* [PATCH 1/9] common/dpaax: fix invalid key command error
@ 2025-05-20 5:51 Gagandeep Singh
2025-05-20 5:51 ` [PATCH 2/9] common/dpaax: fix for PDCP AES only 12bit SN case Gagandeep Singh
` (9 more replies)
0 siblings, 10 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-20 5:51 UTC (permalink / raw)
To: dev, Hemant Agrawal, Sachin Saxena, Franck Lenormand; +Cc: stable
Due to race between KEY loading to CAAM’s internal memory
and initiating crypto operations can SEC errors in PDCP
AES algo combinations.
To mitigate this, adding CALM instruction in SN 12bit case
and using older version of descriptor for SN 18bit case.
Fixes: 6127fff842a7 ("common/dpaax: remove outdated caamflib code")
Cc: franck.lenormand@nxp.com
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index 9ada3905c5..f4379ede2c 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: BSD-3-Clause or GPL-2.0+
* Copyright 2008-2013 Freescale Semiconductor, Inc.
- * Copyright 2019-2023 NXP
+ * Copyright 2019-2025 NXP
*/
#ifndef __DESC_PDCP_H__
@@ -1981,8 +1981,7 @@ pdcp_insert_uplane_no_int_op(struct program *p,
KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
cipherdata->keylen, INLINE_KEY(cipherdata));
- if ((sn_size == PDCP_SN_SIZE_15) ||
- (rta_sec_era >= RTA_SEC_ERA_10)) {
+ if (sn_size == PDCP_SN_SIZE_15) {
PROTOCOL(p, dir, OP_PCLID_LTE_PDCP_USER,
(uint16_t)cipherdata->algtype);
return 0;
@@ -2747,6 +2746,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
(uint64_t)cipherdata->key, cipherdata->keylen,
INLINE_KEY(cipherdata));
+ JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
if (authdata)
PROTOCOL(p, OP_TYPE_ENCAP_PROTOCOL,
OP_PCLID_LTE_PDCP_USER_RN,
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH 2/9] common/dpaax: fix for PDCP AES only 12bit SN case
2025-05-20 5:51 [PATCH 1/9] common/dpaax: fix invalid key command error Gagandeep Singh
@ 2025-05-20 5:51 ` Gagandeep Singh
2025-05-20 5:51 ` [PATCH 3/9] common/dpaax: support 12bit SN in pdcp uplane Gagandeep Singh
` (8 subsequent siblings)
9 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-20 5:51 UTC (permalink / raw)
To: dev, Hemant Agrawal, Sachin Saxena, Franck Lenormand; +Cc: stable
This workaround fixes the invalid key command SEC error.
Fixes: 6127fff842a7 ("common/dpaax: remove outdated caamflib code")
Cc: franck.lenormand@nxp.com
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index f4379ede2c..c90eff26a8 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -619,7 +619,7 @@ pdcp_insert_cplane_enc_only_op(struct program *p,
KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
cipherdata->keylen, INLINE_KEY(cipherdata));
- if ((sn_size != PDCP_SN_SIZE_18 &&
+ if ((authdata && sn_size != PDCP_SN_SIZE_18 &&
!(rta_sec_era == RTA_SEC_ERA_8 &&
authdata->algtype == 0))
|| (rta_sec_era == RTA_SEC_ERA_10)) {
@@ -631,6 +631,7 @@ pdcp_insert_cplane_enc_only_op(struct program *p,
(uint16_t)cipherdata->algtype << 8);
return 0;
}
+
/* Non-proto is supported only for 5bit cplane and 18bit uplane */
switch (sn_size) {
case PDCP_SN_SIZE_5:
@@ -2719,7 +2720,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
case PDCP_CIPHER_TYPE_AES:
case PDCP_CIPHER_TYPE_SNOW:
case PDCP_CIPHER_TYPE_NULL:
- if (rta_sec_era == RTA_SEC_ERA_8 &&
+ if (rta_sec_era >= RTA_SEC_ERA_8 &&
authdata && authdata->algtype == 0){
err = pdcp_insert_uplane_with_int_op(p, swap,
cipherdata, authdata,
@@ -2729,6 +2730,17 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
return err;
break;
}
+ if (rta_sec_era >= RTA_SEC_ERA_8 &&
+ cipherdata->algtype == PDCP_CIPHER_TYPE_AES
+ && !authdata
+ && sn_size == PDCP_SN_SIZE_12) {
+ err = pdcp_insert_cplane_enc_only_op(p, swap, cipherdata,
+ authdata,
+ OP_TYPE_ENCAP_PROTOCOL, sn_size);
+ if (err)
+ return err;
+ break;
+ }
if (pdb_type != PDCP_PDB_TYPE_FULL_PDB) {
pr_err("PDB type must be FULL for PROTO desc\n");
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH 3/9] common/dpaax: support 12bit SN in pdcp uplane
2025-05-20 5:51 [PATCH 1/9] common/dpaax: fix invalid key command error Gagandeep Singh
2025-05-20 5:51 ` [PATCH 2/9] common/dpaax: fix for PDCP AES only 12bit SN case Gagandeep Singh
@ 2025-05-20 5:51 ` Gagandeep Singh
2025-05-20 6:18 ` Hemant Agrawal
2025-05-20 5:51 ` [PATCH 4/9] crypto/dpaa2_sec: change custom device API to standard Gagandeep Singh
` (7 subsequent siblings)
9 siblings, 1 reply; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-20 5:51 UTC (permalink / raw)
To: dev, Hemant Agrawal, Sachin Saxena
update pdcp_insert_uplane_no_int_op() to support 12bit SN size
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index c90eff26a8..55159d53f0 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -1988,10 +1988,10 @@ pdcp_insert_uplane_no_int_op(struct program *p,
return 0;
}
- if (sn_size == PDCP_SN_SIZE_15) {
+ if (sn_size == PDCP_SN_SIZE_12) {
SEQLOAD(p, MATH0, 6, 2, 0);
- sn_mask = (swap == false) ? PDCP_U_PLANE_15BIT_SN_MASK :
- PDCP_U_PLANE_15BIT_SN_MASK_BE;
+ sn_mask = (swap == false) ? PDCP_12BIT_SN_MASK :
+ PDCP_12BIT_SN_MASK_BE;
} else { /* SN Size == PDCP_SN_SIZE_18 */
SEQLOAD(p, MATH0, 5, 3, 0);
sn_mask = (swap == false) ? PDCP_U_PLANE_18BIT_SN_MASK :
@@ -2000,7 +2000,7 @@ pdcp_insert_uplane_no_int_op(struct program *p,
JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
MATHB(p, MATH0, AND, sn_mask, MATH1, 8, IFB | IMMED2);
- if (sn_size == PDCP_SN_SIZE_15)
+ if (sn_size == PDCP_SN_SIZE_12)
SEQSTORE(p, MATH0, 6, 2, 0);
else /* SN Size == PDCP_SN_SIZE_18 */
SEQSTORE(p, MATH0, 5, 3, 0);
@@ -2047,7 +2047,7 @@ pdcp_insert_uplane_no_int_op(struct program *p,
default:
pr_err("%s: Invalid encrypt algorithm selected: %d\n",
- "pdcp_insert_uplane_15bit_op", cipherdata->algtype);
+ "pdcp_insert_uplane_no_int_op", cipherdata->algtype);
return -EINVAL;
}
@@ -2734,8 +2734,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
cipherdata->algtype == PDCP_CIPHER_TYPE_AES
&& !authdata
&& sn_size == PDCP_SN_SIZE_12) {
- err = pdcp_insert_cplane_enc_only_op(p, swap, cipherdata,
- authdata,
+ err = pdcp_insert_uplane_no_int_op(p, swap, cipherdata,
OP_TYPE_ENCAP_PROTOCOL, sn_size);
if (err)
return err;
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH 4/9] crypto/dpaa2_sec: change custom device API to standard
2025-05-20 5:51 [PATCH 1/9] common/dpaax: fix invalid key command error Gagandeep Singh
2025-05-20 5:51 ` [PATCH 2/9] common/dpaax: fix for PDCP AES only 12bit SN case Gagandeep Singh
2025-05-20 5:51 ` [PATCH 3/9] common/dpaax: support 12bit SN in pdcp uplane Gagandeep Singh
@ 2025-05-20 5:51 ` Gagandeep Singh
2025-05-20 5:51 ` [PATCH 5/9] crypto/dpaa2_sec: fix coverity Issues Gagandeep Singh
` (6 subsequent siblings)
9 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-20 5:51 UTC (permalink / raw)
To: dev, Hemant Agrawal, Anatoly Burakov
Replacing existing device creation and deletion code in probe and
remove functions with rte_cryptodev_pmd_create() and
rte_cryptodev_pmd_destroy() APIs provided by the DPDK library,
simplifying drivers initialization and teardown.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 38 +++++++------------
drivers/crypto/dpaa_sec/dpaa_sec.c | 42 +++++++--------------
2 files changed, 27 insertions(+), 53 deletions(-)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 0ccadecff4..925d2709d2 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2016-2023 NXP
+ * Copyright 2016-2025 NXP
*
*/
@@ -4413,33 +4413,27 @@ cryptodev_dpaa2_sec_probe(struct rte_dpaa2_driver *dpaa2_drv __rte_unused,
{
struct rte_cryptodev *cryptodev;
char cryptodev_name[RTE_CRYPTODEV_NAME_MAX_LEN];
-
int retval;
+ struct rte_cryptodev_pmd_init_params init_params = {
+ .name = "",
+ .private_data_size = sizeof(struct dpaa2_sec_dev_private),
+ .socket_id = rte_socket_id(),
+ .max_nb_queue_pairs =
+ RTE_CRYPTODEV_PMD_DEFAULT_MAX_NB_QUEUE_PAIRS,
+ /* setting default, will be updated in init. */
+ };
snprintf(cryptodev_name, sizeof(cryptodev_name), "dpsec-%d",
dpaa2_dev->object_id);
- cryptodev = rte_cryptodev_pmd_allocate(cryptodev_name, rte_socket_id());
- if (cryptodev == NULL)
+ cryptodev = rte_cryptodev_pmd_create(cryptodev_name, &dpaa2_dev->device,
+ &init_params);
+ if (cryptodev == NULL) {
+ DPAA2_SEC_ERR("failed to create cryptodev vdev");
return -ENOMEM;
-
- if (rte_eal_process_type() == RTE_PROC_PRIMARY) {
- cryptodev->data->dev_private = rte_zmalloc_socket(
- "cryptodev private structure",
- sizeof(struct dpaa2_sec_dev_private),
- RTE_CACHE_LINE_SIZE,
- rte_socket_id());
-
- if (cryptodev->data->dev_private == NULL)
- rte_panic("Cannot allocate memzone for private "
- "device data");
}
dpaa2_dev->cryptodev = cryptodev;
- cryptodev->device = &dpaa2_dev->device;
-
- /* init user callbacks */
