session_stats_get(&ut_params->ctx, ut_params->sess,
+			&stats);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, -ENOTSUP, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_stats_get with NULL stats parameter
+ */
+static int
+test_rte_security_session_stats_get_inv_param_stats(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	int ret = rte_security_session_stats_get(&ut_params->ctx, ut_params->sess,
+			NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_stats_get when session_stats_get
+ * security operation fails
+ */
+static int
+test_rte_security_session_stats_get_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_stats stats;
+
+	mock_session_stats_get_exp.device = NULL;
+	mock_session_stats_get_exp.sess = ut_params->sess;
+	mock_session_stats_get_exp.stats = &stats;
+	mock_session_stats_get_exp.ret = -1;
+
+	int ret = rte_security_session_stats_get(&ut_params->ctx, ut_params->sess,
+			&stats);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, -1, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_stats_get in successful execution
+ * path
+ */
+static int
+test_rte_security_session_stats_get_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_stats stats;
+
+	mock_session_stats_get_exp.device = NULL;
+	mock_session_stats_get_exp.sess = ut_params->sess;
+	mock_session_stats_get_exp.stats = &stats;
+	mock_session_stats_get_exp.ret = 0;
+
+	int ret = rte_security_session_stats_get(&ut_params->ctx, ut_params->sess,
+			&stats);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, 0, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -1010,6 +1169,19 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_rte_security_session_get_size_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_stats_get_inv_param_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_stats_get_inv_param_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_stats_get_inv_param_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_stats_get_inv_param_stats),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_stats_get_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_stats_get_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH 09/13] app/test: add rte_security_session_destroy tests
       [not found]   ` <CGME20200312151710eucas1p22f051449e6e7edeadefe65b66ffaed32@eucas1p2.samsung.com>
@ 2020-03-12 15:16     ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-03-12 15:16 UTC (permalink / raw)
  To: dev

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Change-Id: Id1543157b4ce89bd5ec07fc46ff67b65ec3b4a89
---
 app/test/test_security.c | 160 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 160 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index 647a2dd0a..dc11b96ff 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -1118,6 +1118,153 @@ test_rte_security_session_stats_get_success(void)
 }
 
 
+/**
+ * rte_security_session_destroy tests
+ */
+
+/**
+ * Test execution of rte_security_session_destroy with NULL instance
+ */
+static int
+test_rte_security_session_destroy_inv_param_context(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(NULL, ut_params->sess);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_destroy with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_rte_security_session_destroy_inv_param_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = NULL;
+
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(&ut_params->ctx, ut_params->sess);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_destroy with empty
+ * security operations
+ */
+static int
+test_rte_security_session_destroy_inv_param_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = &empty_ops;
+
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(&ut_params->ctx, ut_params->sess);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, -ENOTSUP, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_destroy with NULL sess parameter
+ */
+static int
+test_rte_security_session_destroy_inv_param_session(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(&ut_params->ctx, NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_destroy when session_destroy
+ * security operation fails
+ */
+static int
+test_rte_security_session_destroy_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_destroy_exp.device = NULL;
+	mock_session_destroy_exp.sess = ut_params->sess;
+	mock_session_destroy_exp.ret = -1;
+
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(&ut_params->ctx, ut_params->sess);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, -1, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_destroy in successful execution path
+ */
+static int
+test_rte_security_session_destroy_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_destroy_exp.device = NULL;
+	mock_session_destroy_exp.sess = ut_params->sess;
+	mock_session_destroy_exp.ret = 0;
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(&ut_params->ctx, ut_params->sess);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, 0, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	// Remove session from test case parameters, so it won't be destroyed
+	// during test case teardown.
+	ut_params->sess = NULL;
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -1182,6 +1329,19 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_rte_security_session_stats_get_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_destroy_inv_param_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_destroy_inv_param_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_destroy_inv_param_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_destroy_inv_param_session),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_destroy_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_session_destroy_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH 10/13] app/test: add rte_security_set_pkt_metadata tests
       [not found]   ` <CGME20200312151710eucas1p10124737620ec6414aa593e7fa67ee56b@eucas1p1.samsung.com>
@ 2020-03-12 15:16     ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-03-12 15:16 UTC (permalink / raw)
  To: dev

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Change-Id: Id5b4304e83a12443c62557c2a917125084e14f6b
---
 app/test/test_security.c | 204 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 204 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index dc11b96ff..fa9141f89 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -341,6 +341,38 @@ mock_session_destroy(void *device,
 	return mock_session_destroy_exp.ret;
 }
 
+/**
+ * set_pkt_metadata mockup
+ *
+ * Verified parameters: device, sess, m, params.
+ */
+static struct mock_set_pkt_metadata_data {
+	void *device;
+	struct rte_security_session *sess;
+	struct rte_mbuf *m;
+	void *params;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_set_pkt_metadata_exp = {NULL, NULL, NULL, NULL, 0, 0, 0};
+
+static int
+mock_set_pkt_metadata(void *device,
+		struct rte_security_session *sess,
+		struct rte_mbuf *m,
+		void *params) {
+	mock_set_pkt_metadata_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_set_pkt_metadata_exp, device);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_set_pkt_metadata_exp, sess);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_set_pkt_metadata_exp, m);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_set_pkt_metadata_exp, params);
+
+	return mock_set_pkt_metadata_exp.ret;
+}
+
 /**
  * empty_ops
  *
@@ -359,6 +391,7 @@ struct rte_security_ops mock_ops = {
 	.session_get_size = mock_session_get_size,
 	.session_stats_get = mock_session_stats_get,
 	.session_destroy = mock_session_destroy,
+	.set_pkt_metadata = mock_set_pkt_metadata,
 };
 
 
@@ -450,12 +483,14 @@ ut_setup(void) {
 	mock_session_get_size_exp.called = 0;
 	mock_session_stats_get_exp.called = 0;
 	mock_session_destroy_exp.called = 0;
+	mock_set_pkt_metadata_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
 	mock_session_update_exp.failed = 0;
 	mock_session_get_size_exp.failed = 0;
 	mock_session_stats_get_exp.failed = 0;
 	mock_session_destroy_exp.failed = 0;
+	mock_set_pkt_metadata_exp.failed = 0;
 
 	return TEST_SUCCESS;
 }
@@ -1265,6 +1300,160 @@ test_rte_security_session_destroy_success(void)
 }
 
 
+/**
+ * rte_security_set_pkt_metadata tests
+ */
+
+/**
+ * Test execution of rte_security_set_pkt_metadata with NULL instance
+ */
+static int
+test_rte_security_set_pkt_metadata_inv_param_context(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+
+	int ret = rte_security_set_pkt_metadata(NULL, ut_params->sess, &m,
+			&params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_set_pkt_metadata with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_rte_security_set_pkt_metadata_inv_param_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+	ut_params->ctx.ops = NULL;
+
+	int ret = rte_security_set_pkt_metadata(&ut_params->ctx, ut_params->sess,
+			&m, &params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_set_pkt_metadata with empty
+ * security operations
+ */
+static int
+test_rte_security_set_pkt_metadata_inv_param_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+	ut_params->ctx.ops = &empty_ops;
+
+	int ret = rte_security_set_pkt_metadata(&ut_params->ctx, ut_params->sess,
+			&m, &params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, -ENOTSUP, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_set_pkt_metadata with NULL sess parameter
+ */
+static int
+test_rte_security_set_pkt_metadata_inv_param_session(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+
+	int ret = rte_security_set_pkt_metadata(&ut_params->ctx, NULL,
+			&m, &params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_set_pkt_metadata with NULL m parameter
+ */
+static int
+test_rte_security_set_pkt_metadata_inv_param_m(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	int params;
+
+	int ret = rte_security_set_pkt_metadata(&ut_params->ctx, ut_params->sess,
+			NULL, &params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_set_pkt_metadata when set_pkt_metadata
+ * security operation fails
+ */
+static int
+test_rte_security_set_pkt_metadata_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+
+	mock_set_pkt_metadata_exp.device = NULL;
+	mock_set_pkt_metadata_exp.sess = ut_params->sess;
+	mock_set_pkt_metadata_exp.m = &m;
+	mock_set_pkt_metadata_exp.params = &params;
+	mock_set_pkt_metadata_exp.ret = -1;
+
+	int ret = rte_security_set_pkt_metadata(&ut_params->ctx, ut_params->sess,
+			&m, &params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, -1, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_set_pkt_metadata in successful execution path
+ */
+static int
+test_rte_security_set_pkt_metadata_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+
+	mock_set_pkt_metadata_exp.device = NULL;
+	mock_set_pkt_metadata_exp.sess = ut_params->sess;
+	mock_set_pkt_metadata_exp.m = &m;
+	mock_set_pkt_metadata_exp.params = &params;
+	mock_set_pkt_metadata_exp.ret = 0;
+
+	int ret = rte_security_set_pkt_metadata(&ut_params->ctx, ut_params->sess,
+			&m, &params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, 0, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -1342,6 +1531,21 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_rte_security_session_destroy_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_set_pkt_metadata_inv_param_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_set_pkt_metadata_inv_param_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_set_pkt_metadata_inv_param_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_set_pkt_metadata_inv_param_session),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_set_pkt_metadata_inv_param_m),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_set_pkt_metadata_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_set_pkt_metadata_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH 11/13] app/test: add rte_security_get_userdata tests
       [not found]   ` <CGME20200312151710eucas1p1c3590b55d00bea25b26539a560199b96@eucas1p1.samsung.com>
@ 2020-03-12 15:16     ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-03-12 15:16 UTC (permalink / raw)
  To: dev

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Change-Id: I310b40b7e3749efde96d27fe2b448410a33c51c4
---
 app/test/test_security.c | 178 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 178 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index fa9141f89..e8aba2870 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -75,6 +75,19 @@
 #define MOCK_TEST_ASSERT_EQUAL(fail_counter, a, b, msg, ...)	\
 	MOCK_TEST_ASSERT(fail_counter, (a) == (b), msg, ##__VA_ARGS__)
 
+/**
+ * Verify not null condition inside mocked up function.
+ * Mockup function cannot return a test error, so the failure
+ * of assertion increases counter and print logs.
+ * The counter can be verified later to check if test case should fail.
+ *
+ * @param   fail_counter	fail counter
+ * @param   val	value expected not to be NULL
+ * @param   msg	printf style formatting string for custom message
+ */
+#define MOCK_TEST_ASSERT_NOT_NULL(fail_counter, val, msg, ...)	\
+	MOCK_TEST_ASSERT(fail_counter, (val) != NULL, msg, ##__VA_ARGS__)
+
 
 /**
  * Verify if parameter of the mocked up function matches expected value.
@@ -99,6 +112,15 @@
 #define MOCK_TEST_ASSERT_POINTER_PARAMETER(data, parameter)	\
 	MOCK_TEST_ASSERT_PARAMETER(data, parameter, "%p")
 
+/**
+ * Wrap for MOCK_TEST_ASSERT_PARAMETER macro for uint64_t type parameters.
+ *
+ * @param   data	structure with expected values
+ * @param   parameter	name of the parameter (both field and parameter name)
+ */
+#define MOCK_TEST_ASSERT_U64_PARAMETER(data, parameter)	\
+	MOCK_TEST_ASSERT_PARAMETER(data, parameter, "%" PRIu64)
+
 /**
  * Verify number of calls of the mocked up function
  * and check if there were any fails during execution.
@@ -373,6 +395,42 @@ mock_set_pkt_metadata(void *device,
 	return mock_set_pkt_metadata_exp.ret;
 }
 
+/**
+ * get_userdata mockup
+ *
+ * Verified parameters: device, md.
+ * The userdata parameter works as an output parameter, so a passed address
+ * is verified not to be NULL and filled with userdata stored in structure.
+ */
+static struct mock_get_userdata_data {
+	void *device;
+	uint64_t md;
+	void *userdata;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_get_userdata_exp = {NULL, 0UL, NULL, 0, 0, 0};
+
+static int
+mock_get_userdata(void *device,
+		uint64_t md,
+		void **userdata) {
+	mock_get_userdata_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_get_userdata_exp, device);
+	MOCK_TEST_ASSERT_U64_PARAMETER(mock_get_userdata_exp, md);
+
+	MOCK_TEST_ASSERT_NOT_NULL(mock_get_userdata_exp.failed,
+			userdata,
+			"Expecting parameter userdata not to be NULL but it's %p",
+			userdata);
+	*userdata = mock_get_userdata_exp.userdata;
+
+	return mock_get_userdata_exp.ret;
+}
+
 /**
  * empty_ops
  *
@@ -392,6 +450,7 @@ struct rte_security_ops mock_ops = {
 	.session_stats_get = mock_session_stats_get,
 	.session_destroy = mock_session_destroy,
 	.set_pkt_metadata = mock_set_pkt_metadata,
+	.get_userdata = mock_get_userdata,
 };
 
 
@@ -484,6 +543,7 @@ ut_setup(void) {
 	mock_session_stats_get_exp.called = 0;
 	mock_session_destroy_exp.called = 0;
 	mock_set_pkt_metadata_exp.called = 0;
+	mock_get_userdata_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
 	mock_session_update_exp.failed = 0;
@@ -491,6 +551,7 @@ ut_setup(void) {
 	mock_session_stats_get_exp.failed = 0;
 	mock_session_destroy_exp.failed = 0;
 	mock_set_pkt_metadata_exp.failed = 0;
+	mock_get_userdata_exp.failed = 0;
 
 	return TEST_SUCCESS;
 }
@@ -1454,6 +1515,112 @@ test_rte_security_set_pkt_metadata_success(void)
 }
 
 
+/**
+ * rte_security_get_userdata tests
+ */
+
+/**
+ * Test execution of rte_security_get_userdata with NULL instance
+ */
+static int
+test_rte_security_get_userdata_inv_param_context(void)
+{
+	uint64_t md = 0xDEADBEEF;
+
+	void* ret = rte_security_get_userdata(NULL, md);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_get_userdata with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_rte_security_get_userdata_inv_param_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	uint64_t md = 0xDEADBEEF;
+	ut_params->ctx.ops = NULL;
+
+	void* ret = rte_security_get_userdata(&ut_params->ctx, md);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_get_userdata with empty
+ * security operations
+ */
+static int
+test_rte_security_get_userdata_inv_param_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	uint64_t md = 0xDEADBEEF;
+	ut_params->ctx.ops = &empty_ops;
+
+	void* ret = rte_security_get_userdata(&ut_params->ctx, md);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_get_userdata when get_userdata
+ * security operation fails
+ */
+static int
+test_rte_security_get_userdata_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	uint64_t md = 0xDEADBEEF;
+	void *userdata = (void*)0x7E577E57;
+
+	mock_get_userdata_exp.device = NULL;
+	mock_get_userdata_exp.md = md;
+	mock_get_userdata_exp.userdata = userdata;
+	mock_get_userdata_exp.ret = -1;
+
+	void* ret = rte_security_get_userdata(&ut_params->ctx, md);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_get_userdata in successful execution path
+ */
+static int
+test_rte_security_get_userdata_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	uint64_t md = 0xDEADBEEF;
+	void *userdata = (void*)0x7E577E57;
+
+	mock_get_userdata_exp.device = NULL;
+	mock_get_userdata_exp.md = md;
+	mock_get_userdata_exp.userdata = userdata;
+	mock_get_userdata_exp.ret = 0;
+
+	void* ret = rte_security_get_userdata(&ut_params->ctx, md);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
+			ret, userdata, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -1546,6 +1713,17 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_rte_security_set_pkt_metadata_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_get_userdata_inv_param_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_get_userdata_inv_param_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_get_userdata_inv_param_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_get_userdata_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_get_userdata_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH 12/13] app/test: add rte_security_capabilities_get tests
       [not found]   ` <CGME20200312151710eucas1p21882b138d4fd79753f993c30c997e615@eucas1p2.samsung.com>
@ 2020-03-12 15:16     ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-03-12 15:16 UTC (permalink / raw)
  To: dev

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Change-Id: Iaa273d1b4e663a6238ad67bbf0ec6dd40c21d075
---
 app/test/test_security.c | 137 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 137 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index e8aba2870..895e4a03e 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -431,6 +431,29 @@ mock_get_userdata(void *device,
 	return mock_get_userdata_exp.ret;
 }
 
+/**
+ * capabilities_get mockup
+ *
+ * Verified parameters: device.
+ */
+static struct mock_capabilities_get_data {
+	void *device;
+
+	struct rte_security_capability * ret;
+
+	int called;
+	int failed;
+} mock_capabilities_get_exp = {NULL, NULL, 0, 0};
+
+static const struct rte_security_capability *
+mock_capabilities_get(void *device) {
+	mock_capabilities_get_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_capabilities_get_exp, device);
+
+	return mock_capabilities_get_exp.ret;
+}
+
 /**
  * empty_ops
  *
@@ -451,6 +474,7 @@ struct rte_security_ops mock_ops = {
 	.session_destroy = mock_session_destroy,
 	.set_pkt_metadata = mock_set_pkt_metadata,
 	.get_userdata = mock_get_userdata,
+	.capabilities_get = mock_capabilities_get,
 };
 
 
@@ -544,6 +568,7 @@ ut_setup(void) {
 	mock_session_destroy_exp.called = 0;
 	mock_set_pkt_metadata_exp.called = 0;
 	mock_get_userdata_exp.called = 0;
+	mock_capabilities_get_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
 	mock_session_update_exp.failed = 0;
@@ -552,6 +577,7 @@ ut_setup(void) {
 	mock_session_destroy_exp.failed = 0;
 	mock_set_pkt_metadata_exp.failed = 0;
 	mock_get_userdata_exp.failed = 0;
+	mock_capabilities_get_exp.failed = 0;
 
 	return TEST_SUCCESS;
 }
@@ -1621,6 +1647,106 @@ test_rte_security_get_userdata_success(void)
 }
 
 
+/**
+ * rte_security_capabilities_get tests
+ */
+
+/**
+ * Test execution of rte_security_capabilities_get with NULL instance
+ */
+static int
+test_rte_security_capabilities_get_inv_param_context(void)
+{
+	const struct rte_security_capability *ret;
+	ret = rte_security_capabilities_get(NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capabilities_get with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_rte_security_capabilities_get_inv_param_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = NULL;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capabilities_get(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capabilities_get with empty
+ * security operations
+ */
+static int
+test_rte_security_capabilities_get_inv_param_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = &empty_ops;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capabilities_get(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capabilities_get when capabilities_get
+ * security operation fails
+ */
+static int
+test_rte_security_capabilities_get_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = NULL;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capabilities_get(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capabilities_get in successful execution path
+ */
+static int
+test_rte_security_capabilities_get_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability capabilities;
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = &capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capabilities_get(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get,
+			ret, &capabilities, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -1724,6 +1850,17 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_rte_security_get_userdata_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capabilities_get_inv_param_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capabilities_get_inv_param_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capabilities_get_inv_param_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capabilities_get_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capabilities_get_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH 13/13] app/test: add rte_security_capability_get tests
       [not found]   ` <CGME20200312151710eucas1p1fd5b1484c9ee807327d2d34511a47a12@eucas1p1.samsung.com>
@ 2020-03-12 15:16     ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-03-12 15:16 UTC (permalink / raw)
  To: dev

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Change-Id: I228cba78333b54aee3b50e89709b438e45f374db
---
 app/test/test_security.c | 522 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 522 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index 895e4a03e..d28bab16a 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -1747,6 +1747,497 @@ test_rte_security_capabilities_get_success(void)
 }
 
 
+/**
+ * rte_security_capability_get tests
+ */
+
+/**
+ * Test execution of rte_security_capability_get with NULL instance
+ */
+static int
+test_rte_security_capability_get_inv_param_context(void)
+{
+	struct rte_security_capability_idx idx;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(NULL, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_rte_security_capability_get_inv_param_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx;
+	ut_params->ctx.ops = NULL;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get with empty
+ * security operations
+ */
+static int
+test_rte_security_capability_get_inv_param_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx;
+	ut_params->ctx.ops = &empty_ops;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get with NULL idx parameter
+ */
+static int
+test_rte_security_capability_get_inv_param_idx(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities_get
+ * security operation fails
+ */
+static int
+test_rte_security_capability_get_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx;
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = NULL;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * is empty (contains only RTE_SECURITY_ACTION_TYPE_NONE ending entry)
+ */
+static int
+test_rte_security_capability_get_empty_table(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx;
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching action
+ */
+static int
+test_rte_security_capability_get_no_matching_action(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching protocol
+ */
+static int
+test_rte_security_capability_get_no_matching_protocol(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when macsec protocol
+ * is searched and capabilities table contain proper entry.
+ * However macsec records search is not supported in rte_security.
+ */
+static int
+test_rte_security_capability_get_no_support_for_macsec(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching ipsec proto field
+ */
+static int
+test_rte_security_capability_get_ipsec_mismatch_proto(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+			.ipsec = {
+				.proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching ipsec mode field
+ */
+static int
+test_rte_security_capability_get_ipsec_mismatch_mode(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+			.ipsec = {
+				.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+				.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching ipsec direction field
+ */
+static int
+test_rte_security_capability_get_ipsec_mismatch_direction(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+			.ipsec = {
+				.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+				.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+				.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * contains matching ipsec entry
+ */
+static int
+test_rte_security_capability_get_ipsec_match(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+			.ipsec = {
+				.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+				.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+				.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, &capabilities[1], "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching pdcp domain field
+ */
+static int
+test_rte_security_capability_get_pdcp_mismatch_domain(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp = {
+			.domain = RTE_SECURITY_PDCP_MODE_CONTROL,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+			.pdcp = {
+				.domain = RTE_SECURITY_PDCP_MODE_DATA,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * contains matching pdcp entry
+ */
+static int
+test_rte_security_capability_get_pdcp_match(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp = {
+			.domain = RTE_SECURITY_PDCP_MODE_CONTROL,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+			.pdcp = {
+				.domain = RTE_SECURITY_PDCP_MODE_CONTROL,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, &capabilities[1], "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
 /**
  * Declaration of testcases
  */
@@ -1861,6 +2352,37 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_rte_security_capabilities_get_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capability_get_inv_param_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capability_get_inv_param_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capability_get_inv_param_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capability_get_inv_param_idx),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capability_get_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capability_get_empty_table),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capability_get_no_matching_action),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capability_get_no_matching_protocol),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capability_get_no_support_for_macsec),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capability_get_ipsec_mismatch_proto),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capability_get_ipsec_mismatch_mode),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capability_get_ipsec_mismatch_direction),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capability_get_ipsec_match),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capability_get_pdcp_mismatch_domain),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_rte_security_capability_get_pdcp_match),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH 01/13] librte_security: fix verification of parameters
  2020-03-12 15:16     ` [dpdk-dev] [PATCH 01/13] librte_security: fix verification of parameters Lukasz Wojciechowski
@ 2020-03-17 12:59       ` Anoob Joseph
  2020-04-03 18:36         ` Lukasz Wojciechowski
  0 siblings, 1 reply; 80+ messages in thread
From: Anoob Joseph @ 2020-03-17 12:59 UTC (permalink / raw)
  To: Lukasz Wojciechowski, dev
  Cc: Narayana Prasad Raju Athreya, Lukas Bartosik [C]

Hi Lukasz,

Please see inline.

Thanks,
Anoob

> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Lukasz Wojciechowski
> Sent: Thursday, March 12, 2020 8:47 PM
> To: dev@dpdk.org
> Subject: [dpdk-dev] [PATCH 01/13] librte_security: fix verification of parameters

[Anoob] I believe the title has to be: "security: fix verification of parameters"

Also, you can add "Fixes" as well.
 
> 
> This patch adds verification of the parameters to the ret_security API functions.
> All required parameters are checked if they are not NULL.
> 
> Checks verify full chain of pointers, e.g. in case of verification of "instance->ops-
> >session_XXX", they check also "instance" and "instance->ops".
> 
> Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
> Change-Id: I1724c926a1a0a13fd16d76f19842a0b40fbea1b2
> ---
>  lib/librte_security/rte_security.c | 58 +++++++++++++++++++++++-------
>  1 file changed, 45 insertions(+), 13 deletions(-)
> 
> diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
> index bc81ce15d..40a0e9ce5 100644
> --- a/lib/librte_security/rte_security.c
> +++ b/lib/librte_security/rte_security.c
> @@ -1,6 +1,7 @@
>  /* SPDX-License-Identifier: BSD-3-Clause
>   * Copyright 2017 NXP.
>   * Copyright(c) 2017 Intel Corporation.
> + * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
>   */
> 
>  #include <rte_malloc.h>
> @@ -9,6 +10,12 @@
>  #include "rte_security.h"
>  #include "rte_security_driver.h"
> 
> +/* Macro to check for invalid pointers */
> +#define RTE_PTR_OR_ERR_RET(ptr, retval) do {	\
> +	if ((ptr) == NULL)			\
> +		return retval;			\
> +} while (0)
> +
>  struct rte_security_session *
>  rte_security_session_create(struct rte_security_ctx *instance,
>  			    struct rte_security_session_conf *conf, @@ -16,10
> +23,11 @@ rte_security_session_create(struct rte_security_ctx *instance,  {
>  	struct rte_security_session *sess = NULL;
> 
> -	if (conf == NULL)
> -		return NULL;
> -
> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_create, NULL);
> +	RTE_PTR_OR_ERR_RET(instance, NULL);
> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
> +	RTE_PTR_OR_ERR_RET(instance->ops->session_create, NULL);

[Anoob] The above three lines are repeated for every op NULL check. Can we introduce one macro for doing all the three checks? In case if it doesn't come off well, we can stick to individual checks.
 
> +	RTE_PTR_OR_ERR_RET(conf, NULL);
> +	RTE_PTR_OR_ERR_RET(mp, NULL);
> 
>  	if (rte_mempool_get(mp, (void **)&sess))
>  		return NULL;
> @@ -38,14 +46,20 @@ rte_security_session_update(struct rte_security_ctx
> *instance,
>  			    struct rte_security_session *sess,
>  			    struct rte_security_session_conf *conf)  {
> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_update, -
> ENOTSUP);
> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
> +	RTE_PTR_OR_ERR_RET(instance->ops->session_update, -ENOTSUP);
> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
> +	RTE_PTR_OR_ERR_RET(conf, -EINVAL);
>  	return instance->ops->session_update(instance->device, sess, conf);  }
> 
>  unsigned int
>  rte_security_session_get_size(struct rte_security_ctx *instance)  {
> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
> +	RTE_PTR_OR_ERR_RET(instance, 0);
> +	RTE_PTR_OR_ERR_RET(instance->ops, 0);
> +	RTE_PTR_OR_ERR_RET(instance->ops->session_get_size, 0);
>  	return instance->ops->session_get_size(instance->device);
>  }
> 
> @@ -54,7 +68,11 @@ rte_security_session_stats_get(struct rte_security_ctx
> *instance,
>  			       struct rte_security_session *sess,
>  			       struct rte_security_stats *stats)  {
> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_stats_get, -
> ENOTSUP);
> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
> +	RTE_PTR_OR_ERR_RET(instance->ops->session_stats_get, -ENOTSUP);
> +	// Parameter sess can be NULL in case of getting global statistics.

[Anoob] Checkpatch error.
ERROR:C99_COMMENTS: do not use C99 // comments

> +	RTE_PTR_OR_ERR_RET(stats, -EINVAL);
>  	return instance->ops->session_stats_get(instance->device, sess, stats);
> }
> 
> @@ -64,7 +82,10 @@ rte_security_session_destroy(struct rte_security_ctx
> *instance,  {
>  	int ret;
> 
> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_destroy, -
> ENOTSUP);
> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
> +	RTE_PTR_OR_ERR_RET(instance->ops->session_destroy, -ENOTSUP);
> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
> 
>  	if (instance->sess_cnt)
>  		instance->sess_cnt--;
> @@ -81,7 +102,11 @@ rte_security_set_pkt_metadata(struct rte_security_ctx
> *instance,
>  			      struct rte_security_session *sess,
>  			      struct rte_mbuf *m, void *params)  {
> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -
> ENOTSUP);
> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
> +	RTE_PTR_OR_ERR_RET(instance->ops->set_pkt_metadata, -ENOTSUP);

[Anoob] set_pkt_metadata() and get_userdata() are datapath ops. So can you introduce a config option to enable/disable the checks.

Please check,
http://code.dpdk.org/dpdk/latest/source/lib/librte_ethdev/rte_ethdev.h#L4372
 
> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
> +	RTE_PTR_OR_ERR_RET(m, -EINVAL);
>  	return instance->ops->set_pkt_metadata(instance->device,
>  					       sess, m, params);
>  }
> @@ -91,7 +116,9 @@ rte_security_get_userdata(struct rte_security_ctx
> *instance, uint64_t md)  {
>  	void *userdata = NULL;
> 
> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
> +	RTE_PTR_OR_ERR_RET(instance, NULL);
> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
> +	RTE_PTR_OR_ERR_RET(instance->ops->get_userdata, NULL);
>  	if (instance->ops->get_userdata(instance->device, md, &userdata))
>  		return NULL;
> 
> @@ -101,7 +128,9 @@ rte_security_get_userdata(struct rte_security_ctx
> *instance, uint64_t md)  const struct rte_security_capability *
> rte_security_capabilities_get(struct rte_security_ctx *instance)  {
> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
> +	RTE_PTR_OR_ERR_RET(instance, NULL);
> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
> +	RTE_PTR_OR_ERR_RET(instance->ops->capabilities_get, NULL);
>  	return instance->ops->capabilities_get(instance->device);
>  }
> 
> @@ -113,7 +142,10 @@ rte_security_capability_get(struct rte_security_ctx
> *instance,
>  	const struct rte_security_capability *capability;
>  	uint16_t i = 0;
> 
> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
> +	RTE_PTR_OR_ERR_RET(instance, NULL);
> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
> +	RTE_PTR_OR_ERR_RET(instance->ops->capabilities_get, NULL);
> +	RTE_PTR_OR_ERR_RET(idx, NULL);
>  	capabilities = instance->ops->capabilities_get(instance->device);
> 
>  	if (capabilities == NULL)
> @@ -121,7 +153,7 @@ rte_security_capability_get(struct rte_security_ctx
> *instance,
> 
>  	while ((capability = &capabilities[i++])->action
>  			!= RTE_SECURITY_ACTION_TYPE_NONE) {
> -		if (capability->action  == idx->action &&
> +		if (capability->action == idx->action &&
>  				capability->protocol == idx->protocol) {
>  			if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
> {
>  				if (capability->ipsec.proto ==
> --
> 2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH 02/13] librte_security: fix return types in documentation
  2020-03-12 15:16     ` [dpdk-dev] [PATCH 02/13] librte_security: fix return types in documentation Lukasz Wojciechowski
@ 2020-03-17 16:34       ` Anoob Joseph
  0 siblings, 0 replies; 80+ messages in thread
From: Anoob Joseph @ 2020-03-17 16:34 UTC (permalink / raw)
  To: Lukasz Wojciechowski, dev; +Cc: Narayana Prasad Raju Athreya

Hi Lukasz,

I think you will need to change the title to something like,

"security: fix return types in documentation"

Also, "Fixes" tag is missing. This should be applicable for stable also.

Thanks,
Anoob

> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Lukasz Wojciechowski
> Sent: Thursday, March 12, 2020 8:47 PM
> To: dev@dpdk.org
> Subject: [dpdk-dev] [PATCH 02/13] librte_security: fix return types in
> documentation
> 
> Enhance returned values description for rte_security_session_destroy and some
> other minor description changes.
> 
> Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
> Change-Id: Ic18ee9e76507f8888da1a0921b3a2a914a2434d2
> ---
>  lib/librte_security/rte_security.h | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
> index ef47118fa..747830d67 100644
> --- a/lib/librte_security/rte_security.h
> +++ b/lib/librte_security/rte_security.h
> @@ -378,7 +378,7 @@ rte_security_session_create(struct rte_security_ctx
> *instance,
>   * @param   conf	update configuration parameters
>   * @return
>   *  - On success returns 0
> - *  - On failure return errno
> + *  - On failure returns a negative errno value.
>   */
>  __rte_experimental
>  int
> @@ -403,12 +403,14 @@ rte_security_session_get_size(struct rte_security_ctx
> *instance);
>   * return it to its original mempool.
>   *
>   * @param   instance	security instance
> - * @param   sess	security session to freed
> + * @param   sess	security session to be freed
>   *
>   * @return
>   *  - 0 if successful.
> - *  - -EINVAL if session is NULL.
> + *  - -EINVAL if session or context instance is NULL.
>   *  - -EBUSY if not all device private data has been freed.
> + *  - -ENOTSUP if destroying private data is not supported.
> + *  - other negative values in case of freeing private data errors.
>   */
>  int
>  rte_security_session_destroy(struct rte_security_ctx *instance,
> --
> 2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH 03/13] librte_security: fix session counter
  2020-03-12 15:16     ` [dpdk-dev] [PATCH 03/13] librte_security: fix session counter Lukasz Wojciechowski
@ 2020-03-17 17:08       ` Anoob Joseph
  0 siblings, 0 replies; 80+ messages in thread
From: Anoob Joseph @ 2020-03-17 17:08 UTC (permalink / raw)
  To: Lukasz Wojciechowski, dev

Hi Lukasz,

The title need to be changed (librte_security -> security). With that change,

Acked-by: Anoob Joseph <anoobj@marvell.com>

> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Lukasz Wojciechowski
> Sent: Thursday, March 12, 2020 8:47 PM
> To: dev@dpdk.org
> Subject: [dpdk-dev] [PATCH 03/13] librte_security: fix session counter
> 
> Fix session counter to be decreased in rte_security_session_destroy only when
> session was successfully destoyed.
> 
> Formerly session counter was decreased prior session destroying and returning
> session object to mempool. It remained decreased even if session was not
> destroyed and mempool object released making counter invalid.
> 
> Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
> Change-Id: I75ebfc26811ec2159b973fae36b2c9fb08868f11
> ---
>  lib/librte_security/rte_security.c | 12 +++++++-----
>  1 file changed, 7 insertions(+), 5 deletions(-)
> 
> diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
> index 40a0e9ce5..74a314903 100644
> --- a/lib/librte_security/rte_security.c
> +++ b/lib/librte_security/rte_security.c
> @@ -87,14 +87,16 @@ rte_security_session_destroy(struct rte_security_ctx
> *instance,
>  	RTE_PTR_OR_ERR_RET(instance->ops->session_destroy, -ENOTSUP);
>  	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
> 
> +	ret = instance->ops->session_destroy(instance->device, sess);
> +	if (ret != 0)
> +		return ret;
> +
> +	rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess);
> +
>  	if (instance->sess_cnt)
>  		instance->sess_cnt--;
> 
> -	ret = instance->ops->session_destroy(instance->device, sess);
> -	if (!ret)
> -		rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess);
> -
> -	return ret;
> +	return 0;
>  }
> 
>  int
> --
> 2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH 05/13] app/test: introduce librte_security tests
  2020-03-12 15:16     ` [dpdk-dev] [PATCH 05/13] app/test: introduce librte_security tests Lukasz Wojciechowski
@ 2020-04-01 17:09       ` Akhil Goyal
  2020-04-01 17:51         ` Thomas Monjalon
  2020-04-03 19:24         ` Lukasz Wojciechowski
  0 siblings, 2 replies; 80+ messages in thread
From: Akhil Goyal @ 2020-04-01 17:09 UTC (permalink / raw)
  To: Lukasz Wojciechowski, Thomas Monjalon, declan.doherty; +Cc: dev

Hi Lukasz,


> 
> This patch introduces set of unit tests of librte_security API functions.
> Tests are added to dpdk-test application and can be run with
> "security_autotest" runtime command.
> 
> This is the first patch in the series of patches as adding all test cases
> for all API functions in a single patch would make it unreadable.
> 
> This patch defines structure of the file and necessary test framework
> initialization. It also contains first subset of unit tests for
> rte_security_session_create API function.
> 
> Structure of the tests file is following:
> - macros for making tests more readable;
> - mockup structures and functions for rte_security_ops;
> - test suite and test cases setup and teardown functions;
> - tests functions;
> - declaration of testcases.
> 
> Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
> Change-Id: I3a4585f56ef1a75b2984fcea3a3e4a30e4c2d8a6
> ---

This patchset has a lot of repeated(for each API) tests just to check the input parameters to
Rte_security APIs. I am not sure what value addition is done to separate out each API as a separate
Negative Test. Instead a single case can be added to test all APIs with inappropriate arguments.
We should add more positive cases with proper session parameters.

Thomas,
Do we allow these type of test cases in other modules?

Regards,
Akhil


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH 05/13] app/test: introduce librte_security tests
  2020-04-01 17:09       ` Akhil Goyal
@ 2020-04-01 17:51         ` Thomas Monjalon
  2020-04-02 19:49           ` Lukasz Wojciechowski
  2020-04-03 19:24         ` Lukasz Wojciechowski
  1 sibling, 1 reply; 80+ messages in thread
From: Thomas Monjalon @ 2020-04-01 17:51 UTC (permalink / raw)
  To: Lukasz Wojciechowski, Akhil Goyal; +Cc: declan.doherty, dev

01/04/2020 19:09, Akhil Goyal:
> Hi Lukasz,
> 
> > This patch introduces set of unit tests of librte_security API functions.
> > Tests are added to dpdk-test application and can be run with
> > "security_autotest" runtime command.
> > 
> > This is the first patch in the series of patches as adding all test cases
> > for all API functions in a single patch would make it unreadable.
> > 
> > This patch defines structure of the file and necessary test framework
> > initialization. It also contains first subset of unit tests for
> > rte_security_session_create API function.
> > 
> > Structure of the tests file is following:
> > - macros for making tests more readable;
> > - mockup structures and functions for rte_security_ops;
> > - test suite and test cases setup and teardown functions;
> > - tests functions;
> > - declaration of testcases.
> > 
> > Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
> > Change-Id: I3a4585f56ef1a75b2984fcea3a3e4a30e4c2d8a6
> > ---
> 
> This patchset has a lot of repeated(for each API) tests just to check the input parameters to
> Rte_security APIs. I am not sure what value addition is done to separate out each API as a separate
> Negative Test. Instead a single case can be added to test all APIs with inappropriate arguments.
> We should add more positive cases with proper session parameters.
> 
> Thomas,
> Do we allow these type of test cases in other modules?

I did not review these patches, but I think we can try to compare
with tests done on eventdev library.
It would be interesting to have an opinion from Declan.

These rte_security tests look quite big.
However I don't know what is too big for test code?
Lukasz, please could you explain the initial motivation when writing
these tests? Are you especially interested in rte_security?
Or do you plan to reproduce this effort on other libraries?



^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH 05/13] app/test: introduce librte_security tests
  2020-04-01 17:51         ` Thomas Monjalon
@ 2020-04-02 19:49           ` Lukasz Wojciechowski
  2020-04-02 20:51             ` Thomas Monjalon
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-02 19:49 UTC (permalink / raw)
  To: Thomas Monjalon, Akhil Goyal; +Cc: declan.doherty, dev


W dniu 01.04.2020 o 19:51, Thomas Monjalon pisze:
> 01/04/2020 19:09, Akhil Goyal:
>> Hi Lukasz,
>>
>>> This patch introduces set of unit tests of librte_security API functions.
>>> Tests are added to dpdk-test application and can be run with
>>> "security_autotest" runtime command.
>>>
>>> This is the first patch in the series of patches as adding all test cases
>>> for all API functions in a single patch would make it unreadable.
>>>
>>> This patch defines structure of the file and necessary test framework
>>> initialization. It also contains first subset of unit tests for
>>> rte_security_session_create API function.
>>>
>>> Structure of the tests file is following:
>>> - macros for making tests more readable;
>>> - mockup structures and functions for rte_security_ops;
>>> - test suite and test cases setup and teardown functions;
>>> - tests functions;
>>> - declaration of testcases.
>>>
>>> Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
>>> Change-Id: I3a4585f56ef1a75b2984fcea3a3e4a30e4c2d8a6
>>> ---
>> This patchset has a lot of repeated(for each API) tests just to check the input parameters to
>> Rte_security APIs. I am not sure what value addition is done to separate out each API as a separate
>> Negative Test. Instead a single case can be added to test all APIs with inappropriate arguments.
>> We should add more positive cases with proper session parameters.
>>
>> Thomas,
>> Do we allow these type of test cases in other modules?
> I did not review these patches, but I think we can try to compare
> with tests done on eventdev library.
> It would be interesting to have an opinion from Declan.
>
> These rte_security tests look quite big.
> However I don't know what is too big for test code?
> Lukasz, please could you explain the initial motivation when writing
> these tests? Are you especially interested in rte_security?
> Or do you plan to reproduce this effort on other libraries?
>
>
Hi Akhil and Thomas,

I've just started using dpdk this year and was writing few small apps to 
get familiar with API.
I noticed few things that can be fixed in the security lib and though 
that they can be fixed easily, so I prepared patches.

After that I searched for some unit tests of the lib to add some tests 
that cover my code. I always try to do so
and when I found no tests for security lib I made some.

I don't know if you need them or is this the right place to put them, 
but I did. And as I made the tests I tried to cover 100% code of 
security lib.

Currently I don't have any plans to add or change anything in 
rte_security. These patches are just a "collateral damage" to my process 
of learning dpdk and a strong believe that if you can share some fixes 
you should do it, because that the open source power.