- TAILQ_INIT(&(cryptodev->link_intr_cbs));
if (dpaa2_svr_family == SVR_LX2160A)
rta_set_sec_era(RTA_SEC_ERA_10);
@@ -4454,11 +4448,7 @@ cryptodev_dpaa2_sec_probe(struct rte_dpaa2_driver *dpaa2_drv __rte_unused,
rte_cryptodev_pmd_probing_finish(cryptodev);
return 0;
}
-
- if (rte_eal_process_type() == RTE_PROC_PRIMARY)
- rte_free(cryptodev->data->dev_private);
-
- cryptodev->attached = RTE_CRYPTODEV_DETACHED;
+ rte_cryptodev_pmd_destroy(cryptodev);
return -ENXIO;
}
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index bcea4ff3ab..58d691d8a6 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2017-2024 NXP
+ * Copyright 2017-2025 NXP
*
*/
@@ -3614,16 +3614,10 @@ static const struct rte_security_ops dpaa_sec_security_ops = {
static int
dpaa_sec_uninit(struct rte_cryptodev *dev)
{
- struct dpaa_sec_dev_private *internals;
-
if (dev == NULL)
return -ENODEV;
- internals = dev->data->dev_private;
rte_free(dev->security_ctx);
-
- rte_free(internals);
-
DPAA_SEC_INFO("Closing DPAA_SEC device %s on numa socket %u",
dev->data->name, rte_socket_id());
@@ -3780,33 +3774,26 @@ cryptodev_dpaa_sec_probe(struct rte_dpaa_driver *dpaa_drv __rte_unused,
{
struct rte_cryptodev *cryptodev;
char cryptodev_name[RTE_CRYPTODEV_NAME_MAX_LEN];
-
int retval;
+ struct rte_cryptodev_pmd_init_params init_params = {
+ .name = "",
+ .private_data_size = sizeof(struct dpaa_sec_dev_private),
+ .socket_id = rte_socket_id(),
+ .max_nb_queue_pairs =
+ RTE_DPAA_MAX_NB_SEC_QPS,
+ };
if (rte_eal_process_type() != RTE_PROC_PRIMARY)
return 0;
snprintf(cryptodev_name, sizeof(cryptodev_name), "%s", dpaa_dev->name);
- cryptodev = rte_cryptodev_pmd_allocate(cryptodev_name, rte_socket_id());
- if (cryptodev == NULL)
+ cryptodev = rte_cryptodev_pmd_create(cryptodev_name, &dpaa_dev->device, &init_params);
+ if (cryptodev == NULL) {
+ DPAA_SEC_ERR("failed to create cryptodev vdev");
return -ENOMEM;
-
- cryptodev->data->dev_private = rte_zmalloc_socket(
- "cryptodev private structure",
- sizeof(struct dpaa_sec_dev_private),
- RTE_CACHE_LINE_SIZE,
- rte_socket_id());
-
- if (cryptodev->data->dev_private == NULL)
- rte_panic("Cannot allocate memzone for private "
- "device data");
-
+ }
dpaa_dev->crypto_dev = cryptodev;
- cryptodev->device = &dpaa_dev->device;
-
- /* init user callbacks */
- TAILQ_INIT(&(cryptodev->link_intr_cbs));
/* if sec device version is not configured */
if (!rta_get_sec_era()) {
@@ -3841,10 +3828,7 @@ cryptodev_dpaa_sec_probe(struct rte_dpaa_driver *dpaa_drv __rte_unused,
retval = -ENXIO;
out:
- /* In case of error, cleanup is done */
- rte_free(cryptodev->data->dev_private);
-
- rte_cryptodev_pmd_release_device(cryptodev);
+ rte_cryptodev_pmd_destroy(cryptodev);
return retval;
}
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH 5/9] crypto/dpaa2_sec: fix coverity Issues
2025-05-20 5:51 [PATCH 1/9] common/dpaax: fix invalid key command error Gagandeep Singh
` (2 preceding siblings ...)
2025-05-20 5:51 ` [PATCH 4/9] crypto/dpaa2_sec: change custom device API to standard Gagandeep Singh
@ 2025-05-20 5:51 ` Gagandeep Singh
2025-05-20 5:51 ` [PATCH 6/9] crypto/dpaa2_sec: add null algo capability Gagandeep Singh
` (5 subsequent siblings)
9 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-20 5:51 UTC (permalink / raw)
To: dev, Hemant Agrawal; +Cc: Vanshika Shukla, g.singh, stable
From: Vanshika Shukla <vanshika.shukla@nxp.com>
Fixes the uninitialized variable issue - reported by NXP internal
coverity.
Fixes: 1182b364312c ("crypto/dpaax_sec: set authdata in non-auth case")
Cc: g.singh@nxp.com
Cc: stable@dpdk.org
Signed-off-by: Vanshika Shukla <vanshika.shukla@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 925d2709d2..5995eb58d8 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3576,6 +3576,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
session->auth_key.data = NULL;
session->auth_key.length = 0;
session->auth_alg = 0;
+ authdata.algtype = PDCP_AUTH_TYPE_NULL;
}
authdata.key = (size_t)session->auth_key.data;
authdata.keylen = session->auth_key.length;
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH 6/9] crypto/dpaa2_sec: add null algo capability
2025-05-20 5:51 [PATCH 1/9] common/dpaax: fix invalid key command error Gagandeep Singh
` (3 preceding siblings ...)
2025-05-20 5:51 ` [PATCH 5/9] crypto/dpaa2_sec: fix coverity Issues Gagandeep Singh
@ 2025-05-20 5:51 ` Gagandeep Singh
2025-05-20 6:20 ` Hemant Agrawal
2025-05-20 5:51 ` [PATCH 7/9] net/dpaa2: configure buffer layout Gagandeep Singh
` (4 subsequent siblings)
9 siblings, 1 reply; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-20 5:51 UTC (permalink / raw)
To: dev, Hemant Agrawal
This patch adds NULL algo capabilities.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 41 +++++++++++++++++++++++
1 file changed, 41 insertions(+)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index 1c0bc3d6de..e9b601c035 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -227,6 +227,27 @@ typedef struct dpaa2_sec_session_entry {
static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
/* Symmetric capabilities */
+ { /* NULL (AUTH) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_NULL,
+ .block_size = 1,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, },
+ }, },
+ },
{ /* MD5 */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -553,6 +574,26 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
}, }
}, }
},
+ { /* NULL (CIPHER) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_NULL,
+ .block_size = 1,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ }
+ }, },
+ }, }
+ },
{ /* AES CBC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH 7/9] net/dpaa2: configure buffer layout
2025-05-20 5:51 [PATCH 1/9] common/dpaax: fix invalid key command error Gagandeep Singh
` (4 preceding siblings ...)
2025-05-20 5:51 ` [PATCH 6/9] crypto/dpaa2_sec: add null algo capability Gagandeep Singh
@ 2025-05-20 5:51 ` Gagandeep Singh
2025-05-20 5:51 ` [PATCH 8/9] mempool/dpaa2: mempool operation index Gagandeep Singh
` (3 subsequent siblings)
9 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-20 5:51 UTC (permalink / raw)
To: dev, Hemant Agrawal, Sachin Saxena; +Cc: Jun Yang
From: Jun Yang <jun.yang@nxp.com>
Make header room big enough for IPSec with TX dynamic confirm enabled.
Ingress minimum header room:
64(size of parser result) + 8(address of SEC context) * 2.
Egress minimum header room:
88(FAEAD offset) + 8(FAEAD size) + 8(address of SEC context) * 2 +
114(expansion).
Signed-off-by: Jun Yang <jun.yang@nxp.com>
---
drivers/bus/fslmc/portal/dpaa2_hw_pvt.h | 10 ++++++++++
drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 4 +---
drivers/net/dpaa2/base/dpaa2_hw_dpni.c | 18 ++++++++++++++++--
drivers/net/dpaa2/base/dpaa2_hw_dpni_annot.h | 6 ++++++
drivers/net/dpaa2/dpaa2_ethdev.h | 6 +++++-
5 files changed, 38 insertions(+), 6 deletions(-)
diff --git a/drivers/bus/fslmc/portal/dpaa2_hw_pvt.h b/drivers/bus/fslmc/portal/dpaa2_hw_pvt.h
index be0719aac6..10bc191645 100644
--- a/drivers/bus/fslmc/portal/dpaa2_hw_pvt.h
+++ b/drivers/bus/fslmc/portal/dpaa2_hw_pvt.h
@@ -84,6 +84,16 @@
#define DPAA2_INVALID_FLOW_ID 0xffff
#define DPAA2_INVALID_CGID 0xff
+#define SEC_FLC_DHR_OUTBOUND (-114)
+#define SEC_FLC_DHR_INBOUND 0
+
+/** Consider aligning with 8 bytes to multiply point size with 2.*/
+#define DPAA2_SEC_SIMPLE_FD_OB_MIN \
+ ((-SEC_FLC_DHR_OUTBOUND) + sizeof(void *) * 2)
+
+#define DPAA2_SEC_SIMPLE_FD_IB_MIN \
+ ((-SEC_FLC_DHR_INBOUND) + sizeof(void *) * 2)
+
struct dpaa2_queue;
struct eqresp_metadata {
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index e9b601c035..755c8e9cc3 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2016,2020-2023 NXP
+ * Copyright 2016,2020-2024 NXP
*
*/
@@ -20,8 +20,6 @@ extern uint8_t cryptodev_driver_id;
#define FLE_POOL_BUF_SIZE 256
#define FLE_POOL_CACHE_SIZE 512
#define FLE_SG_MEM_SIZE(num) (FLE_POOL_BUF_SIZE + ((num) * 32))
-#define SEC_FLC_DHR_OUTBOUND -114
-#define SEC_FLC_DHR_INBOUND 0
#define MAX_QUEUES 64
#define MAX_DESC_SIZE 64
diff --git a/drivers/net/dpaa2/base/dpaa2_hw_dpni.c b/drivers/net/dpaa2/base/dpaa2_hw_dpni.c
index 8d00a86032..b1d473429a 100644
--- a/drivers/net/dpaa2/base/dpaa2_hw_dpni.c
+++ b/drivers/net/dpaa2/base/dpaa2_hw_dpni.c
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2016-2021 NXP
+ * Copyright 2016-2021,2023-2024 NXP
*
*/
@@ -492,7 +492,21 @@ dpaa2_attach_bp_list(struct dpaa2_dev_priv *priv,
*/
/* ... rx buffer layout ... */
- tot_size = RTE_PKTMBUF_HEADROOM;
+ if (priv->flags & DPAA2_TX_DYNAMIC_CONF_ENABLE) {
+ int out_min_hdr_room, in_min_hdr_room;
+ /** Additional headroom layout for IPSec with TX configure
+ * dynamic enabled.
+ */
+ in_min_hdr_room = DPAA2_RX_MIN_FD_OFFSET +
+ DPAA2_SEC_SIMPLE_FD_IB_MIN;
+ out_min_hdr_room = DPAA2_DYN_TX_MIN_FD_OFFSET +
+ DPAA2_SEC_SIMPLE_FD_OB_MIN;
+ tot_size = RTE_MAX(in_min_hdr_room, out_min_hdr_room);
+ if (tot_size < RTE_PKTMBUF_HEADROOM)
+ tot_size = RTE_PKTMBUF_HEADROOM;
+ } else {
+ tot_size = RTE_PKTMBUF_HEADROOM;
+ }
tot_size = RTE_ALIGN_CEIL(tot_size, DPAA2_PACKET_LAYOUT_ALIGN);
memset(&layout, 0, sizeof(struct dpni_buffer_layout));
diff --git a/drivers/net/dpaa2/base/dpaa2_hw_dpni_annot.h b/drivers/net/dpaa2/base/dpaa2_hw_dpni_annot.h
index fb026d6e49..d156b07087 100644
--- a/drivers/net/dpaa2/base/dpaa2_hw_dpni_annot.h
+++ b/drivers/net/dpaa2/base/dpaa2_hw_dpni_annot.h
@@ -253,6 +253,9 @@ struct dpaa2_annot_hdr {
#define PARSE_ERROR_CODE(var) ((uint64_t)(var) & 0xFF00000000000000)
#define SOFT_PARSING_CONTEXT(var) ((uint64_t)(var) & 0x00FFFFFFFFFFFFFF)
+#define DPAA2_RX_MIN_FD_OFFSET \
+ (DPAA2_FD_PTA_SIZE + sizeof(struct dpaa2_annot_hdr))
+
/*FAEAD offset in anmotation area*/
#define DPAA2_FD_HW_ANNOT_FAEAD_OFFSET 0x58
@@ -261,6 +264,9 @@ struct dpaa2_faead {
uint32_t ctrl;
};
+#define DPAA2_DYN_TX_MIN_FD_OFFSET \
+ (DPAA2_FD_HW_ANNOT_FAEAD_OFFSET + sizeof(struct dpaa2_faead))
+
/*FAEAD bits */
/*A2 OMB contains valid data*/
#define DPAA2_ANNOT_FAEAD_A2V 0x20000000
diff --git a/drivers/net/dpaa2/dpaa2_ethdev.h b/drivers/net/dpaa2/dpaa2_ethdev.h
index fd3119247a..b9dd9b22fd 100644
--- a/drivers/net/dpaa2/dpaa2_ethdev.h
+++ b/drivers/net/dpaa2/dpaa2_ethdev.h
@@ -70,8 +70,12 @@
/* Disable RX tail drop, default is enable */
#define DPAA2_RX_TAILDROP_OFF 0x04
/* Tx confirmation enabled */
-#define DPAA2_TX_CONF_ENABLE 0x06
+#define DPAA2_TX_CONF_ENABLE 0x08
+/* Tx dynamic confirmation enabled,
+ * only valid with Tx confirmation enabled.
+ */
+#define DPAA2_TX_DYNAMIC_CONF_ENABLE 0x10
/* DPDMUX index for DPMAC */
#define DPAA2_DPDMUX_DPMAC_IDX 0
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH 8/9] mempool/dpaa2: mempool operation index
2025-05-20 5:51 [PATCH 1/9] common/dpaax: fix invalid key command error Gagandeep Singh
` (5 preceding siblings ...)
2025-05-20 5:51 ` [PATCH 7/9] net/dpaa2: configure buffer layout Gagandeep Singh
@ 2025-05-20 5:51 ` Gagandeep Singh
2025-05-20 5:51 ` [PATCH 9/9] crypto/dpaa2_sec: add support for simple IPsec FD Gagandeep Singh
` (2 subsequent siblings)
9 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-20 5:51 UTC (permalink / raw)
To: dev, Hemant Agrawal, Sachin Saxena; +Cc: Jun Yang
From: Jun Yang <jun.yang@nxp.com>
For user to identify dpaa2 mempool by operation index.
Signed-off-by: Jun Yang <jun.yang@nxp.com>
---
drivers/mempool/dpaa2/dpaa2_hw_mempool.c | 20 +++++++++++++++++++-
drivers/mempool/dpaa2/dpaa2_hw_mempool.h | 5 ++++-
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/drivers/mempool/dpaa2/dpaa2_hw_mempool.c b/drivers/mempool/dpaa2/dpaa2_hw_mempool.c
index 09729d2828..118eb76db7 100644
--- a/drivers/mempool/dpaa2/dpaa2_hw_mempool.c
+++ b/drivers/mempool/dpaa2/dpaa2_hw_mempool.c
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2016-2019 NXP
+ * Copyright 2016-2019,2022-2025 NXP
*
*/
@@ -38,6 +38,14 @@ RTE_EXPORT_INTERNAL_SYMBOL(rte_dpaa2_bpid_info)
struct dpaa2_bp_info *rte_dpaa2_bpid_info;
static struct dpaa2_bp_list *h_bp_list;
+static int16_t s_dpaa2_pool_ops_idx = RTE_MEMPOOL_MAX_OPS_IDX;
+
+RTE_EXPORT_INTERNAL_SYMBOL(rte_dpaa2_mpool_get_ops_idx)
+int rte_dpaa2_mpool_get_ops_idx(void)
+{
+ return s_dpaa2_pool_ops_idx;
+}
+
static int
rte_hw_mbuf_create_pool(struct rte_mempool *mp)
{
@@ -119,6 +127,14 @@ rte_hw_mbuf_create_pool(struct rte_mempool *mp)
bp_list->buf_pool.dpbp_node = avail_dpbp;
/* Identification for our offloaded pool_data structure */
bp_list->dpaa2_ops_index = mp->ops_index;
+ if (s_dpaa2_pool_ops_idx == RTE_MEMPOOL_MAX_OPS_IDX) {
+ s_dpaa2_pool_ops_idx = mp->ops_index;
+ } else if (s_dpaa2_pool_ops_idx != mp->ops_index) {
+ DPAA2_MEMPOOL_ERR("Only single ops index only");
+ ret = -EINVAL;
+ goto err4;
+ }
+
bp_list->next = h_bp_list;
bp_list->mp = mp;
@@ -150,6 +166,8 @@ rte_hw_mbuf_create_pool(struct rte_mempool *mp)
}
return 0;
+err4:
+ rte_free(bp_list);
err3:
rte_free(bp_info);
err2:
diff --git a/drivers/mempool/dpaa2/dpaa2_hw_mempool.h b/drivers/mempool/dpaa2/dpaa2_hw_mempool.h
index 9e21823fb6..8b2718bfa1 100644
--- a/drivers/mempool/dpaa2/dpaa2_hw_mempool.h
+++ b/drivers/mempool/dpaa2/dpaa2_hw_mempool.h
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2016-2019 NXP
+ * Copyright 2016-2024 NXP
*
*/
@@ -65,4 +65,7 @@ __rte_internal
int rte_dpaa2_mbuf_alloc_bulk(struct rte_mempool *pool,
void **obj_table, unsigned int count);
+__rte_internal
+int rte_dpaa2_mpool_get_ops_idx(void);
+
#endif /* _DPAA2_HW_DPBP_H_ */
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH 9/9] crypto/dpaa2_sec: add support for simple IPsec FD
2025-05-20 5:51 [PATCH 1/9] common/dpaax: fix invalid key command error Gagandeep Singh
` (6 preceding siblings ...)
2025-05-20 5:51 ` [PATCH 8/9] mempool/dpaa2: mempool operation index Gagandeep Singh
@ 2025-05-20 5:51 ` Gagandeep Singh
2025-05-20 6:16 ` [PATCH 1/9] common/dpaax: fix invalid key command error Hemant Agrawal
2025-05-21 6:56 ` [PATCH v2 0/9] DPAA2 crypto driver changes Gagandeep Singh
9 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-20 5:51 UTC (permalink / raw)
To: dev, Hemant Agrawal; +Cc: Jun Yang
From: Jun Yang <jun.yang@nxp.com>
For IVP mode of simple IPsec FD, store op context point just
before expansion and align with point size(8).
Otherwise, store op context point in offset to mbuf with
rte_mbuf_dynfield register.