So it is totaly up to you, what we can do with these patches. I would be 
glad to work on them and change them the way you think they should look 
like, e.g. I can squash all the parameters checks to a single negative 
case as you, Akhil suggested. If you would like to see similar patches 
in other libraries I can help with that in some spare time. I'm the new 
guy here, so please guide me a bit ;)

-- 

Lukasz Wojciechowski
Principal Software Engineer

Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 88 25
l.wojciechow@partner.samsung.com


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH 05/13] app/test: introduce librte_security tests
  2020-04-02 19:49           ` Lukasz Wojciechowski
@ 2020-04-02 20:51             ` Thomas Monjalon
  0 siblings, 0 replies; 80+ messages in thread
From: Thomas Monjalon @ 2020-04-02 20:51 UTC (permalink / raw)
  To: Lukasz Wojciechowski; +Cc: Akhil Goyal, declan.doherty, dev

02/04/2020 21:49, Lukasz Wojciechowski:
> 
> W dniu 01.04.2020 o 19:51, Thomas Monjalon pisze:
> > 01/04/2020 19:09, Akhil Goyal:
> >> Hi Lukasz,
> >>
> >>> This patch introduces set of unit tests of librte_security API functions.
> >>> Tests are added to dpdk-test application and can be run with
> >>> "security_autotest" runtime command.
> >>>
> >>> This is the first patch in the series of patches as adding all test cases
> >>> for all API functions in a single patch would make it unreadable.
> >>>
> >>> This patch defines structure of the file and necessary test framework
> >>> initialization. It also contains first subset of unit tests for
> >>> rte_security_session_create API function.
> >>>
> >>> Structure of the tests file is following:
> >>> - macros for making tests more readable;
> >>> - mockup structures and functions for rte_security_ops;
> >>> - test suite and test cases setup and teardown functions;
> >>> - tests functions;
> >>> - declaration of testcases.
> >>>
> >>> Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
> >>> Change-Id: I3a4585f56ef1a75b2984fcea3a3e4a30e4c2d8a6
> >>> ---
> >> This patchset has a lot of repeated(for each API) tests just to check the input parameters to
> >> Rte_security APIs. I am not sure what value addition is done to separate out each API as a separate
> >> Negative Test. Instead a single case can be added to test all APIs with inappropriate arguments.
> >> We should add more positive cases with proper session parameters.
> >>
> >> Thomas,
> >> Do we allow these type of test cases in other modules?
> > I did not review these patches, but I think we can try to compare
> > with tests done on eventdev library.
> > It would be interesting to have an opinion from Declan.
> >
> > These rte_security tests look quite big.
> > However I don't know what is too big for test code?
> > Lukasz, please could you explain the initial motivation when writing
> > these tests? Are you especially interested in rte_security?
> > Or do you plan to reproduce this effort on other libraries?
> >
> >
> Hi Akhil and Thomas,
> 
> I've just started using dpdk this year and was writing few small apps to 
> get familiar with API.
> I noticed few things that can be fixed in the security lib and though 
> that they can be fixed easily, so I prepared patches.
> 
> After that I searched for some unit tests of the lib to add some tests 
> that cover my code. I always try to do so
> and when I found no tests for security lib I made some.
> 
> I don't know if you need them or is this the right place to put them, 
> but I did. And as I made the tests I tried to cover 100% code of 
> security lib.
> 
> Currently I don't have any plans to add or change anything in 
> rte_security. These patches are just a "collateral damage" to my process 
> of learning dpdk and a strong believe that if you can share some fixes 
> you should do it, because that the open source power.
> 
> So it is totaly up to you, what we can do with these patches. I would be 
> glad to work on them and change them the way you think they should look 
> like, e.g. I can squash all the parameters checks to a single negative 
> case as you, Akhil suggested. If you would like to see similar patches 
> in other libraries I can help with that in some spare time. I'm the new 
> guy here, so please guide me a bit ;)

Thanks a lot Lukasz.
In general we need more tests in DPDK.

I won't be able to review these patches myself,
so I hope many developers will review and guide you.

My advice is to review at least one or two other patchsets.
Hopefully someone will do the same for you.
If it does not work, please ping Akhil and me.
As a last resort, we could prioritize merging patches of
contributors helping others.



^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH 01/13] librte_security: fix verification of parameters
  2020-03-17 12:59       ` Anoob Joseph
@ 2020-04-03 18:36         ` Lukasz Wojciechowski
  2020-04-05 12:54           ` [dpdk-dev] [EXT] " Anoob Joseph
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-03 18:36 UTC (permalink / raw)
  To: Anoob Joseph, dev; +Cc: Narayana Prasad Raju Athreya, Lukas Bartosik [C]

Hi Anoob,

Thank you very much for your review.
Please see my answers inline.

Best regards,
Lukasz


W dniu 17.03.2020 o 13:59, Anoob Joseph pisze:
> Hi Lukasz,
>
> Please see inline.
>
> Thanks,
> Anoob
>
>> -----Original Message-----
>> From: dev <dev-bounces@dpdk.org> On Behalf Of Lukasz Wojciechowski
>> Sent: Thursday, March 12, 2020 8:47 PM
>> To: dev@dpdk.org
>> Subject: [dpdk-dev] [PATCH 01/13] librte_security: fix verification of parameters
> [Anoob] I believe the title has to be: "security: fix verification of parameters"
>
> Also, you can add "Fixes" as well.

I changed the title and will push the new on in 2nd version of the 
paches after I'll fix all other issues.

How do you add a "Fixes" tag to a patch?

>   
>> This patch adds verification of the parameters to the ret_security API functions.
>> All required parameters are checked if they are not NULL.
>>
>> Checks verify full chain of pointers, e.g. in case of verification of "instance->ops-
>>> session_XXX", they check also "instance" and "instance->ops".
>> Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
>> Change-Id: I1724c926a1a0a13fd16d76f19842a0b40fbea1b2
>> ---
>>   lib/librte_security/rte_security.c | 58 +++++++++++++++++++++++-------
>>   1 file changed, 45 insertions(+), 13 deletions(-)
>>
>> diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
>> index bc81ce15d..40a0e9ce5 100644
>> --- a/lib/librte_security/rte_security.c
>> +++ b/lib/librte_security/rte_security.c
>> @@ -1,6 +1,7 @@
>>   /* SPDX-License-Identifier: BSD-3-Clause
>>    * Copyright 2017 NXP.
>>    * Copyright(c) 2017 Intel Corporation.
>> + * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
>>    */
>>
>>   #include <rte_malloc.h>
>> @@ -9,6 +10,12 @@
>>   #include "rte_security.h"
>>   #include "rte_security_driver.h"
>>
>> +/* Macro to check for invalid pointers */
>> +#define RTE_PTR_OR_ERR_RET(ptr, retval) do {	\
>> +	if ((ptr) == NULL)			\
>> +		return retval;			\
>> +} while (0)
>> +
>>   struct rte_security_session *
>>   rte_security_session_create(struct rte_security_ctx *instance,
>>   			    struct rte_security_session_conf *conf, @@ -16,10
>> +23,11 @@ rte_security_session_create(struct rte_security_ctx *instance,  {
>>   	struct rte_security_session *sess = NULL;
>>
>> -	if (conf == NULL)
>> -		return NULL;
>> -
>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_create, NULL);
>> +	RTE_PTR_OR_ERR_RET(instance, NULL);
>> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_create, NULL);
> [Anoob] The above three lines are repeated for every op NULL check. Can we introduce one macro for doing all the three checks? In case if it doesn't come off well, we can stick to individual checks.
>   
Done. Will appear in 2nd version of patches.
>> +	RTE_PTR_OR_ERR_RET(conf, NULL);
>> +	RTE_PTR_OR_ERR_RET(mp, NULL);
>>
>>   	if (rte_mempool_get(mp, (void **)&sess))
>>   		return NULL;
>> @@ -38,14 +46,20 @@ rte_security_session_update(struct rte_security_ctx
>> *instance,
>>   			    struct rte_security_session *sess,
>>   			    struct rte_security_session_conf *conf)  {
>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_update, -
>> ENOTSUP);
>> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
>> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_update, -ENOTSUP);
>> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
>> +	RTE_PTR_OR_ERR_RET(conf, -EINVAL);
>>   	return instance->ops->session_update(instance->device, sess, conf);  }
>>
>>   unsigned int
>>   rte_security_session_get_size(struct rte_security_ctx *instance)  {
>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
>> +	RTE_PTR_OR_ERR_RET(instance, 0);
>> +	RTE_PTR_OR_ERR_RET(instance->ops, 0);
>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_get_size, 0);
>>   	return instance->ops->session_get_size(instance->device);
>>   }
>>
>> @@ -54,7 +68,11 @@ rte_security_session_stats_get(struct rte_security_ctx
>> *instance,
>>   			       struct rte_security_session *sess,
>>   			       struct rte_security_stats *stats)  {
>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_stats_get, -
>> ENOTSUP);
>> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
>> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_stats_get, -ENOTSUP);
>> +	// Parameter sess can be NULL in case of getting global statistics.
> [Anoob] Checkpatch error.
> ERROR:C99_COMMENTS: do not use C99 // comments
Done. Will appear in 2nd version of patches.
>
>> +	RTE_PTR_OR_ERR_RET(stats, -EINVAL);
>>   	return instance->ops->session_stats_get(instance->device, sess, stats);
>> }
>>
>> @@ -64,7 +82,10 @@ rte_security_session_destroy(struct rte_security_ctx
>> *instance,  {
>>   	int ret;
>>
>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_destroy, -
>> ENOTSUP);
>> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
>> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_destroy, -ENOTSUP);
>> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
>>
>>   	if (instance->sess_cnt)
>>   		instance->sess_cnt--;
>> @@ -81,7 +102,11 @@ rte_security_set_pkt_metadata(struct rte_security_ctx
>> *instance,
>>   			      struct rte_security_session *sess,
>>   			      struct rte_mbuf *m, void *params)  {
>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -
>> ENOTSUP);
>> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
>> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
>> +	RTE_PTR_OR_ERR_RET(instance->ops->set_pkt_metadata, -ENOTSUP);
> [Anoob] set_pkt_metadata() and get_userdata() are datapath ops. So can you introduce a config option to enable/disable the checks.
>
> Please check,
> https://protect2.fireeye.com/url?k=c52d8c32-98e14097-c52c077d-0cc47a30d446-c1b9d873e3e59cc4&u=http://code.dpdk.org/dpdk/latest/source/lib/librte_ethdev/rte_ethdev.h#L4372
Could you explain a bit further?

Do you propose to make checks inside #ifdef RTE_LIBRTE_SECURITY_DEBUG or so?
And do you have all checks or just sess and m on mind?

The instance->ops->function checks were already there without any config 
options in all API functions.

>   
>> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
>> +	RTE_PTR_OR_ERR_RET(m, -EINVAL);
>>   	return instance->ops->set_pkt_metadata(instance->device,
>>   					       sess, m, params);
>>   }
>> @@ -91,7 +116,9 @@ rte_security_get_userdata(struct rte_security_ctx
>> *instance, uint64_t md)  {
>>   	void *userdata = NULL;
>>
>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
>> +	RTE_PTR_OR_ERR_RET(instance, NULL);
>> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
>> +	RTE_PTR_OR_ERR_RET(instance->ops->get_userdata, NULL);
>>   	if (instance->ops->get_userdata(instance->device, md, &userdata))
>>   		return NULL;
>>
>> @@ -101,7 +128,9 @@ rte_security_get_userdata(struct rte_security_ctx
>> *instance, uint64_t md)  const struct rte_security_capability *
>> rte_security_capabilities_get(struct rte_security_ctx *instance)  {
>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
>> +	RTE_PTR_OR_ERR_RET(instance, NULL);
>> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
>> +	RTE_PTR_OR_ERR_RET(instance->ops->capabilities_get, NULL);
>>   	return instance->ops->capabilities_get(instance->device);
>>   }
>>
>> @@ -113,7 +142,10 @@ rte_security_capability_get(struct rte_security_ctx
>> *instance,
>>   	const struct rte_security_capability *capability;
>>   	uint16_t i = 0;
>>
>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
>> +	RTE_PTR_OR_ERR_RET(instance, NULL);
>> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
>> +	RTE_PTR_OR_ERR_RET(instance->ops->capabilities_get, NULL);
>> +	RTE_PTR_OR_ERR_RET(idx, NULL);
>>   	capabilities = instance->ops->capabilities_get(instance->device);
>>
>>   	if (capabilities == NULL)
>> @@ -121,7 +153,7 @@ rte_security_capability_get(struct rte_security_ctx
>> *instance,
>>
>>   	while ((capability = &capabilities[i++])->action
>>   			!= RTE_SECURITY_ACTION_TYPE_NONE) {
>> -		if (capability->action  == idx->action &&
>> +		if (capability->action == idx->action &&
>>   				capability->protocol == idx->protocol) {
>>   			if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
>> {
>>   				if (capability->ipsec.proto ==
>> --
>> 2.17.1

-- 

Lukasz Wojciechowski
Principal Software Engineer

Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 88 25
l.wojciechow@partner.samsung.com


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH 05/13] app/test: introduce librte_security tests
  2020-04-01 17:09       ` Akhil Goyal
  2020-04-01 17:51         ` Thomas Monjalon
@ 2020-04-03 19:24         ` Lukasz Wojciechowski
  1 sibling, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-03 19:24 UTC (permalink / raw)
  To: Akhil Goyal, Thomas Monjalon, declan.doherty; +Cc: dev

Dear Akhil,

W dniu 01.04.2020 o 19:09, Akhil Goyal pisze:
> Hi Lukasz,
>
>
>> This patch introduces set of unit tests of librte_security API functions.
>> Tests are added to dpdk-test application and can be run with
>> "security_autotest" runtime command.
>>
>> This is the first patch in the series of patches as adding all test cases
>> for all API functions in a single patch would make it unreadable.
>>
>> This patch defines structure of the file and necessary test framework
>> initialization. It also contains first subset of unit tests for
>> rte_security_session_create API function.
>>
>> Structure of the tests file is following:
>> - macros for making tests more readable;
>> - mockup structures and functions for rte_security_ops;
>> - test suite and test cases setup and teardown functions;
>> - tests functions;
>> - declaration of testcases.
>>
>> Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
>> Change-Id: I3a4585f56ef1a75b2984fcea3a3e4a30e4c2d8a6
>> ---
> This patchset has a lot of repeated(for each API) tests just to check the input parameters to
> Rte_security APIs. I am not sure what value addition is done to separate out each API as a separate
> Negative Test. Instead a single case can be added to test all APIs with inappropriate arguments.
> We should add more positive cases with proper session parameters.
>
> Thomas,
> Do we allow these type of test cases in other modules?
>
> Regards,
> Akhil
As I already replied to you and Thomas, my primary intention was to make 
fixes to rte_security lib.

And as I did, I wanted to cover them also with unit tests. And as these 
are unit tests, there is plenty of them and all they do is to verify 
input parameters and check if proper functions are running and the code 
exists function in proper places with proper return values. So they 
verify the flow inside each API function. In my opinion it is best to 
have a single testcase to check single function flow with set 
conditions. So if anything fails in the future, you will know exactly 
what and why.

As the unit tests verify flow of the function, usualy they can fail in 
many ways, but the "proper" path to execute a function is only one, so 
there are much less positive testcases. Maybe more positive testcases 
you can see in the last patch containing tests for 
rte_security_capability_get. There are many testcases showing matches of 
capabilities to different patterns.

What you would like to have are functional tests not only for 
librte_security but together with its usage. I agree that would be nice 
to have such tests also, but those wouldn't test rte_security by itself, 
they would test its usage and that's completely different thing and 
that's not what these patches provide.

I'll check more modules to see how the tests look like there and I'll 
take a look at eventdev-tests, that Thomas mentioned.


Best regards

Lukasz

-- 

Lukasz Wojciechowski
Principal Software Engineer

Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 88 25
l.wojciechow@partner.samsung.com


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [EXT] Re: [PATCH 01/13] librte_security: fix verification of parameters
  2020-04-03 18:36         ` Lukasz Wojciechowski
@ 2020-04-05 12:54           ` Anoob Joseph
  2020-04-06 18:49             ` Lukasz Wojciechowski
  0 siblings, 1 reply; 80+ messages in thread
From: Anoob Joseph @ 2020-04-05 12:54 UTC (permalink / raw)
  To: Lukasz Wojciechowski, dev
  Cc: Narayana Prasad Raju Athreya, Lukas Bartosik [C]

Hi Lukasz,

Please see inline.

Thanks,
Anoob

> -----Original Message-----
> From: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
> Sent: Saturday, April 4, 2020 12:06 AM
> To: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org
> Cc: Narayana Prasad Raju Athreya <pathreya@marvell.com>; Lukas Bartosik [C]
> <lbartosik@marvell.com>
> Subject: [EXT] Re: [dpdk-dev] [PATCH 01/13] librte_security: fix verification of
> parameters
> 
> External Email
> 
> ----------------------------------------------------------------------
> Hi Anoob,
> 
> Thank you very much for your review.
> Please see my answers inline.
> 
> Best regards,
> Lukasz
> 
> 
> W dniu 17.03.2020 o 13:59, Anoob Joseph pisze:
> > Hi Lukasz,
> >
> > Please see inline.
> >
> > Thanks,
> > Anoob
> >
> >> -----Original Message-----
> >> From: dev <dev-bounces@dpdk.org> On Behalf Of Lukasz Wojciechowski
> >> Sent: Thursday, March 12, 2020 8:47 PM
> >> To: dev@dpdk.org
> >> Subject: [dpdk-dev] [PATCH 01/13] librte_security: fix verification
> >> of parameters
> > [Anoob] I believe the title has to be: "security: fix verification of parameters"
> >
> > Also, you can add "Fixes" as well.
> 
> I changed the title and will push the new on in 2nd version of the paches after I'll
> fix all other issues.
> 
> How do you add a "Fixes" tag to a patch?

[Anoob] 

Check the below link. It explains the format of the patch with fixes.
https://doc.dpdk.org/guides/contributing/patches.html#commit-messages-body
 
> 
> >
> >> This patch adds verification of the parameters to the ret_security API
> functions.
> >> All required parameters are checked if they are not NULL.
> >>
> >> Checks verify full chain of pointers, e.g. in case of verification of
> >> "instance->ops-
> >>> session_XXX", they check also "instance" and "instance->ops".
> >> Signed-off-by: Lukasz Wojciechowski
> >> <l.wojciechow@partner.samsung.com>
> >> Change-Id: I1724c926a1a0a13fd16d76f19842a0b40fbea1b2
> >> ---
> >>   lib/librte_security/rte_security.c | 58 +++++++++++++++++++++++-------
> >>   1 file changed, 45 insertions(+), 13 deletions(-)
> >>
> >> diff --git a/lib/librte_security/rte_security.c
> >> b/lib/librte_security/rte_security.c
> >> index bc81ce15d..40a0e9ce5 100644
> >> --- a/lib/librte_security/rte_security.c
> >> +++ b/lib/librte_security/rte_security.c
> >> @@ -1,6 +1,7 @@
> >>   /* SPDX-License-Identifier: BSD-3-Clause
> >>    * Copyright 2017 NXP.
> >>    * Copyright(c) 2017 Intel Corporation.
> >> + * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights
> >> + Reserved
> >>    */
> >>
> >>   #include <rte_malloc.h>
> >> @@ -9,6 +10,12 @@
> >>   #include "rte_security.h"
> >>   #include "rte_security_driver.h"
> >>
> >> +/* Macro to check for invalid pointers */
> >> +#define RTE_PTR_OR_ERR_RET(ptr, retval) do {	\
> >> +	if ((ptr) == NULL)			\
> >> +		return retval;			\
> >> +} while (0)
> >> +
> >>   struct rte_security_session *
> >>   rte_security_session_create(struct rte_security_ctx *instance,
> >>   			    struct rte_security_session_conf *conf, @@ -16,10
> >> +23,11 @@ rte_security_session_create(struct rte_security_ctx
> >> +*instance,  {
> >>   	struct rte_security_session *sess = NULL;
> >>
> >> -	if (conf == NULL)
> >> -		return NULL;
> >> -
> >> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_create, NULL);
> >> +	RTE_PTR_OR_ERR_RET(instance, NULL);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops->session_create, NULL);
> > [Anoob] The above three lines are repeated for every op NULL check. Can we
> introduce one macro for doing all the three checks? In case if it doesn't come
> off well, we can stick to individual checks.
> >
> Done. Will appear in 2nd version of patches.
> >> +	RTE_PTR_OR_ERR_RET(conf, NULL);
> >> +	RTE_PTR_OR_ERR_RET(mp, NULL);
> >>
> >>   	if (rte_mempool_get(mp, (void **)&sess))
> >>   		return NULL;
> >> @@ -38,14 +46,20 @@ rte_security_session_update(struct
> >> rte_security_ctx *instance,
> >>   			    struct rte_security_session *sess,
> >>   			    struct rte_security_session_conf *conf)  {
> >> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_update, -
> >> ENOTSUP);
> >> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops->session_update, -ENOTSUP);
> >> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
> >> +	RTE_PTR_OR_ERR_RET(conf, -EINVAL);
> >>   	return instance->ops->session_update(instance->device, sess,
> >> conf);  }
> >>
> >>   unsigned int
> >>   rte_security_session_get_size(struct rte_security_ctx *instance)  {
> >> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
> >> +	RTE_PTR_OR_ERR_RET(instance, 0);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops, 0);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops->session_get_size, 0);
> >>   	return instance->ops->session_get_size(instance->device);
> >>   }
> >>
> >> @@ -54,7 +68,11 @@ rte_security_session_stats_get(struct
> >> rte_security_ctx *instance,
> >>   			       struct rte_security_session *sess,
> >>   			       struct rte_security_stats *stats)  {
> >> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_stats_get, -
> >> ENOTSUP);
> >> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops->session_stats_get, -ENOTSUP);
> >> +	// Parameter sess can be NULL in case of getting global statistics.
> > [Anoob] Checkpatch error.
> > ERROR:C99_COMMENTS: do not use C99 // comments
> Done. Will appear in 2nd version of patches.
> >
> >> +	RTE_PTR_OR_ERR_RET(stats, -EINVAL);
> >>   	return instance->ops->session_stats_get(instance->device, sess,
> >> stats); }
> >>
> >> @@ -64,7 +82,10 @@ rte_security_session_destroy(struct
> >> rte_security_ctx *instance,  {
> >>   	int ret;
> >>
> >> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_destroy, -
> >> ENOTSUP);
> >> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops->session_destroy, -ENOTSUP);
> >> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
> >>
> >>   	if (instance->sess_cnt)
> >>   		instance->sess_cnt--;
> >> @@ -81,7 +102,11 @@ rte_security_set_pkt_metadata(struct
> >> rte_security_ctx *instance,
> >>   			      struct rte_security_session *sess,
> >>   			      struct rte_mbuf *m, void *params)  {
> >> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -
> >> ENOTSUP);
> >> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops->set_pkt_metadata, -ENOTSUP);
> > [Anoob] set_pkt_metadata() and get_userdata() are datapath ops. So can you
> introduce a config option to enable/disable the checks.
> >
> > Please check,
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__protect2.fireeye.
> > com_url-3Fk-3Dc52d8c32-2D98e14097-2Dc52c077d-2D0cc47a30d446-
> 2Dc1b9d873
> > e3e59cc4-26u-3Dhttp-3A__code.dpdk.org_dpdk_latest_source_lib_librte-5F
> > ethdev_rte-5Fethdev.h-
> 23L4372&d=DwIDaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB
> > 8rwwviRSxyLWs2n6B-
> WYLn1v9SyTMrT5EQqh2TU&m=aTo18FDvqHQBghOAhbi7x0f6EuX7
> >
> wZHTUtsRRloZ9Bw&s=TXpv6uQZW1WwB_Av3vCaHeUaibQzA0ypUUqnPy5aQlE
> &e=
> Could you explain a bit further?
> 
> Do you propose to make checks inside #ifdef RTE_LIBRTE_SECURITY_DEBUG or
> so?

[Anoob] Yes. You will need to introduce a new config flag (RTE_LIBRTE_SECURITY_DEBUG) and based on that, the error checks can be enabled/disabled.
 
> And do you have all checks or just sess and m on mind?

[Anoob] I think we should have all checks under the config option.

> 
> The instance->ops->function checks were already there without any config
> options in all API functions.

[Anoob] Must have slipped through. Thanks for pointing it out.

> 
> >
> >> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
> >> +	RTE_PTR_OR_ERR_RET(m, -EINVAL);
> >>   	return instance->ops->set_pkt_metadata(instance->device,
> >>   					       sess, m, params);
> >>   }
> >> @@ -91,7 +116,9 @@ rte_security_get_userdata(struct rte_security_ctx
> >> *instance, uint64_t md)  {
> >>   	void *userdata = NULL;
> >>
> >> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
> >> +	RTE_PTR_OR_ERR_RET(instance, NULL);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops->get_userdata, NULL);
> >>   	if (instance->ops->get_userdata(instance->device, md, &userdata))
> >>   		return NULL;
> >>
> >> @@ -101,7 +128,9 @@ rte_security_get_userdata(struct rte_security_ctx
> >> *instance, uint64_t md)  const struct rte_security_capability *
> >> rte_security_capabilities_get(struct rte_security_ctx *instance)  {
> >> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
> >> +	RTE_PTR_OR_ERR_RET(instance, NULL);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops->capabilities_get, NULL);
> >>   	return instance->ops->capabilities_get(instance->device);
> >>   }
> >>
> >> @@ -113,7 +142,10 @@ rte_security_capability_get(struct
> >> rte_security_ctx *instance,
> >>   	const struct rte_security_capability *capability;
> >>   	uint16_t i = 0;
> >>
> >> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
> >> +	RTE_PTR_OR_ERR_RET(instance, NULL);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
> >> +	RTE_PTR_OR_ERR_RET(instance->ops->capabilities_get, NULL);
> >> +	RTE_PTR_OR_ERR_RET(idx, NULL);
> >>   	capabilities = instance->ops->capabilities_get(instance->device);
> >>
> >>   	if (capabilities == NULL)
> >> @@ -121,7 +153,7 @@ rte_security_capability_get(struct
> >> rte_security_ctx *instance,
> >>
> >>   	while ((capability = &capabilities[i++])->action
> >>   			!= RTE_SECURITY_ACTION_TYPE_NONE) {
> >> -		if (capability->action  == idx->action &&
> >> +		if (capability->action == idx->action &&
> >>   				capability->protocol == idx->protocol) {
> >>   			if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
> {
> >>   				if (capability->ipsec.proto ==
> >> --
> >> 2.17.1
> 
> --
> 
> Lukasz Wojciechowski
> Principal Software Engineer
> 
> Samsung R&D Institute Poland
> Samsung Electronics
> Office +48 22 377 88 25
> l.wojciechow@partner.samsung.com


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [EXT] Re: [PATCH 01/13] librte_security: fix verification of parameters
  2020-04-05 12:54           ` [dpdk-dev] [EXT] " Anoob Joseph
@ 2020-04-06 18:49             ` Lukasz Wojciechowski
  2020-04-07  6:20               ` Anoob Joseph
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-06 18:49 UTC (permalink / raw)
  To: Anoob Joseph, dev; +Cc: Narayana Prasad Raju Athreya, Lukas Bartosik [C]

Dear Anoob,

Thank you for your reply and hints.

Now I have patches ready to send as version 2, but I hesitate, because I 
don't like the idea of placing all checks in #ifdefs for 
RTE_LIBRTE_SECURITY_DEBUG config option.

Let me explain here why: The config flag as a debug one will be disabled 
by default, which means, that normally nobody will use the checks.
I believe that it is much better to have checks enabled as most of them 
will save the user of librte_security from segmentation faults, when 
trying to run instance->ops functions that are not supported or use 
invalid mempool object. I believe it will cause much less trouble to 
verify the error codes than to fight the segfault.
It is also mentioned in the API description in few places that specific 
codes are returned in case some operation is not supported. Can we make 
such a changes in API, changing the current behavior from an error 
return code to segmentation fault during execution?

That's why I would like to keep all of the checks enabled and not placed 
inside config option.

However it would be nice to add the RTE_LIBRTE_SECURITY_DEBUG flag that 
you mentioned for changing checks behavior, to additionally provide logs 
of checks. This way a devloper using libret_security won't get a 
segmentation faults but error codes. If [s]he wants to check the details 
he'll rebuild the library with debug config option enabled and will be 
able to see all the details in logs, so [s]he will be able to fix the code.

What do you think about such usage of the config debug flag?

Best regards

Lukasz


W dniu 05.04.2020 o 14:54, Anoob Joseph pisze:

> Hi Lukasz,
>
> Please see inline.
>
> Thanks,
> Anoob
>
>> -----Original Message-----
>> From: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
>> Sent: Saturday, April 4, 2020 12:06 AM
>> To: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org
>> Cc: Narayana Prasad Raju Athreya <pathreya@marvell.com>; Lukas Bartosik [C]
>> <lbartosik@marvell.com>
>> Subject: [EXT] Re: [dpdk-dev] [PATCH 01/13] librte_security: fix verification of
>> parameters
>>
>> External Email
>>
>> ----------------------------------------------------------------------
>> Hi Anoob,
>>
>> Thank you very much for your review.
>> Please see my answers inline.
>>
>> Best regards,
>> Lukasz
>>
>>
>> W dniu 17.03.2020 o 13:59, Anoob Joseph pisze:
>>> Hi Lukasz,
>>>
>>> Please see inline.
>>>
>>> Thanks,
>>> Anoob
>>>
>>>> -----Original Message-----
>>>> From: dev <dev-bounces@dpdk.org> On Behalf Of Lukasz Wojciechowski
>>>> Sent: Thursday, March 12, 2020 8:47 PM
>>>> To: dev@dpdk.org
>>>> Subject: [dpdk-dev] [PATCH 01/13] librte_security: fix verification
>>>> of parameters
>>> [Anoob] I believe the title has to be: "security: fix verification of parameters"
>>>
>>> Also, you can add "Fixes" as well.
>> I changed the title and will push the new on in 2nd version of the paches after I'll
>> fix all other issues.
>>
>> How do you add a "Fixes" tag to a patch?
> [Anoob]
>
> Check the below link. It explains the format of the patch with fixes.
> https://protect2.fireeye.com/url?k=13e80549-4e769ea3-13e98e06-0cc47a6cba04-78f48282e990b416&q=1&u=https%3A%2F%2Fdoc.dpdk.org%2Fguides%2Fcontributing%2Fpatches.html%23commit-messages-body
>   
>>>> This patch adds verification of the parameters to the ret_security API
>> functions.
>>>> All required parameters are checked if they are not NULL.
>>>>
>>>> Checks verify full chain of pointers, e.g. in case of verification of
>>>> "instance->ops-
>>>>> session_XXX", they check also "instance" and "instance->ops".
>>>> Signed-off-by: Lukasz Wojciechowski
>>>> <l.wojciechow@partner.samsung.com>
>>>> Change-Id: I1724c926a1a0a13fd16d76f19842a0b40fbea1b2
>>>> ---
>>>>    lib/librte_security/rte_security.c | 58 +++++++++++++++++++++++-------
>>>>    1 file changed, 45 insertions(+), 13 deletions(-)
>>>>
>>>> diff --git a/lib/librte_security/rte_security.c
>>>> b/lib/librte_security/rte_security.c
>>>> index bc81ce15d..40a0e9ce5 100644
>>>> --- a/lib/librte_security/rte_security.c
>>>> +++ b/lib/librte_security/rte_security.c
>>>> @@ -1,6 +1,7 @@
>>>>    /* SPDX-License-Identifier: BSD-3-Clause
>>>>     * Copyright 2017 NXP.
>>>>     * Copyright(c) 2017 Intel Corporation.
>>>> + * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights
>>>> + Reserved
>>>>     */
>>>>
>>>>    #include <rte_malloc.h>
>>>> @@ -9,6 +10,12 @@
>>>>    #include "rte_security.h"
>>>>    #include "rte_security_driver.h"
>>>>
>>>> +/* Macro to check for invalid pointers */
>>>> +#define RTE_PTR_OR_ERR_RET(ptr, retval) do {	\
>>>> +	if ((ptr) == NULL)			\
>>>> +		return retval;			\
>>>> +} while (0)
>>>> +
>>>>    struct rte_security_session *
>>>>    rte_security_session_create(struct rte_security_ctx *instance,
>>>>    			    struct rte_security_session_conf *conf, @@ -16,10
>>>> +23,11 @@ rte_security_session_create(struct rte_security_ctx
>>>> +*instance,  {
>>>>    	struct rte_security_session *sess = NULL;
>>>>
>>>> -	if (conf == NULL)
>>>> -		return NULL;
>>>> -
>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_create, NULL);
>>>> +	RTE_PTR_OR_ERR_RET(instance, NULL);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_create, NULL);
>>> [Anoob] The above three lines are repeated for every op NULL check. Can we
>> introduce one macro for doing all the three checks? In case if it doesn't come
>> off well, we can stick to individual checks.
>> Done. Will appear in 2nd version of patches.
>>>> +	RTE_PTR_OR_ERR_RET(conf, NULL);
>>>> +	RTE_PTR_OR_ERR_RET(mp, NULL);
>>>>
>>>>    	if (rte_mempool_get(mp, (void **)&sess))
>>>>    		return NULL;
>>>> @@ -38,14 +46,20 @@ rte_security_session_update(struct
>>>> rte_security_ctx *instance,
>>>>    			    struct rte_security_session *sess,
>>>>    			    struct rte_security_session_conf *conf)  {
>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_update, -
>>>> ENOTSUP);
>>>> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_update, -ENOTSUP);
>>>> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
>>>> +	RTE_PTR_OR_ERR_RET(conf, -EINVAL);
>>>>    	return instance->ops->session_update(instance->device, sess,
>>>> conf);  }
>>>>
>>>>    unsigned int
>>>>    rte_security_session_get_size(struct rte_security_ctx *instance)  {
>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
>>>> +	RTE_PTR_OR_ERR_RET(instance, 0);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, 0);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_get_size, 0);
>>>>    	return instance->ops->session_get_size(instance->device);
>>>>    }
>>>>
>>>> @@ -54,7 +68,11 @@ rte_security_session_stats_get(struct
>>>> rte_security_ctx *instance,
>>>>    			       struct rte_security_session *sess,
>>>>    			       struct rte_security_stats *stats)  {
>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_stats_get, -
>>>> ENOTSUP);
>>>> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_stats_get, -ENOTSUP);
>>>> +	// Parameter sess can be NULL in case of getting global statistics.
>>> [Anoob] Checkpatch error.
>>> ERROR:C99_COMMENTS: do not use C99 // comments
>> Done. Will appear in 2nd version of patches.
>>>> +	RTE_PTR_OR_ERR_RET(stats, -EINVAL);
>>>>    	return instance->ops->session_stats_get(instance->device, sess,
>>>> stats); }
>>>>
>>>> @@ -64,7 +82,10 @@ rte_security_session_destroy(struct
>>>> rte_security_ctx *instance,  {
>>>>    	int ret;
>>>>
>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_destroy, -
>>>> ENOTSUP);
>>>> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_destroy, -ENOTSUP);
>>>> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
>>>>
>>>>    	if (instance->sess_cnt)
>>>>    		instance->sess_cnt--;
>>>> @@ -81,7 +102,11 @@ rte_security_set_pkt_metadata(struct
>>>> rte_security_ctx *instance,
>>>>    			      struct rte_security_session *sess,
>>>>    			      struct rte_mbuf *m, void *params)  {
>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -
>>>> ENOTSUP);
>>>> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->set_pkt_metadata, -ENOTSUP);
>>> [Anoob] set_pkt_metadata() and get_userdata() are datapath ops. So can you
>> introduce a config option to enable/disable the checks.
>>> Please check,
>>> https://protect2.fireeye.com/url?k=eee8020a-b37699e0-eee98945-0cc47a6cba04-561954f3424eceea&q=1&u=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__protect2.fireeye.
>>> com_url-3Fk-3Dc52d8c32-2D98e14097-2Dc52c077d-2D0cc47a30d446-
>> 2Dc1b9d873
>>> e3e59cc4-26u-3Dhttp-3A__code.dpdk.org_dpdk_latest_source_lib_librte-5F
>>> ethdev_rte-5Fethdev.h-
>> 23L4372&d=DwIDaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB
>>> 8rwwviRSxyLWs2n6B-
>> WYLn1v9SyTMrT5EQqh2TU&m=aTo18FDvqHQBghOAhbi7x0f6EuX7
>> wZHTUtsRRloZ9Bw&s=TXpv6uQZW1WwB_Av3vCaHeUaibQzA0ypUUqnPy5aQlE
>> &e=
>> Could you explain a bit further?
>>
>> Do you propose to make checks inside #ifdef RTE_LIBRTE_SECURITY_DEBUG or
>> so?
> [Anoob] Yes. You will need to introduce a new config flag (RTE_LIBRTE_SECURITY_DEBUG) and based on that, the error checks can be enabled/disabled.
>   
>> And do you have all checks or just sess and m on mind?
> [Anoob] I think we should have all checks under the config option.
>
>> The instance->ops->function checks were already there without any config
>> options in all API functions.
> [Anoob] Must have slipped through. Thanks for pointing it out.
>
>>>> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
>>>> +	RTE_PTR_OR_ERR_RET(m, -EINVAL);
>>>>    	return instance->ops->set_pkt_metadata(instance->device,
>>>>    					       sess, m, params);
>>>>    }
>>>> @@ -91,7 +116,9 @@ rte_security_get_userdata(struct rte_security_ctx
>>>> *instance, uint64_t md)  {
>>>>    	void *userdata = NULL;
>>>>
>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
>>>> +	RTE_PTR_OR_ERR_RET(instance, NULL);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->get_userdata, NULL);
>>>>    	if (instance->ops->get_userdata(instance->device, md, &userdata))
>>>>    		return NULL;
>>>>
>>>> @@ -101,7 +128,9 @@ rte_security_get_userdata(struct rte_security_ctx
>>>> *instance, uint64_t md)  const struct rte_security_capability *
>>>> rte_security_capabilities_get(struct rte_security_ctx *instance)  {
>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
>>>> +	RTE_PTR_OR_ERR_RET(instance, NULL);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->capabilities_get, NULL);
>>>>    	return instance->ops->capabilities_get(instance->device);
>>>>    }
>>>>
>>>> @@ -113,7 +142,10 @@ rte_security_capability_get(struct
>>>> rte_security_ctx *instance,
>>>>    	const struct rte_security_capability *capability;
>>>>    	uint16_t i = 0;
>>>>
>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
>>>> +	RTE_PTR_OR_ERR_RET(instance, NULL);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->capabilities_get, NULL);
>>>> +	RTE_PTR_OR_ERR_RET(idx, NULL);
>>>>    	capabilities = instance->ops->capabilities_get(instance->device);
>>>>
>>>>    	if (capabilities == NULL)
>>>> @@ -121,7 +153,7 @@ rte_security_capability_get(struct
>>>> rte_security_ctx *instance,
>>>>
>>>>    	while ((capability = &capabilities[i++])->action
>>>>    			!= RTE_SECURITY_ACTION_TYPE_NONE) {
>>>> -		if (capability->action  == idx->action &&
>>>> +		if (capability->action == idx->action &&
>>>>    				capability->protocol == idx->protocol) {
>>>>    			if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
>> {
>>>>    				if (capability->ipsec.proto ==
>>>> --
>>>> 2.17.1
>> --
>>
>> Lukasz Wojciechowski
>> Principal Software Engineer
>>
>> Samsung R&D Institute Poland
>> Samsung Electronics
>> Office +48 22 377 88 25
>> l.wojciechow@partner.samsung.com

-- 

Lukasz Wojciechowski
Principal Software Engineer

Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 88 25
l.wojciechow@partner.samsung.com


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [EXT] Re: [PATCH 01/13] librte_security: fix verification of parameters
  2020-04-06 18:49             ` Lukasz Wojciechowski
@ 2020-04-07  6:20               ` Anoob Joseph
  2020-04-08  3:25                 ` Lukasz Wojciechowski
  0 siblings, 1 reply; 80+ messages in thread
From: Anoob Joseph @ 2020-04-07  6:20 UTC (permalink / raw)
  To: Lukasz Wojciechowski, dev
  Cc: Narayana Prasad Raju Athreya, Lukas Bartosik [C], Akhil Goyal

Hi Lukasz,

Please see inline.

Thanks,
Anoob

> -----Original Message-----
> From: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
> Sent: Tuesday, April 7, 2020 12:19 AM
> To: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org
> Cc: Narayana Prasad Raju Athreya <pathreya@marvell.com>; Lukas Bartosik [C]
> <lbartosik@marvell.com>
> Subject: Re: [EXT] Re: [dpdk-dev] [PATCH 01/13] librte_security: fix verification
> of parameters
> 
> Dear Anoob,
> 
> Thank you for your reply and hints.

[Anoob] No mention!
 
> 
> Now I have patches ready to send as version 2, but I hesitate, because I don't
> like the idea of placing all checks in #ifdefs for RTE_LIBRTE_SECURITY_DEBUG
> config option.
> 
> Let me explain here why: The config flag as a debug one will be disabled by
> default, which means, that normally nobody will use the checks.
> I believe that it is much better to have checks enabled as most of them will save
> the user of librte_security from segmentation faults, when trying to run
> instance->ops functions that are not supported or use invalid mempool object. I
> believe it will cause much less trouble to verify the error codes than to fight the
> segfault.

[Anoob] No disagreement. In fact this is exactly what is done with control path APIs. But for datapath APIs, the penalty of such checks is not trivial. I believe that's the argument for having the DEBUG config option in ethdev data path ops. Also, for cases like instance->ops being NULL, the user would get a seg fault with the first call itself and he can enable the config option to debug the segfault he is observing.

As for invalid mempool object, I do agree that is one case where we are better off with per packet checks, but still perf impact would be there. In ethdev, the library doesn't do these checks and it would be upto the driver to have these checks if required. Same is the case with rte_cryptodev_enqueue_burst().
 
> It is also mentioned in the API description in few places that specific codes are
> returned in case some operation is not supported. Can we make such a changes
> in API, changing the current behavior from an error return code to segmentation
> fault during execution?

[Anoob] Did you mean, if we have to allow seg fault as a valid error case, better document it and remove the error codes getting returned? Again, I'm not sure whether we can document that seg fault is the error case. Atleast, in ethdev improper conditions can lead to seg fault but is not documented. May be, maintainers should comment on it.
 
> 
> That's why I would like to keep all of the checks enabled and not placed inside
> config option.
> 
> However it would be nice to add the RTE_LIBRTE_SECURITY_DEBUG flag that
> you mentioned for changing checks behavior, to additionally provide logs of
> checks. This way a devloper using libret_security won't get a segmentation
> faults but error codes. If [s]he wants to check the details he'll rebuild the library
> with debug config option enabled and will be able to see all the details in logs,
> so [s]he will be able to fix the code.
> 
> What do you think about such usage of the config debug flag?

[Anoob] I totally agree to your suggestions on preventing seg faults. But my only concern is the additional check and the corresponding perf penalty.

May be let's look at the APIs and discuss what need to be handled how,

int
rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
			      struct rte_security_session *sess,
			      struct rte_mbuf *mb, void *params);

instance -> NULL checks under config option
sess -> NULL checks under config option
mb -> possibly a datapath check. But can leave it to driver as well. (rte_cryptodev_enqueue_burst() also doesn't do these checks).
Params -> can be NULL (so no check required).

__rte_experimental
void *
rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);

instance -> NULL checks under config option
md -> can be NULL (device specific values).

Does this make sense to you?
 
> 
> Best regards
> 
> Lukasz
> 
> 
> W dniu 05.04.2020 o 14:54, Anoob Joseph pisze:
> 
> > Hi Lukasz,
> >
> > Please see inline.
> >
> > Thanks,
> > Anoob
> >
> >> -----Original Message-----
> >> From: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
> >> Sent: Saturday, April 4, 2020 12:06 AM
> >> To: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org
> >> Cc: Narayana Prasad Raju Athreya <pathreya@marvell.com>; Lukas
> >> Bartosik [C] <lbartosik@marvell.com>
> >> Subject: [EXT] Re: [dpdk-dev] [PATCH 01/13] librte_security: fix
> >> verification of parameters
> >>
> >> External Email
> >>
> >> ---------------------------------------------------------------------
> >> -
> >> Hi Anoob,
> >>
> >> Thank you very much for your review.
> >> Please see my answers inline.
> >>
> >> Best regards,
> >> Lukasz
> >>
> >>
> >> W dniu 17.03.2020 o 13:59, Anoob Joseph pisze:
> >>> Hi Lukasz,
> >>>
> >>> Please see inline.
> >>>
> >>> Thanks,
> >>> Anoob
> >>>
> >>>> -----Original Message-----
> >>>> From: dev <dev-bounces@dpdk.org> On Behalf Of Lukasz Wojciechowski
> >>>> Sent: Thursday, March 12, 2020 8:47 PM
> >>>> To: dev@dpdk.org
> >>>> Subject: [dpdk-dev] [PATCH 01/13] librte_security: fix verification
> >>>> of parameters
> >>> [Anoob] I believe the title has to be: "security: fix verification of
> parameters"
> >>>
> >>> Also, you can add "Fixes" as well.
> >> I changed the title and will push the new on in 2nd version of the
> >> paches after I'll fix all other issues.
> >>
> >> How do you add a "Fixes" tag to a patch?
> > [Anoob]
> >
> > Check the below link. It explains the format of the patch with fixes.
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__protect2.fireeye.
> > com_url-3Fk-3D13e80549-2D4e769ea3-2D13e98e06-2D0cc47a6cba04-
> 2D78f48282
> > e990b416-26q-3D1-26u-3Dhttps-253A-252F-252Fdoc.dpdk.org-252Fguides-
> 252
> > Fcontributing-252Fpatches.html-2523commit-2Dmessages-
> 2Dbody&d=DwIDaQ&c
> > =nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyLWs2n6B-
> WYLn1v9SyTMrT5EQqh2TU&
> > m=fTGxo5Mh9jPA0-xv8XSAtZpHD9TZebCJWW9PGcElYmA&s=g2HlI0z81E0M5-
> txF2U5Ag
> > xEg0l3MHs4JT0O8AiHvm8&e=
> >
> >>>> This patch adds verification of the parameters to the ret_security
> >>>> API
> >> functions.
> >>>> All required parameters are checked if they are not NULL.
> >>>>
> >>>> Checks verify full chain of pointers, e.g. in case of verification
> >>>> of
> >>>> "instance->ops-
> >>>>> session_XXX", they check also "instance" and "instance->ops".
> >>>> Signed-off-by: Lukasz Wojciechowski
> >>>> <l.wojciechow@partner.samsung.com>
> >>>> Change-Id: I1724c926a1a0a13fd16d76f19842a0b40fbea1b2
> >>>> ---
> >>>>    lib/librte_security/rte_security.c | 58 +++++++++++++++++++++++-------
> >>>>    1 file changed, 45 insertions(+), 13 deletions(-)
> >>>>
> >>>> diff --git a/lib/librte_security/rte_security.c
> >>>> b/lib/librte_security/rte_security.c
> >>>> index bc81ce15d..40a0e9ce5 100644
> >>>> --- a/lib/librte_security/rte_security.c
> >>>> +++ b/lib/librte_security/rte_security.c
> >>>> @@ -1,6 +1,7 @@
> >>>>    /* SPDX-License-Identifier: BSD-3-Clause
> >>>>     * Copyright 2017 NXP.
> >>>>     * Copyright(c) 2017 Intel Corporation.
> >>>> + * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights
> >>>> + Reserved
> >>>>     */
> >>>>
> >>>>    #include <rte_malloc.h>
> >>>> @@ -9,6 +10,12 @@
> >>>>    #include "rte_security.h"
> >>>>    #include "rte_security_driver.h"
> >>>>
> >>>> +/* Macro to check for invalid pointers */
> >>>> +#define RTE_PTR_OR_ERR_RET(ptr, retval) do {	\
> >>>> +	if ((ptr) == NULL)			\
> >>>> +		return retval;			\
> >>>> +} while (0)
> >>>> +
> >>>>    struct rte_security_session *
> >>>>    rte_security_session_create(struct rte_security_ctx *instance,
> >>>>    			    struct rte_security_session_conf *conf, @@ -16,10
> >>>> +23,11 @@ rte_security_session_create(struct rte_security_ctx
> >>>> +*instance,  {
> >>>>    	struct rte_security_session *sess = NULL;
> >>>>
> >>>> -	if (conf == NULL)
> >>>> -		return NULL;
> >>>> -
> >>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_create, NULL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance, NULL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_create, NULL);
> >>> [Anoob] The above three lines are repeated for every op NULL check.
> >>> Can we
> >> introduce one macro for doing all the three checks? In case if it
> >> doesn't come off well, we can stick to individual checks.
> >> Done. Will appear in 2nd version of patches.
> >>>> +	RTE_PTR_OR_ERR_RET(conf, NULL);
> >>>> +	RTE_PTR_OR_ERR_RET(mp, NULL);
> >>>>
> >>>>    	if (rte_mempool_get(mp, (void **)&sess))
> >>>>    		return NULL;
> >>>> @@ -38,14 +46,20 @@ rte_security_session_update(struct
> >>>> rte_security_ctx *instance,
> >>>>    			    struct rte_security_session *sess,
> >>>>    			    struct rte_security_session_conf *conf)  {
> >>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_update, -
> >>>> ENOTSUP);
> >>>> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_update, -ENOTSUP);
> >>>> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
> >>>> +	RTE_PTR_OR_ERR_RET(conf, -EINVAL);
> >>>>    	return instance->ops->session_update(instance->device, sess,
> >>>> conf);  }
> >>>>
> >>>>    unsigned int
> >>>>    rte_security_session_get_size(struct rte_security_ctx *instance)  {
> >>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
> >>>> +	RTE_PTR_OR_ERR_RET(instance, 0);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops, 0);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_get_size, 0);
> >>>>    	return instance->ops->session_get_size(instance->device);
> >>>>    }
> >>>>
> >>>> @@ -54,7 +68,11 @@ rte_security_session_stats_get(struct
> >>>> rte_security_ctx *instance,
> >>>>    			       struct rte_security_session *sess,
> >>>>    			       struct rte_security_stats *stats)  {
> >>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_stats_get, -
> >>>> ENOTSUP);
> >>>> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_stats_get, -ENOTSUP);
> >>>> +	// Parameter sess can be NULL in case of getting global statistics.
> >>> [Anoob] Checkpatch error.
> >>> ERROR:C99_COMMENTS: do not use C99 // comments
> >> Done. Will appear in 2nd version of patches.
> >>>> +	RTE_PTR_OR_ERR_RET(stats, -EINVAL);
> >>>>    	return instance->ops->session_stats_get(instance->device, sess,
> >>>> stats); }
> >>>>
> >>>> @@ -64,7 +82,10 @@ rte_security_session_destroy(struct
> >>>> rte_security_ctx *instance,  {
> >>>>    	int ret;
> >>>>
> >>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_destroy, -
> >>>> ENOTSUP);
> >>>> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_destroy, -ENOTSUP);
> >>>> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
> >>>>
> >>>>    	if (instance->sess_cnt)
> >>>>    		instance->sess_cnt--;
> >>>> @@ -81,7 +102,11 @@ rte_security_set_pkt_metadata(struct
> >>>> rte_security_ctx *instance,
> >>>>    			      struct rte_security_session *sess,
> >>>>    			      struct rte_mbuf *m, void *params)  {
> >>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -
> >>>> ENOTSUP);
> >>>> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops->set_pkt_metadata, -ENOTSUP);
> >>> [Anoob] set_pkt_metadata() and get_userdata() are datapath ops. So
> >>> can you
> >> introduce a config option to enable/disable the checks.
> >>> Please check,
> >>> https://urldefense.proofpoint.com/v2/url?u=https-
> 3A__protect2.fireeye.com_url-3Fk-3Deee8020a-2Db37699e0-2Deee98945-
> 2D0cc47a6cba04-2D561954f3424eceea-26q-3D1-26u-3Dhttps-253A-252F-
> 252Furldefense.proofpoint.com-252Fv2-252Furl-253Fu-253Dhttps-2D3A-5F-
> 5Fprotect2.fireeye&d=DwIDaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRS
> xyLWs2n6B-WYLn1v9SyTMrT5EQqh2TU&m=fTGxo5Mh9jPA0-
> xv8XSAtZpHD9TZebCJWW9PGcElYmA&s=vENm9fIBE5DENCAaeYTeYFwK__g06Jv
> K-lyOiJh-VL0&e= .
> >>> com_url-3Fk-3Dc52d8c32-2D98e14097-2Dc52c077d-2D0cc47a30d446-
> >> 2Dc1b9d873
> >>> e3e59cc4-26u-3Dhttp-3A__code.dpdk.org_dpdk_latest_source_lib_librte-
> >>> 5F
> >>> ethdev_rte-5Fethdev.h-
> >> 23L4372&d=DwIDaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB
> >>> 8rwwviRSxyLWs2n6B-
> >> WYLn1v9SyTMrT5EQqh2TU&m=aTo18FDvqHQBghOAhbi7x0f6EuX7
> >>
> wZHTUtsRRloZ9Bw&s=TXpv6uQZW1WwB_Av3vCaHeUaibQzA0ypUUqnPy5aQlE
> >> &e=
> >> Could you explain a bit further?
> >>
> >> Do you propose to make checks inside #ifdef RTE_LIBRTE_SECURITY_DEBUG
> >> or so?
> > [Anoob] Yes. You will need to introduce a new config flag
> (RTE_LIBRTE_SECURITY_DEBUG) and based on that, the error checks can be
> enabled/disabled.
> >
> >> And do you have all checks or just sess and m on mind?
> > [Anoob] I think we should have all checks under the config option.
> >
> >> The instance->ops->function checks were already there without any
> >> config options in all API functions.
> > [Anoob] Must have slipped through. Thanks for pointing it out.
> >
> >>>> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
> >>>> +	RTE_PTR_OR_ERR_RET(m, -EINVAL);
> >>>>    	return instance->ops->set_pkt_metadata(instance->device,
> >>>>    					       sess, m, params);
> >>>>    }
> >>>> @@ -91,7 +116,9 @@ rte_security_get_userdata(struct
> >>>> rte_security_ctx *instance, uint64_t md)  {
> >>>>    	void *userdata = NULL;
> >>>>
> >>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance, NULL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops->get_userdata, NULL);
> >>>>    	if (instance->ops->get_userdata(instance->device, md, &userdata))
> >>>>    		return NULL;
> >>>>
> >>>> @@ -101,7 +128,9 @@ rte_security_get_userdata(struct
> >>>> rte_security_ctx *instance, uint64_t md)  const struct
> >>>> rte_security_capability * rte_security_capabilities_get(struct
> rte_security_ctx *instance)  {
> >>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance, NULL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops->capabilities_get, NULL);
> >>>>    	return instance->ops->capabilities_get(instance->device);
> >>>>    }
> >>>>
> >>>> @@ -113,7 +142,10 @@ rte_security_capability_get(struct
> >>>> rte_security_ctx *instance,
> >>>>    	const struct rte_security_capability *capability;
> >>>>    	uint16_t i = 0;
> >>>>
> >>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance, NULL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
> >>>> +	RTE_PTR_OR_ERR_RET(instance->ops->capabilities_get, NULL);
> >>>> +	RTE_PTR_OR_ERR_RET(idx, NULL);
> >>>>    	capabilities =
> >>>> instance->ops->capabilities_get(instance->device);
> >>>>
> >>>>    	if (capabilities == NULL)
> >>>> @@ -121,7 +153,7 @@ rte_security_capability_get(struct
> >>>> rte_security_ctx *instance,
> >>>>
> >>>>    	while ((capability = &capabilities[i++])->action
> >>>>    			!= RTE_SECURITY_ACTION_TYPE_NONE) {
> >>>> -		if (capability->action  == idx->action &&
> >>>> +		if (capability->action == idx->action &&
> >>>>    				capability->protocol == idx->protocol) {
> >>>>    			if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
> >> {
> >>>>    				if (capability->ipsec.proto ==
> >>>> --
> >>>> 2.17.1
> >> --
> >>
> >> Lukasz Wojciechowski
> >> Principal Software Engineer
> >>
> >> Samsung R&D Institute Poland
> >> Samsung Electronics
> >> Office +48 22 377 88 25
> >> l.wojciechow@partner.samsung.com
> 
> --
> 
> Lukasz Wojciechowski
> Principal Software Engineer
> 
> Samsung R&D Institute Poland
> Samsung Electronics
> Office +48 22 377 88 25
> l.wojciechow@partner.samsung.com


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v2 00/13] Fixes and unit tests for librte_security
       [not found]   ` <CGME20200408031435eucas1p23b452d748e39e46c626f695b7f55096a@eucas1p2.samsung.com>
@ 2020-04-08  3:13     ` Lukasz Wojciechowski
       [not found]       ` <CGME20200408031447eucas1p1376332353faa0d217e7be8c32271405f@eucas1p1.samsung.com>
                         ` (13 more replies)
  0 siblings, 14 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08  3:13 UTC (permalink / raw)
  Cc: dev

Set of patches fix minor issues like proper verification of input
parameters and aligning documentation with code in the matter of return
values. Another fixed issue is invalid decrementation of the session
counter which might cause inconsistency between counter values and a true
number of sessions.

All of these issues (and all the librte_security) code is covered with
unit tests. The tests are added to dpdk-test application and can be
launched with "security_autotest" command.

---
v2:
* Fix patches' topics for librte_security to security
* Introduce CONFIG_RTE_LIBRTE_SECURITY_DEBUG flag and:
** make it disabled by default
** verify parameters in dataplane API calls only when option is enabled
** skip tests of code disabled by the option
* Add Fixes tags
* Introduce RTE_PTR_CHAIN3_OR_ERR_RET macro for doing 3 chain checks
* Removed C99 style comments
* Remove check of m parameter in rte_security_set_pkt_metadata
* Fix code style warnings

Lukasz Wojciechowski (13):
  security: fix verification of parameters
  security: fix return types in documentation
  security: fix session counter
  app/test: fix macro definition
  app/test: introduce librte security tests
  app/test: add rte security session update tests
  app/test: add rte security session get size tests
  app/test: add rte security session stats get tests
  app/test: add rte security session destroy tests
  app/test: add rte security set pkt metadata tests
  app/test: add rte security get userdata tests
  app/test: add rte security capabilities get tests
  app/test: add rte security capability get tests

 app/test/Makefile                  |    2 +
 app/test/meson.build               |    3 +
 app/test/test.h                    |    4 +-
 app/test/test_security.c           | 2435 ++++++++++++++++++++++++++++
 config/common_base                 |    1 +
 lib/librte_security/rte_security.c |   71 +-
 lib/librte_security/rte_security.h |    8 +-
 7 files changed, 2502 insertions(+), 22 deletions(-)
 create mode 100644 app/test/test_security.c

-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v2 01/13] security: fix verification of parameters
       [not found]       ` <CGME20200408031447eucas1p1376332353faa0d217e7be8c32271405f@eucas1p1.samsung.com>
@ 2020-04-08  3:13         ` Lukasz Wojciechowski
  2020-04-08 12:54           ` Thomas Monjalon
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08  3:13 UTC (permalink / raw)
  To: Thomas Monjalon, Akhil Goyal, Declan Doherty, Aviad Yehezkel,
	Boris Pismenny, Radu Nicolau, Anoob Joseph
  Cc: dev, stable

This patch adds verification of the parameters to the ret_security API
functions. All required parameters are checked if they are not NULL.

Checks verify full chain of pointers, e.g. in case of verification of
"instance->ops->session_XXX", they check also "instance"
and "instance->ops".

Fixes: c261d1431bd8 ("security: introduce security API and framework")
Cc: akhil.goyal@nxp.com

Fixes: 1a08c379b9b5 ("security: support user data retrieval")
Cc: anoob.joseph@caviumnetworks.com

Cc: stable@dpdk.org

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 config/common_base                 |  1 +
 lib/librte_security/rte_security.c | 59 +++++++++++++++++++++++-------
 2 files changed, 47 insertions(+), 13 deletions(-)

diff --git a/config/common_base b/config/common_base
index c31175f9d..ef1cdbb62 100644
--- a/config/common_base
+++ b/config/common_base
@@ -695,6 +695,7 @@ CONFIG_RTE_LIBRTE_PMD_NITROX=y
 # Compile generic security library
 #
 CONFIG_RTE_LIBRTE_SECURITY=y
+CONFIG_RTE_LIBRTE_SECURITY_DEBUG=n
 
 #
 # Compile generic compression device library
diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index bc81ce15d..f1b4a894e 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  * Copyright 2017 NXP.
  * Copyright(c) 2017 Intel Corporation.
+ * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
  */
 
 #include <rte_malloc.h>
@@ -9,6 +10,19 @@
 #include "rte_security.h"
 #include "rte_security_driver.h"
 
+/* Macro to check for invalid pointers */
+#define RTE_PTR_OR_ERR_RET(ptr, retval) do {	\
+	if ((ptr) == NULL)			\
+		return retval;			\
+} while (0)
+
+/* Macro to check for invalid pointers chains */
+#define RTE_PTR_CHAIN3_OR_ERR_RET(p1, p2, p3, retval, last_retval) do {	\
+	RTE_PTR_OR_ERR_RET(p1, retval);					\
+	RTE_PTR_OR_ERR_RET(p1->p2, retval);				\
+	RTE_PTR_OR_ERR_RET(p1->p2->p3, last_retval);			\
+} while (0)
+
 struct rte_security_session *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
@@ -16,10 +30,9 @@ rte_security_session_create(struct rte_security_ctx *instance,
 {
 	struct rte_security_session *sess = NULL;
 
-	if (conf == NULL)
-		return NULL;
-
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_create, NULL);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
+	RTE_PTR_OR_ERR_RET(conf, NULL);
+	RTE_PTR_OR_ERR_RET(mp, NULL);
 
 	if (rte_mempool_get(mp, (void **)&sess))
 		return NULL;
@@ -38,14 +51,19 @@ rte_security_session_update(struct rte_security_ctx *instance,
 			    struct rte_security_session *sess,
 			    struct rte_security_session_conf *conf)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_update, -ENOTSUP);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
+			-ENOTSUP);
+	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
+	RTE_PTR_OR_ERR_RET(conf, -EINVAL);
+
 	return instance->ops->session_update(instance->device, sess, conf);
 }
 
 unsigned int
 rte_security_session_get_size(struct rte_security_ctx *instance)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_get_size, 0, 0);
+
 	return instance->ops->session_get_size(instance->device);
 }
 
@@ -54,7 +72,11 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
 			       struct rte_security_session *sess,
 			       struct rte_security_stats *stats)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_stats_get, -ENOTSUP);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
+			-ENOTSUP);
+	/* Parameter sess can be NULL in case of getting global statistics. */
+	RTE_PTR_OR_ERR_RET(stats, -EINVAL);
+
 	return instance->ops->session_stats_get(instance->device, sess, stats);
 }
 
@@ -64,7 +86,9 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 {
 	int ret;
 
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_destroy, -ENOTSUP);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL,
+			-ENOTSUP);
+	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
 
 	if (instance->sess_cnt)
 		instance->sess_cnt--;
@@ -81,7 +105,11 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 			      struct rte_security_session *sess,
 			      struct rte_mbuf *m, void *params)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -ENOTSUP);
+#ifdef RTE_LIBRTE_SECURITY_DEBUG
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, set_pkt_metadata, -EINVAL,
+			-ENOTSUP);
+	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
+#endif
 	return instance->ops->set_pkt_metadata(instance->device,
 					       sess, m, params);
 }
@@ -91,7 +119,9 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
 {
 	void *userdata = NULL;
 
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
+#ifdef RTE_LIBRTE_SECURITY_DEBUG
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, get_userdata, NULL, NULL);
+#endif
 	if (instance->ops->get_userdata(instance->device, md, &userdata))
 		return NULL;
 
@@ -101,7 +131,8 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
 const struct rte_security_capability *
 rte_security_capabilities_get(struct rte_security_ctx *instance)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL);
+
 	return instance->ops->capabilities_get(instance->device);
 }
 
@@ -113,7 +144,9 @@ rte_security_capability_get(struct rte_security_ctx *instance,
 	const struct rte_security_capability *capability;
 	uint16_t i = 0;
 
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL);
+	RTE_PTR_OR_ERR_RET(idx, NULL);
+
 	capabilities = instance->ops->capabilities_get(instance->device);
 
 	if (capabilities == NULL)
@@ -121,7 +154,7 @@ rte_security_capability_get(struct rte_security_ctx *instance,
 
 	while ((capability = &capabilities[i++])->action
 			!= RTE_SECURITY_ACTION_TYPE_NONE) {
-		if (capability->action  == idx->action &&
+		if (capability->action == idx->action &&
 				capability->protocol == idx->protocol) {
 			if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC) {
 				if (capability->ipsec.proto ==
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v2 02/13] security: fix return types in documentation
       [not found]       ` <CGME20200408031448eucas1p2b36997fc73f5b5e2aadb6e4bb965063b@eucas1p2.samsung.com>
@ 2020-04-08  3:13         ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08  3:13 UTC (permalink / raw)
  To: Akhil Goyal, Declan Doherty, Aviad Yehezkel, Boris Pismenny,
	Radu Nicolau
  Cc: dev, stable

Enhance returned values description for rte_security_session_destroy
and some other minor description changes.

Fixes: c261d1431bd8 ("security: introduce security API and framework")
Cc: akhil.goyal@nxp.com

Cc: stable@dpdk.org

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 lib/librte_security/rte_security.h | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index ef47118fa..747830d67 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -378,7 +378,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
  * @param   conf	update configuration parameters
  * @return
  *  - On success returns 0
- *  - On failure return errno
+ *  - On failure returns a negative errno value.
  */
 __rte_experimental
 int
@@ -403,12 +403,14 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
  * return it to its original mempool.
  *
  * @param   instance	security instance
- * @param   sess	security session to freed
+ * @param   sess	security session to be freed
  *
  * @return
  *  - 0 if successful.
- *  - -EINVAL if session is NULL.
+ *  - -EINVAL if session or context instance is NULL.
  *  - -EBUSY if not all device private data has been freed.
+ *  - -ENOTSUP if destroying private data is not supported.
+ *  - other negative values in case of freeing private data errors.
  */
 int
 rte_security_session_destroy(struct rte_security_ctx *instance,
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v2 03/13] security: fix session counter
       [not found]       ` <CGME20200408031448eucas1p2d6df7ff419bb093606a2f9115297f45a@eucas1p2.samsung.com>
@ 2020-04-08  3:13         ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08  3:13 UTC (permalink / raw)
  To: Akhil Goyal, Declan Doherty, Radu Nicolau, Boris Pismenny,
	Aviad Yehezkel
  Cc: dev, stable

Fix session counter to be decreased in rte_security_session_destroy
only when session was successfully destroyed.

Formerly session counter was decreased prior session destroying
and returning session object to mempool. It remained decreased even
if session was not destroyed and mempool object released making counter
invalid.

Fixes: c261d1431bd8 ("security: introduce security API and framework")
Cc: akhil.goyal@nxp.com

Cc: stable@dpdk.org

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 lib/librte_security/rte_security.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index f1b4a894e..ae57d3421 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -90,14 +90,16 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 			-ENOTSUP);
 	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
 
+	ret = instance->ops->session_destroy(instance->device, sess);
+	if (ret != 0)
+		return ret;
+
+	rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess);
+
 	if (instance->sess_cnt)
 		instance->sess_cnt--;
 
-	ret = instance->ops->session_destroy(instance->device, sess);
-	if (!ret)
-		rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess);
-
-	return ret;
+	return 0;
 }
 
 int
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v2 04/13] app/test: fix macro definition
       [not found]       ` <CGME20200408031449eucas1p1ca89719463cbaf29e9f7c81beaec88c2@eucas1p1.samsung.com>
@ 2020-04-08  3:13         ` Lukasz Wojciechowski
  2020-04-08 12:53           ` Thomas Monjalon
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08  3:13 UTC (permalink / raw)
  To: Thomas Monjalon, Pavan Nikhilesh, Jerin Jacob; +Cc: dev, stable

Wrap RTE_TEST_TRACE_FAILURE macro definition into #ifndef clause
as it might be already defined.

Fixes: 5afc521eac6a ("eal: add test assert macros")
Cc: pbhagavatula@caviumnetworks.com

Cc: stable@dpdk.org

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/test/test.h b/app/test/test.h
index ac0c50616..8ac581cbc 100644
--- a/app/test/test.h
+++ b/app/test/test.h
@@ -22,7 +22,9 @@
 # define TEST_TRACE_FAILURE(_file, _line, _func)
 #endif
 
-#define RTE_TEST_TRACE_FAILURE TEST_TRACE_FAILURE
+#ifndef RTE_TEST_TRACE_FAILURE
+# define RTE_TEST_TRACE_FAILURE TEST_TRACE_FAILURE
+#endif
 
 #include <rte_test.h>
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v2 05/13] app/test: introduce librte security tests
       [not found]       ` <CGME20200408031450eucas1p1a0b6ca84cbac2f7542212e185de1ddf5@eucas1p1.samsung.com>
@ 2020-04-08  3:13         ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08  3:13 UTC (permalink / raw)
  Cc: dev

This patch introduces set of unit tests of librte_security API functions.
Tests are added to dpdk-test application and can be run with
"security_autotest" runtime command.

This is the first patch in the series of patches as adding all test cases
for all API functions in a single patch would make it unreadable.

This patch defines structure of the file and necessary test framework
initialization. It also contains first subset of unit tests for
rte_security_session_create API function.

Structure of the tests file is following:
- macros for making tests more readable;
- mockup structures and functions for rte_security_ops;
- test suite and test cases setup and teardown functions;
- tests functions;
- declaration of testcases.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/Makefile        |   2 +
 app/test/meson.build     |   3 +
 app/test/test_security.c | 683 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 688 insertions(+)
 create mode 100644 app/test/test_security.c

diff --git a/app/test/Makefile b/app/test/Makefile
index 1f080d162..153610a32 100644
--- a/app/test/Makefile
+++ b/app/test/Makefile
@@ -231,6 +231,8 @@ SRCS-$(CONFIG_RTE_LIBRTE_BPF) += test_bpf.c
 
 SRCS-$(CONFIG_RTE_LIBRTE_RCU) += test_rcu_qsbr.c test_rcu_qsbr_perf.c
 
+SRCS-$(CONFIG_RTE_LIBRTE_SECURITY) += test_security.c
+
 SRCS-$(CONFIG_RTE_LIBRTE_IPSEC) += test_ipsec.c
 SRCS-$(CONFIG_RTE_LIBRTE_IPSEC) += test_ipsec_sad.c
 ifeq ($(CONFIG_RTE_LIBRTE_IPSEC),y)
diff --git a/app/test/meson.build b/app/test/meson.build
index 351d29cb6..f3c775b34 100644
--- a/app/test/meson.build
+++ b/app/test/meson.build
@@ -103,6 +103,7 @@ test_sources = files('commands.c',
 	'test_ring_perf.c',
 	'test_rwlock.c',
 	'test_sched.c',
+	'test_security.c',
 	'test_service_cores.c',
 	'test_spinlock.c',
 	'test_stack.c',
@@ -150,6 +151,7 @@ test_deps = ['acl',
 	'reorder',
 	'rib',
 	'ring',
+	'security',
 	'stack',
 	'timer'
 ]
@@ -211,6 +213,7 @@ fast_tests = [
         ['rwlock_rds_wrm_autotest', true],
         ['rwlock_rde_wro_autotest', true],
         ['sched_autotest', true],
+		['security_autotest', false],
         ['spinlock_autotest', true],
         ['stack_autotest', false],
         ['stack_lf_autotest', false],
diff --git a/app/test/test_security.c b/app/test/test_security.c
new file mode 100644
index 000000000..3fc83abae
--- /dev/null
+++ b/app/test/test_security.c
@@ -0,0 +1,683 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+
+#include <rte_errno.h>
+#include <rte_log.h>
+#include <rte_memory.h>
+#include <rte_mempool.h>
+#include <rte_security.h>
+#include <rte_security_driver.h>
+
+/* Before including rte_test.h file you can define
+ * RTE_TEST_TRACE_FAILURE(_file, _line, _func) macro to better trace/debug test
+ * failures. Mostly useful in development phase.
+ */
+#ifndef RTE_TEST_TRACE_FAILURE
+#define RTE_TEST_TRACE_FAILURE(_file, _line, _func) \
+	RTE_LOG(DEBUG, EAL, "in %s:%d %s\n", _file, _line, _func)
+#endif
+
+#include <rte_test.h>
+#include "test.h"
+
+/**
+ * Security
+ * =======
+ *
+ * Basic unit tests of the librte_security API.
+ *
+ * Structure of the file:
+ * - macros for making tests more readable;
+ * - mockup structures and functions for rte_security_ops;
+ * - test suite and test cases setup and teardown functions;
+ * - tests functions;
+ * - declaration of testcases.
+ */
+
+
+/**
+ * Macros
+ *
+ * Set of macros for making tests easier to read.
+ */
+
+/**
+ * Verify condition inside mocked up function.
+ * Mockup function cannot return a test error, so the failure
+ * of assertion increases counter and print logs.
+ * The counter can be verified later to check if test case should fail.
+ *
+ * @param   fail_counter	fail counter
+ * @param   cond	condition expected to be true
+ * @param   msg	printf style formatting string for custom message
+ */
+#define MOCK_TEST_ASSERT(fail_counter, cond, msg, ...) do {		\
+	if (!(cond)) {							\
+		fail_counter++;						\
+		RTE_LOG(DEBUG, EAL, "Test assert %s line %d failed: "	\
+				msg "\n", __func__, __LINE__,		\
+				 ##__VA_ARGS__);			\
+		RTE_TEST_TRACE_FAILURE(__FILE__, __LINE__, __func__);	\
+	}								\
+} while (0)
+
+/**
+ * Verify equality condition inside mocked up function.
+ * Mockup function cannot return a test error, so the failure
+ * of assertion increases counter and print logs.
+ * The counter can be verified later to check if test case should fail.
+ *
+ * @param   fail_counter	fail counter
+ * @param   a	first value of comparison
+ * @param   b	second value of comparison
+ * @param   msg	printf style formatting string for custom message
+ */
+#define MOCK_TEST_ASSERT_EQUAL(fail_counter, a, b, msg, ...)	\
+	MOCK_TEST_ASSERT(fail_counter, (a) == (b), msg, ##__VA_ARGS__)
+
+
+/**
+ * Verify if parameter of the mocked up function matches expected value.
+ * The expected value is stored in data structure in the field matching
+ * parameter name.
+ *
+ * @param   data	structure with expected values
+ * @param   parameter	name of the parameter (both field and parameter name)
+ * @param   spec	printf style spec for parameter
+ */
+#define MOCK_TEST_ASSERT_PARAMETER(data, parameter, spec)		\
+	MOCK_TEST_ASSERT_EQUAL(data.failed, data.parameter, parameter,	\
+			"Expecting parameter %s to be " spec		\
+			" but it's " spec, RTE_STR(parameter),		\
+			data.parameter, parameter)
+
+/**
+ * Wrap for MOCK_TEST_ASSERT_PARAMETER macro for pointer type parameters.
+ *
+ * @param   data	structure with expected values
+ * @param   parameter	name of the parameter (both field and parameter name)
+ */
+#define MOCK_TEST_ASSERT_POINTER_PARAMETER(data, parameter)	\
+	MOCK_TEST_ASSERT_PARAMETER(data, parameter, "%p")
+
+/**
+ * Verify number of calls of the mocked up function
+ * and check if there were any fails during execution.
+ * The fails statistics inside mocked up functions are collected
+ * as "failed" field in mockup structures.
+ *
+ * @param   mock_data	structure with statistics (called, failed)
+ * @param   exp_calls	expected number of mockup function calls
+ */
+#define TEST_ASSERT_MOCK_CALLS(mock_data, exp_calls) do {		\
+	TEST_ASSERT_EQUAL(exp_calls, mock_data.called,			\
+			"Expecting sub op to be called %d times, "	\
+			"but it's called %d times",			\
+			exp_calls, mock_data.called);			\
+	TEST_ASSERT_EQUAL(0, mock_data.failed,				\
+			"Expecting sub op asserts not to fail, "	\
+			"but they're failed %d times",			\
+			mock_data.failed);				\
+} while (0)
+
+/**
+ * Assert tested function result match expected value
+ *
+ * @param   f_name	name of tested function
+ * @param   f_ret	value returned by the function
+ * @param   exp_ret	expected returned value
+ * @param   fmt		printf style format for returned value
+ */
+#define TEST_ASSERT_MOCK_FUNCTION_CALL_RET(f_name, f_ret, exp_ret, fmt)	\
+	TEST_ASSERT_EQUAL(exp_ret, f_ret, "Expecting " RTE_STR(f_name)	\
+			" to return " fmt ", but it returned " fmt	\
+			"\n", exp_ret, f_ret)
+
+/**
+ * Assert tested function result is not NULL
+ *
+ * @param   f_name	name of tested function
+ * @param   f_ret	value returned by the function
+ */
+#define TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(f_name, f_ret)		\
+	TEST_ASSERT_NOT_NULL(f_ret, "Expecting " RTE_STR(f_name)	\
+			" to return not NULL\n")
+
+/**
+ * Verify that sess_cnt counter value matches expected
+ *
+ * @param   expected_sessions_count	expected counter value
+ */
+#define TEST_ASSERT_SESSION_COUNT(expected_sessions_count) do {		\
+	struct security_unittest_params *ut_params = &unittest_params;	\
+	TEST_ASSERT_EQUAL(expected_sessions_count,			\
+			ut_params->ctx.sess_cnt,			\
+			"Expecting session counter to be %u,"		\
+			" but it's %u",	expected_sessions_count,	\
+			ut_params->ctx.sess_cnt);			\
+} while (0)
+
+/**
+ * Verify usage of mempool by checking if number of allocated objects matches
+ * expectations. The mempool is used to manage objects for sessions data.
+ * A single object is acquired from mempool during session_create
+ * and put back in session_destroy.
+ *
+ * @param   expected_mempool_usage	expected number of used mempool objects
+ */
+#define TEST_ASSERT_MEMPOOL_USAGE(expected_mempool_usage) do {		\
+	struct security_testsuite_params *ts_params = &testsuite_params;\
+	unsigned int mempool_usage;					\
+	mempool_usage = rte_mempool_in_use_count(			\
+			ts_params->session_mpool);			\
+	TEST_ASSERT_EQUAL(expected_mempool_usage, mempool_usage,	\
+			"Expecting %u mempool allocations, "		\
+			"but there are %u allocated objects",		\
+			expected_mempool_usage, mempool_usage);		\
+} while (0)
+
+
+/**
+ * Mockup structures and functions for rte_security_ops;
+ *
+ * Set of structures for controlling mockup functions calls.
+ * Every mockup function X has its corresponding X_data structure
+ * and an instance of that structure X_exp.
+ * Structure contains parameters that a mockup function is expected
+ * to be called with, a value to return (.ret) and 2 statistics:
+ * .called (number of times the mockup function was called)
+ * and .failed (number of assertion fails during mockup function call).
+ *
+ * Mockup functions verify that the parameters they are called with match
+ * expected values. The expected values should be stored in corresponding
+ * structures prior to mockup functions call. Every failure of such
+ * verification increases .failed counter. Every call of mockup function
+ * increases .called counter. Function returns value stored in .ret field
+ * of the structure.
+ * In case of some parameters in some functions the expected value is unknown
+ * and cannot be detrmined prior to call. Such parameters are stored
+ * in structure and can be compared or analyzed later in test case code.
+ *
+ * Below structures and functions follow the rules just described.
+ * Additional remarks and exceptions are added in comments.
+ */
+
+/**
+ * session_create mockup
+ *
+ * Verified parameters: device, conf, mp.
+ * Saved, not verified parameters: sess.
+ */
+static struct mock_session_create_data {
+	void *device;
+	struct rte_security_session_conf *conf;
+	struct rte_security_session *sess;
+	struct rte_mempool *mp;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_session_create_exp = {NULL, NULL, NULL, NULL, 0, 0, 0};
+
+static int
+mock_session_create(void *device,
+		struct rte_security_session_conf *conf,
+		struct rte_security_session *sess,
+		struct rte_mempool *mp)
+{
+	mock_session_create_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, conf);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, mp);
+
+	mock_session_create_exp.sess = sess;
+
+	return mock_session_create_exp.ret;
+}
+
+/**
+ * session_destroy mockup
+ *
+ * Verified parameters: device, sess.
+ */
+static struct mock_session_destroy_data {
+	void *device;
+	struct rte_security_session *sess;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_session_destroy_exp = {NULL, NULL, 0, 0, 0};
+
+static int
+mock_session_destroy(void *device, struct rte_security_session *sess)
+{
+	mock_session_destroy_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, device);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, sess);
+
+	return mock_session_destroy_exp.ret;
+}
+
+/**
+ * empty_ops
+ *
+ * is an empty security operations set (all function pointers set to NULL)
+ */
+struct rte_security_ops empty_ops = { NULL };
+
+/**
+ * mock_ops
+ *
+ * is a security operations set using mockup functions
+ */
+struct rte_security_ops mock_ops = {
+	.session_create = mock_session_create,
+	.session_destroy = mock_session_destroy,
+};
+
+
+/**
+ * Test suite and test cases setup and teardown functions.
+ */
+
+/**
+ * struct security_testsuite_params defines parameters initialized once
+ * for whole tests suite.
+ * Currently the only stored parameter is session_mpool a mempool created
+ * once in testsuite_setup and released in testsuite_teardown.
+ * The instance of this structure is stored in testsuite_params variable.
+ */
+static struct security_testsuite_params {
+	struct rte_mempool *session_mpool;
+} testsuite_params = { NULL };
+
+/**
+ * struct security_unittest_params defines parameters initialized
+ * for every test case. The parameters are initialized in ut_setup
+ * and released in ut_teardown.
+ * The instance of this structure is stored in unittest_params variable.
+ */
+static struct security_unittest_params {
+	struct rte_security_ctx ctx;
+	struct rte_security_session_conf conf;
+	struct rte_security_session *sess;
+} unittest_params = {
+	.ctx = {
+		.device = NULL,
+		.ops = &mock_ops,
+		.sess_cnt = 0,
+	},
+	.sess = NULL,
+};
+
+#define SECURITY_TEST_MEMPOOL_NAME "SecurityTestsMempoolName"
+#define SECURITY_TEST_MEMPOOL_SIZE 15
+#define SECURITY_TEST_SESSION_OBJECT_SIZE sizeof(struct rte_security_session)
+
+/**
+ * testsuite_setup initializes whole test suite parameters.
+ * It creates a new mempool used in all test cases
+ * and verifies if it properly created.
+ */
+static int
+testsuite_setup(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	ts_params->session_mpool = rte_mempool_create(
+			SECURITY_TEST_MEMPOOL_NAME,
+			SECURITY_TEST_MEMPOOL_SIZE,
+			SECURITY_TEST_SESSION_OBJECT_SIZE,
+			0, 0, NULL, NULL, NULL, NULL,
+			SOCKET_ID_ANY, 0);
+	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
+			"Cannot create mempool %s\n", rte_strerror(rte_errno));
+	return TEST_SUCCESS;
+}
+
+/**
+ * testsuite_teardown releases test suite wide parameters.
+ */
+static void
+testsuite_teardown(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	if (ts_params->session_mpool) {
+		rte_mempool_free(ts_params->session_mpool);
+		ts_params->session_mpool = NULL;
+	}
+}
+
+/**
+ * ut_setup initializes test case parameters to default values.
+ * It resets also any .called and .failed statistics of mockup functions
+ * usage.
+ */
+static int
+ut_setup(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.device = NULL;
+	ut_params->ctx.ops = &mock_ops;
+	ut_params->ctx.sess_cnt = 0;
+	ut_params->sess = NULL;
+
+	mock_session_create_exp.called = 0;
+	mock_session_destroy_exp.called = 0;
+
+	mock_session_create_exp.failed = 0;
+	mock_session_destroy_exp.failed = 0;
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * destroy_session_with_check is a helper function releasing session
+ * created with rte_security_session_create and stored in test case parameters.
+ * It's used both to release sessions created in test cases' bodies
+ * which are assigned to ut_params->sess
+ */
+static int
+destroy_session_with_check(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	if (ut_params->sess != NULL) {
+		/* Assure that mockup function for destroy operation is set. */
+		ut_params->ctx.ops = &mock_ops;
+
+		mock_session_destroy_exp.device = NULL;
+		mock_session_destroy_exp.sess = ut_params->sess;
+		mock_session_destroy_exp.ret = 0;
+		mock_session_destroy_exp.called = 0;
+		mock_session_destroy_exp.failed = 0;
+
+		int ret = rte_security_session_destroy(&ut_params->ctx,
+				ut_params->sess);
+		TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+				ret, 0, "%d");
+		TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
+
+		ut_params->sess = NULL;
+	}
+	return TEST_SUCCESS;
+}
+
+/**
+ * ut_teardown releases test case parameters.
+ */
+static void
+ut_teardown(void)
+{
+	destroy_session_with_check();
+}
+
+
+/**
+ * Test functions
+ *
+ * Each test function is related to a single test case.
+ * They are arranged by tested rte_security API function
+ * and by rte_security execution paths sequence in code.
+ */
+
+/**
+ * rte_security_session_create tests
+ */
+
+/**
+ * Test execution of rte_security_session_create with NULL instance
+ */
+static int
+test_session_create_inv_context(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	sess = rte_security_session_create(NULL, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_session_create_inv_context_ops(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	ut_params->ctx.ops = NULL;
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create with empty
+ * security operations
+ */
+static int
+test_session_create_inv_context_ops_fun(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	ut_params->ctx.ops = &empty_ops;
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create with NULL conf parameter
+ */
+static int
+test_session_create_inv_configuration(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	sess = rte_security_session_create(&ut_params->ctx, NULL,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create with NULL mp parameter
+ */
+static int
+test_session_create_inv_mempool(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create in case when mempool
+ * is fully used and no object can be got from it
+ */
+static int
+test_session_create_mempool_empty(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
+	struct rte_security_session *sess;
+
+	/* Get all available objects from mempool. */
+	int i, ret;
+	for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i) {
+		ret = rte_mempool_get(ts_params->session_mpool,
+				(void **)(&tmp[i]));
+		TEST_ASSERT_EQUAL(0, ret,
+				"Expect getting %d object from mempool"
+				" to succeed", i);
+	}
+	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	/* Put objects back to the pool. */
+	for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i)
+		rte_mempool_put(ts_params->session_mpool, (void *)(tmp[i]));
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create when session_create
+ * security operation fails
+ */
+static int
+test_session_create_ops_failure(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	mock_session_create_exp.device = NULL;
+	mock_session_create_exp.conf = &ut_params->conf;
+	mock_session_create_exp.mp = ts_params->session_mpool;
+	mock_session_create_exp.ret = -1;	/* Return failure status. */
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create in successful execution path
+ */
+static int
+test_session_create_success(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	mock_session_create_exp.device = NULL;
+	mock_session_create_exp.conf = &ut_params->conf;
+	mock_session_create_exp.mp = ts_params->session_mpool;
+	mock_session_create_exp.ret = 0;	/* Return success status. */
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
+			sess);
+	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
+			"Expecting session_create to be called with %p sess"
+			" parameter, but it's called %p sess parameter",
+			sess, mock_session_create_exp.sess);
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	/*
+	 * Store created session in test case parameters, so it can be released
+	 * after test case in ut_teardown by destroy_session_with_check.
+	 */
+	ut_params->sess = sess;
+
+	return TEST_SUCCESS;
+}
+
+
+/**
+ * Declaration of testcases
+ */
+static struct unit_test_suite security_testsuite  = {
+	.suite_name = "generic security",
+	.setup = testsuite_setup,
+	.teardown = testsuite_teardown,
+	.unit_test_cases = {
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_session_create_inv_context),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_session_create_inv_context_ops),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_session_create_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_session_create_inv_configuration),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_session_create_inv_mempool),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_session_create_mempool_empty),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_session_create_ops_failure),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_session_create_success),
+
+		TEST_CASES_END() /**< NULL terminate unit test array */
+	}
+};
+
+static int
+test_security(void)
+{
+	rte_log_set_global_level(RTE_LOG_DEBUG);
+	rte_log_set_level(RTE_LOGTYPE_EAL, RTE_LOG_DEBUG);
+
+	return unit_test_suite_runner(&security_testsuite);
+}
+
+REGISTER_TEST_COMMAND(security_autotest, test_security);
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v2 06/13] app/test: add rte security session update tests
       [not found]       ` <CGME20200408031451eucas1p2769ae9d814ef1ccd286407767054e117@eucas1p2.samsung.com>
@ 2020-04-08  3:13         ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08  3:13 UTC (permalink / raw)
  Cc: dev