Signed-off-by: Jun Yang <jun.yang@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 143 +++++++++++++++-----
drivers/crypto/dpaa2_sec/meson.build | 3 +-
2 files changed, 108 insertions(+), 38 deletions(-)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 5995eb58d8..6cc42ff5e0 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -35,6 +35,7 @@
#include "dpaa2_sec_priv.h"
#include "dpaa2_sec_event.h"
#include "dpaa2_sec_logs.h"
+#include "dpaa2_hw_dpni_annot.h"
/* RTA header files */
#include <desc/ipsec.h>
@@ -67,6 +68,14 @@ enum dpaa2_sec_dump_levels {
uint8_t cryptodev_driver_id;
uint8_t dpaa2_sec_dp_dump = DPAA2_SEC_DP_ERR_DUMP;
+static int s_dpaa2_sec_cntx_pos = -1;
+
+static const struct rte_mbuf_dynfield s_dpaa2_sec_cntx_pos_dyn = {
+ .name = "dpaa2_sec_cntx_pos_dyn",
+ .size = sizeof(void *),
+ .align = alignof(void *),
+};
+
static inline void
dpaa2_sec_dp_fd_dump(const struct qbman_fd *fd, uint16_t bpid,
struct rte_mbuf *mbuf, bool tx)
@@ -319,30 +328,58 @@ build_proto_fd(dpaa2_sec_session *sess,
struct qbman_fd *fd, uint16_t bpid, struct dpaa2_sec_qp *qp)
{
struct rte_crypto_sym_op *sym_op = op->sym;
+ struct sec_flow_context *flc;
+ struct ctxt_priv *priv = sess->ctxt;
+ int min_hdr;
+ void **op_context;
+
if (sym_op->m_dst)
return build_proto_compound_fd(sess, op, fd, bpid, qp);
- struct ctxt_priv *priv = sess->ctxt;
- struct sec_flow_context *flc;
- struct rte_mbuf *mbuf = sym_op->m_src;
-
- if (likely(bpid < MAX_BPID))
- DPAA2_SET_FD_BPID(fd, bpid);
+ if (sess->dir == DIR_ENC)
+ min_hdr = -SEC_FLC_DHR_OUTBOUND;
else
- DPAA2_SET_FD_IVP(fd);
+ min_hdr = SEC_FLC_DHR_INBOUND;
- /* Save the shared descriptor */
flc = &priv->flc_desc[0].flc;
+ if (likely(bpid < MAX_BPID)) {
+ if (unlikely(s_dpaa2_sec_cntx_pos < 0)) {
+ DPAA2_SEC_ERR("SEC context position not registered!");
+ return -EINVAL;
+ }
+ op_context = (void *)((uint8_t *)sym_op->m_src +
+ s_dpaa2_sec_cntx_pos);
+ *op_context = op;
+ DPAA2_SET_FD_BPID(fd, bpid);
+ } else {
+ op_context = rte_pktmbuf_mtod_offset(sym_op->m_src,
+ void **, -(min_hdr + sizeof(void *)));
+ op_context = (void **)RTE_ALIGN_FLOOR((uint64_t)op_context,
+ sizeof(void *));
+ if (unlikely((uint64_t)op_context <
+ (uint64_t)sym_op->m_src->buf_addr)) {
+ DPAA2_SEC_ERR("Too short offset to save context %p < %p",
+ op_context, sym_op->m_src->buf_addr);
+ return -EINVAL;
+ }
+ if (unlikely(sess->dir == DIR_ENC &&
+ (uint64_t)op_context <
+ ((uint64_t)sym_op->m_src->buf_addr +
+ DPAA2_DYN_TX_MIN_FD_OFFSET))) {
+ DPAA2_SEC_ERR("ENC FAEAD being overlapped %p < %p + %lu",
+ op_context, sym_op->m_src->buf_addr,
+ DPAA2_DYN_TX_MIN_FD_OFFSET);
+ return -EINVAL;
+ }
+ DPAA2_SET_FD_IVP(fd);
+ }
+
DPAA2_SET_FD_ADDR(fd, DPAA2_MBUF_VADDR_TO_IOVA(sym_op->m_src));
DPAA2_SET_FD_OFFSET(fd, sym_op->m_src->data_off);
DPAA2_SET_FD_LEN(fd, sym_op->m_src->pkt_len);
DPAA2_SET_FD_FLC(fd, DPAA2_VADDR_TO_IOVA(flc));
- /* save physical address of mbuf */
- op->sym->aead.digest.phys_addr = mbuf->buf_iova;
- mbuf->buf_iova = (size_t)op;
-
return 0;
}
@@ -1503,7 +1540,11 @@ dpaa2_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
/*Clear the unused FD fields before sending*/
memset(&fd_arr[loop], 0, sizeof(struct qbman_fd));
mb_pool = (*ops)->sym->m_src->pool;
- bpid = mempool_to_bpid(mb_pool);
+ if (mb_pool->ops_index ==
+ rte_dpaa2_mpool_get_ops_idx())
+ bpid = mempool_to_bpid(mb_pool);
+ else
+ bpid = MAX_BPID;
ret = build_sec_fd(*ops, &fd_arr[loop], bpid, dpaa2_qp);
if (ret) {
DPAA2_SEC_DP_DEBUG("FD build failed");
@@ -1549,37 +1590,51 @@ dpaa2_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
}
static inline struct rte_crypto_op *
-sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
+dpaa2_sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
{
struct rte_crypto_op *op;
- uint16_t len = DPAA2_GET_FD_LEN(fd);
+ uint16_t len = DPAA2_GET_FD_LEN(fd), bpid = MAX_BPID;
int16_t diff = 0;
- dpaa2_sec_session *sess_priv __rte_unused;
+ struct rte_mbuf *mbuf;
+ dpaa2_sec_session *sess_priv;
+ uint8_t *vir;
+ void **op_context;
+
+ vir = DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd));
+
+ if (likely(!DPAA2_GET_FD_IVP(fd))) {
+ bpid = DPAA2_GET_FD_BPID(fd);
+ mbuf = DPAA2_INLINE_MBUF_FROM_BUF(vir,
+ rte_dpaa2_bpid_info[bpid].meta_data_size);
+ if (unlikely(s_dpaa2_sec_cntx_pos < 0)) {
+ DPAA2_SEC_ERR("SEC context position not registered!");
+ return NULL;
+ }
+ op_context = (void *)((uint64_t)mbuf + s_dpaa2_sec_cntx_pos);
+ op = *op_context;
+ } else {
+ op_context = (void **)RTE_PTR_ALIGN_FLOOR(vir +
+ DPAA2_GET_FD_OFFSET(fd) - sizeof(void *),
+ sizeof(void *));
- if (unlikely(DPAA2_GET_FD_IVP(fd))) {
- DPAA2_SEC_ERR("error: non inline buffer");
- return NULL;
+ op = *op_context;
+ mbuf = op->sym->m_src;
}
- struct rte_mbuf *mbuf = DPAA2_INLINE_MBUF_FROM_BUF(
- DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd)),
- rte_dpaa2_bpid_info[DPAA2_GET_FD_BPID(fd)].meta_data_size);
+ sess_priv = SECURITY_GET_SESS_PRIV(op->sym->session);
diff = len - mbuf->pkt_len;
mbuf->pkt_len += diff;
mbuf->data_len += diff;
- op = (struct rte_crypto_op *)(size_t)mbuf->buf_iova;
- mbuf->buf_iova = op->sym->aead.digest.phys_addr;
- op->sym->aead.digest.phys_addr = 0L;
- sess_priv = SECURITY_GET_SESS_PRIV(op->sym->session);
if (sess_priv->dir == DIR_ENC)
mbuf->data_off += SEC_FLC_DHR_OUTBOUND;
else
mbuf->data_off += SEC_FLC_DHR_INBOUND;
if (unlikely(fd->simple.frc)) {
- DPAA2_SEC_ERR("SEC returned Error - %x",
- fd->simple.frc);
+ DPAA2_SEC_ERR("SEC %s returned Error - %x",
+ sess_priv->dir == DIR_ENC ? "encap" : "decap",
+ fd->simple.frc);
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
} else {
op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
@@ -1589,14 +1644,15 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
}
static inline struct rte_crypto_op *
-sec_fd_to_mbuf(const struct qbman_fd *fd, struct dpaa2_sec_qp *qp)
+dpaa2_sec_fd_to_mbuf(const struct qbman_fd *fd,
+ struct dpaa2_sec_qp *qp)
{
struct qbman_fle *fle;
struct rte_crypto_op *op;
struct rte_mbuf *dst, *src;
if (DPAA2_FD_GET_FORMAT(fd) == qbman_fd_single)
- return sec_simple_fd_to_mbuf(fd);
+ return dpaa2_sec_simple_fd_to_mbuf(fd);
fle = (struct qbman_fle *)DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd));
@@ -1728,7 +1784,7 @@ dpaa2_sec_free_eqresp_buf(uint16_t eqresp_ci,
dpaa2_qp = container_of(dpaa2_q, struct dpaa2_sec_qp, tx_vq);
fd = qbman_result_eqresp_fd(&dpio_dev->eqresp[eqresp_ci]);
- op = sec_fd_to_mbuf(fd, dpaa2_qp);
+ op = dpaa2_sec_fd_to_mbuf(fd, dpaa2_qp);
/* Instead of freeing, enqueue it to the sec tx queue (sec->core)
* after setting an error in FD. But this will have performance impact.
*/
@@ -1843,7 +1899,11 @@ dpaa2_sec_enqueue_burst_ordered(void *qp, struct rte_crypto_op **ops,
/*Clear the unused FD fields before sending*/
memset(&fd_arr[loop], 0, sizeof(struct qbman_fd));
mb_pool = (*ops)->sym->m_src->pool;
- bpid = mempool_to_bpid(mb_pool);
+ if (mb_pool->ops_index ==
+ rte_dpaa2_mpool_get_ops_idx())
+ bpid = mempool_to_bpid(mb_pool);
+ else
+ bpid = MAX_BPID;
ret = build_sec_fd(*ops, &fd_arr[loop], bpid, dpaa2_qp);
if (ret) {
DPAA2_SEC_DP_DEBUG("FD build failed");
@@ -1965,7 +2025,7 @@ dpaa2_sec_dequeue_burst(void *qp, struct rte_crypto_op **ops,
}
fd = qbman_result_DQ_fd(dq_storage);
- ops[num_rx] = sec_fd_to_mbuf(fd, dpaa2_qp);
+ ops[num_rx] = dpaa2_sec_fd_to_mbuf(fd, dpaa2_qp);
if (unlikely(fd->simple.frc)) {
/* TODO Parse SEC errors */
@@ -3374,6 +3434,15 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
goto out;
}
+ ret = rte_mbuf_dynfield_register(&s_dpaa2_sec_cntx_pos_dyn);
+ if (ret < 0) {
+ DPAA2_SEC_ERR("Failed to register context pos");
+ goto out;
+ }
+ DPAA2_SEC_INFO("Register mbuf offset(%d) for sec context pos",
+ ret);
+ s_dpaa2_sec_cntx_pos = ret;
+
flc->word1_sdl = (uint8_t)bufsize;
flc_iova = DPAA2_VADDR_TO_IOVA(flc);
@@ -4028,7 +4097,7 @@ dpaa2_sec_process_parallel_event(struct qbman_swp *swp,
ev->sched_type = rxq->ev.sched_type;
ev->queue_id = rxq->ev.queue_id;
ev->priority = rxq->ev.priority;
- ev->event_ptr = sec_fd_to_mbuf(fd, qp);
+ ev->event_ptr = dpaa2_sec_fd_to_mbuf(fd, qp);
qbman_swp_dqrr_consume(swp, dq);
}
@@ -4053,7 +4122,7 @@ dpaa2_sec_process_atomic_event(struct qbman_swp *swp __rte_unused,
ev->queue_id = rxq->ev.queue_id;
ev->priority = rxq->ev.priority;
- crypto_op = sec_fd_to_mbuf(fd, qp);
+ crypto_op = dpaa2_sec_fd_to_mbuf(fd, qp);
dqrr_index = qbman_get_dqrr_idx(dq);
*dpaa2_seqn(crypto_op->sym->m_src) = QBMAN_ENQUEUE_FLAG_DCA | dqrr_index;
DPAA2_PER_LCORE_DQRR_SIZE++;
@@ -4080,7 +4149,7 @@ dpaa2_sec_process_ordered_event(struct qbman_swp *swp,
ev->sched_type = rxq->ev.sched_type;
ev->queue_id = rxq->ev.queue_id;
ev->priority = rxq->ev.priority;
- crypto_op = sec_fd_to_mbuf(fd, qp);
+ crypto_op = dpaa2_sec_fd_to_mbuf(fd, qp);
*dpaa2_seqn(crypto_op->sym->m_src) = DPAA2_ENQUEUE_FLAG_ORP;
*dpaa2_seqn(crypto_op->sym->m_src) |= qbman_result_DQ_odpid(dq) <<
@@ -4355,7 +4424,7 @@ dpaa2_sec_dev_init(struct rte_cryptodev *cryptodev)
}
/* Initialize security_ctx only for primary process*/
- security_instance = rte_malloc("rte_security_instances_ops",
+ security_instance = rte_zmalloc("rte_security_instances_ops",
sizeof(struct rte_security_ctx), 0);
if (security_instance == NULL)
return -ENOMEM;
diff --git a/drivers/crypto/dpaa2_sec/meson.build b/drivers/crypto/dpaa2_sec/meson.build
index acca4176b0..31a441824d 100644
--- a/drivers/crypto/dpaa2_sec/meson.build
+++ b/drivers/crypto/dpaa2_sec/meson.build
@@ -1,5 +1,5 @@
# SPDX-License-Identifier: BSD-3-Clause
-# Copyright 2018,2021 NXP
+# Copyright 2018,2021-2024 NXP
if not is_linux
build = false
@@ -14,3 +14,4 @@ sources = files(
)
includes += include_directories('mc', '../../common/dpaax', '../../common/dpaax/caamflib')
+includes += include_directories('../../net/dpaa2/base')
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH 1/9] common/dpaax: fix invalid key command error
2025-05-20 5:51 [PATCH 1/9] common/dpaax: fix invalid key command error Gagandeep Singh
` (7 preceding siblings ...)