Add unit tests for rte_security_session_update function.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test_security.c | 229 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 229 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index 3fc83abae..daaf30b62 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -238,6 +238,36 @@ mock_session_create(void *device,
 	return mock_session_create_exp.ret;
 }
 
+/**
+ * session_update mockup
+ *
+ * Verified parameters: device, sess, conf.
+ */
+static struct mock_session_update_data {
+	void *device;
+	struct rte_security_session *sess;
+	struct rte_security_session_conf *conf;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_session_update_exp = {NULL, NULL, NULL, 0, 0, 0};
+
+static int
+mock_session_update(void *device,
+		struct rte_security_session *sess,
+		struct rte_security_session_conf *conf)
+{
+	mock_session_update_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_update_exp, device);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_update_exp, sess);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_update_exp, conf);
+
+	return mock_session_update_exp.ret;
+}
+
 /**
  * session_destroy mockup
  *
@@ -278,6 +308,7 @@ struct rte_security_ops empty_ops = { NULL };
  */
 struct rte_security_ops mock_ops = {
 	.session_create = mock_session_create,
+	.session_update = mock_session_update,
 	.session_destroy = mock_session_destroy,
 };
 
@@ -300,6 +331,7 @@ static struct security_testsuite_params {
 /**
  * struct security_unittest_params defines parameters initialized
  * for every test case. The parameters are initialized in ut_setup
+ * or ut_setup_with_session (depending on the testcase)
  * and released in ut_teardown.
  * The instance of this structure is stored in unittest_params variable.
  */
@@ -368,9 +400,11 @@ ut_setup(void)
 	ut_params->sess = NULL;
 
 	mock_session_create_exp.called = 0;
+	mock_session_update_exp.called = 0;
 	mock_session_destroy_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
+	mock_session_update_exp.failed = 0;
 	mock_session_destroy_exp.failed = 0;
 
 	return TEST_SUCCESS;
@@ -381,6 +415,7 @@ ut_setup(void)
  * created with rte_security_session_create and stored in test case parameters.
  * It's used both to release sessions created in test cases' bodies
  * which are assigned to ut_params->sess
+ * as well as sessions created in ut_setup_with_session.
  */
 static int
 destroy_session_with_check(void)
@@ -416,6 +451,46 @@ ut_teardown(void)
 	destroy_session_with_check();
 }
 
+/**
+ * ut_setup_with_session initializes test case parameters by
+ * - calling standard ut_setup,
+ * - creating a session that can be used in test case.
+ */
+static int
+ut_setup_with_session(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct rte_security_session *sess;
+
+	int ret = ut_setup();
+	if (ret != TEST_SUCCESS)
+		return ret;
+
+	mock_session_create_exp.device = NULL;
+	mock_session_create_exp.conf = &ut_params->conf;
+	mock_session_create_exp.mp = ts_params->session_mpool;
+	mock_session_create_exp.ret = 0;
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
+			sess);
+	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
+			"Expecting session_create to be called with %p sess"
+			" parameter, but it's called %p sess parameter",
+			sess, mock_session_create_exp.sess);
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
+
+	/*
+	 * Store created session in test case parameters, so it can be released
+	 * after test case in ut_teardown by destroy_session_with_check.
+	 */
+	ut_params->sess = sess;
+
+	return TEST_SUCCESS;
+}
+
 
 /**
  * Test functions
@@ -642,6 +717,145 @@ test_session_create_success(void)
 }
 
 
+/**
+ * rte_security_session_update tests
+ */
+
+/**
+ * Test execution of rte_security_session_update with NULL instance
+ */
+static int
+test_session_update_inv_context(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	int ret = rte_security_session_update(NULL, ut_params->sess,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_session_update_inv_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = NULL;
+
+	int ret = rte_security_session_update(&ut_params->ctx, ut_params->sess,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update with empty
+ * security operations
+ */
+static int
+test_session_update_inv_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = &empty_ops;
+
+	int ret = rte_security_session_update(&ut_params->ctx, ut_params->sess,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -ENOTSUP, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update with NULL conf parameter
+ */
+static int
+test_session_update_inv_configuration(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	int ret = rte_security_session_update(&ut_params->ctx, ut_params->sess,
+			NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update with NULL sess parameter
+ */
+static int
+test_session_update_inv_session(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	int ret = rte_security_session_update(&ut_params->ctx, NULL,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update when session_update
+ * security operation fails
+ */
+static int
+test_session_update_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_update_exp.device = NULL;
+	mock_session_update_exp.sess = ut_params->sess;
+	mock_session_update_exp.conf = &ut_params->conf;
+	mock_session_update_exp.ret = -1;	/* Return failure status. */
+
+	int ret = rte_security_session_update(&ut_params->ctx, ut_params->sess,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -1, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update in successful execution path
+ */
+static int
+test_session_update_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_update_exp.device = NULL;
+	mock_session_update_exp.sess = ut_params->sess;
+	mock_session_update_exp.conf = &ut_params->conf;
+	mock_session_update_exp.ret = 0;	/* Return success status. */
+
+	int ret = rte_security_session_update(&ut_params->ctx, ut_params->sess,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, 0, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -667,6 +881,21 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_session_create_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_update_inv_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_update_inv_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_update_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_update_inv_configuration),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_update_inv_session),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_update_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_update_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v2 07/13] app/test: add rte security session get size tests
       [not found]       ` <CGME20200408031451eucas1p2313bee1d227e5966fb37c5326aa72529@eucas1p2.samsung.com>
@ 2020-04-08  3:13         ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08  3:13 UTC (permalink / raw)
  Cc: dev

Add unit tests for rte_security_session_get_size function.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test_security.c | 132 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 132 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index daaf30b62..9c5e7d0da 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -268,6 +268,30 @@ mock_session_update(void *device,
 	return mock_session_update_exp.ret;
 }
 
+/**
+ * session_get_size mockup
+ *
+ * Verified parameters: device.
+ */
+static struct mock_session_get_size_data {
+	void *device;
+
+	unsigned int ret;
+
+	int called;
+	int failed;
+} mock_session_get_size_exp = {NULL, 0U, 0, 0};
+
+static unsigned int
+mock_session_get_size(void *device)
+{
+	mock_session_get_size_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_get_size_exp, device);
+
+	return mock_session_get_size_exp.ret;
+}
+
 /**
  * session_destroy mockup
  *
@@ -309,6 +333,7 @@ struct rte_security_ops empty_ops = { NULL };
 struct rte_security_ops mock_ops = {
 	.session_create = mock_session_create,
 	.session_update = mock_session_update,
+	.session_get_size = mock_session_get_size,
 	.session_destroy = mock_session_destroy,
 };
 
@@ -401,10 +426,12 @@ ut_setup(void)
 
 	mock_session_create_exp.called = 0;
 	mock_session_update_exp.called = 0;
+	mock_session_get_size_exp.called = 0;
 	mock_session_destroy_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
 	mock_session_update_exp.failed = 0;
+	mock_session_get_size_exp.failed = 0;
 	mock_session_destroy_exp.failed = 0;
 
 	return TEST_SUCCESS;
@@ -856,6 +883,100 @@ test_session_update_success(void)
 }
 
 
+/**
+ * rte_security_session_get_size tests
+ */
+
+/**
+ * Test execution of rte_security_session_get_size with NULL instance
+ */
+static int
+test_session_get_size_inv_context(void)
+{
+	unsigned int ret = rte_security_session_get_size(NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_get_size,
+			ret, 0, "%u");
+	TEST_ASSERT_MOCK_CALLS(mock_session_get_size_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_get_size with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_session_get_size_inv_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = NULL;
+
+	unsigned int ret = rte_security_session_get_size(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_get_size,
+			ret, 0, "%u");
+	TEST_ASSERT_MOCK_CALLS(mock_session_get_size_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_get_size with empty
+ * security operations
+ */
+static int
+test_session_get_size_inv_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = &empty_ops;
+
+	unsigned int ret = rte_security_session_get_size(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_get_size,
+			ret, 0, "%u");
+	TEST_ASSERT_MOCK_CALLS(mock_session_get_size_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_get_size when session_get_size
+ * security operation fails
+ */
+static int
+test_session_get_size_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_get_size_exp.device = NULL;
+	mock_session_get_size_exp.ret = 0;
+
+	unsigned int ret = rte_security_session_get_size(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_get_size,
+			ret, 0, "%u");
+	TEST_ASSERT_MOCK_CALLS(mock_session_get_size_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_get_size in successful execution path
+ */
+static int
+test_session_get_size_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_get_size_exp.device = NULL;
+	mock_session_get_size_exp.ret = 1024;
+
+	unsigned int ret = rte_security_session_get_size(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_get_size,
+			ret, 1024U, "%u");
+	TEST_ASSERT_MOCK_CALLS(mock_session_get_size_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -896,6 +1017,17 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_session_update_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_get_size_inv_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_get_size_inv_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_get_size_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_get_size_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_get_size_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v2 08/13] app/test: add rte security session stats get tests
       [not found]       ` <CGME20200408031452eucas1p2f75a75363e148c54f38b01b9a9a0ea47@eucas1p2.samsung.com>
@ 2020-04-08  3:13         ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08  3:13 UTC (permalink / raw)
  Cc: dev

Add unit tests for rte_security_session_stats_get function.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test_security.c | 173 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 173 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index 9c5e7d0da..c495449b0 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -292,6 +292,36 @@ mock_session_get_size(void *device)
 	return mock_session_get_size_exp.ret;
 }
 
+/**
+ * session_stats_get mockup
+ *
+ * Verified parameters: device, sess, stats.
+ */
+static struct mock_session_stats_get_data {
+	void *device;
+	struct rte_security_session *sess;
+	struct rte_security_stats *stats;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_session_stats_get_exp = {NULL, NULL, NULL, 0, 0, 0};
+
+static int
+mock_session_stats_get(void *device,
+		struct rte_security_session *sess,
+		struct rte_security_stats *stats)
+{
+	mock_session_stats_get_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_stats_get_exp, device);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_stats_get_exp, sess);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_stats_get_exp, stats);
+
+	return mock_session_stats_get_exp.ret;
+}
+
 /**
  * session_destroy mockup
  *
@@ -334,6 +364,7 @@ struct rte_security_ops mock_ops = {
 	.session_create = mock_session_create,
 	.session_update = mock_session_update,
 	.session_get_size = mock_session_get_size,
+	.session_stats_get = mock_session_stats_get,
 	.session_destroy = mock_session_destroy,
 };
 
@@ -427,11 +458,13 @@ ut_setup(void)
 	mock_session_create_exp.called = 0;
 	mock_session_update_exp.called = 0;
 	mock_session_get_size_exp.called = 0;
+	mock_session_stats_get_exp.called = 0;
 	mock_session_destroy_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
 	mock_session_update_exp.failed = 0;
 	mock_session_get_size_exp.failed = 0;
+	mock_session_stats_get_exp.failed = 0;
 	mock_session_destroy_exp.failed = 0;
 
 	return TEST_SUCCESS;
@@ -977,6 +1010,133 @@ test_session_get_size_success(void)
 }
 
 
+/**
+ * rte_security_session_stats_get tests
+ */
+
+/**
+ * Test execution of rte_security_session_stats_get with NULL instance
+ */
+static int
+test_session_stats_get_inv_context(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_stats stats;
+
+	int ret = rte_security_session_stats_get(NULL, ut_params->sess, &stats);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_stats_get with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_session_stats_get_inv_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_stats stats;
+	ut_params->ctx.ops = NULL;
+
+	int ret = rte_security_session_stats_get(&ut_params->ctx,
+			ut_params->sess, &stats);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_stats_get with empty
+ * security operations
+ */
+static int
+test_session_stats_get_inv_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_stats stats;
+	ut_params->ctx.ops = &empty_ops;
+
+	int ret = rte_security_session_stats_get(&ut_params->ctx,
+			ut_params->sess, &stats);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, -ENOTSUP, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_stats_get with NULL stats parameter
+ */
+static int
+test_session_stats_get_inv_stats(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	int ret = rte_security_session_stats_get(&ut_params->ctx,
+			ut_params->sess, NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_stats_get when session_stats_get
+ * security operation fails
+ */
+static int
+test_session_stats_get_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_stats stats;
+
+	mock_session_stats_get_exp.device = NULL;
+	mock_session_stats_get_exp.sess = ut_params->sess;
+	mock_session_stats_get_exp.stats = &stats;
+	mock_session_stats_get_exp.ret = -1;
+
+	int ret = rte_security_session_stats_get(&ut_params->ctx,
+			ut_params->sess, &stats);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, -1, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_stats_get in successful execution
+ * path
+ */
+static int
+test_session_stats_get_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_stats stats;
+
+	mock_session_stats_get_exp.device = NULL;
+	mock_session_stats_get_exp.sess = ut_params->sess;
+	mock_session_stats_get_exp.stats = &stats;
+	mock_session_stats_get_exp.ret = 0;
+
+	int ret = rte_security_session_stats_get(&ut_params->ctx,
+			ut_params->sess, &stats);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, 0, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -1028,6 +1188,19 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_session_get_size_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_stats_get_inv_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_stats_get_inv_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_stats_get_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_stats_get_inv_stats),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_stats_get_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_stats_get_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v2 09/13] app/test: add rte security session destroy tests
       [not found]       ` <CGME20200408031452eucas1p1b4de173fadca62824b472b8a3dd69e32@eucas1p1.samsung.com>
@ 2020-04-08  3:13         ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08  3:13 UTC (permalink / raw)
  Cc: dev

Add unit tests for rte_security_session_destroy function.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test_security.c | 166 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 166 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index c495449b0..b1a907bd9 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -1137,6 +1137,159 @@ test_session_stats_get_success(void)
 }
 
 
+/**
+ * rte_security_session_destroy tests
+ */
+
+/**
+ * Test execution of rte_security_session_destroy with NULL instance
+ */
+static int
+test_session_destroy_inv_context(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(NULL, ut_params->sess);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_destroy with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_session_destroy_inv_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = NULL;
+
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(&ut_params->ctx,
+			ut_params->sess);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_destroy with empty
+ * security operations
+ */
+static int
+test_session_destroy_inv_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = &empty_ops;
+
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(&ut_params->ctx,
+			ut_params->sess);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, -ENOTSUP, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_destroy with NULL sess parameter
+ */
+static int
+test_session_destroy_inv_session(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(&ut_params->ctx, NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_destroy when session_destroy
+ * security operation fails
+ */
+static int
+test_session_destroy_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_destroy_exp.device = NULL;
+	mock_session_destroy_exp.sess = ut_params->sess;
+	mock_session_destroy_exp.ret = -1;
+
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(&ut_params->ctx,
+			ut_params->sess);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, -1, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_destroy in successful execution path
+ */
+static int
+test_session_destroy_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_destroy_exp.device = NULL;
+	mock_session_destroy_exp.sess = ut_params->sess;
+	mock_session_destroy_exp.ret = 0;
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(&ut_params->ctx,
+			ut_params->sess);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, 0, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	/*
+	 * Remove session from test case parameters, so it won't be destroyed
+	 * during test case teardown.
+	 */
+	ut_params->sess = NULL;
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -1201,6 +1354,19 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_session_stats_get_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_destroy_inv_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_destroy_inv_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_destroy_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_destroy_inv_session),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_destroy_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_destroy_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v2 10/13] app/test: add rte security set pkt metadata tests
       [not found]       ` <CGME20200408031453eucas1p15bf7f54b1a5b1ae7810a72c71bd6271c@eucas1p1.samsung.com>
@ 2020-04-08  3:13         ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08  3:13 UTC (permalink / raw)
  Cc: dev

Add unit tests for rte_security_set_pkt_metadata function.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test_security.c | 201 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 201 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index b1a907bd9..a1f0e7879 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -348,6 +348,39 @@ mock_session_destroy(void *device, struct rte_security_session *sess)
 	return mock_session_destroy_exp.ret;
 }
 
+/**
+ * set_pkt_metadata mockup
+ *
+ * Verified parameters: device, sess, m, params.
+ */
+static struct mock_set_pkt_metadata_data {
+	void *device;
+	struct rte_security_session *sess;
+	struct rte_mbuf *m;
+	void *params;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_set_pkt_metadata_exp = {NULL, NULL, NULL, NULL, 0, 0, 0};
+
+static int
+mock_set_pkt_metadata(void *device,
+		struct rte_security_session *sess,
+		struct rte_mbuf *m,
+		void *params)
+{
+	mock_set_pkt_metadata_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_set_pkt_metadata_exp, device);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_set_pkt_metadata_exp, sess);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_set_pkt_metadata_exp, m);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_set_pkt_metadata_exp, params);
+
+	return mock_set_pkt_metadata_exp.ret;
+}
+
 /**
  * empty_ops
  *
@@ -366,6 +399,7 @@ struct rte_security_ops mock_ops = {
 	.session_get_size = mock_session_get_size,
 	.session_stats_get = mock_session_stats_get,
 	.session_destroy = mock_session_destroy,
+	.set_pkt_metadata = mock_set_pkt_metadata,
 };
 
 
@@ -460,12 +494,14 @@ ut_setup(void)
 	mock_session_get_size_exp.called = 0;
 	mock_session_stats_get_exp.called = 0;
 	mock_session_destroy_exp.called = 0;
+	mock_set_pkt_metadata_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
 	mock_session_update_exp.failed = 0;
 	mock_session_get_size_exp.failed = 0;
 	mock_session_stats_get_exp.failed = 0;
 	mock_session_destroy_exp.failed = 0;
+	mock_set_pkt_metadata_exp.failed = 0;
 
 	return TEST_SUCCESS;
 }
@@ -1290,6 +1326,158 @@ test_session_destroy_success(void)
 }
 
 
+/**
+ * rte_security_set_pkt_metadata tests
+ */
+
+/**
+ * Test execution of rte_security_set_pkt_metadata with NULL instance
+ */
+static int
+test_set_pkt_metadata_inv_context(void)
+{
+#ifdef RTE_LIBRTE_SECURITY_DEBUG
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+
+	int ret = rte_security_set_pkt_metadata(NULL, ut_params->sess, &m,
+			&params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 0);
+
+	return TEST_SUCCESS;
+#else
+	return TEST_SKIPPED;
+#endif
+}
+
+/**
+ * Test execution of rte_security_set_pkt_metadata with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_set_pkt_metadata_inv_context_ops(void)
+{
+#ifdef RTE_LIBRTE_SECURITY_DEBUG
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+	ut_params->ctx.ops = NULL;
+
+	int ret = rte_security_set_pkt_metadata(&ut_params->ctx,
+			ut_params->sess, &m, &params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 0);
+
+	return TEST_SUCCESS;
+#else
+	return TEST_SKIPPED;
+#endif
+}
+
+/**
+ * Test execution of rte_security_set_pkt_metadata with empty
+ * security operations
+ */
+static int
+test_set_pkt_metadata_inv_context_ops_fun(void)
+{
+#ifdef RTE_LIBRTE_SECURITY_DEBUG
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+	ut_params->ctx.ops = &empty_ops;
+
+	int ret = rte_security_set_pkt_metadata(&ut_params->ctx,
+			ut_params->sess, &m, &params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, -ENOTSUP, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 0);
+
+	return TEST_SUCCESS;
+#else
+	return TEST_SKIPPED;
+#endif
+}
+
+/**
+ * Test execution of rte_security_set_pkt_metadata with NULL sess parameter
+ */
+static int
+test_set_pkt_metadata_inv_session(void)
+{
+#ifdef RTE_LIBRTE_SECURITY_DEBUG
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+
+	int ret = rte_security_set_pkt_metadata(&ut_params->ctx, NULL,
+			&m, &params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 0);
+
+	return TEST_SUCCESS;
+#else
+	return TEST_SKIPPED;
+#endif
+}
+
+/**
+ * Test execution of rte_security_set_pkt_metadata when set_pkt_metadata
+ * security operation fails
+ */
+static int
+test_set_pkt_metadata_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+
+	mock_set_pkt_metadata_exp.device = NULL;
+	mock_set_pkt_metadata_exp.sess = ut_params->sess;
+	mock_set_pkt_metadata_exp.m = &m;
+	mock_set_pkt_metadata_exp.params = &params;
+	mock_set_pkt_metadata_exp.ret = -1;
+
+	int ret = rte_security_set_pkt_metadata(&ut_params->ctx,
+			ut_params->sess, &m, &params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, -1, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_set_pkt_metadata in successful execution path
+ */
+static int
+test_set_pkt_metadata_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+
+	mock_set_pkt_metadata_exp.device = NULL;
+	mock_set_pkt_metadata_exp.sess = ut_params->sess;
+	mock_set_pkt_metadata_exp.m = &m;
+	mock_set_pkt_metadata_exp.params = &params;
+	mock_set_pkt_metadata_exp.ret = 0;
+
+	int ret = rte_security_set_pkt_metadata(&ut_params->ctx,
+			ut_params->sess, &m, &params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, 0, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -1367,6 +1555,19 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_session_destroy_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_set_pkt_metadata_inv_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_set_pkt_metadata_inv_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_set_pkt_metadata_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_set_pkt_metadata_inv_session),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_set_pkt_metadata_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_set_pkt_metadata_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v2 11/13] app/test: add rte security get userdata tests
       [not found]       ` <CGME20200408031453eucas1p1b26ad6b1f924b817e83fc2d2d61a0b0b@eucas1p1.samsung.com>
@ 2020-04-08  3:13         ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08  3:13 UTC (permalink / raw)
  Cc: dev

Add unit tests for rte_security_get_userdata function.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test_security.c | 191 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 191 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index a1f0e7879..230b53891 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -76,6 +76,19 @@
 #define MOCK_TEST_ASSERT_EQUAL(fail_counter, a, b, msg, ...)	\
 	MOCK_TEST_ASSERT(fail_counter, (a) == (b), msg, ##__VA_ARGS__)
 
+/**
+ * Verify not null condition inside mocked up function.
+ * Mockup function cannot return a test error, so the failure
+ * of assertion increases counter and print logs.
+ * The counter can be verified later to check if test case should fail.
+ *
+ * @param   fail_counter	fail counter
+ * @param   val	value expected not to be NULL
+ * @param   msg	printf style formatting string for custom message
+ */
+#define MOCK_TEST_ASSERT_NOT_NULL(fail_counter, val, msg, ...)	\
+	MOCK_TEST_ASSERT(fail_counter, (val) != NULL, msg, ##__VA_ARGS__)
+
 
 /**
  * Verify if parameter of the mocked up function matches expected value.
@@ -101,6 +114,15 @@
 #define MOCK_TEST_ASSERT_POINTER_PARAMETER(data, parameter)	\
 	MOCK_TEST_ASSERT_PARAMETER(data, parameter, "%p")
 
+/**
+ * Wrap for MOCK_TEST_ASSERT_PARAMETER macro for uint64_t type parameters.
+ *
+ * @param   data	structure with expected values
+ * @param   parameter	name of the parameter (both field and parameter name)
+ */
+#define MOCK_TEST_ASSERT_U64_PARAMETER(data, parameter)	\
+	MOCK_TEST_ASSERT_PARAMETER(data, parameter, "%" PRIu64)
+
 /**
  * Verify number of calls of the mocked up function
  * and check if there were any fails during execution.
@@ -381,6 +403,43 @@ mock_set_pkt_metadata(void *device,
 	return mock_set_pkt_metadata_exp.ret;
 }
 
+/**
+ * get_userdata mockup
+ *
+ * Verified parameters: device, md.
+ * The userdata parameter works as an output parameter, so a passed address
+ * is verified not to be NULL and filled with userdata stored in structure.
+ */
+static struct mock_get_userdata_data {
+	void *device;
+	uint64_t md;
+	void *userdata;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_get_userdata_exp = {NULL, 0UL, NULL, 0, 0, 0};
+
+static int
+mock_get_userdata(void *device,
+		uint64_t md,
+		void **userdata)
+{
+	mock_get_userdata_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_get_userdata_exp, device);
+	MOCK_TEST_ASSERT_U64_PARAMETER(mock_get_userdata_exp, md);
+
+	MOCK_TEST_ASSERT_NOT_NULL(mock_get_userdata_exp.failed,
+			userdata,
+			"Expecting parameter userdata not to be NULL but it's %p",
+			userdata);
+	*userdata = mock_get_userdata_exp.userdata;
+
+	return mock_get_userdata_exp.ret;
+}
+
 /**
  * empty_ops
  *
@@ -400,6 +459,7 @@ struct rte_security_ops mock_ops = {
 	.session_stats_get = mock_session_stats_get,
 	.session_destroy = mock_session_destroy,
 	.set_pkt_metadata = mock_set_pkt_metadata,
+	.get_userdata = mock_get_userdata,
 };
 
 
@@ -495,6 +555,7 @@ ut_setup(void)
 	mock_session_stats_get_exp.called = 0;
 	mock_session_destroy_exp.called = 0;
 	mock_set_pkt_metadata_exp.called = 0;
+	mock_get_userdata_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
 	mock_session_update_exp.failed = 0;
@@ -502,6 +563,7 @@ ut_setup(void)
 	mock_session_stats_get_exp.failed = 0;
 	mock_session_destroy_exp.failed = 0;
 	mock_set_pkt_metadata_exp.failed = 0;
+	mock_get_userdata_exp.failed = 0;
 
 	return TEST_SUCCESS;
 }
@@ -1478,6 +1540,124 @@ test_set_pkt_metadata_success(void)
 }
 
 
+/**
+ * rte_security_get_userdata tests
+ */
+
+/**
+ * Test execution of rte_security_get_userdata with NULL instance
+ */
+static int
+test_get_userdata_inv_context(void)
+{
+#ifdef RTE_LIBRTE_SECURITY_DEBUG
+	uint64_t md = 0xDEADBEEF;
+
+	void *ret = rte_security_get_userdata(NULL, md);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 0);
+
+	return TEST_SUCCESS;
+#else
+	return TEST_SKIPPED;
+#endif
+}
+
+/**
+ * Test execution of rte_security_get_userdata with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_get_userdata_inv_context_ops(void)
+{
+#ifdef RTE_LIBRTE_SECURITY_DEBUG
+	struct security_unittest_params *ut_params = &unittest_params;
+	uint64_t md = 0xDEADBEEF;
+	ut_params->ctx.ops = NULL;
+
+	void *ret = rte_security_get_userdata(&ut_params->ctx, md);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 0);
+
+	return TEST_SUCCESS;
+#else
+	return TEST_SKIPPED;
+#endif
+}
+
+/**
+ * Test execution of rte_security_get_userdata with empty
+ * security operations
+ */
+static int
+test_get_userdata_inv_context_ops_fun(void)
+{
+#ifdef RTE_LIBRTE_SECURITY_DEBUG
+	struct security_unittest_params *ut_params = &unittest_params;
+	uint64_t md = 0xDEADBEEF;
+	ut_params->ctx.ops = &empty_ops;
+
+	void *ret = rte_security_get_userdata(&ut_params->ctx, md);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 0);
+
+	return TEST_SUCCESS;
+#else
+	return TEST_SKIPPED;
+#endif
+}
+
+/**
+ * Test execution of rte_security_get_userdata when get_userdata
+ * security operation fails
+ */
+static int
+test_get_userdata_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	uint64_t md = 0xDEADBEEF;
+	void *userdata = (void *)0x7E577E57;
+
+	mock_get_userdata_exp.device = NULL;
+	mock_get_userdata_exp.md = md;
+	mock_get_userdata_exp.userdata = userdata;
+	mock_get_userdata_exp.ret = -1;
+
+	void *ret = rte_security_get_userdata(&ut_params->ctx, md);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_get_userdata in successful execution path
+ */
+static int
+test_get_userdata_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	uint64_t md = 0xDEADBEEF;
+	void *userdata = (void *)0x7E577E57;
+
+	mock_get_userdata_exp.device = NULL;
+	mock_get_userdata_exp.md = md;
+	mock_get_userdata_exp.userdata = userdata;
+	mock_get_userdata_exp.ret = 0;
+
+	void *ret = rte_security_get_userdata(&ut_params->ctx, md);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
+			ret, userdata, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -1568,6 +1748,17 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_set_pkt_metadata_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_get_userdata_inv_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_get_userdata_inv_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_get_userdata_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_get_userdata_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_get_userdata_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v2 12/13] app/test: add rte security capabilities get tests
       [not found]       ` <CGME20200408031454eucas1p112c6eded420bdcfdb09fad83bf485afb@eucas1p1.samsung.com>
@ 2020-04-08  3:13         ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08  3:13 UTC (permalink / raw)
  Cc: dev

Add unit tests for rte_security_capabilities_get function.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test_security.c | 138 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 138 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index 230b53891..9da81fa1d 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -440,6 +440,30 @@ mock_get_userdata(void *device,
 	return mock_get_userdata_exp.ret;
 }
 
+/**
+ * capabilities_get mockup
+ *
+ * Verified parameters: device.
+ */
+static struct mock_capabilities_get_data {
+	void *device;
+
+	struct rte_security_capability *ret;
+
+	int called;
+	int failed;
+} mock_capabilities_get_exp = {NULL, NULL, 0, 0};
+
+static const struct rte_security_capability *
+mock_capabilities_get(void *device)
+{
+	mock_capabilities_get_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_capabilities_get_exp, device);
+
+	return mock_capabilities_get_exp.ret;
+}
+
 /**
  * empty_ops
  *
@@ -460,6 +484,7 @@ struct rte_security_ops mock_ops = {
 	.session_destroy = mock_session_destroy,
 	.set_pkt_metadata = mock_set_pkt_metadata,
 	.get_userdata = mock_get_userdata,
+	.capabilities_get = mock_capabilities_get,
 };
 
 
@@ -556,6 +581,7 @@ ut_setup(void)
 	mock_session_destroy_exp.called = 0;
 	mock_set_pkt_metadata_exp.called = 0;
 	mock_get_userdata_exp.called = 0;
+	mock_capabilities_get_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
 	mock_session_update_exp.failed = 0;
@@ -564,6 +590,7 @@ ut_setup(void)
 	mock_session_destroy_exp.failed = 0;
 	mock_set_pkt_metadata_exp.failed = 0;
 	mock_get_userdata_exp.failed = 0;
+	mock_capabilities_get_exp.failed = 0;
 
 	return TEST_SUCCESS;
 }
@@ -1658,6 +1685,106 @@ test_get_userdata_success(void)
 }
 
 
+/**
+ * rte_security_capabilities_get tests
+ */
+
+/**
+ * Test execution of rte_security_capabilities_get with NULL instance
+ */
+static int
+test_capabilities_get_inv_context(void)
+{
+	const struct rte_security_capability *ret;
+	ret = rte_security_capabilities_get(NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capabilities_get with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_capabilities_get_inv_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = NULL;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capabilities_get(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capabilities_get with empty
+ * security operations
+ */
+static int
+test_capabilities_get_inv_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = &empty_ops;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capabilities_get(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capabilities_get when capabilities_get
+ * security operation fails
+ */
+static int
+test_capabilities_get_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = NULL;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capabilities_get(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capabilities_get in successful execution path
+ */
+static int
+test_capabilities_get_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability capabilities;
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = &capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capabilities_get(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get,
+			ret, &capabilities, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -1759,6 +1886,17 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_get_userdata_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capabilities_get_inv_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capabilities_get_inv_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capabilities_get_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capabilities_get_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capabilities_get_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v2 13/13] app/test: add rte security capability get tests
       [not found]       ` <CGME20200408031454eucas1p2e09e0ab0a1ffa5c657bcf35d89c40a55@eucas1p2.samsung.com>
@ 2020-04-08  3:13         ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08  3:13 UTC (permalink / raw)
  Cc: dev

Add unit tests for rte_security_capability_get function.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test_security.c | 522 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 522 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index 9da81fa1d..d5b76a127 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -1785,6 +1785,497 @@ test_capabilities_get_success(void)
 }
 
 
+/**
+ * rte_security_capability_get tests
+ */
+
+/**
+ * Test execution of rte_security_capability_get with NULL instance
+ */
+static int
+test_capability_get_inv_context(void)
+{
+	struct rte_security_capability_idx idx;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(NULL, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_capability_get_inv_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx;
+	ut_params->ctx.ops = NULL;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get with empty
+ * security operations
+ */
+static int
+test_capability_get_inv_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx;
+	ut_params->ctx.ops = &empty_ops;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get with NULL idx parameter
+ */
+static int
+test_capability_get_inv_idx(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities_get
+ * security operation fails
+ */
+static int
+test_capability_get_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx;
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = NULL;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * is empty (contains only RTE_SECURITY_ACTION_TYPE_NONE ending entry)
+ */
+static int
+test_capability_get_empty_table(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx;
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching action
+ */
+static int
+test_capability_get_no_matching_action(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching protocol
+ */
+static int
+test_capability_get_no_matching_protocol(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when macsec protocol
+ * is searched and capabilities table contain proper entry.
+ * However macsec records search is not supported in rte_security.
+ */
+static int
+test_capability_get_no_support_for_macsec(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching ipsec proto field
+ */
+static int
+test_capability_get_ipsec_mismatch_proto(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+			.ipsec = {
+				.proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching ipsec mode field
+ */
+static int
+test_capability_get_ipsec_mismatch_mode(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+			.ipsec = {
+				.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+				.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching ipsec direction field
+ */
+static int
+test_capability_get_ipsec_mismatch_dir(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+			.ipsec = {
+				.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+				.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+				.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * contains matching ipsec entry
+ */
+static int
+test_capability_get_ipsec_match(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+			.ipsec = {
+				.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+				.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+				.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, &capabilities[1], "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching pdcp domain field
+ */
+static int
+test_capability_get_pdcp_mismatch_domain(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp = {
+			.domain = RTE_SECURITY_PDCP_MODE_CONTROL,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+			.pdcp = {
+				.domain = RTE_SECURITY_PDCP_MODE_DATA,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * contains matching pdcp entry
+ */
+static int
+test_capability_get_pdcp_match(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp = {
+			.domain = RTE_SECURITY_PDCP_MODE_CONTROL,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+			.pdcp = {
+				.domain = RTE_SECURITY_PDCP_MODE_CONTROL,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, &capabilities[1], "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
 /**
  * Declaration of testcases
  */
@@ -1897,6 +2388,37 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_capabilities_get_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_inv_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_inv_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_inv_idx),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_empty_table),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_no_matching_action),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_no_matching_protocol),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_no_support_for_macsec),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_ipsec_mismatch_proto),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_ipsec_mismatch_mode),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_ipsec_mismatch_dir),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_ipsec_match),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_pdcp_mismatch_domain),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_pdcp_match),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [EXT] Re: [PATCH 01/13] librte_security: fix verification of parameters
  2020-04-07  6:20               ` Anoob Joseph
@ 2020-04-08  3:25                 ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08  3:25 UTC (permalink / raw)
  To: Anoob Joseph
  Cc: dev, Narayana Prasad Raju Athreya, Lukas Bartosik [C], Akhil Goyal

Hi,

I pushed the 2nd version of patches. I hope I understood all your 
comments well.

Many thanks,
Lukasz


W dniu 07.04.2020 o 08:20, Anoob Joseph pisze:
> Hi Lukasz,
>
> Please see inline.
>
> Thanks,
> Anoob
>
>> -----Original Message-----
>> From: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
>> Sent: Tuesday, April 7, 2020 12:19 AM
>> To: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org
>> Cc: Narayana Prasad Raju Athreya <pathreya@marvell.com>; Lukas Bartosik [C]
>> <lbartosik@marvell.com>
>> Subject: Re: [EXT] Re: [dpdk-dev] [PATCH 01/13] librte_security: fix verification
>> of parameters
>>
>> Dear Anoob,
>>
>> Thank you for your reply and hints.
> [Anoob] No mention!
>   
>> Now I have patches ready to send as version 2, but I hesitate, because I don't
>> like the idea of placing all checks in #ifdefs for RTE_LIBRTE_SECURITY_DEBUG
>> config option.
>>
>> Let me explain here why: The config flag as a debug one will be disabled by
>> default, which means, that normally nobody will use the checks.
>> I believe that it is much better to have checks enabled as most of them will save
>> the user of librte_security from segmentation faults, when trying to run
>> instance->ops functions that are not supported or use invalid mempool object. I
>> believe it will cause much less trouble to verify the error codes than to fight the
>> segfault.
> [Anoob] No disagreement. In fact this is exactly what is done with control path APIs. But for datapath APIs, the penalty of such checks is not trivial. I believe that's the argument for having the DEBUG config option in ethdev data path ops. Also, for cases like instance->ops being NULL, the user would get a seg fault with the first call itself and he can enable the config option to debug the segfault he is observing.
>
> As for invalid mempool object, I do agree that is one case where we are better off with per packet checks, but still perf impact would be there. In ethdev, the library doesn't do these checks and it would be upto the driver to have these checks if required. Same is the case with rte_cryptodev_enqueue_burst().
>   
>> It is also mentioned in the API description in few places that specific codes are
>> returned in case some operation is not supported. Can we make such a changes
>> in API, changing the current behavior from an error return code to segmentation
>> fault during execution?
> [Anoob] Did you mean, if we have to allow seg fault as a valid error case, better document it and remove the error codes getting returned? Again, I'm not sure whether we can document that seg fault is the error case. Atleast, in ethdev improper conditions can lead to seg fault but is not documented. May be, maintainers should comment on it.
>   
>> That's why I would like to keep all of the checks enabled and not placed inside
>> config option.
>>
>> However it would be nice to add the RTE_LIBRTE_SECURITY_DEBUG flag that
>> you mentioned for changing checks behavior, to additionally provide logs of
>> checks. This way a devloper using libret_security won't get a segmentation
>> faults but error codes. If [s]he wants to check the details he'll rebuild the library
>> with debug config option enabled and will be able to see all the details in logs,
>> so [s]he will be able to fix the code.
>>
>> What do you think about such usage of the config debug flag?
> [Anoob] I totally agree to your suggestions on preventing seg faults. But my only concern is the additional check and the corresponding perf penalty.
>
> May be let's look at the APIs and discuss what need to be handled how,
>
> int
> rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
> 			      struct rte_security_session *sess,
> 			      struct rte_mbuf *mb, void *params);
>
> instance -> NULL checks under config option
> sess -> NULL checks under config option
> mb -> possibly a datapath check. But can leave it to driver as well. (rte_cryptodev_enqueue_burst() also doesn't do these checks).
> Params -> can be NULL (so no check required).
>
> __rte_experimental
> void *
> rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
>
> instance -> NULL checks under config option
> md -> can be NULL (device specific values).
>
> Does this make sense to you?
>   
>> Best regards
>>
>> Lukasz
>>
>>
>> W dniu 05.04.2020 o 14:54, Anoob Joseph pisze:
>>
>>> Hi Lukasz,
>>>
>>> Please see inline.
>>>
>>> Thanks,
>>> Anoob
>>>
>>>> -----Original Message-----
>>>> From: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
>>>> Sent: Saturday, April 4, 2020 12:06 AM
>>>> To: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org
>>>> Cc: Narayana Prasad Raju Athreya <pathreya@marvell.com>; Lukas
>>>> Bartosik [C] <lbartosik@marvell.com>
>>>> Subject: [EXT] Re: [dpdk-dev] [PATCH 01/13] librte_security: fix
>>>> verification of parameters
>>>>
>>>> External Email
>>>>
>>>> ---------------------------------------------------------------------
>>>> -
>>>> Hi Anoob,
>>>>
>>>> Thank you very much for your review.
>>>> Please see my answers inline.
>>>>
>>>> Best regards,
>>>> Lukasz
>>>>
>>>>
>>>> W dniu 17.03.2020 o 13:59, Anoob Joseph pisze:
>>>>> Hi Lukasz,
>>>>>
>>>>> Please see inline.
>>>>>
>>>>> Thanks,
>>>>> Anoob
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: dev <dev-bounces@dpdk.org> On Behalf Of Lukasz Wojciechowski
>>>>>> Sent: Thursday, March 12, 2020 8:47 PM
>>>>>> To: dev@dpdk.org
>>>>>> Subject: [dpdk-dev] [PATCH 01/13] librte_security: fix verification
>>>>>> of parameters
>>>>> [Anoob] I believe the title has to be: "security: fix verification of
>> parameters"
>>>>> Also, you can add "Fixes" as well.
>>>> I changed the title and will push the new on in 2nd version of the
>>>> paches after I'll fix all other issues.
>>>>
>>>> How do you add a "Fixes" tag to a patch?
>>> [Anoob]
>>>
>>> Check the below link. It explains the format of the patch with fixes.
>>> https://protect2.fireeye.com/url?k=457094cb-18a428a3-45711f84-0cc47a3356b2-a0d1cb1b92aa19e8&u=https://urldefense.proofpoint.com/v2/url?u=https-3A__protect2.fireeye.
>>> com_url-3Fk-3D13e80549-2D4e769ea3-2D13e98e06-2D0cc47a6cba04-
>> 2D78f48282
>>> e990b416-26q-3D1-26u-3Dhttps-253A-252F-252Fdoc.dpdk.org-252Fguides-
>> 252
>>> Fcontributing-252Fpatches.html-2523commit-2Dmessages-
>> 2Dbody&d=DwIDaQ&c
>>> =nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyLWs2n6B-
>> WYLn1v9SyTMrT5EQqh2TU&
>>> m=fTGxo5Mh9jPA0-xv8XSAtZpHD9TZebCJWW9PGcElYmA&s=g2HlI0z81E0M5-
>> txF2U5Ag
>>> xEg0l3MHs4JT0O8AiHvm8&e=
>>>
>>>>>> This patch adds verification of the parameters to the ret_security
>>>>>> API
>>>> functions.
>>>>>> All required parameters are checked if they are not NULL.
>>>>>>
>>>>>> Checks verify full chain of pointers, e.g. in case of verification
>>>>>> of
>>>>>> "instance->ops-
>>>>>>> session_XXX", they check also "instance" and "instance->ops".
>>>>>> Signed-off-by: Lukasz Wojciechowski
>>>>>> <l.wojciechow@partner.samsung.com>
>>>>>> Change-Id: I1724c926a1a0a13fd16d76f19842a0b40fbea1b2
>>>>>> ---
>>>>>>     lib/librte_security/rte_security.c | 58 +++++++++++++++++++++++-------
>>>>>>     1 file changed, 45 insertions(+), 13 deletions(-)
>>>>>>
>>>>>> diff --git a/lib/librte_security/rte_security.c
>>>>>> b/lib/librte_security/rte_security.c
>>>>>> index bc81ce15d..40a0e9ce5 100644
>>>>>> --- a/lib/librte_security/rte_security.c
>>>>>> +++ b/lib/librte_security/rte_security.c
>>>>>> @@ -1,6 +1,7 @@
>>>>>>     /* SPDX-License-Identifier: BSD-3-Clause
>>>>>>      * Copyright 2017 NXP.
>>>>>>      * Copyright(c) 2017 Intel Corporation.
>>>>>> + * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights
>>>>>> + Reserved
>>>>>>      */
>>>>>>
>>>>>>     #include <rte_malloc.h>
>>>>>> @@ -9,6 +10,12 @@
>>>>>>     #include "rte_security.h"
>>>>>>     #include "rte_security_driver.h"
>>>>>>
>>>>>> +/* Macro to check for invalid pointers */
>>>>>> +#define RTE_PTR_OR_ERR_RET(ptr, retval) do {	\
>>>>>> +	if ((ptr) == NULL)			\
>>>>>> +		return retval;			\
>>>>>> +} while (0)
>>>>>> +
>>>>>>     struct rte_security_session *
>>>>>>     rte_security_session_create(struct rte_security_ctx *instance,
>>>>>>     			    struct rte_security_session_conf *conf, @@ -16,10
>>>>>> +23,11 @@ rte_security_session_create(struct rte_security_ctx
>>>>>> +*instance,  {
>>>>>>     	struct rte_security_session *sess = NULL;
>>>>>>
>>>>>> -	if (conf == NULL)
>>>>>> -		return NULL;
>>>>>> -
>>>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_create, NULL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance, NULL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_create, NULL);
>>>>> [Anoob] The above three lines are repeated for every op NULL check.
>>>>> Can we
>>>> introduce one macro for doing all the three checks? In case if it
>>>> doesn't come off well, we can stick to individual checks.
>>>> Done. Will appear in 2nd version of patches.
>>>>>> +	RTE_PTR_OR_ERR_RET(conf, NULL);
>>>>>> +	RTE_PTR_OR_ERR_RET(mp, NULL);
>>>>>>
>>>>>>     	if (rte_mempool_get(mp, (void **)&sess))
>>>>>>     		return NULL;
>>>>>> @@ -38,14 +46,20 @@ rte_security_session_update(struct
>>>>>> rte_security_ctx *instance,
>>>>>>     			    struct rte_security_session *sess,
>>>>>>     			    struct rte_security_session_conf *conf)  {
>>>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_update, -
>>>>>> ENOTSUP);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_update, -ENOTSUP);
>>>>>> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
>>>>>> +	RTE_PTR_OR_ERR_RET(conf, -EINVAL);
>>>>>>     	return instance->ops->session_update(instance->device, sess,
>>>>>> conf);  }
>>>>>>
>>>>>>     unsigned int
>>>>>>     rte_security_session_get_size(struct rte_security_ctx *instance)  {
>>>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance, 0);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, 0);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_get_size, 0);
>>>>>>     	return instance->ops->session_get_size(instance->device);
>>>>>>     }
>>>>>>
>>>>>> @@ -54,7 +68,11 @@ rte_security_session_stats_get(struct
>>>>>> rte_security_ctx *instance,
>>>>>>     			       struct rte_security_session *sess,
>>>>>>     			       struct rte_security_stats *stats)  {
>>>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_stats_get, -
>>>>>> ENOTSUP);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_stats_get, -ENOTSUP);
>>>>>> +	// Parameter sess can be NULL in case of getting global statistics.
>>>>> [Anoob] Checkpatch error.
>>>>> ERROR:C99_COMMENTS: do not use C99 // comments
>>>> Done. Will appear in 2nd version of patches.
>>>>>> +	RTE_PTR_OR_ERR_RET(stats, -EINVAL);
>>>>>>     	return instance->ops->session_stats_get(instance->device, sess,
>>>>>> stats); }
>>>>>>
>>>>>> @@ -64,7 +82,10 @@ rte_security_session_destroy(struct
>>>>>> rte_security_ctx *instance,  {
>>>>>>     	int ret;
>>>>>>
>>>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_destroy, -
>>>>>> ENOTSUP);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->session_destroy, -ENOTSUP);
>>>>>> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
>>>>>>
>>>>>>     	if (instance->sess_cnt)
>>>>>>     		instance->sess_cnt--;
>>>>>> @@ -81,7 +102,11 @@ rte_security_set_pkt_metadata(struct
>>>>>> rte_security_ctx *instance,
>>>>>>     			      struct rte_security_session *sess,
>>>>>>     			      struct rte_mbuf *m, void *params)  {
>>>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -
>>>>>> ENOTSUP);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance, -EINVAL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->set_pkt_metadata, -ENOTSUP);
>>>>> [Anoob] set_pkt_metadata() and get_userdata() are datapath ops. So
>>>>> can you
>>>> introduce a config option to enable/disable the checks.
>>>>> Please check,
>>>>> https://urldefense.proofpoint.com/v2/url?u=https-
>> 3A__protect2.fireeye.com_url-3Fk-3Deee8020a-2Db37699e0-2Deee98945-
>> 2D0cc47a6cba04-2D561954f3424eceea-26q-3D1-26u-3Dhttps-253A-252F-
>> 252Furldefense.proofpoint.com-252Fv2-252Furl-253Fu-253Dhttps-2D3A-5F-
>> 5Fprotect2.fireeye&d=DwIDaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRS
>> xyLWs2n6B-WYLn1v9SyTMrT5EQqh2TU&m=fTGxo5Mh9jPA0-
>> xv8XSAtZpHD9TZebCJWW9PGcElYmA&s=vENm9fIBE5DENCAaeYTeYFwK__g06Jv
>> K-lyOiJh-VL0&e= .
>>>>> com_url-3Fk-3Dc52d8c32-2D98e14097-2Dc52c077d-2D0cc47a30d446-
>>>> 2Dc1b9d873
>>>>> e3e59cc4-26u-3Dhttp-3A__code.dpdk.org_dpdk_latest_source_lib_librte-
>>>>> 5F
>>>>> ethdev_rte-5Fethdev.h-
>>>> 23L4372&d=DwIDaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB
>>>>> 8rwwviRSxyLWs2n6B-
>>>> WYLn1v9SyTMrT5EQqh2TU&m=aTo18FDvqHQBghOAhbi7x0f6EuX7
>>>>
>> wZHTUtsRRloZ9Bw&s=TXpv6uQZW1WwB_Av3vCaHeUaibQzA0ypUUqnPy5aQlE
>>>> &e=
>>>> Could you explain a bit further?
>>>>
>>>> Do you propose to make checks inside #ifdef RTE_LIBRTE_SECURITY_DEBUG
>>>> or so?
>>> [Anoob] Yes. You will need to introduce a new config flag
>> (RTE_LIBRTE_SECURITY_DEBUG) and based on that, the error checks can be
>> enabled/disabled.
>>>> And do you have all checks or just sess and m on mind?
>>> [Anoob] I think we should have all checks under the config option.
>>>
>>>> The instance->ops->function checks were already there without any
>>>> config options in all API functions.
>>> [Anoob] Must have slipped through. Thanks for pointing it out.
>>>
>>>>>> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
>>>>>> +	RTE_PTR_OR_ERR_RET(m, -EINVAL);
>>>>>>     	return instance->ops->set_pkt_metadata(instance->device,
>>>>>>     					       sess, m, params);
>>>>>>     }
>>>>>> @@ -91,7 +116,9 @@ rte_security_get_userdata(struct
>>>>>> rte_security_ctx *instance, uint64_t md)  {
>>>>>>     	void *userdata = NULL;
>>>>>>
>>>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance, NULL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->get_userdata, NULL);
>>>>>>     	if (instance->ops->get_userdata(instance->device, md, &userdata))
>>>>>>     		return NULL;
>>>>>>
>>>>>> @@ -101,7 +128,9 @@ rte_security_get_userdata(struct
>>>>>> rte_security_ctx *instance, uint64_t md)  const struct
>>>>>> rte_security_capability * rte_security_capabilities_get(struct
>> rte_security_ctx *instance)  {
>>>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance, NULL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->capabilities_get, NULL);
>>>>>>     	return instance->ops->capabilities_get(instance->device);
>>>>>>     }
>>>>>>
>>>>>> @@ -113,7 +142,10 @@ rte_security_capability_get(struct
>>>>>> rte_security_ctx *instance,
>>>>>>     	const struct rte_security_capability *capability;
>>>>>>     	uint16_t i = 0;
>>>>>>
>>>>>> -	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance, NULL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops, NULL);
>>>>>> +	RTE_PTR_OR_ERR_RET(instance->ops->capabilities_get, NULL);
>>>>>> +	RTE_PTR_OR_ERR_RET(idx, NULL);
>>>>>>     	capabilities =
>>>>>> instance->ops->capabilities_get(instance->device);
>>>>>>
>>>>>>     	if (capabilities == NULL)
>>>>>> @@ -121,7 +153,7 @@ rte_security_capability_get(struct
>>>>>> rte_security_ctx *instance,
>>>>>>
>>>>>>     	while ((capability = &capabilities[i++])->action
>>>>>>     			!= RTE_SECURITY_ACTION_TYPE_NONE) {
>>>>>> -		if (capability->action  == idx->action &&
>>>>>> +		if (capability->action == idx->action &&
>>>>>>     				capability->protocol == idx->protocol) {
>>>>>>     			if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
>>>> {
>>>>>>     				if (capability->ipsec.proto ==
>>>>>> --
>>>>>> 2.17.1
>>>> --
>>>>
>>>> Lukasz Wojciechowski
>>>> Principal Software Engineer
>>>>
>>>> Samsung R&D Institute Poland
>>>> Samsung Electronics
>>>> Office +48 22 377 88 25
>>>> l.wojciechow@partner.samsung.com
>> --
>>
>> Lukasz Wojciechowski
>> Principal Software Engineer
>>
>> Samsung R&D Institute Poland
>> Samsung Electronics
>> Office +48 22 377 88 25
>> l.wojciechow@partner.samsung.com

-- 

Lukasz Wojciechowski
Principal Software Engineer

Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 88 25
l.wojciechow@partner.samsung.com


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH v2 04/13] app/test: fix macro definition
  2020-04-08  3:13         ` [dpdk-dev] [PATCH v2 04/13] app/test: fix macro definition Lukasz Wojciechowski
@ 2020-04-08 12:53           ` Thomas Monjalon
  2020-04-08 16:15             ` Lukasz Wojciechowski
  0 siblings, 1 reply; 80+ messages in thread
From: Thomas Monjalon @ 2020-04-08 12:53 UTC (permalink / raw)
  To: Pavan Nikhilesh, Jerin Jacob, Lukasz Wojciechowski; +Cc: dev, stable

08/04/2020 05:13, Lukasz Wojciechowski:
> Wrap RTE_TEST_TRACE_FAILURE macro definition into #ifndef clause
> as it might be already defined.

I think it should not be defined at all.
Why not including rte_test.h?



^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH v2 01/13] security: fix verification of parameters
  2020-04-08  3:13         ` [dpdk-dev] [PATCH v2 01/13] security: fix verification of parameters Lukasz Wojciechowski
@ 2020-04-08 12:54           ` Thomas Monjalon
  2020-04-08 13:02             ` Anoob Joseph
  0 siblings, 1 reply; 80+ messages in thread
From: Thomas Monjalon @ 2020-04-08 12:54 UTC (permalink / raw)
  To: Lukasz Wojciechowski
  Cc: Akhil Goyal, Declan Doherty, Aviad Yehezkel, Boris Pismenny,
	Radu Nicolau, Anoob Joseph, dev, stable

08/04/2020 05:13, Lukasz Wojciechowski:
> This patch adds verification of the parameters to the ret_security API
> functions. All required parameters are checked if they are not NULL.
[...]
> --- a/config/common_base
> +++ b/config/common_base
>  CONFIG_RTE_LIBRTE_SECURITY=y
> +CONFIG_RTE_LIBRTE_SECURITY_DEBUG=n

Is it a leftover?




^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH v2 01/13] security: fix verification of parameters
  2020-04-08 12:54           ` Thomas Monjalon
@ 2020-04-08 13:02             ` Anoob Joseph
  2020-04-08 13:26               ` Thomas Monjalon
  0 siblings, 1 reply; 80+ messages in thread
From: Anoob Joseph @ 2020-04-08 13:02 UTC (permalink / raw)
  To: Thomas Monjalon, Lukasz Wojciechowski
  Cc: Akhil Goyal, Declan Doherty, Aviad Yehezkel, Boris Pismenny,
	Radu Nicolau, Anoob Joseph, dev, stable

Hi Thomas,

> 08/04/2020 05:13, Lukasz Wojciechowski:
> > This patch adds verification of the parameters to the ret_security API
> > functions. All required parameters are checked if they are not NULL.
> [...]
> > --- a/config/common_base
> > +++ b/config/common_base
> >  CONFIG_RTE_LIBRTE_SECURITY=y
> > +CONFIG_RTE_LIBRTE_SECURITY_DEBUG=n
> 
> Is it a leftover?
> 

[Anoob]  It is similar to 'RTE_LIBRTE_ETHDEV_DEBUG' for usage in datapath. Like in, http://code.dpdk.org/dpdk/latest/source/lib/librte_ethdev/rte_ethdev.h#L4378

Thanks,
Anoob

^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH v2 01/13] security: fix verification of parameters
  2020-04-08 13:02             ` Anoob Joseph
@ 2020-04-08 13:26               ` Thomas Monjalon
  2020-04-08 14:44                 ` [dpdk-dev] [EXT] " Anoob Joseph
  0 siblings, 1 reply; 80+ messages in thread
From: Thomas Monjalon @ 2020-04-08 13:26 UTC (permalink / raw)
  To: Lukasz Wojciechowski, Anoob Joseph
  Cc: Akhil Goyal, Declan Doherty, Aviad Yehezkel, Boris Pismenny,
	Radu Nicolau, Anoob Joseph, dev, stable

08/04/2020 15:02, Anoob Joseph:
> Hi Thomas,
> 
> > 08/04/2020 05:13, Lukasz Wojciechowski:
> > > This patch adds verification of the parameters to the ret_security API
> > > functions. All required parameters are checked if they are not NULL.
> > [...]
> > > --- a/config/common_base
> > > +++ b/config/common_base
> > >  CONFIG_RTE_LIBRTE_SECURITY=y
> > > +CONFIG_RTE_LIBRTE_SECURITY_DEBUG=n
> > 
> > Is it a leftover?
> > 
> 
> [Anoob]  It is similar to 'RTE_LIBRTE_ETHDEV_DEBUG' for usage in datapath. Like in, http://code.dpdk.org/dpdk/latest/source/lib/librte_ethdev/rte_ethdev.h#L4378

1/ I don't see it used in this patch
2/ Adding makefile-only option is weird
3/ Adding new compile-time options is discouraged



^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [EXT] Re: [PATCH v2 01/13] security: fix verification of parameters
  2020-04-08 13:26               ` Thomas Monjalon
@ 2020-04-08 14:44                 ` Anoob Joseph
  2020-04-08 15:49                   ` Lukasz Wojciechowski
  0 siblings, 1 reply; 80+ messages in thread
From: Anoob Joseph @ 2020-04-08 14:44 UTC (permalink / raw)
  To: Thomas Monjalon, Lukasz Wojciechowski
  Cc: Akhil Goyal, Declan Doherty, Aviad Yehezkel, Boris Pismenny,
	Radu Nicolau, Anoob Joseph, dev, stable

Hi Thomas,

> 
> ----------------------------------------------------------------------
> 08/04/2020 15:02, Anoob Joseph:
> > Hi Thomas,
> >
> > > 08/04/2020 05:13, Lukasz Wojciechowski:
> > > > This patch adds verification of the parameters to the ret_security
> > > > API functions. All required parameters are checked if they are not NULL.
> > > [...]
> > > > --- a/config/common_base
> > > > +++ b/config/common_base
> > > >  CONFIG_RTE_LIBRTE_SECURITY=y
> > > > +CONFIG_RTE_LIBRTE_SECURITY_DEBUG=n
> > >
> > > Is it a leftover?
> > >
> >
> > [Anoob]  It is similar to 'RTE_LIBRTE_ETHDEV_DEBUG' for usage in
> > datapath. Like in,
> > https://urldefense.proofpoint.com/v2/url?u=http-3A__code.dpdk.org_dpdk
> > _latest_source_lib_librte-5Fethdev_rte-5Fethdev.h-23L4378&d=DwICAg&c=n
> > KjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyLWs2n6B-
> WYLn1v9SyTMrT5EQqh2TU&m=
> >
> STCBgRhcnCb9M6MWQL9CUszLwy2r0NJ_3m93_D5UX3g&s=HVsD0LKZ2Q6UCW
> BSRvbw9beD
> > 7OtuQyWPrRrx9eofnz8&e=
> 
> 1/ I don't see it used in this patch

[Anoob] Following snippet uses.

+#ifdef RTE_LIBRTE_SECURITY_DEBUG
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, set_pkt_metadata, -EINVAL,
+			-ENOTSUP);
+	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
+#endif

> 2/ Adding makefile-only option is weird
> 3/ Adding new compile-time options is discouraged

[Anoob] This is only introduced for data path APIs. And the same approach is followed in eth dev as well.

Thanks,
Anoob

^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [EXT] Re: [PATCH v2 01/13] security: fix verification of parameters
  2020-04-08 14:44                 ` [dpdk-dev] [EXT] " Anoob Joseph
@ 2020-04-08 15:49                   ` Lukasz Wojciechowski
  2020-04-08 17:51                     ` Thomas Monjalon
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08 15:49 UTC (permalink / raw)
  To: Anoob Joseph, Thomas Monjalon
  Cc: Akhil Goyal, Declan Doherty, Aviad Yehezkel, Boris Pismenny,
	Radu Nicolau, Anoob Joseph, dev, stable

Hi guys,

I don't know what is the current status of "legacy" build using 
gnumakes, so I added the new DEBUG flag to config just as it was done in 
other libs like eventdev.
Many guides still point config files as the one that should be changed 
in order to enable some features, so I thought I should add it there.

If I understand well the official build system now is the one based on 
using meson and ninja, however it hasn't got anything similar to the 
gnamakefiles system, e.g.
in the meson.build file for libraries all the libraries have build 
variable set to true and there are few ifs that check it, but as it's 
set to true all libraries build always.
And each library considered there defines RTE_LIBRTE_[LIBRARY_NAME]. 
It's kind of weird.

    foreach l:libraries
    *    build = true**
    *    reason = '<unknown reason>' # set if build == false to explain why
         ...
    *    if not build*
             dpdk_libs_disabled += name
             set_variable(name.underscorify() + '_disable_reason', reason)
         else
             enabled_libs += name
    *dpdk_conf.set('RTE_LIBRTE_' + name.to_upper(), 1)*
         ...

Have you think about reusing config files in meson configuration and 
have a single point of configuration? Of course all meson flags can 
overwrite the default config.

Best regards
Lukasz


BTW
I got still some warnings from linters when processing Fixes flags. I 
used the fixline alias recommended on dpdk build manual, but the 
automated linter does not find the commits I mention there. What have I 
done wrong?


W dniu 08.04.2020 o 16:44, Anoob Joseph pisze:
> Hi Thomas,
>
>> ----------------------------------------------------------------------
>> 08/04/2020 15:02, Anoob Joseph:
>>> Hi Thomas,
>>>
>>>> 08/04/2020 05:13, Lukasz Wojciechowski:
>>>>> This patch adds verification of the parameters to the ret_security
>>>>> API functions. All required parameters are checked if they are not NULL.
>>>> [...]
>>>>> --- a/config/common_base
>>>>> +++ b/config/common_base
>>>>>   CONFIG_RTE_LIBRTE_SECURITY=y
>>>>> +CONFIG_RTE_LIBRTE_SECURITY_DEBUG=n
>>>> Is it a leftover?
>>>>
>>> [Anoob]  It is similar to 'RTE_LIBRTE_ETHDEV_DEBUG' for usage in
>>> datapath. Like in,
>>> https://protect2.fireeye.com/url?k=ebdcc0dd-b6100959-ebdd4b92-0cc47aa8f5ba-33f3beec7b92faf2&q=1&u=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__code.dpdk.org_dpdk
>>> _latest_source_lib_librte-5Fethdev_rte-5Fethdev.h-23L4378&d=DwICAg&c=n
>>> KjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyLWs2n6B-
>> WYLn1v9SyTMrT5EQqh2TU&m=
>> STCBgRhcnCb9M6MWQL9CUszLwy2r0NJ_3m93_D5UX3g&s=HVsD0LKZ2Q6UCW
>> BSRvbw9beD
>>> 7OtuQyWPrRrx9eofnz8&e=
>> 1/ I don't see it used in this patch
> [Anoob] Following snippet uses.
>
> +#ifdef RTE_LIBRTE_SECURITY_DEBUG
> +	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, set_pkt_metadata, -EINVAL,
> +			-ENOTSUP);
> +	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
> +#endif
>
>> 2/ Adding makefile-only option is weird
>> 3/ Adding new compile-time options is discouraged
> [Anoob] This is only introduced for data path APIs. And the same approach is followed in eth dev as well.
>
> Thanks,
> Anoob
>
-- 

Lukasz Wojciechowski
Principal Software Engineer

Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 88 25
l.wojciechow@partner.samsung.com


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH v2 04/13] app/test: fix macro definition
  2020-04-08 12:53           ` Thomas Monjalon
@ 2020-04-08 16:15             ` Lukasz Wojciechowski
  2020-04-08 17:47               ` Thomas Monjalon
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-08 16:15 UTC (permalink / raw)
  To: Thomas Monjalon, Pavan Nikhilesh, Jerin Jacob; +Cc: dev, stable

Hi Thomas,

Before my patch there was just a definition:
#define RTE_TEST_TRACE_FAILURE TEST_TRACE_FAILURE
without #ifndef condition.

It caused a build problem to me when working on security test, which 
uses both rte_test.h and test.h
As libraries should go first on the include list before local files I used:

#include <rte_test.h>
#include "test.h"

sequence, which cause obvious build error as RTE_TEST_TRACE_FAILURE was 
first defined as an empty macro inside rte_test.h, and redefinition in 
test.h caused a problem.


So I had two ways to solve the issue:
1) to wrap it with #ifndef condition and leave the definition there
2) to remove the redefinition from test.h

I've chosen the 1) solution because:
* Author of the former patch had placed the definition there for some 
purpose
* In my opinion it is better to have the definition present and pointing 
to the same macro for both RTE_TEST_TRACE_FAILURE and TEST_TRACE_FAILURE 
as it would make logs look more consistent when printing information the 
same way.

Best regards
Lukasz


W dniu 08.04.2020 o 14:53, Thomas Monjalon pisze:
> 08/04/2020 05:13, Lukasz Wojciechowski:
>> Wrap RTE_TEST_TRACE_FAILURE macro definition into #ifndef clause
>> as it might be already defined.
> I think it should not be defined at all.
> Why not including rte_test.h?
>
>
>
-- 

Lukasz Wojciechowski
Principal Software Engineer

Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 88 25
l.wojciechow@partner.samsung.com


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH v2 04/13] app/test: fix macro definition
  2020-04-08 16:15             ` Lukasz Wojciechowski
@ 2020-04-08 17:47               ` Thomas Monjalon
  2020-04-09 14:10                 ` Lukasz Wojciechowski
  0 siblings, 1 reply; 80+ messages in thread
From: Thomas Monjalon @ 2020-04-08 17:47 UTC (permalink / raw)
  To: Lukasz Wojciechowski; +Cc: Pavan Nikhilesh, Jerin Jacob, dev, stable

08/04/2020 18:15, Lukasz Wojciechowski:
> Hi Thomas,
> 
> Before my patch there was just a definition:
> #define RTE_TEST_TRACE_FAILURE TEST_TRACE_FAILURE
> without #ifndef condition.
> 
> It caused a build problem to me when working on security test, which 
> uses both rte_test.h and test.h
> As libraries should go first on the include list before local files I used:
> 
> #include <rte_test.h>
> #include "test.h"
> 
> sequence, which cause obvious build error as RTE_TEST_TRACE_FAILURE was 
> first defined as an empty macro inside rte_test.h, and redefinition in 
> test.h caused a problem.
> 
> 
> So I had two ways to solve the issue:
> 1) to wrap it with #ifndef condition and leave the definition there
> 2) to remove the redefinition from test.h
> 
> I've chosen the 1) solution because:
> * Author of the former patch had placed the definition there for some 
> purpose

Because rte_test.h is more recent and its addition was not complete enough.
rte_test.h should be included in test.h, and overlaps removed.

> * In my opinion it is better to have the definition present and pointing 
> to the same macro for both RTE_TEST_TRACE_FAILURE and TEST_TRACE_FAILURE 
> as it would make logs look more consistent when printing information the 
> same way.

I think solution 2 is better.


PS: please avoid top-posting


> W dniu 08.04.2020 o 14:53, Thomas Monjalon pisze:
> > 08/04/2020 05:13, Lukasz Wojciechowski:
> >> Wrap RTE_TEST_TRACE_FAILURE macro definition into #ifndef clause
> >> as it might be already defined.
> > I think it should not be defined at all.
> > Why not including rte_test.h?
> >
> >
> >
> 






^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [EXT] Re: [PATCH v2 01/13] security: fix verification of parameters
  2020-04-08 15:49                   ` Lukasz Wojciechowski
@ 2020-04-08 17:51                     ` Thomas Monjalon
  2020-04-09 10:14                       ` Bruce Richardson
  0 siblings, 1 reply; 80+ messages in thread
From: Thomas Monjalon @ 2020-04-08 17:51 UTC (permalink / raw)
  To: Lukasz Wojciechowski
  Cc: Anoob Joseph, Akhil Goyal, Declan Doherty, Aviad Yehezkel,
	Boris Pismenny, Radu Nicolau, Anoob Joseph, dev, stable,
	bruce.richardson

08/04/2020 17:49, Lukasz Wojciechowski:
> Hi guys,
> 
> I don't know what is the current status of "legacy" build using 
> gnumakes, so I added the new DEBUG flag to config just as it was done in 
> other libs like eventdev.
> Many guides still point config files as the one that should be changed 
> in order to enable some features, so I thought I should add it there.
> 
> If I understand well the official build system now is the one based on 
> using meson and ninja, however it hasn't got anything similar to the 
> gnamakefiles system, e.g.
> in the meson.build file for libraries all the libraries have build 
> variable set to true and there are few ifs that check it, but as it's 
> set to true all libraries build always.
> And each library considered there defines RTE_LIBRTE_[LIBRARY_NAME]. 
> It's kind of weird.
> 
>     foreach l:libraries
>     *    build = true**
>     *    reason = '<unknown reason>' # set if build == false to explain why
>          ...
>     *    if not build*
>              dpdk_libs_disabled += name
>              set_variable(name.underscorify() + '_disable_reason', reason)
>          else
>              enabled_libs += name
>     *dpdk_conf.set('RTE_LIBRTE_' + name.to_upper(), 1)*
>          ...
> 
> Have you think about reusing config files in meson configuration and 
> have a single point of configuration? Of course all meson flags can 
> overwrite the default config.

This is on purpose.
We are removing most of compile-time options with meson.

I think we can use a global option for debug-specific code.
Bruce, what do you recommend?



^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [EXT] Re: [PATCH v2 01/13] security: fix verification of parameters
  2020-04-08 17:51                     ` Thomas Monjalon
@ 2020-04-09 10:14                       ` Bruce Richardson
  2020-04-09 10:54                         ` Thomas Monjalon
  0 siblings, 1 reply; 80+ messages in thread
From: Bruce Richardson @ 2020-04-09 10:14 UTC (permalink / raw)
  To: Thomas Monjalon
  Cc: Lukasz Wojciechowski, Anoob Joseph, Akhil Goyal, Declan Doherty,
	Aviad Yehezkel, Boris Pismenny, Radu Nicolau, Anoob Joseph, dev,
	stable

On Wed, Apr 08, 2020 at 07:51:35PM +0200, Thomas Monjalon wrote:
> 08/04/2020 17:49, Lukasz Wojciechowski:
> > Hi guys,
> > 
> > I don't know what is the current status of "legacy" build using 
> > gnumakes, so I added the new DEBUG flag to config just as it was done in 
> > other libs like eventdev.
> > Many guides still point config files as the one that should be changed 
> > in order to enable some features, so I thought I should add it there.
> > 
> > If I understand well the official build system now is the one based on 
> > using meson and ninja, however it hasn't got anything similar to the 
> > gnamakefiles system, e.g.
> > in the meson.build file for libraries all the libraries have build 
> > variable set to true and there are few ifs that check it, but as it's 
> > set to true all libraries build always.
> > And each library considered there defines RTE_LIBRTE_[LIBRARY_NAME]. 
> > It's kind of weird.
> > 
> >     foreach l:libraries
> >     *    build = true**
> >     *    reason = '<unknown reason>' # set if build == false to explain why
> >          ...
> >     *    if not build*
> >              dpdk_libs_disabled += name
> >              set_variable(name.underscorify() + '_disable_reason', reason)
> >          else
> >              enabled_libs += name
> >     *dpdk_conf.set('RTE_LIBRTE_' + name.to_upper(), 1)*
> >          ...
> > 
> > Have you think about reusing config files in meson configuration and 
> > have a single point of configuration? Of course all meson flags can 
> > overwrite the default config.
> 
> This is on purpose.
> We are removing most of compile-time options with meson.
> 
> I think we can use a global option for debug-specific code.
> Bruce, what do you recommend?
> 
Meson has a built-in global debug setting which could be used. However,
that may be too course-grained. If that is the case there are a couple of
options:

1 Each library can have it's own debug flag defined, which is set on
  the commandline in CFLAGS. Can be done right now - just reuse any of the
  debug variables in the existing make config files (stripping off the
  CONFIG_), e.g. CFLAGS=-DRTE_MALLOC_DEBUG
2 Since that is perhaps not the most usable - though easiest to implement -
  we can look to add a general debug option (or couple of options) in
  meson, e.g. debug_libs=, debug_drivers=, where each option takes a list of
  libs or drivers to pass the debug flags to. This will require a little
  work in the meson build infrastructure, but is not that hard. The harder
  part is standardizing the debug flags across all components.

The advantage of #1 is that it works today and just needs some
documentation for each lib/driver what it's debug flags are. The advantage
of #2 is more usability, but it requires a lot more work to standardize
IMHO.

/Bruce

^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [EXT] Re: [PATCH v2 01/13] security: fix verification of parameters
  2020-04-09 10:14                       ` Bruce Richardson
@ 2020-04-09 10:54                         ` Thomas Monjalon
  2020-04-09 11:13                           ` Bruce Richardson
  0 siblings, 1 reply; 80+ messages in thread
From: Thomas Monjalon @ 2020-04-09 10:54 UTC (permalink / raw)
  To: Bruce Richardson
  Cc: Lukasz Wojciechowski, Anoob Joseph, Akhil Goyal, Declan Doherty,
	Aviad Yehezkel, Boris Pismenny, Radu Nicolau, Anoob Joseph, dev,
	stable

09/04/2020 12:14, Bruce Richardson:
> On Wed, Apr 08, 2020 at 07:51:35PM +0200, Thomas Monjalon wrote:
> > 08/04/2020 17:49, Lukasz Wojciechowski:
> > > Hi guys,
> > > 
> > > I don't know what is the current status of "legacy" build using 
> > > gnumakes, so I added the new DEBUG flag to config just as it was done in 
> > > other libs like eventdev.
> > > Many guides still point config files as the one that should be changed 
> > > in order to enable some features, so I thought I should add it there.
> > > 
> > > If I understand well the official build system now is the one based on 
> > > using meson and ninja, however it hasn't got anything similar to the 
> > > gnamakefiles system, e.g.
> > > in the meson.build file for libraries all the libraries have build 
> > > variable set to true and there are few ifs that check it, but as it's 
> > > set to true all libraries build always.
> > > And each library considered there defines RTE_LIBRTE_[LIBRARY_NAME]. 
> > > It's kind of weird.
> > > 
> > >     foreach l:libraries
> > >     *    build = true**
> > >     *    reason = '<unknown reason>' # set if build == false to explain why
> > >          ...
> > >     *    if not build*
> > >              dpdk_libs_disabled += name
> > >              set_variable(name.underscorify() + '_disable_reason', reason)
> > >          else
> > >              enabled_libs += name
> > >     *dpdk_conf.set('RTE_LIBRTE_' + name.to_upper(), 1)*
> > >          ...
> > > 
> > > Have you think about reusing config files in meson configuration and 
> > > have a single point of configuration? Of course all meson flags can 
> > > overwrite the default config.
> > 
> > This is on purpose.
> > We are removing most of compile-time options with meson.
> > 
> > I think we can use a global option for debug-specific code.
> > Bruce, what do you recommend?
> > 
> Meson has a built-in global debug setting which could be used. However,
> that may be too course-grained. If that is the case there are a couple of
> options:
> 
> 1 Each library can have it's own debug flag defined, which is set on
>   the commandline in CFLAGS. Can be done right now - just reuse any of the
>   debug variables in the existing make config files (stripping off the
>   CONFIG_), e.g. CFLAGS=-DRTE_MALLOC_DEBUG
> 2 Since that is perhaps not the most usable - though easiest to implement -
>   we can look to add a general debug option (or couple of options) in
>   meson, e.g. debug_libs=, debug_drivers=, where each option takes a list of
>   libs or drivers to pass the debug flags to. This will require a little
>   work in the meson build infrastructure, but is not that hard. The harder
>   part is standardizing the debug flags across all components.
> 
> The advantage of #1 is that it works today and just needs some
> documentation for each lib/driver what it's debug flags are. The advantage
> of #2 is more usability, but it requires a lot more work to standardize
> IMHO.

In this case, we need a general option as the one already provided by meson.
It means: "I am not in production, I want to see anything behaving wrong
in the datapath."
"Anything" means we don't need a per-library switch.
And for the other needs (out of fast path), we have a new function:
	rte_log_can_log(mylogtype, RTE_LOG_DEBUG)



^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [EXT] Re: [PATCH v2 01/13] security: fix verification of parameters
  2020-04-09 10:54                         ` Thomas Monjalon
@ 2020-04-09 11:13                           ` Bruce Richardson
  2020-04-09 14:07                             ` Lukasz Wojciechowski
  0 siblings, 1 reply; 80+ messages in thread
From: Bruce Richardson @ 2020-04-09 11:13 UTC (permalink / raw)
  To: Thomas Monjalon
  Cc: Lukasz Wojciechowski, Anoob Joseph, Akhil Goyal, Declan Doherty,
	Aviad Yehezkel, Boris Pismenny, Radu Nicolau, Anoob Joseph, dev,
	stable

On Thu, Apr 09, 2020 at 12:54:10PM +0200, Thomas Monjalon wrote:
> 09/04/2020 12:14, Bruce Richardson:
> > On Wed, Apr 08, 2020 at 07:51:35PM +0200, Thomas Monjalon wrote:
> > > 08/04/2020 17:49, Lukasz Wojciechowski:
> > > > Hi guys,
> > > > 
> > > > I don't know what is the current status of "legacy" build using 
> > > > gnumakes, so I added the new DEBUG flag to config just as it was done in 
> > > > other libs like eventdev.
> > > > Many guides still point config files as the one that should be changed 
> > > > in order to enable some features, so I thought I should add it there.
> > > > 
> > > > If I understand well the official build system now is the one based on 
> > > > using meson and ninja, however it hasn't got anything similar to the 
> > > > gnamakefiles system, e.g.
> > > > in the meson.build file for libraries all the libraries have build 
> > > > variable set to true and there are few ifs that check it, but as it's 
> > > > set to true all libraries build always.
> > > > And each library considered there defines RTE_LIBRTE_[LIBRARY_NAME]. 
> > > > It's kind of weird.
> > > > 
> > > >     foreach l:libraries
> > > >     *    build = true**
> > > >     *    reason = '<unknown reason>' # set if build == false to explain why
> > > >          ...
> > > >     *    if not build*
> > > >              dpdk_libs_disabled += name
> > > >              set_variable(name.underscorify() + '_disable_reason', reason)
> > > >          else
> > > >              enabled_libs += name
> > > >     *dpdk_conf.set('RTE_LIBRTE_' + name.to_upper(), 1)*
> > > >          ...
> > > > 
> > > > Have you think about reusing config files in meson configuration and 
> > > > have a single point of configuration? Of course all meson flags can 
> > > > overwrite the default config.
> > > 
> > > This is on purpose.
> > > We are removing most of compile-time options with meson.
> > > 
> > > I think we can use a global option for debug-specific code.
> > > Bruce, what do you recommend?
> > > 
> > Meson has a built-in global debug setting which could be used. However,
> > that may be too course-grained. If that is the case there are a couple of
> > options:
> > 
> > 1 Each library can have it's own debug flag defined, which is set on
> >   the commandline in CFLAGS. Can be done right now - just reuse any of the
> >   debug variables in the existing make config files (stripping off the
> >   CONFIG_), e.g. CFLAGS=-DRTE_MALLOC_DEBUG
> > 2 Since that is perhaps not the most usable - though easiest to implement -
> >   we can look to add a general debug option (or couple of options) in
> >   meson, e.g. debug_libs=, debug_drivers=, where each option takes a list of
> >   libs or drivers to pass the debug flags to. This will require a little
> >   work in the meson build infrastructure, but is not that hard. The harder
> >   part is standardizing the debug flags across all components.
> > 
> > The advantage of #1 is that it works today and just needs some
> > documentation for each lib/driver what it's debug flags are. The advantage
> > of #2 is more usability, but it requires a lot more work to standardize
> > IMHO.
> 
> In this case, we need a general option as the one already provided by meson.
> It means: "I am not in production, I want to see anything behaving wrong
> in the datapath."
> "Anything" means we don't need a per-library switch.
> And for the other needs (out of fast path), we have a new function:
> 	rte_log_can_log(mylogtype, RTE_LOG_DEBUG)
> 
To use the general option in meson something like below is probably all
that is needed to flag the debug build to all components:

diff --git a/config/meson.build b/config/meson.build
index 49482091d..b01cd1251 100644
--- a/config/meson.build
+++ b/config/meson.build
@@ -176,6 +176,10 @@ endif
 # add -include rte_config to cflags
 add_project_arguments('-include', 'rte_config.h', language: 'c')

+if get_option('debug')
+       add_project_arguments('-DDEBUG', language: 'c')
+endif
+
 # enable extra warnings and disable any unwanted warnings
 warning_flags = [
        # -Wall is added by meson by default, so add -Wextra only
 

^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [EXT] Re: [PATCH v2 01/13] security: fix verification of parameters
  2020-04-09 11:13                           ` Bruce Richardson
@ 2020-04-09 14:07                             ` Lukasz Wojciechowski
  2020-04-09 14:21                               ` Lukasz Wojciechowski
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 14:07 UTC (permalink / raw)
  To: Bruce Richardson, Thomas Monjalon
  Cc: Anoob Joseph, Akhil Goyal, Declan Doherty, Aviad Yehezkel,
	Boris Pismenny, Radu Nicolau, Anoob Joseph, dev, stable


W dniu 09.04.2020 o 13:13, Bruce Richardson pisze:
> On Thu, Apr 09, 2020 at 12:54:10PM +0200, Thomas Monjalon wrote:
>> 09/04/2020 12:14, Bruce Richardson:
>>> On Wed, Apr 08, 2020 at 07:51:35PM +0200, Thomas Monjalon wrote:
>>>> 08/04/2020 17:49, Lukasz Wojciechowski:
>>>>> Hi guys,
>>>>>
>>>>> I don't know what is the current status of "legacy" build using
>>>>> gnumakes, so I added the new DEBUG flag to config just as it was done in
>>>>> other libs like eventdev.
>>>>> Many guides still point config files as the one that should be changed
>>>>> in order to enable some features, so I thought I should add it there.
>>>>>
>>>>> If I understand well the official build system now is the one based on
>>>>> using meson and ninja, however it hasn't got anything similar to the
>>>>> gnamakefiles system, e.g.
>>>>> in the meson.build file for libraries all the libraries have build
>>>>> variable set to true and there are few ifs that check it, but as it's
>>>>> set to true all libraries build always.
>>>>> And each library considered there defines RTE_LIBRTE_[LIBRARY_NAME].
>>>>> It's kind of weird.
>>>>>
>>>>>      foreach l:libraries
>>>>>      *    build = true**
>>>>>      *    reason = '<unknown reason>' # set if build == false to explain why
>>>>>           ...
>>>>>      *    if not build*
>>>>>               dpdk_libs_disabled += name
>>>>>               set_variable(name.underscorify() + '_disable_reason', reason)
>>>>>           else
>>>>>               enabled_libs += name
>>>>>      *dpdk_conf.set('RTE_LIBRTE_' + name.to_upper(), 1)*
>>>>>           ...
>>>>>
>>>>> Have you think about reusing config files in meson configuration and
>>>>> have a single point of configuration? Of course all meson flags can
>>>>> overwrite the default config.
>>>> This is on purpose.
>>>> We are removing most of compile-time options with meson.
>>>>
>>>> I think we can use a global option for debug-specific code.
>>>> Bruce, what do you recommend?
>>>>
>>> Meson has a built-in global debug setting which could be used. However,
>>> that may be too course-grained. If that is the case there are a couple of
>>> options:
>>>
>>> 1 Each library can have it's own debug flag defined, which is set on
>>>    the commandline in CFLAGS. Can be done right now - just reuse any of the
>>>    debug variables in the existing make config files (stripping off the
>>>    CONFIG_), e.g. CFLAGS=-DRTE_MALLOC_DEBUG
>>> 2 Since that is perhaps not the most usable - though easiest to implement -
>>>    we can look to add a general debug option (or couple of options) in
>>>    meson, e.g. debug_libs=, debug_drivers=, where each option takes a list of
>>>    libs or drivers to pass the debug flags to. This will require a little
>>>    work in the meson build infrastructure, but is not that hard. The harder
>>>    part is standardizing the debug flags across all components.
>>>
>>> The advantage of #1 is that it works today and just needs some
>>> documentation for each lib/driver what it's debug flags are. The advantage
>>> of #2 is more usability, but it requires a lot more work to standardize
>>> IMHO.
>> In this case, we need a general option as the one already provided by meson.
>> It means: "I am not in production, I want to see anything behaving wrong
>> in the datapath."
>> "Anything" means we don't need a per-library switch.
>> And for the other needs (out of fast path), we have a new function:
>> 	rte_log_can_log(mylogtype, RTE_LOG_DEBUG)
>>
> To use the general option in meson something like below is probably all
> that is needed to flag the debug build to all components:
>
> diff --git a/config/meson.build b/config/meson.build
> index 49482091d..b01cd1251 100644
> --- a/config/meson.build
> +++ b/config/meson.build
> @@ -176,6 +176,10 @@ endif
>   # add -include rte_config to cflags
>   add_project_arguments('-include', 'rte_config.h', language: 'c')
>
> +if get_option('debug')
> +       add_project_arguments('-DDEBUG', language: 'c')
> +endif
> +

This will conflict with DEBUG define for log level.