2025-05-20 5:51 ` [PATCH 9/9] crypto/dpaa2_sec: add support for simple IPsec FD Gagandeep Singh
@ 2025-05-20 6:16 ` Hemant Agrawal
2025-05-21 4:43 ` Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 0/9] DPAA2 crypto driver changes Gagandeep Singh
9 siblings, 1 reply; 26+ messages in thread
From: Hemant Agrawal @ 2025-05-20 6:16 UTC (permalink / raw)
To: Gagandeep Singh, dev, Hemant Agrawal, Sachin Saxena,
Franck Lenormand, Akhil Goyal
Cc: stable
On 20-05-2025 11:21, Gagandeep Singh wrote:
> Due to race between KEY loading to CAAM’s internal memory
> and initiating crypto operations can SEC errors in PDCP
> AES algo combinations.
Please fix grammar.
> To mitigate this, adding CALM instruction in SN 12bit case
> and using older version of descriptor for SN 18bit case.
>
> Fixes: 6127fff842a7 ("common/dpaax: remove outdated caamflib code")
> Cc: franck.lenormand@nxp.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
Please send cover-letter for multi patch series.
> drivers/common/dpaax/caamflib/desc/pdcp.h | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
> index 9ada3905c5..f4379ede2c 100644
> --- a/drivers/common/dpaax/caamflib/desc/pdcp.h
> +++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
> @@ -1,6 +1,6 @@
> /* SPDX-License-Identifier: BSD-3-Clause or GPL-2.0+
> * Copyright 2008-2013 Freescale Semiconductor, Inc.
> - * Copyright 2019-2023 NXP
> + * Copyright 2019-2025 NXP
> */
>
> #ifndef __DESC_PDCP_H__
> @@ -1981,8 +1981,7 @@ pdcp_insert_uplane_no_int_op(struct program *p,
> KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
> cipherdata->keylen, INLINE_KEY(cipherdata));
>
> - if ((sn_size == PDCP_SN_SIZE_15) ||
> - (rta_sec_era >= RTA_SEC_ERA_10)) {
> + if (sn_size == PDCP_SN_SIZE_15) {
In description, you mentioned 18 bit SN case, however here you are
modifying 15 bit code?
am I missing the changes for 18 bit ?
> PROTOCOL(p, dir, OP_PCLID_LTE_PDCP_USER,
> (uint16_t)cipherdata->algtype);
> return 0;
> @@ -2747,6 +2746,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
> (uint64_t)cipherdata->key, cipherdata->keylen,
> INLINE_KEY(cipherdata));
>
> + JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
> if (authdata)
> PROTOCOL(p, OP_TYPE_ENCAP_PROTOCOL,
> OP_PCLID_LTE_PDCP_USER_RN,
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH 3/9] common/dpaax: support 12bit SN in pdcp uplane
2025-05-20 5:51 ` [PATCH 3/9] common/dpaax: support 12bit SN in pdcp uplane Gagandeep Singh
@ 2025-05-20 6:18 ` Hemant Agrawal
2025-05-21 4:50 ` Gagandeep Singh
0 siblings, 1 reply; 26+ messages in thread
From: Hemant Agrawal @ 2025-05-20 6:18 UTC (permalink / raw)
To: Gagandeep Singh, dev, Hemant Agrawal, Sachin Saxena
On 20-05-2025 11:21, Gagandeep Singh wrote:
> update pdcp_insert_uplane_no_int_op() to support 12bit SN size
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
> drivers/common/dpaax/caamflib/desc/pdcp.h | 13 ++++++-------
> 1 file changed, 6 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
> index c90eff26a8..55159d53f0 100644
> --- a/drivers/common/dpaax/caamflib/desc/pdcp.h
> +++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
> @@ -1988,10 +1988,10 @@ pdcp_insert_uplane_no_int_op(struct program *p,
> return 0;
> }
>
> - if (sn_size == PDCP_SN_SIZE_15) {
> + if (sn_size == PDCP_SN_SIZE_12) {
> SEQLOAD(p, MATH0, 6, 2, 0);
> - sn_mask = (swap == false) ? PDCP_U_PLANE_15BIT_SN_MASK :
> - PDCP_U_PLANE_15BIT_SN_MASK_BE;
> + sn_mask = (swap == false) ? PDCP_12BIT_SN_MASK :
> + PDCP_12BIT_SN_MASK_BE;
how the 15 bit will be handled now?
> } else { /* SN Size == PDCP_SN_SIZE_18 */
> SEQLOAD(p, MATH0, 5, 3, 0);
> sn_mask = (swap == false) ? PDCP_U_PLANE_18BIT_SN_MASK :
> @@ -2000,7 +2000,7 @@ pdcp_insert_uplane_no_int_op(struct program *p,
> JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
> MATHB(p, MATH0, AND, sn_mask, MATH1, 8, IFB | IMMED2);
>
> - if (sn_size == PDCP_SN_SIZE_15)
> + if (sn_size == PDCP_SN_SIZE_12)
> SEQSTORE(p, MATH0, 6, 2, 0);
> else /* SN Size == PDCP_SN_SIZE_18 */
> SEQSTORE(p, MATH0, 5, 3, 0);
> @@ -2047,7 +2047,7 @@ pdcp_insert_uplane_no_int_op(struct program *p,
>
> default:
> pr_err("%s: Invalid encrypt algorithm selected: %d\n",
> - "pdcp_insert_uplane_15bit_op", cipherdata->algtype);
> + "pdcp_insert_uplane_no_int_op", cipherdata->algtype);
Why not use DPDK LOG APIs?
also, why not use __func__ ?
> return -EINVAL;
> }
>
> @@ -2734,8 +2734,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
> cipherdata->algtype == PDCP_CIPHER_TYPE_AES
> && !authdata
> && sn_size == PDCP_SN_SIZE_12) {
> - err = pdcp_insert_cplane_enc_only_op(p, swap, cipherdata,
> - authdata,
> + err = pdcp_insert_uplane_no_int_op(p, swap, cipherdata,
> OP_TYPE_ENCAP_PROTOCOL, sn_size);
> if (err)
> return err;
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH 6/9] crypto/dpaa2_sec: add null algo capability
2025-05-20 5:51 ` [PATCH 6/9] crypto/dpaa2_sec: add null algo capability Gagandeep Singh
@ 2025-05-20 6:20 ` Hemant Agrawal
2025-05-21 4:51 ` Gagandeep Singh
0 siblings, 1 reply; 26+ messages in thread
From: Hemant Agrawal @ 2025-05-20 6:20 UTC (permalink / raw)
To: Gagandeep Singh, dev, Hemant Agrawal
On 20-05-2025 11:21, Gagandeep Singh wrote:
> This patch adds NULL algo capabilities.
Do you also need to update documentation for the same?
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
> drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 41 +++++++++++++++++++++++
> 1 file changed, 41 insertions(+)
>
> diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
> index 1c0bc3d6de..e9b601c035 100644
> --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
> +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
> @@ -227,6 +227,27 @@ typedef struct dpaa2_sec_session_entry {
>
> static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
> /* Symmetric capabilities */
> + { /* NULL (AUTH) */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> + {.auth = {
> + .algo = RTE_CRYPTO_AUTH_NULL,
> + .block_size = 1,
> + .key_size = {
> + .min = 0,
> + .max = 0,
> + .increment = 0
> + },
> + .digest_size = {
> + .min = 0,
> + .max = 0,
> + .increment = 0
> + },
> + .iv_size = { 0 }
> + }, },
> + }, },
> + },
> { /* MD5 */
> .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> {.sym = {
> @@ -553,6 +574,26 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
> }, }
> }, }
> },
> + { /* NULL (CIPHER) */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> + {.cipher = {
> + .algo = RTE_CRYPTO_CIPHER_NULL,
> + .block_size = 1,
> + .key_size = {
> + .min = 0,
> + .max = 0,
> + .increment = 0
> + },
> + .iv_size = {
> + .min = 0,
> + .max = 0,
> + .increment = 0
> + }
> + }, },
> + }, }
> + },
> { /* AES CBC */
> .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> {.sym = {
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: [PATCH 1/9] common/dpaax: fix invalid key command error
2025-05-20 6:16 ` [PATCH 1/9] common/dpaax: fix invalid key command error Hemant Agrawal
@ 2025-05-21 4:43 ` Gagandeep Singh
0 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-21 4:43 UTC (permalink / raw)
To: Hemant Agrawal (OSS),
dev, Hemant Agrawal, Sachin Saxena, Franck Lenormand,
Akhil Goyal
Cc: stable
Hi,
> -----Original Message-----
> From: Hemant Agrawal (OSS) <hemant.agrawal@oss.nxp.com>
> Sent: Tuesday, May 20, 2025 11:46 AM
> To: Gagandeep Singh <G.Singh@nxp.com>; dev@dpdk.org; Hemant Agrawal
> <hemant.agrawal@nxp.com>; Sachin Saxena <sachin.saxena@nxp.com>; Franck
> Lenormand <franck.lenormand@nxp.com>; Akhil Goyal <gakhil@marvell.com>
> Cc: stable@dpdk.org
> Subject: Re: [PATCH 1/9] common/dpaax: fix invalid key command error
>
>
> On 20-05-2025 11:21, Gagandeep Singh wrote:
> > Due to race between KEY loading to CAAM’s internal memory and
> > initiating crypto operations can SEC errors in PDCP AES algo
> > combinations.