How about adding similar define in library meson.build file? , e.g

diff --git a/lib/librte_security/meson.build 
b/lib/librte_security/meson.build
index 5679c8b5c..ee92483c5 100644
--- a/lib/librte_security/meson.build
+++ b/lib/librte_security/meson.build
@@ -4,3 +4,7 @@
  sources = files('rte_security.c')
  headers = files('rte_security.h', 'rte_security_driver.h')
  deps += ['mempool', 'cryptodev']
+
+if get_option('debug')
+ add_project_arguments('-DRTE_LIBRTE_SECURITY_DEBUG', language: 'c')
+endif


>   # enable extra warnings and disable any unwanted warnings
>   warning_flags = [
>          # -Wall is added by meson by default, so add -Wextra only
>   
>
-- 

Lukasz Wojciechowski
Principal Software Engineer

Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 88 25
l.wojciechow@partner.samsung.com


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH v2 04/13] app/test: fix macro definition
  2020-04-08 17:47               ` Thomas Monjalon
@ 2020-04-09 14:10                 ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 14:10 UTC (permalink / raw)
  To: Thomas Monjalon; +Cc: Pavan Nikhilesh, Jerin Jacob, dev, stable


W dniu 08.04.2020 o 19:47, Thomas Monjalon pisze:
> 08/04/2020 18:15, Lukasz Wojciechowski:
>> Hi Thomas,
>>
>> Before my patch there was just a definition:
>> #define RTE_TEST_TRACE_FAILURE TEST_TRACE_FAILURE
>> without #ifndef condition.
>>
>> It caused a build problem to me when working on security test, which
>> uses both rte_test.h and test.h
>> As libraries should go first on the include list before local files I used:
>>
>> #include <rte_test.h>
>> #include "test.h"
>>
>> sequence, which cause obvious build error as RTE_TEST_TRACE_FAILURE was
>> first defined as an empty macro inside rte_test.h, and redefinition in
>> test.h caused a problem.
>>
>>
>> So I had two ways to solve the issue:
>> 1) to wrap it with #ifndef condition and leave the definition there
>> 2) to remove the redefinition from test.h
>>
>> I've chosen the 1) solution because:
>> * Author of the former patch had placed the definition there for some
>> purpose
> Because rte_test.h is more recent and its addition was not complete enough.
> rte_test.h should be included in test.h, and overlaps removed.
>
>> * In my opinion it is better to have the definition present and pointing
>> to the same macro for both RTE_TEST_TRACE_FAILURE and TEST_TRACE_FAILURE
>> as it would make logs look more consistent when printing information the
>> same way.
> I think solution 2 is better.
Ok I'll change this patch and remove the macro definition at all from 
app/test/test.h
I'll publish it with version 3, but I'll wait a bit more for getting 
more comments on version 2
>
>
> PS: please avoid top-posting
Sorry
>
>
>> W dniu 08.04.2020 o 14:53, Thomas Monjalon pisze:
>>> 08/04/2020 05:13, Lukasz Wojciechowski:
>>>> Wrap RTE_TEST_TRACE_FAILURE macro definition into #ifndef clause
>>>> as it might be already defined.
>>> I think it should not be defined at all.
>>> Why not including rte_test.h?
>>>
>>>
>>>
>
>
>
>
>
-- 

Lukasz Wojciechowski
Principal Software Engineer

Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 88 25
l.wojciechow@partner.samsung.com


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [EXT] Re: [PATCH v2 01/13] security: fix verification of parameters
  2020-04-09 14:07                             ` Lukasz Wojciechowski
@ 2020-04-09 14:21                               ` Lukasz Wojciechowski
  2020-04-09 15:22                                 ` Thomas Monjalon
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 14:21 UTC (permalink / raw)
  To: Bruce Richardson, Thomas Monjalon
  Cc: Anoob Joseph, Akhil Goyal, Declan Doherty, Aviad Yehezkel,
	Boris Pismenny, Radu Nicolau, Anoob Joseph, dev, stable


W dniu 09.04.2020 o 16:07, Lukasz Wojciechowski pisze:
>
> W dniu 09.04.2020 o 13:13, Bruce Richardson pisze:
>> On Thu, Apr 09, 2020 at 12:54:10PM +0200, Thomas Monjalon wrote:
>>> 09/04/2020 12:14, Bruce Richardson:
>>>> On Wed, Apr 08, 2020 at 07:51:35PM +0200, Thomas Monjalon wrote:
>>>>> 08/04/2020 17:49, Lukasz Wojciechowski:
>>>>>> Hi guys,
>>>>>>
>>>>>> I don't know what is the current status of "legacy" build using
>>>>>> gnumakes, so I added the new DEBUG flag to config just as it was 
>>>>>> done in
>>>>>> other libs like eventdev.
>>>>>> Many guides still point config files as the one that should be 
>>>>>> changed
>>>>>> in order to enable some features, so I thought I should add it 
>>>>>> there.
>>>>>>
>>>>>> If I understand well the official build system now is the one 
>>>>>> based on
>>>>>> using meson and ninja, however it hasn't got anything similar to the
>>>>>> gnamakefiles system, e.g.
>>>>>> in the meson.build file for libraries all the libraries have build
>>>>>> variable set to true and there are few ifs that check it, but as 
>>>>>> it's
>>>>>> set to true all libraries build always.
>>>>>> And each library considered there defines RTE_LIBRTE_[LIBRARY_NAME].
>>>>>> It's kind of weird.
>>>>>>
>>>>>>      foreach l:libraries
>>>>>>      *    build = true**
>>>>>>      *    reason = '<unknown reason>' # set if build == false to 
>>>>>> explain why
>>>>>>           ...
>>>>>>      *    if not build*
>>>>>>               dpdk_libs_disabled += name
>>>>>>               set_variable(name.underscorify() + 
>>>>>> '_disable_reason', reason)
>>>>>>           else
>>>>>>               enabled_libs += name
>>>>>>      *dpdk_conf.set('RTE_LIBRTE_' + name.to_upper(), 1)*
>>>>>>           ...
>>>>>>
>>>>>> Have you think about reusing config files in meson configuration and
>>>>>> have a single point of configuration? Of course all meson flags can
>>>>>> overwrite the default config.
>>>>> This is on purpose.
>>>>> We are removing most of compile-time options with meson.
>>>>>
>>>>> I think we can use a global option for debug-specific code.
>>>>> Bruce, what do you recommend?
>>>>>
>>>> Meson has a built-in global debug setting which could be used. 
>>>> However,
>>>> that may be too course-grained. If that is the case there are a 
>>>> couple of
>>>> options:
>>>>
>>>> 1 Each library can have it's own debug flag defined, which is set on
>>>>    the commandline in CFLAGS. Can be done right now - just reuse 
>>>> any of the
>>>>    debug variables in the existing make config files (stripping off 
>>>> the
>>>>    CONFIG_), e.g. CFLAGS=-DRTE_MALLOC_DEBUG
>>>> 2 Since that is perhaps not the most usable - though easiest to 
>>>> implement -
>>>>    we can look to add a general debug option (or couple of options) in
>>>>    meson, e.g. debug_libs=, debug_drivers=, where each option takes 
>>>> a list of
>>>>    libs or drivers to pass the debug flags to. This will require a 
>>>> little
>>>>    work in the meson build infrastructure, but is not that hard. 
>>>> The harder
>>>>    part is standardizing the debug flags across all components.
>>>>
>>>> The advantage of #1 is that it works today and just needs some
>>>> documentation for each lib/driver what it's debug flags are. The 
>>>> advantage
>>>> of #2 is more usability, but it requires a lot more work to 
>>>> standardize
>>>> IMHO.
>>> In this case, we need a general option as the one already provided 
>>> by meson.
>>> It means: "I am not in production, I want to see anything behaving 
>>> wrong
>>> in the datapath."
>>> "Anything" means we don't need a per-library switch.
>>> And for the other needs (out of fast path), we have a new function:
>>>     rte_log_can_log(mylogtype, RTE_LOG_DEBUG)
>>>
>> To use the general option in meson something like below is probably all
>> that is needed to flag the debug build to all components:
>>
>> diff --git a/config/meson.build b/config/meson.build
>> index 49482091d..b01cd1251 100644
>> --- a/config/meson.build
>> +++ b/config/meson.build
>> @@ -176,6 +176,10 @@ endif
>>   # add -include rte_config to cflags
>>   add_project_arguments('-include', 'rte_config.h', language: 'c')
>>
>> +if get_option('debug')
>> +       add_project_arguments('-DDEBUG', language: 'c')
>> +endif
>> +
>
> This will conflict with DEBUG define for log level.
Just to be more precise, the log level is defined as RTE_LOG_DEBUG, but 
in few places you can find something like:
#define NTB_LOG(level, fmt, args...) \
     rte_log(RTE_LOG_ ## level, ntb_logtype,    "%s(): " fmt "\n", \

         __func__, ##args)

and usage like this:
NTB_LOG(DEBUG, "Link is not up.");

>
> How about adding similar define in library meson.build file? , e.g
>
> diff --git a/lib/librte_security/meson.build 
> b/lib/librte_security/meson.build
> index 5679c8b5c..ee92483c5 100644
> --- a/lib/librte_security/meson.build
> +++ b/lib/librte_security/meson.build
> @@ -4,3 +4,7 @@
>  sources = files('rte_security.c')
>  headers = files('rte_security.h', 'rte_security_driver.h')
>  deps += ['mempool', 'cryptodev']
> +
> +if get_option('debug')
> + add_project_arguments('-DRTE_LIBRTE_SECURITY_DEBUG', language: 'c')
> +endif
>
>
>>   # enable extra warnings and disable any unwanted warnings
>>   warning_flags = [
>>          # -Wall is added by meson by default, so add -Wextra only
>>
-- 

Lukasz Wojciechowski
Principal Software Engineer

Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 88 25
l.wojciechow@partner.samsung.com


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [EXT] Re: [PATCH v2 01/13] security: fix verification of parameters
  2020-04-09 14:21                               ` Lukasz Wojciechowski
@ 2020-04-09 15:22                                 ` Thomas Monjalon
  2020-04-09 16:10                                   ` Lukasz Wojciechowski
  0 siblings, 1 reply; 80+ messages in thread
From: Thomas Monjalon @ 2020-04-09 15:22 UTC (permalink / raw)
  To: Bruce Richardson, Lukasz Wojciechowski
  Cc: Anoob Joseph, Akhil Goyal, Declan Doherty, Aviad Yehezkel,
	Boris Pismenny, Radu Nicolau, Anoob Joseph, dev, stable

09/04/2020 16:21, Lukasz Wojciechowski:
> W dniu 09.04.2020 o 16:07, Lukasz Wojciechowski pisze:
> > W dniu 09.04.2020 o 13:13, Bruce Richardson pisze:
> >> On Thu, Apr 09, 2020 at 12:54:10PM +0200, Thomas Monjalon wrote:
> >>> 09/04/2020 12:14, Bruce Richardson:
> >>>> On Wed, Apr 08, 2020 at 07:51:35PM +0200, Thomas Monjalon wrote:
> >>>>> 08/04/2020 17:49, Lukasz Wojciechowski:
> >>>>>> Hi guys,
> >>>>>>
> >>>>>> I don't know what is the current status of "legacy" build using
> >>>>>> gnumakes, so I added the new DEBUG flag to config just as it was 
> >>>>>> done in
> >>>>>> other libs like eventdev.
> >>>>>> Many guides still point config files as the one that should be 
> >>>>>> changed
> >>>>>> in order to enable some features, so I thought I should add it 
> >>>>>> there.
> >>>>>>
> >>>>>> If I understand well the official build system now is the one 
> >>>>>> based on
> >>>>>> using meson and ninja, however it hasn't got anything similar to the
> >>>>>> gnamakefiles system, e.g.
> >>>>>> in the meson.build file for libraries all the libraries have build
> >>>>>> variable set to true and there are few ifs that check it, but as 
> >>>>>> it's
> >>>>>> set to true all libraries build always.
> >>>>>> And each library considered there defines RTE_LIBRTE_[LIBRARY_NAME].
> >>>>>> It's kind of weird.
> >>>>>>
> >>>>>>      foreach l:libraries
> >>>>>>      *    build = true**
> >>>>>>      *    reason = '<unknown reason>' # set if build == false to 
> >>>>>> explain why
> >>>>>>           ...
> >>>>>>      *    if not build*
> >>>>>>               dpdk_libs_disabled += name
> >>>>>>               set_variable(name.underscorify() + 
> >>>>>> '_disable_reason', reason)
> >>>>>>           else
> >>>>>>               enabled_libs += name
> >>>>>>      *dpdk_conf.set('RTE_LIBRTE_' + name.to_upper(), 1)*
> >>>>>>           ...
> >>>>>>
> >>>>>> Have you think about reusing config files in meson configuration and
> >>>>>> have a single point of configuration? Of course all meson flags can
> >>>>>> overwrite the default config.
> >>>>> This is on purpose.
> >>>>> We are removing most of compile-time options with meson.
> >>>>>
> >>>>> I think we can use a global option for debug-specific code.
> >>>>> Bruce, what do you recommend?
> >>>>>
> >>>> Meson has a built-in global debug setting which could be used. 
> >>>> However,
> >>>> that may be too course-grained. If that is the case there are a 
> >>>> couple of
> >>>> options:
> >>>>
> >>>> 1 Each library can have it's own debug flag defined, which is set on
> >>>>    the commandline in CFLAGS. Can be done right now - just reuse 
> >>>> any of the
> >>>>    debug variables in the existing make config files (stripping off 
> >>>> the
> >>>>    CONFIG_), e.g. CFLAGS=-DRTE_MALLOC_DEBUG
> >>>> 2 Since that is perhaps not the most usable - though easiest to 
> >>>> implement -
> >>>>    we can look to add a general debug option (or couple of options) in
> >>>>    meson, e.g. debug_libs=, debug_drivers=, where each option takes 
> >>>> a list of
> >>>>    libs or drivers to pass the debug flags to. This will require a 
> >>>> little
> >>>>    work in the meson build infrastructure, but is not that hard. 
> >>>> The harder
> >>>>    part is standardizing the debug flags across all components.
> >>>>
> >>>> The advantage of #1 is that it works today and just needs some
> >>>> documentation for each lib/driver what it's debug flags are. The 
> >>>> advantage
> >>>> of #2 is more usability, but it requires a lot more work to 
> >>>> standardize
> >>>> IMHO.
> >>> In this case, we need a general option as the one already provided 
> >>> by meson.
> >>> It means: "I am not in production, I want to see anything behaving 
> >>> wrong
> >>> in the datapath."
> >>> "Anything" means we don't need a per-library switch.
> >>> And for the other needs (out of fast path), we have a new function:
> >>>     rte_log_can_log(mylogtype, RTE_LOG_DEBUG)
> >>>
> >> To use the general option in meson something like below is probably all
> >> that is needed to flag the debug build to all components:
> >>
> >> diff --git a/config/meson.build b/config/meson.build
> >> index 49482091d..b01cd1251 100644
> >> --- a/config/meson.build
> >> +++ b/config/meson.build
> >> @@ -176,6 +176,10 @@ endif
> >>   # add -include rte_config to cflags
> >>   add_project_arguments('-include', 'rte_config.h', language: 'c')
> >>
> >> +if get_option('debug')
> >> +       add_project_arguments('-DDEBUG', language: 'c')
> >> +endif
> >> +
> >
> > This will conflict with DEBUG define for log level.
> Just to be more precise, the log level is defined as RTE_LOG_DEBUG, but 
> in few places you can find something like:
> #define NTB_LOG(level, fmt, args...) \
>      rte_log(RTE_LOG_ ## level, ntb_logtype,    "%s(): " fmt "\n", \
> 
>          __func__, ##args)
> 
> and usage like this:
> NTB_LOG(DEBUG, "Link is not up.");

This is not a conflict.
The compiler sees only RTE_LOG_DEBUG.

Anyway the right name for the general flag should be RTE_DEBUG.


> > How about adding similar define in library meson.build file? , e.g
> >
> > diff --git a/lib/librte_security/meson.build 
> > b/lib/librte_security/meson.build
> > index 5679c8b5c..ee92483c5 100644
> > --- a/lib/librte_security/meson.build
> > +++ b/lib/librte_security/meson.build
> > @@ -4,3 +4,7 @@
> >  sources = files('rte_security.c')
> >  headers = files('rte_security.h', 'rte_security_driver.h')
> >  deps += ['mempool', 'cryptodev']
> > +
> > +if get_option('debug')
> > + add_project_arguments('-DRTE_LIBRTE_SECURITY_DEBUG', language: 'c')
> > +endif

It can work yes.
But it would be simpler to align on single debug flag.



^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [EXT] Re: [PATCH v2 01/13] security: fix verification of parameters
  2020-04-09 15:22                                 ` Thomas Monjalon
@ 2020-04-09 16:10                                   ` Lukasz Wojciechowski
  2020-04-10  8:45                                     ` Bruce Richardson
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 16:10 UTC (permalink / raw)
  To: Thomas Monjalon, Bruce Richardson
  Cc: Anoob Joseph, Akhil Goyal, Declan Doherty, Aviad Yehezkel,
	Boris Pismenny, Radu Nicolau, Anoob Joseph, dev, stable


W dniu 09.04.2020 o 17:22, Thomas Monjalon pisze:
> 09/04/2020 16:21, Lukasz Wojciechowski:
>> W dniu 09.04.2020 o 16:07, Lukasz Wojciechowski pisze:
>>> W dniu 09.04.2020 o 13:13, Bruce Richardson pisze:
>>>> On Thu, Apr 09, 2020 at 12:54:10PM +0200, Thomas Monjalon wrote:
>>>>> 09/04/2020 12:14, Bruce Richardson:
>>>>>> On Wed, Apr 08, 2020 at 07:51:35PM +0200, Thomas Monjalon wrote:
>>>>>>> 08/04/2020 17:49, Lukasz Wojciechowski:
>>>>>>>> Hi guys,
>>>>>>>>
>>>>>>>> I don't know what is the current status of "legacy" build using
>>>>>>>> gnumakes, so I added the new DEBUG flag to config just as it was
>>>>>>>> done in
>>>>>>>> other libs like eventdev.
>>>>>>>> Many guides still point config files as the one that should be
>>>>>>>> changed
>>>>>>>> in order to enable some features, so I thought I should add it
>>>>>>>> there.
>>>>>>>>
>>>>>>>> If I understand well the official build system now is the one
>>>>>>>> based on
>>>>>>>> using meson and ninja, however it hasn't got anything similar to the
>>>>>>>> gnamakefiles system, e.g.
>>>>>>>> in the meson.build file for libraries all the libraries have build
>>>>>>>> variable set to true and there are few ifs that check it, but as
>>>>>>>> it's
>>>>>>>> set to true all libraries build always.
>>>>>>>> And each library considered there defines RTE_LIBRTE_[LIBRARY_NAME].
>>>>>>>> It's kind of weird.
>>>>>>>>
>>>>>>>>       foreach l:libraries
>>>>>>>>       *    build = true**
>>>>>>>>       *    reason = '<unknown reason>' # set if build == false to
>>>>>>>> explain why
>>>>>>>>            ...
>>>>>>>>       *    if not build*
>>>>>>>>                dpdk_libs_disabled += name
>>>>>>>>                set_variable(name.underscorify() +
>>>>>>>> '_disable_reason', reason)
>>>>>>>>            else
>>>>>>>>                enabled_libs += name
>>>>>>>>       *dpdk_conf.set('RTE_LIBRTE_' + name.to_upper(), 1)*
>>>>>>>>            ...
>>>>>>>>
>>>>>>>> Have you think about reusing config files in meson configuration and
>>>>>>>> have a single point of configuration? Of course all meson flags can
>>>>>>>> overwrite the default config.
>>>>>>> This is on purpose.
>>>>>>> We are removing most of compile-time options with meson.
>>>>>>>
>>>>>>> I think we can use a global option for debug-specific code.
>>>>>>> Bruce, what do you recommend?
>>>>>>>
>>>>>> Meson has a built-in global debug setting which could be used.
>>>>>> However,
>>>>>> that may be too course-grained. If that is the case there are a
>>>>>> couple of
>>>>>> options:
>>>>>>
>>>>>> 1 Each library can have it's own debug flag defined, which is set on
>>>>>>     the commandline in CFLAGS. Can be done right now - just reuse
>>>>>> any of the
>>>>>>     debug variables in the existing make config files (stripping off
>>>>>> the
>>>>>>     CONFIG_), e.g. CFLAGS=-DRTE_MALLOC_DEBUG
>>>>>> 2 Since that is perhaps not the most usable - though easiest to
>>>>>> implement -
>>>>>>     we can look to add a general debug option (or couple of options) in
>>>>>>     meson, e.g. debug_libs=, debug_drivers=, where each option takes
>>>>>> a list of
>>>>>>     libs or drivers to pass the debug flags to. This will require a
>>>>>> little
>>>>>>     work in the meson build infrastructure, but is not that hard.
>>>>>> The harder
>>>>>>     part is standardizing the debug flags across all components.
>>>>>>
>>>>>> The advantage of #1 is that it works today and just needs some
>>>>>> documentation for each lib/driver what it's debug flags are. The
>>>>>> advantage
>>>>>> of #2 is more usability, but it requires a lot more work to
>>>>>> standardize
>>>>>> IMHO.
>>>>> In this case, we need a general option as the one already provided
>>>>> by meson.
>>>>> It means: "I am not in production, I want to see anything behaving
>>>>> wrong
>>>>> in the datapath."
>>>>> "Anything" means we don't need a per-library switch.
>>>>> And for the other needs (out of fast path), we have a new function:
>>>>>      rte_log_can_log(mylogtype, RTE_LOG_DEBUG)
>>>>>
>>>> To use the general option in meson something like below is probably all
>>>> that is needed to flag the debug build to all components:
>>>>
>>>> diff --git a/config/meson.build b/config/meson.build
>>>> index 49482091d..b01cd1251 100644
>>>> --- a/config/meson.build
>>>> +++ b/config/meson.build
>>>> @@ -176,6 +176,10 @@ endif
>>>>    # add -include rte_config to cflags
>>>>    add_project_arguments('-include', 'rte_config.h', language: 'c')
>>>>
>>>> +if get_option('debug')
>>>> +       add_project_arguments('-DDEBUG', language: 'c')
>>>> +endif
>>>> +
>>> This will conflict with DEBUG define for log level.
>> Just to be more precise, the log level is defined as RTE_LOG_DEBUG, but
>> in few places you can find something like:
>> #define NTB_LOG(level, fmt, args...) \
>>       rte_log(RTE_LOG_ ## level, ntb_logtype,    "%s(): " fmt "\n", \
>>
>>           __func__, ##args)
>>
>> and usage like this:
>> NTB_LOG(DEBUG, "Link is not up.");
> This is not a conflict.
> The compiler sees only RTE_LOG_DEBUG.
>
> Anyway the right name for the general flag should be RTE_DEBUG.
>
Ok, I'll use RTE_DEBUG.

@Bruce Is it ok, so that I would create a patch for meson.build?
>>> How about adding similar define in library meson.build file? , e.g
>>>
>>> diff --git a/lib/librte_security/meson.build
>>> b/lib/librte_security/meson.build
>>> index 5679c8b5c..ee92483c5 100644
>>> --- a/lib/librte_security/meson.build
>>> +++ b/lib/librte_security/meson.build
>>> @@ -4,3 +4,7 @@
>>>   sources = files('rte_security.c')
>>>   headers = files('rte_security.h', 'rte_security_driver.h')
>>>   deps += ['mempool', 'cryptodev']
>>> +
>>> +if get_option('debug')
>>> + add_project_arguments('-DRTE_LIBRTE_SECURITY_DEBUG', language: 'c')
>>> +endif
> It can work yes.
> But it would be simpler to align on single debug flag.
>
In this set of patches I would only align the security and tests code to 
RTE_DEBUG.
Changes in global configuration to use a single debug flag should be 
done in separate set of patches.
>
-- 

Lukasz Wojciechowski
Principal Software Engineer

Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 88 25
l.wojciechow@partner.samsung.com


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v3 00/13] Fixes and unit tests for librte_security
       [not found]       ` <CGME20200409172528eucas1p1186911653001cab0e69f10fc42790023@eucas1p1.samsung.com>
@ 2020-04-09 17:24         ` Lukasz Wojciechowski
       [not found]           ` <CGME20200409172529eucas1p1f02aaf66052f45ac75ba9e9f63ef1c3a@eucas1p1.samsung.com>
                             ` (13 more replies)
  0 siblings, 14 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 17:24 UTC (permalink / raw)
  Cc: dev

Set of patches fix minor issues like proper verification of input
parameters and aligning documentation with code in the matter of return
values. Another fixed issue is invalid decrementation of the session
counter which might cause inconsistency between counter values and a true
number of sessions.

All of these issues (and all the librte_security) code is covered with
unit tests. The tests are added to dpdk-test application and can be
launched with "security_autotest" command.

---
v3:
* Use generic RTE_DEBUG flag instead CONFIG_RTE_LIBRTE_SECURITY_DEBUG
* Remove RTE_TEST_TRACE_FAILURE macro definition in app/test/test.h

v2:
* Fix patches' topics for librte_security to security
* Introduce CONFIG_RTE_LIBRTE_SECURITY_DEBUG flag and:
** make it disabled by default
** verify parameters in dataplane API calls only when option is enabled
** skip tests of code disabled by the option
* Add Fixes tags
* Introduce RTE_PTR_CHAIN3_OR_ERR_RET macro for doing 3 chain checks
* Removed C99 style comments
* Remove check of m parameter in rte_security_set_pkt_metadata
* Fix code style warnings

Lukasz Wojciechowski (13):
  security: fix verification of parameters
  security: fix return types in documentation
  security: fix session counter
  app/test: remove macro definition
  app/test: introduce librte security tests
  app/test: add rte security session update tests
  app/test: add rte security session get size tests
  app/test: add rte security session stats get tests
  app/test: add rte security session destroy tests
  app/test: add rte security set pkt metadata tests
  app/test: add rte security get userdata tests
  app/test: add rte security capabilities get tests
  app/test: add rte security capability get tests

 app/test/Makefile                  |    2 +
 app/test/meson.build               |    3 +
 app/test/test.h                    |    2 -
 app/test/test_security.c           | 2435 ++++++++++++++++++++++++++++
 lib/librte_security/rte_security.c |   71 +-
 lib/librte_security/rte_security.h |    8 +-
 6 files changed, 2498 insertions(+), 23 deletions(-)
 create mode 100644 app/test/test_security.c

-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v3 01/13] security: fix verification of parameters
       [not found]           ` <CGME20200409172529eucas1p1f02aaf66052f45ac75ba9e9f63ef1c3a@eucas1p1.samsung.com>
@ 2020-04-09 17:24             ` Lukasz Wojciechowski
  2020-04-13 15:42               ` Anoob Joseph
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 17:24 UTC (permalink / raw)
  To: Akhil Goyal, Declan Doherty, Aviad Yehezkel, Radu Nicolau,
	Boris Pismenny, Anoob Joseph
  Cc: dev, stable

This patch adds verification of the parameters to the ret_security API
functions. All required parameters are checked if they are not NULL.

Checks verify full chain of pointers, e.g. in case of verification of
"instance->ops->session_XXX", they check also "instance"
and "instance->ops".

Fixes: c261d1431bd8 ("security: introduce security API and framework")
Cc: akhil.goyal@nxp.com

Fixes: 1a08c379b9b5 ("security: support user data retrieval")
Cc: anoob.joseph@caviumnetworks.com

Cc: stable@dpdk.org

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 lib/librte_security/rte_security.c | 59 +++++++++++++++++++++++-------
 1 file changed, 46 insertions(+), 13 deletions(-)

diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index bc81ce15d..38ccc2ea9 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  * Copyright 2017 NXP.
  * Copyright(c) 2017 Intel Corporation.
+ * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
  */
 
 #include <rte_malloc.h>
@@ -9,6 +10,19 @@
 #include "rte_security.h"
 #include "rte_security_driver.h"
 
+/* Macro to check for invalid pointers */
+#define RTE_PTR_OR_ERR_RET(ptr, retval) do {	\
+	if ((ptr) == NULL)			\
+		return retval;			\
+} while (0)
+
+/* Macro to check for invalid pointers chains */
+#define RTE_PTR_CHAIN3_OR_ERR_RET(p1, p2, p3, retval, last_retval) do {	\
+	RTE_PTR_OR_ERR_RET(p1, retval);					\
+	RTE_PTR_OR_ERR_RET(p1->p2, retval);				\
+	RTE_PTR_OR_ERR_RET(p1->p2->p3, last_retval);			\
+} while (0)
+
 struct rte_security_session *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
@@ -16,10 +30,9 @@ rte_security_session_create(struct rte_security_ctx *instance,
 {
 	struct rte_security_session *sess = NULL;
 
-	if (conf == NULL)
-		return NULL;
-
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_create, NULL);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
+	RTE_PTR_OR_ERR_RET(conf, NULL);
+	RTE_PTR_OR_ERR_RET(mp, NULL);
 
 	if (rte_mempool_get(mp, (void **)&sess))
 		return NULL;
@@ -38,14 +51,19 @@ rte_security_session_update(struct rte_security_ctx *instance,
 			    struct rte_security_session *sess,
 			    struct rte_security_session_conf *conf)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_update, -ENOTSUP);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
+			-ENOTSUP);
+	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
+	RTE_PTR_OR_ERR_RET(conf, -EINVAL);
+
 	return instance->ops->session_update(instance->device, sess, conf);
 }
 
 unsigned int
 rte_security_session_get_size(struct rte_security_ctx *instance)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_get_size, 0, 0);
+
 	return instance->ops->session_get_size(instance->device);
 }
 
@@ -54,7 +72,11 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
 			       struct rte_security_session *sess,
 			       struct rte_security_stats *stats)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_stats_get, -ENOTSUP);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
+			-ENOTSUP);
+	/* Parameter sess can be NULL in case of getting global statistics. */
+	RTE_PTR_OR_ERR_RET(stats, -EINVAL);
+
 	return instance->ops->session_stats_get(instance->device, sess, stats);
 }
 
@@ -64,7 +86,9 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 {
 	int ret;
 
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_destroy, -ENOTSUP);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL,
+			-ENOTSUP);
+	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
 
 	if (instance->sess_cnt)
 		instance->sess_cnt--;
@@ -81,7 +105,11 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 			      struct rte_security_session *sess,
 			      struct rte_mbuf *m, void *params)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -ENOTSUP);
+#ifdef RTE_DEBUG
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, set_pkt_metadata, -EINVAL,
+			-ENOTSUP);
+	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
+#endif
 	return instance->ops->set_pkt_metadata(instance->device,
 					       sess, m, params);
 }
@@ -91,7 +119,9 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
 {
 	void *userdata = NULL;
 
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
+#ifdef RTE_DEBUG
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, get_userdata, NULL, NULL);
+#endif
 	if (instance->ops->get_userdata(instance->device, md, &userdata))
 		return NULL;
 
@@ -101,7 +131,8 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
 const struct rte_security_capability *
 rte_security_capabilities_get(struct rte_security_ctx *instance)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL);
+
 	return instance->ops->capabilities_get(instance->device);
 }
 
@@ -113,7 +144,9 @@ rte_security_capability_get(struct rte_security_ctx *instance,
 	const struct rte_security_capability *capability;
 	uint16_t i = 0;
 
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL);
+	RTE_PTR_OR_ERR_RET(idx, NULL);
+
 	capabilities = instance->ops->capabilities_get(instance->device);
 
 	if (capabilities == NULL)
@@ -121,7 +154,7 @@ rte_security_capability_get(struct rte_security_ctx *instance,
 
 	while ((capability = &capabilities[i++])->action
 			!= RTE_SECURITY_ACTION_TYPE_NONE) {
-		if (capability->action  == idx->action &&
+		if (capability->action == idx->action &&
 				capability->protocol == idx->protocol) {
 			if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC) {
 				if (capability->ipsec.proto ==
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v3 02/13] security: fix return types in documentation
       [not found]           ` <CGME20200409172530eucas1p27297a83a9d7508e3f8a8f88850cbe37c@eucas1p2.samsung.com>
@ 2020-04-09 17:24             ` Lukasz Wojciechowski
  2020-04-13 15:43               ` Anoob Joseph
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 17:24 UTC (permalink / raw)
  To: Akhil Goyal, Declan Doherty, Boris Pismenny, Aviad Yehezkel,
	Radu Nicolau
  Cc: dev, stable

Enhance returned values description for rte_security_session_destroy
and some other minor description changes.

Fixes: c261d1431bd8 ("security: introduce security API and framework")
Cc: akhil.goyal@nxp.com

Cc: stable@dpdk.org

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 lib/librte_security/rte_security.h | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index ef47118fa..747830d67 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -378,7 +378,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
  * @param   conf	update configuration parameters
  * @return
  *  - On success returns 0
- *  - On failure return errno
+ *  - On failure returns a negative errno value.
  */
 __rte_experimental
 int
@@ -403,12 +403,14 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
  * return it to its original mempool.
  *
  * @param   instance	security instance
- * @param   sess	security session to freed
+ * @param   sess	security session to be freed
  *
  * @return
  *  - 0 if successful.
- *  - -EINVAL if session is NULL.
+ *  - -EINVAL if session or context instance is NULL.
  *  - -EBUSY if not all device private data has been freed.
+ *  - -ENOTSUP if destroying private data is not supported.
+ *  - other negative values in case of freeing private data errors.
  */
 int
 rte_security_session_destroy(struct rte_security_ctx *instance,
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v3 03/13] security: fix session counter
       [not found]           ` <CGME20200409172531eucas1p1c3ec21532e5e232ff2d68d56f096e71c@eucas1p1.samsung.com>
@ 2020-04-09 17:24             ` Lukasz Wojciechowski
  2020-04-13 15:48               ` Anoob Joseph
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 17:24 UTC (permalink / raw)
  To: Akhil Goyal, Declan Doherty, Boris Pismenny, Radu Nicolau,
	Aviad Yehezkel
  Cc: dev, stable

Fix session counter to be decreased in rte_security_session_destroy
only when session was successfully destroyed.

Formerly session counter was decreased prior session destroying
and returning session object to mempool. It remained decreased even
if session was not destroyed and mempool object released making counter
invalid.

Fixes: c261d1431bd8 ("security: introduce security API and framework")
Cc: akhil.goyal@nxp.com

Cc: stable@dpdk.org

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 lib/librte_security/rte_security.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index 38ccc2ea9..d475b0977 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -90,14 +90,16 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 			-ENOTSUP);
 	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
 
+	ret = instance->ops->session_destroy(instance->device, sess);
+	if (ret != 0)
+		return ret;
+
+	rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess);
+
 	if (instance->sess_cnt)
 		instance->sess_cnt--;
 
-	ret = instance->ops->session_destroy(instance->device, sess);
-	if (!ret)
-		rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess);
-
-	return ret;
+	return 0;
 }
 
 int
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v3 04/13] app/test: remove macro definition
       [not found]           ` <CGME20200409172532eucas1p285bc6767be1d62a0098d177a7757169f@eucas1p2.samsung.com>
@ 2020-04-09 17:24             ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 17:24 UTC (permalink / raw)
  To: Jerin Jacob, Thomas Monjalon, Pavan Nikhilesh; +Cc: dev, stable

Remove RTE_TEST_TRACE_FAILURE macro definition from app/test/test.h
as it might be already defined and cause build problems.

Also it is good to leave the decision of additional logs to the final
user of test.h and rte_test.h

Fixes: 5afc521eac6a ("eal: add test assert macros")
Cc: pbhagavatula@caviumnetworks.com

Cc: stable@dpdk.org

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/app/test/test.h b/app/test/test.h
index ac0c50616..b07f6c1ef 100644
--- a/app/test/test.h
+++ b/app/test/test.h
@@ -22,8 +22,6 @@
 # define TEST_TRACE_FAILURE(_file, _line, _func)
 #endif
 
-#define RTE_TEST_TRACE_FAILURE TEST_TRACE_FAILURE
-
 #include <rte_test.h>
 
 #define TEST_ASSERT RTE_TEST_ASSERT
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v3 05/13] app/test: introduce librte security tests
       [not found]           ` <CGME20200409172533eucas1p1f4363aa89cfbda87e5d20da1006e21c0@eucas1p1.samsung.com>
@ 2020-04-09 17:24             ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 17:24 UTC (permalink / raw)
  Cc: dev

This patch introduces set of unit tests of librte_security API functions.
Tests are added to dpdk-test application and can be run with
"security_autotest" runtime command.

This is the first patch in the series of patches as adding all test cases
for all API functions in a single patch would make it unreadable.

This patch defines structure of the file and necessary test framework
initialization. It also contains first subset of unit tests for
rte_security_session_create API function.

Structure of the tests file is following:
- macros for making tests more readable;
- mockup structures and functions for rte_security_ops;
- test suite and test cases setup and teardown functions;
- tests functions;
- declaration of testcases.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/Makefile        |   2 +
 app/test/meson.build     |   3 +
 app/test/test_security.c | 683 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 688 insertions(+)
 create mode 100644 app/test/test_security.c

diff --git a/app/test/Makefile b/app/test/Makefile
index 1f080d162..153610a32 100644
--- a/app/test/Makefile
+++ b/app/test/Makefile
@@ -231,6 +231,8 @@ SRCS-$(CONFIG_RTE_LIBRTE_BPF) += test_bpf.c
 
 SRCS-$(CONFIG_RTE_LIBRTE_RCU) += test_rcu_qsbr.c test_rcu_qsbr_perf.c
 
+SRCS-$(CONFIG_RTE_LIBRTE_SECURITY) += test_security.c
+
 SRCS-$(CONFIG_RTE_LIBRTE_IPSEC) += test_ipsec.c
 SRCS-$(CONFIG_RTE_LIBRTE_IPSEC) += test_ipsec_sad.c
 ifeq ($(CONFIG_RTE_LIBRTE_IPSEC),y)
diff --git a/app/test/meson.build b/app/test/meson.build
index 351d29cb6..f3c775b34 100644
--- a/app/test/meson.build
+++ b/app/test/meson.build
@@ -103,6 +103,7 @@ test_sources = files('commands.c',
 	'test_ring_perf.c',
 	'test_rwlock.c',
 	'test_sched.c',
+	'test_security.c',
 	'test_service_cores.c',
 	'test_spinlock.c',
 	'test_stack.c',
@@ -150,6 +151,7 @@ test_deps = ['acl',
 	'reorder',
 	'rib',
 	'ring',
+	'security',
 	'stack',
 	'timer'
 ]
@@ -211,6 +213,7 @@ fast_tests = [
         ['rwlock_rds_wrm_autotest', true],
         ['rwlock_rde_wro_autotest', true],
         ['sched_autotest', true],
+		['security_autotest', false],
         ['spinlock_autotest', true],
         ['stack_autotest', false],
         ['stack_lf_autotest', false],
diff --git a/app/test/test_security.c b/app/test/test_security.c
new file mode 100644
index 000000000..3fc83abae
--- /dev/null
+++ b/app/test/test_security.c
@@ -0,0 +1,683 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+
+#include <rte_errno.h>
+#include <rte_log.h>
+#include <rte_memory.h>
+#include <rte_mempool.h>
+#include <rte_security.h>
+#include <rte_security_driver.h>
+
+/* Before including rte_test.h file you can define
+ * RTE_TEST_TRACE_FAILURE(_file, _line, _func) macro to better trace/debug test
+ * failures. Mostly useful in development phase.
+ */
+#ifndef RTE_TEST_TRACE_FAILURE
+#define RTE_TEST_TRACE_FAILURE(_file, _line, _func) \
+	RTE_LOG(DEBUG, EAL, "in %s:%d %s\n", _file, _line, _func)
+#endif
+
+#include <rte_test.h>
+#include "test.h"
+
+/**
+ * Security
+ * =======
+ *
+ * Basic unit tests of the librte_security API.
+ *
+ * Structure of the file:
+ * - macros for making tests more readable;
+ * - mockup structures and functions for rte_security_ops;
+ * - test suite and test cases setup and teardown functions;
+ * - tests functions;
+ * - declaration of testcases.
+ */
+
+
+/**
+ * Macros
+ *
+ * Set of macros for making tests easier to read.
+ */
+
+/**
+ * Verify condition inside mocked up function.
+ * Mockup function cannot return a test error, so the failure
+ * of assertion increases counter and print logs.
+ * The counter can be verified later to check if test case should fail.
+ *
+ * @param   fail_counter	fail counter
+ * @param   cond	condition expected to be true
+ * @param   msg	printf style formatting string for custom message
+ */
+#define MOCK_TEST_ASSERT(fail_counter, cond, msg, ...) do {		\
+	if (!(cond)) {							\
+		fail_counter++;						\
+		RTE_LOG(DEBUG, EAL, "Test assert %s line %d failed: "	\
+				msg "\n", __func__, __LINE__,		\
+				 ##__VA_ARGS__);			\
+		RTE_TEST_TRACE_FAILURE(__FILE__, __LINE__, __func__);	\
+	}								\
+} while (0)
+
+/**
+ * Verify equality condition inside mocked up function.
+ * Mockup function cannot return a test error, so the failure
+ * of assertion increases counter and print logs.
+ * The counter can be verified later to check if test case should fail.
+ *
+ * @param   fail_counter	fail counter
+ * @param   a	first value of comparison
+ * @param   b	second value of comparison
+ * @param   msg	printf style formatting string for custom message
+ */
+#define MOCK_TEST_ASSERT_EQUAL(fail_counter, a, b, msg, ...)	\
+	MOCK_TEST_ASSERT(fail_counter, (a) == (b), msg, ##__VA_ARGS__)
+
+
+/**
+ * Verify if parameter of the mocked up function matches expected value.
+ * The expected value is stored in data structure in the field matching
+ * parameter name.
+ *
+ * @param   data	structure with expected values
+ * @param   parameter	name of the parameter (both field and parameter name)
+ * @param   spec	printf style spec for parameter
+ */
+#define MOCK_TEST_ASSERT_PARAMETER(data, parameter, spec)		\
+	MOCK_TEST_ASSERT_EQUAL(data.failed, data.parameter, parameter,	\
+			"Expecting parameter %s to be " spec		\
+			" but it's " spec, RTE_STR(parameter),		\
+			data.parameter, parameter)
+
+/**
+ * Wrap for MOCK_TEST_ASSERT_PARAMETER macro for pointer type parameters.
+ *
+ * @param   data	structure with expected values
+ * @param   parameter	name of the parameter (both field and parameter name)
+ */
+#define MOCK_TEST_ASSERT_POINTER_PARAMETER(data, parameter)	\
+	MOCK_TEST_ASSERT_PARAMETER(data, parameter, "%p")
+
+/**
+ * Verify number of calls of the mocked up function
+ * and check if there were any fails during execution.
+ * The fails statistics inside mocked up functions are collected
+ * as "failed" field in mockup structures.
+ *
+ * @param   mock_data	structure with statistics (called, failed)
+ * @param   exp_calls	expected number of mockup function calls
+ */
+#define TEST_ASSERT_MOCK_CALLS(mock_data, exp_calls) do {		\
+	TEST_ASSERT_EQUAL(exp_calls, mock_data.called,			\
+			"Expecting sub op to be called %d times, "	\
+			"but it's called %d times",			\
+			exp_calls, mock_data.called);			\
+	TEST_ASSERT_EQUAL(0, mock_data.failed,				\
+			"Expecting sub op asserts not to fail, "	\
+			"but they're failed %d times",			\
+			mock_data.failed);				\
+} while (0)
+
+/**
+ * Assert tested function result match expected value
+ *
+ * @param   f_name	name of tested function
+ * @param   f_ret	value returned by the function
+ * @param   exp_ret	expected returned value
+ * @param   fmt		printf style format for returned value
+ */
+#define TEST_ASSERT_MOCK_FUNCTION_CALL_RET(f_name, f_ret, exp_ret, fmt)	\
+	TEST_ASSERT_EQUAL(exp_ret, f_ret, "Expecting " RTE_STR(f_name)	\
+			" to return " fmt ", but it returned " fmt	\
+			"\n", exp_ret, f_ret)
+
+/**
+ * Assert tested function result is not NULL
+ *
+ * @param   f_name	name of tested function
+ * @param   f_ret	value returned by the function
+ */
+#define TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(f_name, f_ret)		\
+	TEST_ASSERT_NOT_NULL(f_ret, "Expecting " RTE_STR(f_name)	\
+			" to return not NULL\n")
+
+/**
+ * Verify that sess_cnt counter value matches expected
+ *
+ * @param   expected_sessions_count	expected counter value
+ */
+#define TEST_ASSERT_SESSION_COUNT(expected_sessions_count) do {		\
+	struct security_unittest_params *ut_params = &unittest_params;	\
+	TEST_ASSERT_EQUAL(expected_sessions_count,			\
+			ut_params->ctx.sess_cnt,			\
+			"Expecting session counter to be %u,"		\
+			" but it's %u",	expected_sessions_count,	\
+			ut_params->ctx.sess_cnt);			\
+} while (0)
+
+/**
+ * Verify usage of mempool by checking if number of allocated objects matches
+ * expectations. The mempool is used to manage objects for sessions data.
+ * A single object is acquired from mempool during session_create
+ * and put back in session_destroy.
+ *
+ * @param   expected_mempool_usage	expected number of used mempool objects
+ */
+#define TEST_ASSERT_MEMPOOL_USAGE(expected_mempool_usage) do {		\
+	struct security_testsuite_params *ts_params = &testsuite_params;\
+	unsigned int mempool_usage;					\
+	mempool_usage = rte_mempool_in_use_count(			\
+			ts_params->session_mpool);			\
+	TEST_ASSERT_EQUAL(expected_mempool_usage, mempool_usage,	\
+			"Expecting %u mempool allocations, "		\
+			"but there are %u allocated objects",		\
+			expected_mempool_usage, mempool_usage);		\
+} while (0)
+
+
+/**
+ * Mockup structures and functions for rte_security_ops;
+ *
+ * Set of structures for controlling mockup functions calls.
+ * Every mockup function X has its corresponding X_data structure
+ * and an instance of that structure X_exp.
+ * Structure contains parameters that a mockup function is expected
+ * to be called with, a value to return (.ret) and 2 statistics:
+ * .called (number of times the mockup function was called)
+ * and .failed (number of assertion fails during mockup function call).
+ *
+ * Mockup functions verify that the parameters they are called with match
+ * expected values. The expected values should be stored in corresponding
+ * structures prior to mockup functions call. Every failure of such
+ * verification increases .failed counter. Every call of mockup function
+ * increases .called counter. Function returns value stored in .ret field
+ * of the structure.
+ * In case of some parameters in some functions the expected value is unknown
+ * and cannot be detrmined prior to call. Such parameters are stored
+ * in structure and can be compared or analyzed later in test case code.
+ *
+ * Below structures and functions follow the rules just described.
+ * Additional remarks and exceptions are added in comments.
+ */
+
+/**
+ * session_create mockup
+ *
+ * Verified parameters: device, conf, mp.
+ * Saved, not verified parameters: sess.
+ */
+static struct mock_session_create_data {
+	void *device;
+	struct rte_security_session_conf *conf;
+	struct rte_security_session *sess;
+	struct rte_mempool *mp;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_session_create_exp = {NULL, NULL, NULL, NULL, 0, 0, 0};
+
+static int
+mock_session_create(void *device,
+		struct rte_security_session_conf *conf,
+		struct rte_security_session *sess,
+		struct rte_mempool *mp)
+{
+	mock_session_create_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, device);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, conf);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_create_exp, mp);
+
+	mock_session_create_exp.sess = sess;
+
+	return mock_session_create_exp.ret;
+}
+
+/**
+ * session_destroy mockup
+ *
+ * Verified parameters: device, sess.
+ */
+static struct mock_session_destroy_data {
+	void *device;
+	struct rte_security_session *sess;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_session_destroy_exp = {NULL, NULL, 0, 0, 0};
+
+static int
+mock_session_destroy(void *device, struct rte_security_session *sess)
+{
+	mock_session_destroy_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, device);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_destroy_exp, sess);
+
+	return mock_session_destroy_exp.ret;
+}
+
+/**
+ * empty_ops
+ *
+ * is an empty security operations set (all function pointers set to NULL)
+ */
+struct rte_security_ops empty_ops = { NULL };
+
+/**
+ * mock_ops
+ *
+ * is a security operations set using mockup functions
+ */
+struct rte_security_ops mock_ops = {
+	.session_create = mock_session_create,
+	.session_destroy = mock_session_destroy,
+};
+
+
+/**
+ * Test suite and test cases setup and teardown functions.
+ */
+
+/**
+ * struct security_testsuite_params defines parameters initialized once
+ * for whole tests suite.
+ * Currently the only stored parameter is session_mpool a mempool created
+ * once in testsuite_setup and released in testsuite_teardown.
+ * The instance of this structure is stored in testsuite_params variable.
+ */
+static struct security_testsuite_params {
+	struct rte_mempool *session_mpool;
+} testsuite_params = { NULL };
+
+/**
+ * struct security_unittest_params defines parameters initialized
+ * for every test case. The parameters are initialized in ut_setup
+ * and released in ut_teardown.
+ * The instance of this structure is stored in unittest_params variable.
+ */
+static struct security_unittest_params {
+	struct rte_security_ctx ctx;
+	struct rte_security_session_conf conf;
+	struct rte_security_session *sess;
+} unittest_params = {
+	.ctx = {
+		.device = NULL,
+		.ops = &mock_ops,
+		.sess_cnt = 0,
+	},
+	.sess = NULL,
+};
+
+#define SECURITY_TEST_MEMPOOL_NAME "SecurityTestsMempoolName"
+#define SECURITY_TEST_MEMPOOL_SIZE 15
+#define SECURITY_TEST_SESSION_OBJECT_SIZE sizeof(struct rte_security_session)
+
+/**
+ * testsuite_setup initializes whole test suite parameters.
+ * It creates a new mempool used in all test cases
+ * and verifies if it properly created.
+ */
+static int
+testsuite_setup(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	ts_params->session_mpool = rte_mempool_create(
+			SECURITY_TEST_MEMPOOL_NAME,
+			SECURITY_TEST_MEMPOOL_SIZE,
+			SECURITY_TEST_SESSION_OBJECT_SIZE,
+			0, 0, NULL, NULL, NULL, NULL,
+			SOCKET_ID_ANY, 0);
+	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
+			"Cannot create mempool %s\n", rte_strerror(rte_errno));
+	return TEST_SUCCESS;
+}
+
+/**
+ * testsuite_teardown releases test suite wide parameters.
+ */
+static void
+testsuite_teardown(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	if (ts_params->session_mpool) {
+		rte_mempool_free(ts_params->session_mpool);
+		ts_params->session_mpool = NULL;
+	}
+}
+
+/**
+ * ut_setup initializes test case parameters to default values.
+ * It resets also any .called and .failed statistics of mockup functions
+ * usage.
+ */
+static int
+ut_setup(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.device = NULL;
+	ut_params->ctx.ops = &mock_ops;
+	ut_params->ctx.sess_cnt = 0;
+	ut_params->sess = NULL;
+
+	mock_session_create_exp.called = 0;
+	mock_session_destroy_exp.called = 0;
+
+	mock_session_create_exp.failed = 0;
+	mock_session_destroy_exp.failed = 0;
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * destroy_session_with_check is a helper function releasing session
+ * created with rte_security_session_create and stored in test case parameters.
+ * It's used both to release sessions created in test cases' bodies
+ * which are assigned to ut_params->sess
+ */
+static int
+destroy_session_with_check(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	if (ut_params->sess != NULL) {
+		/* Assure that mockup function for destroy operation is set. */
+		ut_params->ctx.ops = &mock_ops;
+
+		mock_session_destroy_exp.device = NULL;
+		mock_session_destroy_exp.sess = ut_params->sess;
+		mock_session_destroy_exp.ret = 0;
+		mock_session_destroy_exp.called = 0;
+		mock_session_destroy_exp.failed = 0;
+
+		int ret = rte_security_session_destroy(&ut_params->ctx,
+				ut_params->sess);
+		TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+				ret, 0, "%d");
+		TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
+
+		ut_params->sess = NULL;
+	}
+	return TEST_SUCCESS;
+}
+
+/**
+ * ut_teardown releases test case parameters.
+ */
+static void
+ut_teardown(void)
+{
+	destroy_session_with_check();
+}
+
+
+/**
+ * Test functions
+ *
+ * Each test function is related to a single test case.
+ * They are arranged by tested rte_security API function
+ * and by rte_security execution paths sequence in code.
+ */
+
+/**
+ * rte_security_session_create tests
+ */
+
+/**
+ * Test execution of rte_security_session_create with NULL instance
+ */
+static int
+test_session_create_inv_context(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	sess = rte_security_session_create(NULL, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_session_create_inv_context_ops(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	ut_params->ctx.ops = NULL;
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create with empty
+ * security operations
+ */
+static int
+test_session_create_inv_context_ops_fun(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	ut_params->ctx.ops = &empty_ops;
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create with NULL conf parameter
+ */
+static int
+test_session_create_inv_configuration(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	sess = rte_security_session_create(&ut_params->ctx, NULL,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create with NULL mp parameter
+ */
+static int
+test_session_create_inv_mempool(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create in case when mempool
+ * is fully used and no object can be got from it
+ */
+static int
+test_session_create_mempool_empty(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
+	struct rte_security_session *sess;
+
+	/* Get all available objects from mempool. */
+	int i, ret;
+	for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i) {
+		ret = rte_mempool_get(ts_params->session_mpool,
+				(void **)(&tmp[i]));
+		TEST_ASSERT_EQUAL(0, ret,
+				"Expect getting %d object from mempool"
+				" to succeed", i);
+	}
+	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(SECURITY_TEST_MEMPOOL_SIZE);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	/* Put objects back to the pool. */
+	for (i = 0; i < SECURITY_TEST_MEMPOOL_SIZE; ++i)
+		rte_mempool_put(ts_params->session_mpool, (void *)(tmp[i]));
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create when session_create
+ * security operation fails
+ */
+static int
+test_session_create_ops_failure(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	mock_session_create_exp.device = NULL;
+	mock_session_create_exp.conf = &ut_params->conf;
+	mock_session_create_exp.mp = ts_params->session_mpool;
+	mock_session_create_exp.ret = -1;	/* Return failure status. */
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
+			sess, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_create in successful execution path
+ */
+static int
+test_session_create_success(void)
+{
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_session *sess;
+
+	mock_session_create_exp.device = NULL;
+	mock_session_create_exp.conf = &ut_params->conf;
+	mock_session_create_exp.mp = ts_params->session_mpool;
+	mock_session_create_exp.ret = 0;	/* Return success status. */
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
+			sess);
+	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
+			"Expecting session_create to be called with %p sess"
+			" parameter, but it's called %p sess parameter",
+			sess, mock_session_create_exp.sess);
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	/*
+	 * Store created session in test case parameters, so it can be released
+	 * after test case in ut_teardown by destroy_session_with_check.
+	 */
+	ut_params->sess = sess;
+
+	return TEST_SUCCESS;
+}
+
+
+/**
+ * Declaration of testcases
+ */
+static struct unit_test_suite security_testsuite  = {
+	.suite_name = "generic security",
+	.setup = testsuite_setup,
+	.teardown = testsuite_teardown,
+	.unit_test_cases = {
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_session_create_inv_context),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_session_create_inv_context_ops),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_session_create_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_session_create_inv_configuration),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_session_create_inv_mempool),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_session_create_mempool_empty),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_session_create_ops_failure),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+				test_session_create_success),
+
+		TEST_CASES_END() /**< NULL terminate unit test array */
+	}
+};
+
+static int
+test_security(void)
+{
+	rte_log_set_global_level(RTE_LOG_DEBUG);
+	rte_log_set_level(RTE_LOGTYPE_EAL, RTE_LOG_DEBUG);
+
+	return unit_test_suite_runner(&security_testsuite);
+}
+
+REGISTER_TEST_COMMAND(security_autotest, test_security);
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v3 06/13] app/test: add rte security session update tests
       [not found]           ` <CGME20200409172533eucas1p252ed0cac1689b067a83589a0665c9033@eucas1p2.samsung.com>
@ 2020-04-09 17:24             ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 17:24 UTC (permalink / raw)
  Cc: dev

Add unit tests for rte_security_session_update function.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test_security.c | 229 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 229 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index 3fc83abae..daaf30b62 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -238,6 +238,36 @@ mock_session_create(void *device,
 	return mock_session_create_exp.ret;
 }
 
+/**
+ * session_update mockup
+ *
+ * Verified parameters: device, sess, conf.
+ */
+static struct mock_session_update_data {
+	void *device;
+	struct rte_security_session *sess;
+	struct rte_security_session_conf *conf;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_session_update_exp = {NULL, NULL, NULL, 0, 0, 0};
+
+static int
+mock_session_update(void *device,
+		struct rte_security_session *sess,
+		struct rte_security_session_conf *conf)
+{
+	mock_session_update_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_update_exp, device);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_update_exp, sess);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_update_exp, conf);
+
+	return mock_session_update_exp.ret;
+}
+
 /**
  * session_destroy mockup
  *
@@ -278,6 +308,7 @@ struct rte_security_ops empty_ops = { NULL };
  */
 struct rte_security_ops mock_ops = {
 	.session_create = mock_session_create,
+	.session_update = mock_session_update,
 	.session_destroy = mock_session_destroy,
 };
 
@@ -300,6 +331,7 @@ static struct security_testsuite_params {
 /**
  * struct security_unittest_params defines parameters initialized
  * for every test case. The parameters are initialized in ut_setup
+ * or ut_setup_with_session (depending on the testcase)
  * and released in ut_teardown.
  * The instance of this structure is stored in unittest_params variable.
  */
@@ -368,9 +400,11 @@ ut_setup(void)
 	ut_params->sess = NULL;
 
 	mock_session_create_exp.called = 0;
+	mock_session_update_exp.called = 0;
 	mock_session_destroy_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
+	mock_session_update_exp.failed = 0;
 	mock_session_destroy_exp.failed = 0;
 
 	return TEST_SUCCESS;
@@ -381,6 +415,7 @@ ut_setup(void)
  * created with rte_security_session_create and stored in test case parameters.
  * It's used both to release sessions created in test cases' bodies
  * which are assigned to ut_params->sess
+ * as well as sessions created in ut_setup_with_session.
  */
 static int
 destroy_session_with_check(void)
@@ -416,6 +451,46 @@ ut_teardown(void)
 	destroy_session_with_check();
 }
 
+/**
+ * ut_setup_with_session initializes test case parameters by
+ * - calling standard ut_setup,
+ * - creating a session that can be used in test case.
+ */
+static int
+ut_setup_with_session(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct security_testsuite_params *ts_params = &testsuite_params;
+	struct rte_security_session *sess;
+
+	int ret = ut_setup();
+	if (ret != TEST_SUCCESS)
+		return ret;
+
+	mock_session_create_exp.device = NULL;
+	mock_session_create_exp.conf = &ut_params->conf;
+	mock_session_create_exp.mp = ts_params->session_mpool;
+	mock_session_create_exp.ret = 0;
+
+	sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf,
+			ts_params->session_mpool);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_NOT_NULL(rte_security_session_create,
+			sess);
+	TEST_ASSERT_EQUAL(sess, mock_session_create_exp.sess,
+			"Expecting session_create to be called with %p sess"
+			" parameter, but it's called %p sess parameter",
+			sess, mock_session_create_exp.sess);
+	TEST_ASSERT_MOCK_CALLS(mock_session_create_exp, 1);
+
+	/*
+	 * Store created session in test case parameters, so it can be released
+	 * after test case in ut_teardown by destroy_session_with_check.
+	 */
+	ut_params->sess = sess;
+
+	return TEST_SUCCESS;
+}
+
 
 /**
  * Test functions
@@ -642,6 +717,145 @@ test_session_create_success(void)
 }
 
 
+/**
+ * rte_security_session_update tests
+ */
+
+/**
+ * Test execution of rte_security_session_update with NULL instance
+ */
+static int
+test_session_update_inv_context(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	int ret = rte_security_session_update(NULL, ut_params->sess,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_session_update_inv_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = NULL;
+
+	int ret = rte_security_session_update(&ut_params->ctx, ut_params->sess,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update with empty
+ * security operations
+ */
+static int
+test_session_update_inv_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = &empty_ops;
+
+	int ret = rte_security_session_update(&ut_params->ctx, ut_params->sess,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -ENOTSUP, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update with NULL conf parameter
+ */
+static int
+test_session_update_inv_configuration(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	int ret = rte_security_session_update(&ut_params->ctx, ut_params->sess,
+			NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update with NULL sess parameter
+ */
+static int
+test_session_update_inv_session(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	int ret = rte_security_session_update(&ut_params->ctx, NULL,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update when session_update
+ * security operation fails
+ */
+static int
+test_session_update_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_update_exp.device = NULL;
+	mock_session_update_exp.sess = ut_params->sess;
+	mock_session_update_exp.conf = &ut_params->conf;
+	mock_session_update_exp.ret = -1;	/* Return failure status. */
+
+	int ret = rte_security_session_update(&ut_params->ctx, ut_params->sess,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, -1, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_update in successful execution path
+ */
+static int
+test_session_update_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_update_exp.device = NULL;
+	mock_session_update_exp.sess = ut_params->sess;
+	mock_session_update_exp.conf = &ut_params->conf;
+	mock_session_update_exp.ret = 0;	/* Return success status. */
+
+	int ret = rte_security_session_update(&ut_params->ctx, ut_params->sess,
+			&ut_params->conf);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_update,
+			ret, 0, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_update_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -667,6 +881,21 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 				test_session_create_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_update_inv_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_update_inv_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_update_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_update_inv_configuration),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_update_inv_session),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_update_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_update_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v3 07/13] app/test: add rte security session get size tests
       [not found]           ` <CGME20200409172534eucas1p2ee383bc5d8efd40ea8b883b78126ed9f@eucas1p2.samsung.com>
@ 2020-04-09 17:24             ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 17:24 UTC (permalink / raw)
  Cc: dev

Add unit tests for rte_security_session_get_size function.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test_security.c | 132 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 132 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index daaf30b62..9c5e7d0da 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -268,6 +268,30 @@ mock_session_update(void *device,
 	return mock_session_update_exp.ret;
 }
 
+/**
+ * session_get_size mockup
+ *
+ * Verified parameters: device.
+ */
+static struct mock_session_get_size_data {
+	void *device;
+
+	unsigned int ret;
+
+	int called;
+	int failed;
+} mock_session_get_size_exp = {NULL, 0U, 0, 0};
+
+static unsigned int
+mock_session_get_size(void *device)
+{
+	mock_session_get_size_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_get_size_exp, device);
+
+	return mock_session_get_size_exp.ret;
+}
+
 /**
  * session_destroy mockup
  *
@@ -309,6 +333,7 @@ struct rte_security_ops empty_ops = { NULL };
 struct rte_security_ops mock_ops = {
 	.session_create = mock_session_create,
 	.session_update = mock_session_update,
+	.session_get_size = mock_session_get_size,
 	.session_destroy = mock_session_destroy,
 };
 
@@ -401,10 +426,12 @@ ut_setup(void)
 
 	mock_session_create_exp.called = 0;
 	mock_session_update_exp.called = 0;
+	mock_session_get_size_exp.called = 0;
 	mock_session_destroy_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
 	mock_session_update_exp.failed = 0;
+	mock_session_get_size_exp.failed = 0;
 	mock_session_destroy_exp.failed = 0;
 
 	return TEST_SUCCESS;
@@ -856,6 +883,100 @@ test_session_update_success(void)
 }
 
 
+/**
+ * rte_security_session_get_size tests
+ */
+
+/**
+ * Test execution of rte_security_session_get_size with NULL instance
+ */
+static int
+test_session_get_size_inv_context(void)
+{
+	unsigned int ret = rte_security_session_get_size(NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_get_size,
+			ret, 0, "%u");
+	TEST_ASSERT_MOCK_CALLS(mock_session_get_size_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_get_size with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_session_get_size_inv_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = NULL;
+
+	unsigned int ret = rte_security_session_get_size(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_get_size,
+			ret, 0, "%u");
+	TEST_ASSERT_MOCK_CALLS(mock_session_get_size_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_get_size with empty
+ * security operations
+ */
+static int
+test_session_get_size_inv_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = &empty_ops;
+
+	unsigned int ret = rte_security_session_get_size(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_get_size,
+			ret, 0, "%u");
+	TEST_ASSERT_MOCK_CALLS(mock_session_get_size_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_get_size when session_get_size
+ * security operation fails
+ */
+static int
+test_session_get_size_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_get_size_exp.device = NULL;
+	mock_session_get_size_exp.ret = 0;
+
+	unsigned int ret = rte_security_session_get_size(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_get_size,
+			ret, 0, "%u");
+	TEST_ASSERT_MOCK_CALLS(mock_session_get_size_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_get_size in successful execution path
+ */
+static int
+test_session_get_size_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_get_size_exp.device = NULL;
+	mock_session_get_size_exp.ret = 1024;
+
+	unsigned int ret = rte_security_session_get_size(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_get_size,
+			ret, 1024U, "%u");
+	TEST_ASSERT_MOCK_CALLS(mock_session_get_size_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -896,6 +1017,17 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_session_update_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_get_size_inv_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_get_size_inv_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_get_size_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_get_size_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_get_size_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v3 08/13] app/test: add rte security session stats get tests
       [not found]           ` <CGME20200409172534eucas1p2852ae56687fd5bae343437b07198c070@eucas1p2.samsung.com>
@ 2020-04-09 17:24             ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 17:24 UTC (permalink / raw)
  Cc: dev

Add unit tests for rte_security_session_stats_get function.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test_security.c | 173 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 173 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index 9c5e7d0da..c495449b0 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -292,6 +292,36 @@ mock_session_get_size(void *device)
 	return mock_session_get_size_exp.ret;
 }
 
+/**
+ * session_stats_get mockup
+ *
+ * Verified parameters: device, sess, stats.
+ */
+static struct mock_session_stats_get_data {
+	void *device;
+	struct rte_security_session *sess;
+	struct rte_security_stats *stats;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_session_stats_get_exp = {NULL, NULL, NULL, 0, 0, 0};
+
+static int
+mock_session_stats_get(void *device,
+		struct rte_security_session *sess,
+		struct rte_security_stats *stats)
+{
+	mock_session_stats_get_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_stats_get_exp, device);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_stats_get_exp, sess);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_session_stats_get_exp, stats);
+
+	return mock_session_stats_get_exp.ret;
+}
+
 /**
  * session_destroy mockup
  *
@@ -334,6 +364,7 @@ struct rte_security_ops mock_ops = {
 	.session_create = mock_session_create,
 	.session_update = mock_session_update,
 	.session_get_size = mock_session_get_size,
+	.session_stats_get = mock_session_stats_get,
 	.session_destroy = mock_session_destroy,
 };
 
@@ -427,11 +458,13 @@ ut_setup(void)
 	mock_session_create_exp.called = 0;
 	mock_session_update_exp.called = 0;
 	mock_session_get_size_exp.called = 0;
+	mock_session_stats_get_exp.called = 0;
 	mock_session_destroy_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
 	mock_session_update_exp.failed = 0;
 	mock_session_get_size_exp.failed = 0;
+	mock_session_stats_get_exp.failed = 0;
 	mock_session_destroy_exp.failed = 0;
 
 	return TEST_SUCCESS;
@@ -977,6 +1010,133 @@ test_session_get_size_success(void)
 }
 
 
+/**
+ * rte_security_session_stats_get tests
+ */
+
+/**
+ * Test execution of rte_security_session_stats_get with NULL instance
+ */
+static int
+test_session_stats_get_inv_context(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_stats stats;
+
+	int ret = rte_security_session_stats_get(NULL, ut_params->sess, &stats);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_stats_get with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_session_stats_get_inv_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_stats stats;
+	ut_params->ctx.ops = NULL;
+
+	int ret = rte_security_session_stats_get(&ut_params->ctx,
+			ut_params->sess, &stats);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_stats_get with empty
+ * security operations
+ */
+static int
+test_session_stats_get_inv_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_stats stats;
+	ut_params->ctx.ops = &empty_ops;
+
+	int ret = rte_security_session_stats_get(&ut_params->ctx,
+			ut_params->sess, &stats);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, -ENOTSUP, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_stats_get with NULL stats parameter
+ */
+static int
+test_session_stats_get_inv_stats(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	int ret = rte_security_session_stats_get(&ut_params->ctx,
+			ut_params->sess, NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_stats_get when session_stats_get
+ * security operation fails
+ */
+static int
+test_session_stats_get_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_stats stats;
+
+	mock_session_stats_get_exp.device = NULL;
+	mock_session_stats_get_exp.sess = ut_params->sess;
+	mock_session_stats_get_exp.stats = &stats;
+	mock_session_stats_get_exp.ret = -1;
+
+	int ret = rte_security_session_stats_get(&ut_params->ctx,
+			ut_params->sess, &stats);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, -1, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_stats_get in successful execution
+ * path
+ */
+static int
+test_session_stats_get_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_stats stats;
+
+	mock_session_stats_get_exp.device = NULL;
+	mock_session_stats_get_exp.sess = ut_params->sess;
+	mock_session_stats_get_exp.stats = &stats;
+	mock_session_stats_get_exp.ret = 0;
+
+	int ret = rte_security_session_stats_get(&ut_params->ctx,
+			ut_params->sess, &stats);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_stats_get,
+			ret, 0, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_stats_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -1028,6 +1188,19 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_session_get_size_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_stats_get_inv_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_stats_get_inv_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_stats_get_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_stats_get_inv_stats),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_stats_get_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_stats_get_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v3 09/13] app/test: add rte security session destroy tests
       [not found]           ` <CGME20200409172535eucas1p152b3d17bd9d2194f9f2669116130331d@eucas1p1.samsung.com>
@ 2020-04-09 17:24             ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 17:24 UTC (permalink / raw)
  Cc: dev

Add unit tests for rte_security_session_destroy function.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test_security.c | 166 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 166 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index c495449b0..b1a907bd9 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -1137,6 +1137,159 @@ test_session_stats_get_success(void)
 }
 
 
+/**
+ * rte_security_session_destroy tests
+ */
+
+/**
+ * Test execution of rte_security_session_destroy with NULL instance
+ */
+static int
+test_session_destroy_inv_context(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(NULL, ut_params->sess);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_destroy with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_session_destroy_inv_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = NULL;
+
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(&ut_params->ctx,
+			ut_params->sess);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_destroy with empty
+ * security operations
+ */
+static int
+test_session_destroy_inv_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = &empty_ops;
+
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(&ut_params->ctx,
+			ut_params->sess);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, -ENOTSUP, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_destroy with NULL sess parameter
+ */
+static int
+test_session_destroy_inv_session(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(&ut_params->ctx, NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 0);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_destroy when session_destroy
+ * security operation fails
+ */
+static int
+test_session_destroy_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_destroy_exp.device = NULL;
+	mock_session_destroy_exp.sess = ut_params->sess;
+	mock_session_destroy_exp.ret = -1;
+
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(&ut_params->ctx,
+			ut_params->sess);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, -1, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_session_destroy in successful execution path
+ */
+static int
+test_session_destroy_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_session_destroy_exp.device = NULL;
+	mock_session_destroy_exp.sess = ut_params->sess;
+	mock_session_destroy_exp.ret = 0;
+	TEST_ASSERT_MEMPOOL_USAGE(1);
+	TEST_ASSERT_SESSION_COUNT(1);
+
+	int ret = rte_security_session_destroy(&ut_params->ctx,
+			ut_params->sess);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_destroy,
+			ret, 0, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_session_destroy_exp, 1);
+	TEST_ASSERT_MEMPOOL_USAGE(0);
+	TEST_ASSERT_SESSION_COUNT(0);
+
+	/*
+	 * Remove session from test case parameters, so it won't be destroyed
+	 * during test case teardown.
+	 */
+	ut_params->sess = NULL;
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -1201,6 +1354,19 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_session_stats_get_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_destroy_inv_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_destroy_inv_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_destroy_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_destroy_inv_session),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_destroy_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_session_destroy_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v3 10/13] app/test: add rte security set pkt metadata tests
       [not found]           ` <CGME20200409172535eucas1p2c215489de77c708fc0bec6b9e2e3dd6d@eucas1p2.samsung.com>
@ 2020-04-09 17:24             ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 17:24 UTC (permalink / raw)
  Cc: dev

Add unit tests for rte_security_set_pkt_metadata function.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test_security.c | 201 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 201 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index b1a907bd9..193ab2ba9 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -348,6 +348,39 @@ mock_session_destroy(void *device, struct rte_security_session *sess)
 	return mock_session_destroy_exp.ret;
 }
 
+/**
+ * set_pkt_metadata mockup
+ *
+ * Verified parameters: device, sess, m, params.
+ */
+static struct mock_set_pkt_metadata_data {
+	void *device;
+	struct rte_security_session *sess;
+	struct rte_mbuf *m;
+	void *params;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_set_pkt_metadata_exp = {NULL, NULL, NULL, NULL, 0, 0, 0};
+
+static int
+mock_set_pkt_metadata(void *device,
+		struct rte_security_session *sess,
+		struct rte_mbuf *m,
+		void *params)
+{
+	mock_set_pkt_metadata_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_set_pkt_metadata_exp, device);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_set_pkt_metadata_exp, sess);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_set_pkt_metadata_exp, m);
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_set_pkt_metadata_exp, params);
+
+	return mock_set_pkt_metadata_exp.ret;
+}
+
 /**
  * empty_ops
  *
@@ -366,6 +399,7 @@ struct rte_security_ops mock_ops = {
 	.session_get_size = mock_session_get_size,
 	.session_stats_get = mock_session_stats_get,
 	.session_destroy = mock_session_destroy,
+	.set_pkt_metadata = mock_set_pkt_metadata,
 };
 
 
@@ -460,12 +494,14 @@ ut_setup(void)
 	mock_session_get_size_exp.called = 0;
 	mock_session_stats_get_exp.called = 0;
 	mock_session_destroy_exp.called = 0;
+	mock_set_pkt_metadata_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
 	mock_session_update_exp.failed = 0;
 	mock_session_get_size_exp.failed = 0;
 	mock_session_stats_get_exp.failed = 0;
 	mock_session_destroy_exp.failed = 0;
+	mock_set_pkt_metadata_exp.failed = 0;
 
 	return TEST_SUCCESS;
 }
@@ -1290,6 +1326,158 @@ test_session_destroy_success(void)
 }
 
 
+/**
+ * rte_security_set_pkt_metadata tests
+ */
+
+/**
+ * Test execution of rte_security_set_pkt_metadata with NULL instance
+ */
+static int
+test_set_pkt_metadata_inv_context(void)
+{
+#ifdef RTE_DEBUG
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+
+	int ret = rte_security_set_pkt_metadata(NULL, ut_params->sess, &m,
+			&params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 0);
+
+	return TEST_SUCCESS;
+#else
+	return TEST_SKIPPED;
+#endif
+}
+
+/**
+ * Test execution of rte_security_set_pkt_metadata with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_set_pkt_metadata_inv_context_ops(void)
+{
+#ifdef RTE_DEBUG
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+	ut_params->ctx.ops = NULL;
+
+	int ret = rte_security_set_pkt_metadata(&ut_params->ctx,
+			ut_params->sess, &m, &params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 0);
+
+	return TEST_SUCCESS;
+#else
+	return TEST_SKIPPED;
+#endif
+}
+
+/**
+ * Test execution of rte_security_set_pkt_metadata with empty
+ * security operations
+ */
+static int
+test_set_pkt_metadata_inv_context_ops_fun(void)
+{
+#ifdef RTE_DEBUG
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+	ut_params->ctx.ops = &empty_ops;
+
+	int ret = rte_security_set_pkt_metadata(&ut_params->ctx,
+			ut_params->sess, &m, &params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, -ENOTSUP, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 0);
+
+	return TEST_SUCCESS;
+#else
+	return TEST_SKIPPED;
+#endif
+}
+
+/**
+ * Test execution of rte_security_set_pkt_metadata with NULL sess parameter
+ */
+static int
+test_set_pkt_metadata_inv_session(void)
+{
+#ifdef RTE_DEBUG
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+
+	int ret = rte_security_set_pkt_metadata(&ut_params->ctx, NULL,
+			&m, &params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, -EINVAL, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 0);
+
+	return TEST_SUCCESS;
+#else
+	return TEST_SKIPPED;
+#endif
+}
+
+/**
+ * Test execution of rte_security_set_pkt_metadata when set_pkt_metadata
+ * security operation fails
+ */
+static int
+test_set_pkt_metadata_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+
+	mock_set_pkt_metadata_exp.device = NULL;
+	mock_set_pkt_metadata_exp.sess = ut_params->sess;
+	mock_set_pkt_metadata_exp.m = &m;
+	mock_set_pkt_metadata_exp.params = &params;
+	mock_set_pkt_metadata_exp.ret = -1;
+
+	int ret = rte_security_set_pkt_metadata(&ut_params->ctx,
+			ut_params->sess, &m, &params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, -1, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_set_pkt_metadata in successful execution path
+ */
+static int
+test_set_pkt_metadata_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_mbuf m;
+	int params;
+
+	mock_set_pkt_metadata_exp.device = NULL;
+	mock_set_pkt_metadata_exp.sess = ut_params->sess;
+	mock_set_pkt_metadata_exp.m = &m;
+	mock_set_pkt_metadata_exp.params = &params;
+	mock_set_pkt_metadata_exp.ret = 0;
+
+	int ret = rte_security_set_pkt_metadata(&ut_params->ctx,
+			ut_params->sess, &m, &params);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_set_pkt_metadata,
+			ret, 0, "%d");
+	TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -1367,6 +1555,19 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_session_destroy_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_set_pkt_metadata_inv_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_set_pkt_metadata_inv_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_set_pkt_metadata_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_set_pkt_metadata_inv_session),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_set_pkt_metadata_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_set_pkt_metadata_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v3 11/13] app/test: add rte security get userdata tests
       [not found]           ` <CGME20200409172536eucas1p282854dae8a3b6cceafdea5e2f4fa0896@eucas1p2.samsung.com>
@ 2020-04-09 17:25             ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 17:25 UTC (permalink / raw)
  Cc: dev

Add unit tests for rte_security_get_userdata function.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test_security.c | 191 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 191 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index 193ab2ba9..53b9e122e 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -76,6 +76,19 @@
 #define MOCK_TEST_ASSERT_EQUAL(fail_counter, a, b, msg, ...)	\
 	MOCK_TEST_ASSERT(fail_counter, (a) == (b), msg, ##__VA_ARGS__)
 
+/**
+ * Verify not null condition inside mocked up function.
+ * Mockup function cannot return a test error, so the failure
+ * of assertion increases counter and print logs.
+ * The counter can be verified later to check if test case should fail.
+ *
+ * @param   fail_counter	fail counter
+ * @param   val	value expected not to be NULL
+ * @param   msg	printf style formatting string for custom message
+ */
+#define MOCK_TEST_ASSERT_NOT_NULL(fail_counter, val, msg, ...)	\
+	MOCK_TEST_ASSERT(fail_counter, (val) != NULL, msg, ##__VA_ARGS__)
+
 
 /**
  * Verify if parameter of the mocked up function matches expected value.
@@ -101,6 +114,15 @@
 #define MOCK_TEST_ASSERT_POINTER_PARAMETER(data, parameter)	\
 	MOCK_TEST_ASSERT_PARAMETER(data, parameter, "%p")
 
+/**
+ * Wrap for MOCK_TEST_ASSERT_PARAMETER macro for uint64_t type parameters.
+ *
+ * @param   data	structure with expected values
+ * @param   parameter	name of the parameter (both field and parameter name)
+ */
+#define MOCK_TEST_ASSERT_U64_PARAMETER(data, parameter)	\
+	MOCK_TEST_ASSERT_PARAMETER(data, parameter, "%" PRIu64)
+
 /**
  * Verify number of calls of the mocked up function
  * and check if there were any fails during execution.
@@ -381,6 +403,43 @@ mock_set_pkt_metadata(void *device,
 	return mock_set_pkt_metadata_exp.ret;
 }
 
+/**
+ * get_userdata mockup
+ *
+ * Verified parameters: device, md.
+ * The userdata parameter works as an output parameter, so a passed address
+ * is verified not to be NULL and filled with userdata stored in structure.
+ */
+static struct mock_get_userdata_data {
+	void *device;
+	uint64_t md;
+	void *userdata;
+
+	int ret;
+
+	int called;
+	int failed;
+} mock_get_userdata_exp = {NULL, 0UL, NULL, 0, 0, 0};
+
+static int
+mock_get_userdata(void *device,
+		uint64_t md,
+		void **userdata)
+{
+	mock_get_userdata_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_get_userdata_exp, device);
+	MOCK_TEST_ASSERT_U64_PARAMETER(mock_get_userdata_exp, md);
+
+	MOCK_TEST_ASSERT_NOT_NULL(mock_get_userdata_exp.failed,
+			userdata,
+			"Expecting parameter userdata not to be NULL but it's %p",
+			userdata);
+	*userdata = mock_get_userdata_exp.userdata;
+
+	return mock_get_userdata_exp.ret;
+}
+
 /**
  * empty_ops
  *
@@ -400,6 +459,7 @@ struct rte_security_ops mock_ops = {
 	.session_stats_get = mock_session_stats_get,
 	.session_destroy = mock_session_destroy,
 	.set_pkt_metadata = mock_set_pkt_metadata,
+	.get_userdata = mock_get_userdata,
 };
 
 
@@ -495,6 +555,7 @@ ut_setup(void)
 	mock_session_stats_get_exp.called = 0;
 	mock_session_destroy_exp.called = 0;
 	mock_set_pkt_metadata_exp.called = 0;
+	mock_get_userdata_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
 	mock_session_update_exp.failed = 0;
@@ -502,6 +563,7 @@ ut_setup(void)
 	mock_session_stats_get_exp.failed = 0;
 	mock_session_destroy_exp.failed = 0;
 	mock_set_pkt_metadata_exp.failed = 0;
+	mock_get_userdata_exp.failed = 0;
 
 	return TEST_SUCCESS;
 }
@@ -1478,6 +1540,124 @@ test_set_pkt_metadata_success(void)
 }
 