> Please fix grammar.
Ok.
> > To mitigate this, adding CALM instruction in SN 12bit case and using
> > older version of descriptor for SN 18bit case.
> >
> > Fixes: 6127fff842a7 ("common/dpaax: remove outdated caamflib code")
> > Cc: franck.lenormand@nxp.com
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> > ---
>
> Please send cover-letter for multi patch series.
Sure, I will send it in next version.
>
> > drivers/common/dpaax/caamflib/desc/pdcp.h | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h
> > b/drivers/common/dpaax/caamflib/desc/pdcp.h
> > index 9ada3905c5..f4379ede2c 100644
> > --- a/drivers/common/dpaax/caamflib/desc/pdcp.h
> > +++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
> > @@ -1,6 +1,6 @@
> > /* SPDX-License-Identifier: BSD-3-Clause or GPL-2.0+
> > * Copyright 2008-2013 Freescale Semiconductor, Inc.
> > - * Copyright 2019-2023 NXP
> > + * Copyright 2019-2025 NXP
> > */
> >
> > #ifndef __DESC_PDCP_H__
> > @@ -1981,8 +1981,7 @@ pdcp_insert_uplane_no_int_op(struct program *p,
> > KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
> > cipherdata->keylen, INLINE_KEY(cipherdata));
> >
> > - if ((sn_size == PDCP_SN_SIZE_15) ||
> > - (rta_sec_era >= RTA_SEC_ERA_10)) {
> > + if (sn_size == PDCP_SN_SIZE_15) {
>
> In description, you mentioned 18 bit SN case, however here you are modifying 15
> bit code?
>
> am I missing the changes for 18 bit ?
There are two variants of the 18-bit SN descriptor. One uses the PROTOCOL instruction, which is available only in Security Version 10 and above.
The other uses the OPERATION instruction, which is supported in all security versions.
However, the PROTOCOL instruction has some issues: it may trigger an 'Invalid key command' error due to a race condition.
To address this, I removed the check (rta_sec_era >= RTA_SEC_ERA_10),
allowing the 18-bit SN case on higher security versions to fall back to the older OPERATION-based descriptor.
>
> > PROTOCOL(p, dir, OP_PCLID_LTE_PDCP_USER,
> > (uint16_t)cipherdata->algtype);
> > return 0;
> > @@ -2747,6 +2746,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t
> *descbuf,
> > (uint64_t)cipherdata->key, cipherdata->keylen,
> > INLINE_KEY(cipherdata));
> >
> > + JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
> > if (authdata)
> > PROTOCOL(p, OP_TYPE_ENCAP_PROTOCOL,
> > OP_PCLID_LTE_PDCP_USER_RN,
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: [PATCH 3/9] common/dpaax: support 12bit SN in pdcp uplane
2025-05-20 6:18 ` Hemant Agrawal
@ 2025-05-21 4:50 ` Gagandeep Singh
0 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-21 4:50 UTC (permalink / raw)
To: Hemant Agrawal (OSS), dev, Hemant Agrawal, Sachin Saxena
Hi,
> -----Original Message-----
> From: Hemant Agrawal (OSS) <hemant.agrawal@oss.nxp.com>
> Sent: Tuesday, May 20, 2025 11:49 AM
> To: Gagandeep Singh <G.Singh@nxp.com>; dev@dpdk.org; Hemant Agrawal
> <hemant.agrawal@nxp.com>; Sachin Saxena <sachin.saxena@nxp.com>
> Subject: Re: [PATCH 3/9] common/dpaax: support 12bit SN in pdcp uplane
>
>
> On 20-05-2025 11:21, Gagandeep Singh wrote:
> > update pdcp_insert_uplane_no_int_op() to support 12bit SN size
> >
> > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> > ---
> > drivers/common/dpaax/caamflib/desc/pdcp.h | 13 ++++++-------
> > 1 file changed, 6 insertions(+), 7 deletions(-)
> >
> > diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h
> b/drivers/common/dpaax/caamflib/desc/pdcp.h
> > index c90eff26a8..55159d53f0 100644
> > --- a/drivers/common/dpaax/caamflib/desc/pdcp.h
> > +++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
> > @@ -1988,10 +1988,10 @@ pdcp_insert_uplane_no_int_op(struct program *p,
> > return 0;
> > }
> >
> > - if (sn_size == PDCP_SN_SIZE_15) {
> > + if (sn_size == PDCP_SN_SIZE_12) {
> > SEQLOAD(p, MATH0, 6, 2, 0);
> > - sn_mask = (swap == false) ? PDCP_U_PLANE_15BIT_SN_MASK :
> > - PDCP_U_PLANE_15BIT_SN_MASK_BE;
> > + sn_mask = (swap == false) ? PDCP_12BIT_SN_MASK :
> > + PDCP_12BIT_SN_MASK_BE;
> how the 15 bit will be handled now?
Just above this change, we are handling 15bit case via PROTOCOL instruction:
if ((sn_size == PDCP_SN_SIZE_15)) {
PROTOCOL(p, dir, OP_PCLID_LTE_PDCP_USER,
(uint16_t)cipherdata->algtype);
return 0;
}
> > } else { /* SN Size == PDCP_SN_SIZE_18 */
> > SEQLOAD(p, MATH0, 5, 3, 0);
> > sn_mask = (swap == false) ? PDCP_U_PLANE_18BIT_SN_MASK :
> > @@ -2000,7 +2000,7 @@ pdcp_insert_uplane_no_int_op(struct program *p,
> > JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
> > MATHB(p, MATH0, AND, sn_mask, MATH1, 8, IFB | IMMED2);
> >
> > - if (sn_size == PDCP_SN_SIZE_15)
> > + if (sn_size == PDCP_SN_SIZE_12)
> > SEQSTORE(p, MATH0, 6, 2, 0);
> > else /* SN Size == PDCP_SN_SIZE_18 */
> > SEQSTORE(p, MATH0, 5, 3, 0);
> > @@ -2047,7 +2047,7 @@ pdcp_insert_uplane_no_int_op(struct program *p,
> >
> > default:
> > pr_err("%s: Invalid encrypt algorithm selected: %d\n",
> > - "pdcp_insert_uplane_15bit_op", cipherdata->algtype);
> > + "pdcp_insert_uplane_no_int_op", cipherdata->algtype);
>
> Why not use DPDK LOG APIs?
>
> also, why not use __func__ ?
pr_err is defined as RTE_LOG in drivers/common/dpaax/caamflib/compat.h
and __func__ is part of it.
>
> > return -EINVAL;
> > }
> >
> > @@ -2734,8 +2734,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t
> *descbuf,
> > cipherdata->algtype ==
> PDCP_CIPHER_TYPE_AES
> > && !authdata
> > && sn_size == PDCP_SN_SIZE_12) {
> > - err = pdcp_insert_cplane_enc_only_op(p, swap,
> cipherdata,
> > - authdata,
> > + err = pdcp_insert_uplane_no_int_op(p, swap,
> cipherdata,
> > OP_TYPE_ENCAP_PROTOCOL,
> sn_size);
> > if (err)
> > return err;
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: [PATCH 6/9] crypto/dpaa2_sec: add null algo capability
2025-05-20 6:20 ` Hemant Agrawal
@ 2025-05-21 4:51 ` Gagandeep Singh
0 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-21 4:51 UTC (permalink / raw)
To: Hemant Agrawal (OSS), dev, Hemant Agrawal
Hi,
> -----Original Message-----
> From: Hemant Agrawal (OSS) <hemant.agrawal@oss.nxp.com>
> Sent: Tuesday, May 20, 2025 11:50 AM
> To: Gagandeep Singh <G.Singh@nxp.com>; dev@dpdk.org; Hemant Agrawal
> <hemant.agrawal@nxp.com>
> Subject: Re: [PATCH 6/9] crypto/dpaa2_sec: add null algo capability
>
>
> On 20-05-2025 11:21, Gagandeep Singh wrote:
> > This patch adds NULL algo capabilities.
> Do you also need to update documentation for the same?
Yes, I will send the update in next version.
> >
> > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> > ---
> > drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 41 +++++++++++++++++++++++
> > 1 file changed, 41 insertions(+)
> >
> > diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
> b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
> > index 1c0bc3d6de..e9b601c035 100644
> > --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
> > +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
> > @@ -227,6 +227,27 @@ typedef struct dpaa2_sec_session_entry {
> >
> > static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
> > /* Symmetric capabilities */
> > + { /* NULL (AUTH) */
> > + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> > + {.sym = {
> > + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> > + {.auth = {
> > + .algo = RTE_CRYPTO_AUTH_NULL,
> > + .block_size = 1,
> > + .key_size = {
> > + .min = 0,
> > + .max = 0,
> > + .increment = 0
> > + },
> > + .digest_size = {
> > + .min = 0,
> > + .max = 0,
> > + .increment = 0
> > + },
> > + .iv_size = { 0 }
> > + }, },
> > + }, },
> > + },
> > { /* MD5 */
> > .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> > {.sym = {
> > @@ -553,6 +574,26 @@ static const struct rte_cryptodev_capabilities
> dpaa2_sec_capabilities[] = {
> > }, }
> > }, }
> > },
> > + { /* NULL (CIPHER) */
> > + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> > + {.sym = {
> > + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> > + {.cipher = {
> > + .algo = RTE_CRYPTO_CIPHER_NULL,
> > + .block_size = 1,
> > + .key_size = {
> > + .min = 0,
> > + .max = 0,
> > + .increment = 0
> > + },
> > + .iv_size = {
> > + .min = 0,
> > + .max = 0,
> > + .increment = 0
> > + }
> > + }, },
> > + }, }
> > + },
> > { /* AES CBC */
> > .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> > {.sym = {
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v2 0/9] DPAA2 crypto driver changes
2025-05-20 5:51 [PATCH 1/9] common/dpaax: fix invalid key command error Gagandeep Singh
` (8 preceding siblings ...)
2025-05-20 6:16 ` [PATCH 1/9] common/dpaax: fix invalid key command error Hemant Agrawal
@ 2025-05-21 6:56 ` Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 1/9] common/dpaax: fix invalid key command error Gagandeep Singh
` (9 more replies)
9 siblings, 10 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-21 6:56 UTC (permalink / raw)
To: dev, gakhil; +Cc: hemant.agrawal
V2 changes:
- fix checkpatch warning
- fix 32 bit compilation error
- fix a commit message
- update document
Gagandeep Singh (5):
common/dpaax: fix invalid key command error
common/dpaax: fix for PDCP AES only 12bit SN case
common/dpaax: support 12bit SN in pdcp uplane
crypto/dpaa2_sec: change custom device API to standard
crypto/dpaa2_sec: add null algo capability
Jun Yang (3):
net/dpaa2: configure buffer layout
mempool/dpaa2: mempool operation index
crypto/dpaa2_sec: add support for simple IPsec FD
Vanshika Shukla (1):
crypto/dpaa2_sec: fix coverity Issues
doc/guides/cryptodevs/dpaa2_sec.rst | 2 +
doc/guides/cryptodevs/features/dpaa2_sec.ini | 2 +
drivers/bus/fslmc/portal/dpaa2_hw_pvt.h | 10 +
drivers/common/dpaax/caamflib/desc/pdcp.h | 31 +++-
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 182 ++++++++++++-------
drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 45 ++++-
drivers/crypto/dpaa2_sec/meson.build | 3 +-
drivers/crypto/dpaa_sec/dpaa_sec.c | 42 ++---
drivers/mempool/dpaa2/dpaa2_hw_mempool.c | 20 +-
drivers/mempool/dpaa2/dpaa2_hw_mempool.h | 5 +-
drivers/net/dpaa2/base/dpaa2_hw_dpni.c | 18 +-
drivers/net/dpaa2/base/dpaa2_hw_dpni_annot.h | 6 +
drivers/net/dpaa2/dpaa2_ethdev.h | 6 +-
13 files changed, 263 insertions(+), 109 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v2 1/9] common/dpaax: fix invalid key command error
2025-05-21 6:56 ` [PATCH v2 0/9] DPAA2 crypto driver changes Gagandeep Singh
@ 2025-05-21 6:56 ` Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 2/9] common/dpaax: fix for PDCP AES only 12bit SN case Gagandeep Singh
` (8 subsequent siblings)
9 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-21 6:56 UTC (permalink / raw)
To: dev, gakhil, Hemant Agrawal, Sachin Saxena, Franck Lenormand; +Cc: stable
A race condition between loading the key into CAAM’s internal
memory and initiating cryptographic operations can cause SEC
errors in PDCP AES algorithm combinations.
To mitigate this, the CALM instruction is added for the
12-bit SN case, and the older version of the descriptor
is used for the 18-bit SN case.
Fixes: 6127fff842a7 ("common/dpaax: remove outdated caamflib code")
Cc: franck.lenormand@nxp.com
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index 9ada3905c5..f4379ede2c 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: BSD-3-Clause or GPL-2.0+
* Copyright 2008-2013 Freescale Semiconductor, Inc.
- * Copyright 2019-2023 NXP
+ * Copyright 2019-2025 NXP
*/
#ifndef __DESC_PDCP_H__
@@ -1981,8 +1981,7 @@ pdcp_insert_uplane_no_int_op(struct program *p,
KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
cipherdata->keylen, INLINE_KEY(cipherdata));
- if ((sn_size == PDCP_SN_SIZE_15) ||
- (rta_sec_era >= RTA_SEC_ERA_10)) {
+ if (sn_size == PDCP_SN_SIZE_15) {
PROTOCOL(p, dir, OP_PCLID_LTE_PDCP_USER,
(uint16_t)cipherdata->algtype);
return 0;
@@ -2747,6 +2746,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
(uint64_t)cipherdata->key, cipherdata->keylen,
INLINE_KEY(cipherdata));
+ JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
if (authdata)
PROTOCOL(p, OP_TYPE_ENCAP_PROTOCOL,
OP_PCLID_LTE_PDCP_USER_RN,
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v2 2/9] common/dpaax: fix for PDCP AES only 12bit SN case
2025-05-21 6:56 ` [PATCH v2 0/9] DPAA2 crypto driver changes Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 1/9] common/dpaax: fix invalid key command error Gagandeep Singh
@ 2025-05-21 6:56 ` Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 3/9] common/dpaax: support 12bit SN in pdcp uplane Gagandeep Singh
` (7 subsequent siblings)
9 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-21 6:56 UTC (permalink / raw)
To: dev, gakhil, Hemant Agrawal, Sachin Saxena, Franck Lenormand; +Cc: stable
This workaround fixes the invalid key command SEC error.
Fixes: 6127fff842a7 ("common/dpaax: remove outdated caamflib code")
Cc: franck.lenormand@nxp.com
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index f4379ede2c..c90eff26a8 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -619,7 +619,7 @@ pdcp_insert_cplane_enc_only_op(struct program *p,
KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
cipherdata->keylen, INLINE_KEY(cipherdata));
- if ((sn_size != PDCP_SN_SIZE_18 &&
+ if ((authdata && sn_size != PDCP_SN_SIZE_18 &&
!(rta_sec_era == RTA_SEC_ERA_8 &&
authdata->algtype == 0))
|| (rta_sec_era == RTA_SEC_ERA_10)) {
@@ -631,6 +631,7 @@ pdcp_insert_cplane_enc_only_op(struct program *p,
(uint16_t)cipherdata->algtype << 8);
return 0;
}
+
/* Non-proto is supported only for 5bit cplane and 18bit uplane */
switch (sn_size) {
case PDCP_SN_SIZE_5:
@@ -2719,7 +2720,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
case PDCP_CIPHER_TYPE_AES:
case PDCP_CIPHER_TYPE_SNOW:
case PDCP_CIPHER_TYPE_NULL:
- if (rta_sec_era == RTA_SEC_ERA_8 &&
+ if (rta_sec_era >= RTA_SEC_ERA_8 &&
authdata && authdata->algtype == 0){
err = pdcp_insert_uplane_with_int_op(p, swap,
cipherdata, authdata,
@@ -2729,6 +2730,17 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
return err;
break;
}
+ if (rta_sec_era >= RTA_SEC_ERA_8 &&
+ cipherdata->algtype == PDCP_CIPHER_TYPE_AES
+ && !authdata
+ && sn_size == PDCP_SN_SIZE_12) {
+ err = pdcp_insert_cplane_enc_only_op(p, swap, cipherdata,
+ authdata,
+ OP_TYPE_ENCAP_PROTOCOL, sn_size);
+ if (err)
+ return err;
+ break;
+ }
if (pdb_type != PDCP_PDB_TYPE_FULL_PDB) {
pr_err("PDB type must be FULL for PROTO desc\n");
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v2 3/9] common/dpaax: support 12bit SN in pdcp uplane
2025-05-21 6:56 ` [PATCH v2 0/9] DPAA2 crypto driver changes Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 1/9] common/dpaax: fix invalid key command error Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 2/9] common/dpaax: fix for PDCP AES only 12bit SN case Gagandeep Singh
@ 2025-05-21 6:56 ` Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 4/9] crypto/dpaa2_sec: change custom device API to standard Gagandeep Singh
` (6 subsequent siblings)
9 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-21 6:56 UTC (permalink / raw)
To: dev, gakhil, Hemant Agrawal, Sachin Saxena
update pdcp_insert_uplane_no_int_op() to support 12bit SN size
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index c90eff26a8..55159d53f0 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -1988,10 +1988,10 @@ pdcp_insert_uplane_no_int_op(struct program *p,
return 0;
}
- if (sn_size == PDCP_SN_SIZE_15) {
+ if (sn_size == PDCP_SN_SIZE_12) {
SEQLOAD(p, MATH0, 6, 2, 0);
- sn_mask = (swap == false) ? PDCP_U_PLANE_15BIT_SN_MASK :
- PDCP_U_PLANE_15BIT_SN_MASK_BE;
+ sn_mask = (swap == false) ? PDCP_12BIT_SN_MASK :
+ PDCP_12BIT_SN_MASK_BE;
} else { /* SN Size == PDCP_SN_SIZE_18 */
SEQLOAD(p, MATH0, 5, 3, 0);
sn_mask = (swap == false) ? PDCP_U_PLANE_18BIT_SN_MASK :
@@ -2000,7 +2000,7 @@ pdcp_insert_uplane_no_int_op(struct program *p,
JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
MATHB(p, MATH0, AND, sn_mask, MATH1, 8, IFB | IMMED2);
- if (sn_size == PDCP_SN_SIZE_15)
+ if (sn_size == PDCP_SN_SIZE_12)
SEQSTORE(p, MATH0, 6, 2, 0);
else /* SN Size == PDCP_SN_SIZE_18 */
SEQSTORE(p, MATH0, 5, 3, 0);
@@ -2047,7 +2047,7 @@ pdcp_insert_uplane_no_int_op(struct program *p,
default:
pr_err("%s: Invalid encrypt algorithm selected: %d\n",
- "pdcp_insert_uplane_15bit_op", cipherdata->algtype);
+ "pdcp_insert_uplane_no_int_op", cipherdata->algtype);
return -EINVAL;
}
@@ -2734,8 +2734,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
cipherdata->algtype == PDCP_CIPHER_TYPE_AES
&& !authdata
&& sn_size == PDCP_SN_SIZE_12) {
- err = pdcp_insert_cplane_enc_only_op(p, swap, cipherdata,
- authdata,
+ err = pdcp_insert_uplane_no_int_op(p, swap, cipherdata,
OP_TYPE_ENCAP_PROTOCOL, sn_size);
if (err)
return err;
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v2 4/9] crypto/dpaa2_sec: change custom device API to standard
2025-05-21 6:56 ` [PATCH v2 0/9] DPAA2 crypto driver changes Gagandeep Singh
` (2 preceding siblings ...)