 
+/**
+ * rte_security_get_userdata tests
+ */
+
+/**
+ * Test execution of rte_security_get_userdata with NULL instance
+ */
+static int
+test_get_userdata_inv_context(void)
+{
+#ifdef RTE_DEBUG
+	uint64_t md = 0xDEADBEEF;
+
+	void *ret = rte_security_get_userdata(NULL, md);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 0);
+
+	return TEST_SUCCESS;
+#else
+	return TEST_SKIPPED;
+#endif
+}
+
+/**
+ * Test execution of rte_security_get_userdata with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_get_userdata_inv_context_ops(void)
+{
+#ifdef RTE_DEBUG
+	struct security_unittest_params *ut_params = &unittest_params;
+	uint64_t md = 0xDEADBEEF;
+	ut_params->ctx.ops = NULL;
+
+	void *ret = rte_security_get_userdata(&ut_params->ctx, md);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 0);
+
+	return TEST_SUCCESS;
+#else
+	return TEST_SKIPPED;
+#endif
+}
+
+/**
+ * Test execution of rte_security_get_userdata with empty
+ * security operations
+ */
+static int
+test_get_userdata_inv_context_ops_fun(void)
+{
+#ifdef RTE_DEBUG
+	struct security_unittest_params *ut_params = &unittest_params;
+	uint64_t md = 0xDEADBEEF;
+	ut_params->ctx.ops = &empty_ops;
+
+	void *ret = rte_security_get_userdata(&ut_params->ctx, md);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 0);
+
+	return TEST_SUCCESS;
+#else
+	return TEST_SKIPPED;
+#endif
+}
+
+/**
+ * Test execution of rte_security_get_userdata when get_userdata
+ * security operation fails
+ */
+static int
+test_get_userdata_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	uint64_t md = 0xDEADBEEF;
+	void *userdata = (void *)0x7E577E57;
+
+	mock_get_userdata_exp.device = NULL;
+	mock_get_userdata_exp.md = md;
+	mock_get_userdata_exp.userdata = userdata;
+	mock_get_userdata_exp.ret = -1;
+
+	void *ret = rte_security_get_userdata(&ut_params->ctx, md);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_get_userdata in successful execution path
+ */
+static int
+test_get_userdata_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	uint64_t md = 0xDEADBEEF;
+	void *userdata = (void *)0x7E577E57;
+
+	mock_get_userdata_exp.device = NULL;
+	mock_get_userdata_exp.md = md;
+	mock_get_userdata_exp.userdata = userdata;
+	mock_get_userdata_exp.ret = 0;
+
+	void *ret = rte_security_get_userdata(&ut_params->ctx, md);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata,
+			ret, userdata, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -1568,6 +1748,17 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_set_pkt_metadata_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_get_userdata_inv_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_get_userdata_inv_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_get_userdata_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_get_userdata_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_get_userdata_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v3 12/13] app/test: add rte security capabilities get tests
       [not found]           ` <CGME20200409172536eucas1p1396c04fb7a9fb80db2a5670f8f3453bb@eucas1p1.samsung.com>
@ 2020-04-09 17:25             ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 17:25 UTC (permalink / raw)
  Cc: dev

Add unit tests for rte_security_capabilities_get function.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test_security.c | 138 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 138 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index 53b9e122e..3570da2a2 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -440,6 +440,30 @@ mock_get_userdata(void *device,
 	return mock_get_userdata_exp.ret;
 }
 
+/**
+ * capabilities_get mockup
+ *
+ * Verified parameters: device.
+ */
+static struct mock_capabilities_get_data {
+	void *device;
+
+	struct rte_security_capability *ret;
+
+	int called;
+	int failed;
+} mock_capabilities_get_exp = {NULL, NULL, 0, 0};
+
+static const struct rte_security_capability *
+mock_capabilities_get(void *device)
+{
+	mock_capabilities_get_exp.called++;
+
+	MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_capabilities_get_exp, device);
+
+	return mock_capabilities_get_exp.ret;
+}
+
 /**
  * empty_ops
  *
@@ -460,6 +484,7 @@ struct rte_security_ops mock_ops = {
 	.session_destroy = mock_session_destroy,
 	.set_pkt_metadata = mock_set_pkt_metadata,
 	.get_userdata = mock_get_userdata,
+	.capabilities_get = mock_capabilities_get,
 };
 
 
@@ -556,6 +581,7 @@ ut_setup(void)
 	mock_session_destroy_exp.called = 0;
 	mock_set_pkt_metadata_exp.called = 0;
 	mock_get_userdata_exp.called = 0;
+	mock_capabilities_get_exp.called = 0;
 
 	mock_session_create_exp.failed = 0;
 	mock_session_update_exp.failed = 0;
@@ -564,6 +590,7 @@ ut_setup(void)
 	mock_session_destroy_exp.failed = 0;
 	mock_set_pkt_metadata_exp.failed = 0;
 	mock_get_userdata_exp.failed = 0;
+	mock_capabilities_get_exp.failed = 0;
 
 	return TEST_SUCCESS;
 }
@@ -1658,6 +1685,106 @@ test_get_userdata_success(void)
 }
 
 
+/**
+ * rte_security_capabilities_get tests
+ */
+
+/**
+ * Test execution of rte_security_capabilities_get with NULL instance
+ */
+static int
+test_capabilities_get_inv_context(void)
+{
+	const struct rte_security_capability *ret;
+	ret = rte_security_capabilities_get(NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capabilities_get with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_capabilities_get_inv_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = NULL;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capabilities_get(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capabilities_get with empty
+ * security operations
+ */
+static int
+test_capabilities_get_inv_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	ut_params->ctx.ops = &empty_ops;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capabilities_get(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capabilities_get when capabilities_get
+ * security operation fails
+ */
+static int
+test_capabilities_get_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = NULL;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capabilities_get(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capabilities_get in successful execution path
+ */
+static int
+test_capabilities_get_success(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability capabilities;
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = &capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capabilities_get(&ut_params->ctx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get,
+			ret, &capabilities, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+
 /**
  * Declaration of testcases
  */
@@ -1759,6 +1886,17 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_get_userdata_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capabilities_get_inv_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capabilities_get_inv_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capabilities_get_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capabilities_get_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capabilities_get_success),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* [dpdk-dev] [PATCH v3 13/13] app/test: add rte security capability get tests
       [not found]           ` <CGME20200409172538eucas1p1dcd99eeedf6fca44c2e2e53e94b08d91@eucas1p1.samsung.com>
@ 2020-04-09 17:25             ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-09 17:25 UTC (permalink / raw)
  Cc: dev

Add unit tests for rte_security_capability_get function.

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
---
 app/test/test_security.c | 522 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 522 insertions(+)

diff --git a/app/test/test_security.c b/app/test/test_security.c
index 3570da2a2..724ce56f4 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -1785,6 +1785,497 @@ test_capabilities_get_success(void)
 }
 
 
+/**
+ * rte_security_capability_get tests
+ */
+
+/**
+ * Test execution of rte_security_capability_get with NULL instance
+ */
+static int
+test_capability_get_inv_context(void)
+{
+	struct rte_security_capability_idx idx;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(NULL, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get with invalid
+ * security operations structure (NULL)
+ */
+static int
+test_capability_get_inv_context_ops(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx;
+	ut_params->ctx.ops = NULL;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get with empty
+ * security operations
+ */
+static int
+test_capability_get_inv_context_ops_fun(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx;
+	ut_params->ctx.ops = &empty_ops;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get with NULL idx parameter
+ */
+static int
+test_capability_get_inv_idx(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, NULL);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities_get
+ * security operation fails
+ */
+static int
+test_capability_get_ops_failure(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx;
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = NULL;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * is empty (contains only RTE_SECURITY_ACTION_TYPE_NONE ending entry)
+ */
+static int
+test_capability_get_empty_table(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx;
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching action
+ */
+static int
+test_capability_get_no_matching_action(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching protocol
+ */
+static int
+test_capability_get_no_matching_protocol(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when macsec protocol
+ * is searched and capabilities table contain proper entry.
+ * However macsec records search is not supported in rte_security.
+ */
+static int
+test_capability_get_no_support_for_macsec(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching ipsec proto field
+ */
+static int
+test_capability_get_ipsec_mismatch_proto(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+			.ipsec = {
+				.proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching ipsec mode field
+ */
+static int
+test_capability_get_ipsec_mismatch_mode(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+			.ipsec = {
+				.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+				.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching ipsec direction field
+ */
+static int
+test_capability_get_ipsec_mismatch_dir(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+			.ipsec = {
+				.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+				.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+				.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * contains matching ipsec entry
+ */
+static int
+test_capability_get_ipsec_match(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+			.ipsec = {
+				.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+				.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+				.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, &capabilities[1], "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * does not contain entry with matching pdcp domain field
+ */
+static int
+test_capability_get_pdcp_mismatch_domain(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp = {
+			.domain = RTE_SECURITY_PDCP_MODE_CONTROL,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+			.pdcp = {
+				.domain = RTE_SECURITY_PDCP_MODE_DATA,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, NULL, "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
+/**
+ * Test execution of rte_security_capability_get when capabilities table
+ * contains matching pdcp entry
+ */
+static int
+test_capability_get_pdcp_match(void)
+{
+	struct security_unittest_params *ut_params = &unittest_params;
+	struct rte_security_capability_idx idx = {
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp = {
+			.domain = RTE_SECURITY_PDCP_MODE_CONTROL,
+		},
+	};
+	struct rte_security_capability capabilities[] = {
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+			.pdcp = {
+				.domain = RTE_SECURITY_PDCP_MODE_CONTROL,
+			},
+		},
+		{
+			.action = RTE_SECURITY_ACTION_TYPE_NONE,
+		},
+	};
+
+	mock_capabilities_get_exp.device = NULL;
+	mock_capabilities_get_exp.ret = capabilities;
+
+	const struct rte_security_capability *ret;
+	ret = rte_security_capability_get(&ut_params->ctx, &idx);
+	TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get,
+			ret, &capabilities[1], "%p");
+	TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1);
+
+	return TEST_SUCCESS;
+}
+
 /**
  * Declaration of testcases
  */
@@ -1897,6 +2388,37 @@ static struct unit_test_suite security_testsuite  = {
 		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
 				test_capabilities_get_success),
 
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_inv_context),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_inv_context_ops),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_inv_context_ops_fun),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_inv_idx),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_ops_failure),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_empty_table),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_no_matching_action),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_no_matching_protocol),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_no_support_for_macsec),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_ipsec_mismatch_proto),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_ipsec_mismatch_mode),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_ipsec_mismatch_dir),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_ipsec_match),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_pdcp_mismatch_domain),
+		TEST_CASE_ST(ut_setup_with_session, ut_teardown,
+				test_capability_get_pdcp_match),
+
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [EXT] Re: [PATCH v2 01/13] security: fix verification of parameters
  2020-04-09 16:10                                   ` Lukasz Wojciechowski
@ 2020-04-10  8:45                                     ` Bruce Richardson
  0 siblings, 0 replies; 80+ messages in thread
From: Bruce Richardson @ 2020-04-10  8:45 UTC (permalink / raw)
  To: Lukasz Wojciechowski
  Cc: Thomas Monjalon, Anoob Joseph, Akhil Goyal, Declan Doherty,
	Aviad Yehezkel, Boris Pismenny, Radu Nicolau, Anoob Joseph, dev,
	stable

On Thu, Apr 09, 2020 at 06:10:11PM +0200, Lukasz Wojciechowski wrote:
> 
> W dniu 09.04.2020 o 17:22, Thomas Monjalon pisze:
> > 09/04/2020 16:21, Lukasz Wojciechowski:
> >> W dniu 09.04.2020 o 16:07, Lukasz Wojciechowski pisze:
> >>> W dniu 09.04.2020 o 13:13, Bruce Richardson pisze:
> >>>> On Thu, Apr 09, 2020 at 12:54:10PM +0200, Thomas Monjalon wrote:
> >>>>> 09/04/2020 12:14, Bruce Richardson:
> >>>>>> On Wed, Apr 08, 2020 at 07:51:35PM +0200, Thomas Monjalon wrote:
> >>>>>>> 08/04/2020 17:49, Lukasz Wojciechowski:
> >>>>>>>> Hi guys,
> >>>>>>>>
> >>>>>>>> I don't know what is the current status of "legacy" build using
> >>>>>>>> gnumakes, so I added the new DEBUG flag to config just as it was
> >>>>>>>> done in
> >>>>>>>> other libs like eventdev.
> >>>>>>>> Many guides still point config files as the one that should be
> >>>>>>>> changed
> >>>>>>>> in order to enable some features, so I thought I should add it
> >>>>>>>> there.
> >>>>>>>>
> >>>>>>>> If I understand well the official build system now is the one
> >>>>>>>> based on
> >>>>>>>> using meson and ninja, however it hasn't got anything similar to the
> >>>>>>>> gnamakefiles system, e.g.
> >>>>>>>> in the meson.build file for libraries all the libraries have build
> >>>>>>>> variable set to true and there are few ifs that check it, but as
> >>>>>>>> it's
> >>>>>>>> set to true all libraries build always.
> >>>>>>>> And each library considered there defines RTE_LIBRTE_[LIBRARY_NAME].
> >>>>>>>> It's kind of weird.
> >>>>>>>>
> >>>>>>>>       foreach l:libraries
> >>>>>>>>       *    build = true**
> >>>>>>>>       *    reason = '<unknown reason>' # set if build == false to
> >>>>>>>> explain why
> >>>>>>>>            ...
> >>>>>>>>       *    if not build*
> >>>>>>>>                dpdk_libs_disabled += name
> >>>>>>>>                set_variable(name.underscorify() +
> >>>>>>>> '_disable_reason', reason)
> >>>>>>>>            else
> >>>>>>>>                enabled_libs += name
> >>>>>>>>       *dpdk_conf.set('RTE_LIBRTE_' + name.to_upper(), 1)*
> >>>>>>>>            ...
> >>>>>>>>
> >>>>>>>> Have you think about reusing config files in meson configuration and
> >>>>>>>> have a single point of configuration? Of course all meson flags can
> >>>>>>>> overwrite the default config.
> >>>>>>> This is on purpose.
> >>>>>>> We are removing most of compile-time options with meson.
> >>>>>>>
> >>>>>>> I think we can use a global option for debug-specific code.
> >>>>>>> Bruce, what do you recommend?
> >>>>>>>
> >>>>>> Meson has a built-in global debug setting which could be used.
> >>>>>> However,
> >>>>>> that may be too course-grained. If that is the case there are a
> >>>>>> couple of
> >>>>>> options:
> >>>>>>
> >>>>>> 1 Each library can have it's own debug flag defined, which is set on
> >>>>>>     the commandline in CFLAGS. Can be done right now - just reuse
> >>>>>> any of the
> >>>>>>     debug variables in the existing make config files (stripping off
> >>>>>> the
> >>>>>>     CONFIG_), e.g. CFLAGS=-DRTE_MALLOC_DEBUG
> >>>>>> 2 Since that is perhaps not the most usable - though easiest to
> >>>>>> implement -
> >>>>>>     we can look to add a general debug option (or couple of options) in
> >>>>>>     meson, e.g. debug_libs=, debug_drivers=, where each option takes
> >>>>>> a list of
> >>>>>>     libs or drivers to pass the debug flags to. This will require a
> >>>>>> little
> >>>>>>     work in the meson build infrastructure, but is not that hard.
> >>>>>> The harder
> >>>>>>     part is standardizing the debug flags across all components.
> >>>>>>
> >>>>>> The advantage of #1 is that it works today and just needs some
> >>>>>> documentation for each lib/driver what it's debug flags are. The
> >>>>>> advantage
> >>>>>> of #2 is more usability, but it requires a lot more work to
> >>>>>> standardize
> >>>>>> IMHO.
> >>>>> In this case, we need a general option as the one already provided
> >>>>> by meson.
> >>>>> It means: "I am not in production, I want to see anything behaving
> >>>>> wrong
> >>>>> in the datapath."
> >>>>> "Anything" means we don't need a per-library switch.
> >>>>> And for the other needs (out of fast path), we have a new function:
> >>>>>      rte_log_can_log(mylogtype, RTE_LOG_DEBUG)
> >>>>>
> >>>> To use the general option in meson something like below is probably all
> >>>> that is needed to flag the debug build to all components:
> >>>>
> >>>> diff --git a/config/meson.build b/config/meson.build
> >>>> index 49482091d..b01cd1251 100644
> >>>> --- a/config/meson.build
> >>>> +++ b/config/meson.build
> >>>> @@ -176,6 +176,10 @@ endif
> >>>>    # add -include rte_config to cflags
> >>>>    add_project_arguments('-include', 'rte_config.h', language: 'c')
> >>>>
> >>>> +if get_option('debug')
> >>>> +       add_project_arguments('-DDEBUG', language: 'c')
> >>>> +endif
> >>>> +
> >>> This will conflict with DEBUG define for log level.
> >> Just to be more precise, the log level is defined as RTE_LOG_DEBUG, but
> >> in few places you can find something like:
> >> #define NTB_LOG(level, fmt, args...) \
> >>       rte_log(RTE_LOG_ ## level, ntb_logtype,    "%s(): " fmt "\n", \
> >>
> >>           __func__, ##args)
> >>
> >> and usage like this:
> >> NTB_LOG(DEBUG, "Link is not up.");
> > This is not a conflict.
> > The compiler sees only RTE_LOG_DEBUG.
> >
> > Anyway the right name for the general flag should be RTE_DEBUG.
> >
> Ok, I'll use RTE_DEBUG.
> 
> @Bruce Is it ok, so that I would create a patch for meson.build?

Sure. Setting RTE_DEBUG at top level when a debug build is set is probably
a good idea.

/Bruce

^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH v3 01/13] security: fix verification of parameters
  2020-04-09 17:24             ` [dpdk-dev] [PATCH v3 01/13] security: fix verification of parameters Lukasz Wojciechowski
@ 2020-04-13 15:42               ` Anoob Joseph
  0 siblings, 0 replies; 80+ messages in thread
From: Anoob Joseph @ 2020-04-13 15:42 UTC (permalink / raw)
  To: Lukasz Wojciechowski, Akhil Goyal, Declan Doherty,
	Aviad Yehezkel, Radu Nicolau, Boris Pismenny, Anoob Joseph
  Cc: dev, stable


> This patch adds verification of the parameters to the ret_security API functions.
> All required parameters are checked if they are not NULL.
> 
> Checks verify full chain of pointers, e.g. in case of verification of "instance->ops-
> >session_XXX", they check also "instance"
> and "instance->ops".
> 
> Fixes: c261d1431bd8 ("security: introduce security API and framework")
> Cc: akhil.goyal@nxp.com
> 
> Fixes: 1a08c379b9b5 ("security: support user data retrieval")
> Cc: anoob.joseph@caviumnetworks.com
> 
> Cc: stable@dpdk.org
> 
> Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>

Acked-by: Anoob Joseph <anoobj@marvell.com>

^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH v3 02/13] security: fix return types in documentation
  2020-04-09 17:24             ` [dpdk-dev] [PATCH v3 02/13] security: fix return types in documentation Lukasz Wojciechowski
@ 2020-04-13 15:43               ` Anoob Joseph
  0 siblings, 0 replies; 80+ messages in thread
From: Anoob Joseph @ 2020-04-13 15:43 UTC (permalink / raw)
  To: Lukasz Wojciechowski, Akhil Goyal, Declan Doherty,
	Boris Pismenny, Aviad Yehezkel, Radu Nicolau
  Cc: dev, stable

> Enhance returned values description for rte_security_session_destroy and some
> other minor description changes.
> 
> Fixes: c261d1431bd8 ("security: introduce security API and framework")
> Cc: akhil.goyal@nxp.com
> 
> Cc: stable@dpdk.org
> 
> Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>

Acked-by: Anoob Joseph <anoobj@marvell.com>

^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH v3 03/13] security: fix session counter
  2020-04-09 17:24             ` [dpdk-dev] [PATCH v3 03/13] security: fix session counter Lukasz Wojciechowski
@ 2020-04-13 15:48               ` Anoob Joseph
  0 siblings, 0 replies; 80+ messages in thread
From: Anoob Joseph @ 2020-04-13 15:48 UTC (permalink / raw)
  To: Lukasz Wojciechowski, Akhil Goyal, Declan Doherty,
	Boris Pismenny, Radu Nicolau, Aviad Yehezkel
  Cc: dev, stable

> Fix session counter to be decreased in rte_security_session_destroy only when
> session was successfully destroyed.
> 
> Formerly session counter was decreased prior session destroying and returning
> session object to mempool. It remained decreased even if session was not
> destroyed and mempool object released making counter invalid.
> 
> Fixes: c261d1431bd8 ("security: introduce security API and framework")
> Cc: akhil.goyal@nxp.com
> 
> Cc: stable@dpdk.org
> 
> Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>

Acked-by: Anoob Joseph <anoobj@marvell.com>

^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH v3 00/13] Fixes and unit tests for librte_security
  2020-04-09 17:24         ` [dpdk-dev] [PATCH v3 00/13] Fixes and unit tests for librte_security Lukasz Wojciechowski
                             ` (12 preceding siblings ...)
       [not found]           ` <CGME20200409172538eucas1p1dcd99eeedf6fca44c2e2e53e94b08d91@eucas1p1.samsung.com>
@ 2020-04-17 19:46           ` Akhil Goyal
  2020-04-17 20:14             ` Lukasz Wojciechowski
  13 siblings, 1 reply; 80+ messages in thread
From: Akhil Goyal @ 2020-04-17 19:46 UTC (permalink / raw)
  To: Lukasz Wojciechowski; +Cc: dev

Hi Lukasz,
> 
> Set of patches fix minor issues like proper verification of input
> parameters and aligning documentation with code in the matter of return
> values. Another fixed issue is invalid decrementation of the session
> counter which might cause inconsistency between counter values and a true
> number of sessions.
> 
> All of these issues (and all the librte_security) code is covered with
> unit tests. The tests are added to dpdk-test application and can be
> launched with "security_autotest" command.
> 
> ---
Series
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>


>  create mode 100644 app/test/test_security.c
This file need a MAINTANERS entry
Could you please send an update? I will squash it in the 5th patch.


> 
> --
> 2.17.1


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH v3 00/13] Fixes and unit tests for librte_security
  2020-04-17 19:46           ` [dpdk-dev] [PATCH v3 00/13] Fixes and unit tests for librte_security Akhil Goyal
@ 2020-04-17 20:14             ` Lukasz Wojciechowski
  2020-04-17 20:21               ` Akhil Goyal
  0 siblings, 1 reply; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-17 20:14 UTC (permalink / raw)
  To: Akhil Goyal; +Cc: dev


W dniu 17.04.2020 o 21:46, Akhil Goyal pisze:
> Hi Lukasz,
>> Set of patches fix minor issues like proper verification of input
>> parameters and aligning documentation with code in the matter of return
>> values. Another fixed issue is invalid decrementation of the session
>> counter which might cause inconsistency between counter values and a true
>> number of sessions.
>>
>> All of these issues (and all the librte_security) code is covered with
>> unit tests. The tests are added to dpdk-test application and can be
>> launched with "security_autotest" command.
>>
>> ---
> Series
> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Thank you
>
>>   create mode 100644 app/test/test_security.c
> This file need a MAINTANERS entry
> Could you please send an update? I will squash it in the 5th patch.
>
I don't know if I should send the new version of al patches or just 
paste it here. Please let me know, if I should send the new updated patches.

diff --git a/MAINTAINERS b/MAINTAINERS
index f38621c2e..baa7fe015 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -412,6 +412,7 @@ M: Declan Doherty <declan.doherty@intel.com>
  T: git://dpdk.org/next/dpdk-next-crypto
  F: lib/librte_security/
  F: doc/guides/prog_guide/rte_security.rst
+F: app/test/test_security.c

  Compression API - EXPERIMENTAL
  M: Fiona Trahe <fiona.trahe@intel.com>

>> --
>> 2.17.1

-- 

Lukasz Wojciechowski
Principal Software Engineer

Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 88 25
l.wojciechow@partner.samsung.com


^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH v3 00/13] Fixes and unit tests for librte_security
  2020-04-17 20:14             ` Lukasz Wojciechowski
@ 2020-04-17 20:21               ` Akhil Goyal
  2020-04-17 20:39                 ` Lukasz Wojciechowski
  0 siblings, 1 reply; 80+ messages in thread
From: Akhil Goyal @ 2020-04-17 20:21 UTC (permalink / raw)
  To: Lukasz Wojciechowski; +Cc: dev

> W dniu 17.04.2020 o 21:46, Akhil Goyal pisze:
> > Hi Lukasz,
> >> Set of patches fix minor issues like proper verification of input
> >> parameters and aligning documentation with code in the matter of return
> >> values. Another fixed issue is invalid decrementation of the session
> >> counter which might cause inconsistency between counter values and a true
> >> number of sessions.
> >>
> >> All of these issues (and all the librte_security) code is covered with
> >> unit tests. The tests are added to dpdk-test application and can be
> >> launched with "security_autotest" command.
> >>
> >> ---
> > Series
> > Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
> Thank you
> >
> >>   create mode 100644 app/test/test_security.c
> > This file need a MAINTANERS entry
> > Could you please send an update? I will squash it in the 5th patch.
> >
> I don't know if I should send the new version of al patches or just
> paste it here. Please let me know, if I should send the new updated patches.
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index f38621c2e..baa7fe015 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -412,6 +412,7 @@ M: Declan Doherty <declan.doherty@intel.com>
>   T: git://dpdk.org/next/dpdk-next-crypto
>   F: lib/librte_security/
>   F: doc/guides/prog_guide/rte_security.rst
> +F: app/test/test_security.c
> 
Added the above change in your 5th patch.

Applied to dpdk-next-crypto

Thanks



^ permalink raw reply	[flat|nested] 80+ messages in thread

* Re: [dpdk-dev] [PATCH v3 00/13] Fixes and unit tests for librte_security
  2020-04-17 20:21               ` Akhil Goyal
@ 2020-04-17 20:39                 ` Lukasz Wojciechowski
  0 siblings, 0 replies; 80+ messages in thread
From: Lukasz Wojciechowski @ 2020-04-17 20:39 UTC (permalink / raw)
  To: Akhil Goyal; +Cc: dev


W dniu 17.04.2020 o 22:21, Akhil Goyal pisze:
>> W dniu 17.04.2020 o 21:46, Akhil Goyal pisze:
>>> Hi Lukasz,
>>>> Set of patches fix minor issues like proper verification of input
>>>> parameters and aligning documentation with code in the matter of return
>>>> values. Another fixed issue is invalid decrementation of the session
>>>> counter which might cause inconsistency between counter values and a true
>>>> number of sessions.
>>>>
>>>> All of these issues (and all the librte_security) code is covered with
>>>> unit tests. The tests are added to dpdk-test application and can be
>>>> launched with "security_autotest" command.
>>>>
>>>> ---
>>> Series
>>> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
>> Thank you
>>>>    create mode 100644 app/test/test_security.c
>>> This file need a MAINTANERS entry
>>> Could you please send an update? I will squash it in the 5th patch.
>>>
>> I don't know if I should send the new version of al patches or just
>> paste it here. Please let me know, if I should send the new updated patches.
>>
>> diff --git a/MAINTAINERS b/MAINTAINERS
>> index f38621c2e..baa7fe015 100644
>> --- a/MAINTAINERS
>> +++ b/MAINTAINERS
>> @@ -412,6 +412,7 @@ M: Declan Doherty <declan.doherty@intel.com>
>>    T: git://dpdk.org/next/dpdk-next-crypto
>>    F: lib/librte_security/
>>    F: doc/guides/prog_guide/rte_security.rst
>> +F: app/test/test_security.c
>>
> Added the above change in your 5th patch.
>
> Applied to dpdk-next-crypto
>
> Thanks
>
Great! Thank you so much.

-- 

Lukasz Wojciechowski
Principal Software Engineer

Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 88 25
l.wojciechow@partner.samsung.com


^ permalink raw reply	[flat|nested] 80+ messages in thread

end of thread, other threads:[~2020-04-17 20:39 UTC | newest]

Thread overview: 80+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <CGME20200312151708eucas1p2a80bb2ac0556c7d7efb3aedd83923e52@eucas1p2.samsung.com>
2020-03-12 15:16 ` [dpdk-dev] [PATCH 00/13] Fixes and unit tests for librte_security Lukasz Wojciechowski
     [not found]   ` <CGME20200312151708eucas1p2acee543b5f9d236b8e43cd4d1fbed489@eucas1p2.samsung.com>
2020-03-12 15:16     ` [dpdk-dev] [PATCH 01/13] librte_security: fix verification of parameters Lukasz Wojciechowski
2020-03-17 12:59       ` Anoob Joseph
2020-04-03 18:36         ` Lukasz Wojciechowski
2020-04-05 12:54           ` [dpdk-dev] [EXT] " Anoob Joseph
2020-04-06 18:49             ` Lukasz Wojciechowski
2020-04-07  6:20               ` Anoob Joseph
2020-04-08  3:25                 ` Lukasz Wojciechowski
     [not found]   ` <CGME20200312151708eucas1p12db7c8e402be03dd255d53114217dabd@eucas1p1.samsung.com>
2020-03-12 15:16     ` [dpdk-dev] [PATCH 02/13] librte_security: fix return types in documentation Lukasz Wojciechowski
2020-03-17 16:34       ` Anoob Joseph
     [not found]   ` <CGME20200312151708eucas1p2536ef1df74b35ead436db85f8a5628b4@eucas1p2.samsung.com>
2020-03-12 15:16     ` [dpdk-dev] [PATCH 03/13] librte_security: fix session counter Lukasz Wojciechowski
2020-03-17 17:08       ` Anoob Joseph
     [not found]   ` <CGME20200312151708eucas1p18d3cde72ccadf22d43b8907ab9de6d97@eucas1p1.samsung.com>
2020-03-12 15:16     ` [dpdk-dev] [PATCH 04/13] app/test: fix macro definition Lukasz Wojciechowski
     [not found]   ` <CGME20200312151709eucas1p2df38aed23b7445d3db7d4d3ea8fe3222@eucas1p2.samsung.com>
2020-03-12 15:16     ` [dpdk-dev] [PATCH 05/13] app/test: introduce librte_security tests Lukasz Wojciechowski
2020-04-01 17:09       ` Akhil Goyal
2020-04-01 17:51         ` Thomas Monjalon
2020-04-02 19:49           ` Lukasz Wojciechowski
2020-04-02 20:51             ` Thomas Monjalon
2020-04-03 19:24         ` Lukasz Wojciechowski
     [not found]   ` <CGME20200312151709eucas1p1a01f789059de888cb2d719526434e4f9@eucas1p1.samsung.com>
2020-03-12 15:16     ` [dpdk-dev] [PATCH 06/13] app/test: add rte_security_session_update tests Lukasz Wojciechowski
     [not found]   ` <CGME20200312151709eucas1p139311cecb925f566cbbf1444d14c31b1@eucas1p1.samsung.com>
2020-03-12 15:16     ` [dpdk-dev] [PATCH 07/13] app/test: add rte_security_session_get_size tests Lukasz Wojciechowski
     [not found]   ` <CGME20200312151709eucas1p15263f75e2ad73aa9b8d2fb2d4cf51439@eucas1p1.samsung.com>
2020-03-12 15:16     ` [dpdk-dev] [PATCH 08/13] app/test: add rte_security_session_stats_get tests Lukasz Wojciechowski
     [not found]   ` <CGME20200312151710eucas1p22f051449e6e7edeadefe65b66ffaed32@eucas1p2.samsung.com>
2020-03-12 15:16     ` [dpdk-dev] [PATCH 09/13] app/test: add rte_security_session_destroy tests Lukasz Wojciechowski
     [not found]   ` <CGME20200312151710eucas1p10124737620ec6414aa593e7fa67ee56b@eucas1p1.samsung.com>
2020-03-12 15:16     ` [dpdk-dev] [PATCH 10/13] app/test: add rte_security_set_pkt_metadata tests Lukasz Wojciechowski
     [not found]   ` <CGME20200312151710eucas1p1c3590b55d00bea25b26539a560199b96@eucas1p1.samsung.com>
2020-03-12 15:16     ` [dpdk-dev] [PATCH 11/13] app/test: add rte_security_get_userdata tests Lukasz Wojciechowski
     [not found]   ` <CGME20200312151710eucas1p21882b138d4fd79753f993c30c997e615@eucas1p2.samsung.com>
2020-03-12 15:16     ` [dpdk-dev] [PATCH 12/13] app/test: add rte_security_capabilities_get tests Lukasz Wojciechowski
     [not found]   ` <CGME20200312151710eucas1p1fd5b1484c9ee807327d2d34511a47a12@eucas1p1.samsung.com>
2020-03-12 15:16     ` [dpdk-dev] [PATCH 13/13] app/test: add rte_security_capability_get tests Lukasz Wojciechowski
     [not found]   ` <CGME20200408031435eucas1p23b452d748e39e46c626f695b7f55096a@eucas1p2.samsung.com>
2020-04-08  3:13     ` [dpdk-dev] [PATCH v2 00/13] Fixes and unit tests for librte_security Lukasz Wojciechowski
     [not found]       ` <CGME20200408031447eucas1p1376332353faa0d217e7be8c32271405f@eucas1p1.samsung.com>
2020-04-08  3:13         ` [dpdk-dev] [PATCH v2 01/13] security: fix verification of parameters Lukasz Wojciechowski
2020-04-08 12:54           ` Thomas Monjalon
2020-04-08 13:02             ` Anoob Joseph
2020-04-08 13:26               ` Thomas Monjalon
2020-04-08 14:44                 ` [dpdk-dev] [EXT] " Anoob Joseph
2020-04-08 15:49                   ` Lukasz Wojciechowski
2020-04-08 17:51                     ` Thomas Monjalon
2020-04-09 10:14                       ` Bruce Richardson
2020-04-09 10:54                         ` Thomas Monjalon
2020-04-09 11:13                           ` Bruce Richardson
2020-04-09 14:07                             ` Lukasz Wojciechowski
2020-04-09 14:21                               ` Lukasz Wojciechowski
2020-04-09 15:22                                 ` Thomas Monjalon
2020-04-09 16:10                                   ` Lukasz Wojciechowski
2020-04-10  8:45                                     ` Bruce Richardson
     [not found]       ` <CGME20200408031448eucas1p2b36997fc73f5b5e2aadb6e4bb965063b@eucas1p2.samsung.com>
2020-04-08  3:13         ` [dpdk-dev] [PATCH v2 02/13] security: fix return types in documentation Lukasz Wojciechowski
     [not found]       ` <CGME20200408031448eucas1p2d6df7ff419bb093606a2f9115297f45a@eucas1p2.samsung.com>
2020-04-08  3:13         ` [dpdk-dev] [PATCH v2 03/13] security: fix session counter Lukasz Wojciechowski
     [not found]       ` <CGME20200408031449eucas1p1ca89719463cbaf29e9f7c81beaec88c2@eucas1p1.samsung.com>
2020-04-08  3:13         ` [dpdk-dev] [PATCH v2 04/13] app/test: fix macro definition Lukasz Wojciechowski
2020-04-08 12:53           ` Thomas Monjalon
2020-04-08 16:15             ` Lukasz Wojciechowski
2020-04-08 17:47               ` Thomas Monjalon
2020-04-09 14:10                 ` Lukasz Wojciechowski
     [not found]       ` <CGME20200408031450eucas1p1a0b6ca84cbac2f7542212e185de1ddf5@eucas1p1.samsung.com>
2020-04-08  3:13         ` [dpdk-dev] [PATCH v2 05/13] app/test: introduce librte security tests Lukasz Wojciechowski
     [not found]       ` <CGME20200408031451eucas1p2769ae9d814ef1ccd286407767054e117@eucas1p2.samsung.com>
2020-04-08  3:13         ` [dpdk-dev] [PATCH v2 06/13] app/test: add rte security session update tests Lukasz Wojciechowski
     [not found]       ` <CGME20200408031451eucas1p2313bee1d227e5966fb37c5326aa72529@eucas1p2.samsung.com>
2020-04-08  3:13         ` [dpdk-dev] [PATCH v2 07/13] app/test: add rte security session get size tests Lukasz Wojciechowski
     [not found]       ` <CGME20200408031452eucas1p2f75a75363e148c54f38b01b9a9a0ea47@eucas1p2.samsung.com>
2020-04-08  3:13         ` [dpdk-dev] [PATCH v2 08/13] app/test: add rte security session stats get tests Lukasz Wojciechowski
     [not found]       ` <CGME20200408031452eucas1p1b4de173fadca62824b472b8a3dd69e32@eucas1p1.samsung.com>
2020-04-08  3:13         ` [dpdk-dev] [PATCH v2 09/13] app/test: add rte security session destroy tests Lukasz Wojciechowski
     [not found]       ` <CGME20200408031453eucas1p15bf7f54b1a5b1ae7810a72c71bd6271c@eucas1p1.samsung.com>
2020-04-08  3:13         ` [dpdk-dev] [PATCH v2 10/13] app/test: add rte security set pkt metadata tests Lukasz Wojciechowski
     [not found]       ` <CGME20200408031453eucas1p1b26ad6b1f924b817e83fc2d2d61a0b0b@eucas1p1.samsung.com>
2020-04-08  3:13         ` [dpdk-dev] [PATCH v2 11/13] app/test: add rte security get userdata tests Lukasz Wojciechowski
     [not found]       ` <CGME20200408031454eucas1p112c6eded420bdcfdb09fad83bf485afb@eucas1p1.samsung.com>
2020-04-08  3:13         ` [dpdk-dev] [PATCH v2 12/13] app/test: add rte security capabilities get tests Lukasz Wojciechowski
     [not found]       ` <CGME20200408031454eucas1p2e09e0ab0a1ffa5c657bcf35d89c40a55@eucas1p2.samsung.com>
2020-04-08  3:13         ` [dpdk-dev] [PATCH v2 13/13] app/test: add rte security capability " Lukasz Wojciechowski
     [not found]       ` <CGME20200409172528eucas1p1186911653001cab0e69f10fc42790023@eucas1p1.samsung.com>
2020-04-09 17:24         ` [dpdk-dev] [PATCH v3 00/13] Fixes and unit tests for librte_security Lukasz Wojciechowski
     [not found]           ` <CGME20200409172529eucas1p1f02aaf66052f45ac75ba9e9f63ef1c3a@eucas1p1.samsung.com>
2020-04-09 17:24             ` [dpdk-dev] [PATCH v3 01/13] security: fix verification of parameters Lukasz Wojciechowski
2020-04-13 15:42               ` Anoob Joseph
     [not found]           ` <CGME20200409172530eucas1p27297a83a9d7508e3f8a8f88850cbe37c@eucas1p2.samsung.com>
2020-04-09 17:24             ` [dpdk-dev] [PATCH v3 02/13] security: fix return types in documentation Lukasz Wojciechowski
2020-04-13 15:43               ` Anoob Joseph
     [not found]           ` <CGME20200409172531eucas1p1c3ec21532e5e232ff2d68d56f096e71c@eucas1p1.samsung.com>
2020-04-09 17:24             ` [dpdk-dev] [PATCH v3 03/13] security: fix session counter Lukasz Wojciechowski
2020-04-13 15:48               ` Anoob Joseph
     [not found]           ` <CGME20200409172532eucas1p285bc6767be1d62a0098d177a7757169f@eucas1p2.samsung.com>
2020-04-09 17:24             ` [dpdk-dev] [PATCH v3 04/13] app/test: remove macro definition Lukasz Wojciechowski
     [not found]           ` <CGME20200409172533eucas1p1f4363aa89cfbda87e5d20da1006e21c0@eucas1p1.samsung.com>
2020-04-09 17:24             ` [dpdk-dev] [PATCH v3 05/13] app/test: introduce librte security tests Lukasz Wojciechowski
     [not found]           ` <CGME20200409172533eucas1p252ed0cac1689b067a83589a0665c9033@eucas1p2.samsung.com>
2020-04-09 17:24             ` [dpdk-dev] [PATCH v3 06/13] app/test: add rte security session update tests Lukasz Wojciechowski
     [not found]           ` <CGME20200409172534eucas1p2ee383bc5d8efd40ea8b883b78126ed9f@eucas1p2.samsung.com>
2020-04-09 17:24             ` [dpdk-dev] [PATCH v3 07/13] app/test: add rte security session get size tests Lukasz Wojciechowski
     [not found]           ` <CGME20200409172534eucas1p2852ae56687fd5bae343437b07198c070@eucas1p2.samsung.com>
2020-04-09 17:24             ` [dpdk-dev] [PATCH v3 08/13] app/test: add rte security session stats get tests Lukasz Wojciechowski
     [not found]           ` <CGME20200409172535eucas1p152b3d17bd9d2194f9f2669116130331d@eucas1p1.samsung.com>
2020-04-09 17:24             ` [dpdk-dev] [PATCH v3 09/13] app/test: add rte security session destroy tests Lukasz Wojciechowski
     [not found]           ` <CGME20200409172535eucas1p2c215489de77c708fc0bec6b9e2e3dd6d@eucas1p2.samsung.com>
2020-04-09 17:24             ` [dpdk-dev] [PATCH v3 10/13] app/test: add rte security set pkt metadata tests Lukasz Wojciechowski
     [not found]           ` <CGME20200409172536eucas1p282854dae8a3b6cceafdea5e2f4fa0896@eucas1p2.samsung.com>
2020-04-09 17:25             ` [dpdk-dev] [PATCH v3 11/13] app/test: add rte security get userdata tests Lukasz Wojciechowski
     [not found]           ` <CGME20200409172536eucas1p1396c04fb7a9fb80db2a5670f8f3453bb@eucas1p1.samsung.com>
2020-04-09 17:25             ` [dpdk-dev] [PATCH v3 12/13] app/test: add rte security capabilities get tests Lukasz Wojciechowski
     [not found]           ` <CGME20200409172538eucas1p1dcd99eeedf6fca44c2e2e53e94b08d91@eucas1p1.samsung.com>
2020-04-09 17:25             ` [dpdk-dev] [PATCH v3 13/13] app/test: add rte security capability " Lukasz Wojciechowski
2020-04-17 19:46           ` [dpdk-dev] [PATCH v3 00/13] Fixes and unit tests for librte_security Akhil Goyal
2020-04-17 20:14             ` Lukasz Wojciechowski
2020-04-17 20:21               ` Akhil Goyal
2020-04-17 20:39                 ` Lukasz Wojciechowski

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git