2025-05-21 6:56 ` [PATCH v2 3/9] common/dpaax: support 12bit SN in pdcp uplane Gagandeep Singh
@ 2025-05-21 6:56 ` Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 5/9] crypto/dpaa2_sec: fix coverity Issues Gagandeep Singh
` (5 subsequent siblings)
9 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-21 6:56 UTC (permalink / raw)
To: dev, gakhil, Hemant Agrawal, Anatoly Burakov
Replacing existing device creation and deletion code in probe and
remove functions with rte_cryptodev_pmd_create() and
rte_cryptodev_pmd_destroy() APIs provided by the DPDK library,
simplifying drivers initialization and teardown.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 38 +++++++------------
drivers/crypto/dpaa_sec/dpaa_sec.c | 42 +++++++--------------
2 files changed, 27 insertions(+), 53 deletions(-)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 0ccadecff4..925d2709d2 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2016-2023 NXP
+ * Copyright 2016-2025 NXP
*
*/
@@ -4413,33 +4413,27 @@ cryptodev_dpaa2_sec_probe(struct rte_dpaa2_driver *dpaa2_drv __rte_unused,
{
struct rte_cryptodev *cryptodev;
char cryptodev_name[RTE_CRYPTODEV_NAME_MAX_LEN];
-
int retval;
+ struct rte_cryptodev_pmd_init_params init_params = {
+ .name = "",
+ .private_data_size = sizeof(struct dpaa2_sec_dev_private),
+ .socket_id = rte_socket_id(),
+ .max_nb_queue_pairs =
+ RTE_CRYPTODEV_PMD_DEFAULT_MAX_NB_QUEUE_PAIRS,
+ /* setting default, will be updated in init. */
+ };
snprintf(cryptodev_name, sizeof(cryptodev_name), "dpsec-%d",
dpaa2_dev->object_id);
- cryptodev = rte_cryptodev_pmd_allocate(cryptodev_name, rte_socket_id());
- if (cryptodev == NULL)
+ cryptodev = rte_cryptodev_pmd_create(cryptodev_name, &dpaa2_dev->device,
+ &init_params);
+ if (cryptodev == NULL) {
+ DPAA2_SEC_ERR("failed to create cryptodev vdev");
return -ENOMEM;
-
- if (rte_eal_process_type() == RTE_PROC_PRIMARY) {
- cryptodev->data->dev_private = rte_zmalloc_socket(
- "cryptodev private structure",
- sizeof(struct dpaa2_sec_dev_private),
- RTE_CACHE_LINE_SIZE,
- rte_socket_id());
-
- if (cryptodev->data->dev_private == NULL)
- rte_panic("Cannot allocate memzone for private "
- "device data");
}
dpaa2_dev->cryptodev = cryptodev;
- cryptodev->device = &dpaa2_dev->device;
-
- /* init user callbacks */
- TAILQ_INIT(&(cryptodev->link_intr_cbs));
if (dpaa2_svr_family == SVR_LX2160A)
rta_set_sec_era(RTA_SEC_ERA_10);
@@ -4454,11 +4448,7 @@ cryptodev_dpaa2_sec_probe(struct rte_dpaa2_driver *dpaa2_drv __rte_unused,
rte_cryptodev_pmd_probing_finish(cryptodev);
return 0;
}
-
- if (rte_eal_process_type() == RTE_PROC_PRIMARY)
- rte_free(cryptodev->data->dev_private);
-
- cryptodev->attached = RTE_CRYPTODEV_DETACHED;
+ rte_cryptodev_pmd_destroy(cryptodev);
return -ENXIO;
}
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index bcea4ff3ab..58d691d8a6 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2017-2024 NXP
+ * Copyright 2017-2025 NXP
*
*/
@@ -3614,16 +3614,10 @@ static const struct rte_security_ops dpaa_sec_security_ops = {
static int
dpaa_sec_uninit(struct rte_cryptodev *dev)
{
- struct dpaa_sec_dev_private *internals;
-
if (dev == NULL)
return -ENODEV;
- internals = dev->data->dev_private;
rte_free(dev->security_ctx);
-
- rte_free(internals);
-
DPAA_SEC_INFO("Closing DPAA_SEC device %s on numa socket %u",
dev->data->name, rte_socket_id());
@@ -3780,33 +3774,26 @@ cryptodev_dpaa_sec_probe(struct rte_dpaa_driver *dpaa_drv __rte_unused,
{
struct rte_cryptodev *cryptodev;
char cryptodev_name[RTE_CRYPTODEV_NAME_MAX_LEN];
-
int retval;
+ struct rte_cryptodev_pmd_init_params init_params = {
+ .name = "",
+ .private_data_size = sizeof(struct dpaa_sec_dev_private),
+ .socket_id = rte_socket_id(),
+ .max_nb_queue_pairs =
+ RTE_DPAA_MAX_NB_SEC_QPS,
+ };
if (rte_eal_process_type() != RTE_PROC_PRIMARY)
return 0;
snprintf(cryptodev_name, sizeof(cryptodev_name), "%s", dpaa_dev->name);
- cryptodev = rte_cryptodev_pmd_allocate(cryptodev_name, rte_socket_id());
- if (cryptodev == NULL)
+ cryptodev = rte_cryptodev_pmd_create(cryptodev_name, &dpaa_dev->device, &init_params);
+ if (cryptodev == NULL) {
+ DPAA_SEC_ERR("failed to create cryptodev vdev");
return -ENOMEM;
-
- cryptodev->data->dev_private = rte_zmalloc_socket(
- "cryptodev private structure",
- sizeof(struct dpaa_sec_dev_private),
- RTE_CACHE_LINE_SIZE,
- rte_socket_id());
-
- if (cryptodev->data->dev_private == NULL)
- rte_panic("Cannot allocate memzone for private "
- "device data");
-
+ }
dpaa_dev->crypto_dev = cryptodev;
- cryptodev->device = &dpaa_dev->device;
-
- /* init user callbacks */
- TAILQ_INIT(&(cryptodev->link_intr_cbs));
/* if sec device version is not configured */
if (!rta_get_sec_era()) {
@@ -3841,10 +3828,7 @@ cryptodev_dpaa_sec_probe(struct rte_dpaa_driver *dpaa_drv __rte_unused,
retval = -ENXIO;
out:
- /* In case of error, cleanup is done */
- rte_free(cryptodev->data->dev_private);
-
- rte_cryptodev_pmd_release_device(cryptodev);
+ rte_cryptodev_pmd_destroy(cryptodev);
return retval;
}
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v2 5/9] crypto/dpaa2_sec: fix coverity Issues
2025-05-21 6:56 ` [PATCH v2 0/9] DPAA2 crypto driver changes Gagandeep Singh
` (3 preceding siblings ...)
2025-05-21 6:56 ` [PATCH v2 4/9] crypto/dpaa2_sec: change custom device API to standard Gagandeep Singh
@ 2025-05-21 6:56 ` Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 6/9] crypto/dpaa2_sec: add null algo capability Gagandeep Singh
` (4 subsequent siblings)
9 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-21 6:56 UTC (permalink / raw)
To: dev, gakhil, Hemant Agrawal; +Cc: Vanshika Shukla, g.singh, stable
From: Vanshika Shukla <vanshika.shukla@nxp.com>
Fixes the uninitialized variable issue - reported by NXP internal
coverity.
Fixes: 1182b364312c ("crypto/dpaax_sec: set authdata in non-auth case")
Cc: g.singh@nxp.com
Cc: stable@dpdk.org
Signed-off-by: Vanshika Shukla <vanshika.shukla@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 925d2709d2..5995eb58d8 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3576,6 +3576,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
session->auth_key.data = NULL;
session->auth_key.length = 0;
session->auth_alg = 0;
+ authdata.algtype = PDCP_AUTH_TYPE_NULL;
}
authdata.key = (size_t)session->auth_key.data;
authdata.keylen = session->auth_key.length;
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v2 6/9] crypto/dpaa2_sec: add null algo capability
2025-05-21 6:56 ` [PATCH v2 0/9] DPAA2 crypto driver changes Gagandeep Singh
` (4 preceding siblings ...)
2025-05-21 6:56 ` [PATCH v2 5/9] crypto/dpaa2_sec: fix coverity Issues Gagandeep Singh
@ 2025-05-21 6:56 ` Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 7/9] net/dpaa2: configure buffer layout Gagandeep Singh
` (3 subsequent siblings)
9 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-21 6:56 UTC (permalink / raw)
To: dev, gakhil, Hemant Agrawal
This patch adds NULL algo capabilities.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/dpaa2_sec.rst | 2 +
doc/guides/cryptodevs/features/dpaa2_sec.ini | 2 +
drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 41 ++++++++++++++++++++
3 files changed, 45 insertions(+)
diff --git a/doc/guides/cryptodevs/dpaa2_sec.rst b/doc/guides/cryptodevs/dpaa2_sec.rst
index 1a590309a0..6b1357d78a 100644
--- a/doc/guides/cryptodevs/dpaa2_sec.rst
+++ b/doc/guides/cryptodevs/dpaa2_sec.rst
@@ -105,6 +105,7 @@ The DPAA2_SEC PMD has support for:
Cipher algorithms:
+* ``RTE_CRYPTO_CIPHER_NULL``
* ``RTE_CRYPTO_CIPHER_3DES_CBC``
* ``RTE_CRYPTO_CIPHER_AES128_CBC``
* ``RTE_CRYPTO_CIPHER_AES192_CBC``
@@ -115,6 +116,7 @@ Cipher algorithms:
Hash algorithms:
+* ``RTE_CRYPTO_AUTH_NULL``
* ``RTE_CRYPTO_AUTH_SHA1_HMAC``
* ``RTE_CRYPTO_AUTH_SHA224_HMAC``
* ``RTE_CRYPTO_AUTH_SHA256_HMAC``
diff --git a/doc/guides/cryptodevs/features/dpaa2_sec.ini b/doc/guides/cryptodevs/features/dpaa2_sec.ini
index 3d6e449ca1..a280c7b51b 100644
--- a/doc/guides/cryptodevs/features/dpaa2_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa2_sec.ini
@@ -18,6 +18,7 @@ OOP LB In LB Out = Y
; Supported crypto algorithms of the 'dpaa2_sec' crypto driver.
;
[Cipher]
+NULL = Y
AES CBC (128) = Y
AES CBC (192) = Y
AES CBC (256) = Y
@@ -33,6 +34,7 @@ ZUC EEA3 = Y
; Supported authentication algorithms of the 'dpaa2_sec' crypto driver.
;
[Auth]
+NULL = Y
MD5 = Y
MD5 HMAC = Y
SHA1 = Y
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index 1c0bc3d6de..e9b601c035 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -227,6 +227,27 @@ typedef struct dpaa2_sec_session_entry {
static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
/* Symmetric capabilities */
+ { /* NULL (AUTH) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_NULL,
+ .block_size = 1,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, },
+ }, },
+ },
{ /* MD5 */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -553,6 +574,26 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
}, }
}, }
},
+ { /* NULL (CIPHER) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_NULL,
+ .block_size = 1,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ }
+ }, },
+ }, }
+ },
{ /* AES CBC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v2 7/9] net/dpaa2: configure buffer layout
2025-05-21 6:56 ` [PATCH v2 0/9] DPAA2 crypto driver changes Gagandeep Singh
` (5 preceding siblings ...)
2025-05-21 6:56 ` [PATCH v2 6/9] crypto/dpaa2_sec: add null algo capability Gagandeep Singh
@ 2025-05-21 6:56 ` Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 8/9] mempool/dpaa2: mempool operation index Gagandeep Singh
` (2 subsequent siblings)
9 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-21 6:56 UTC (permalink / raw)
To: dev, gakhil, Hemant Agrawal, Sachin Saxena; +Cc: Jun Yang
From: Jun Yang <jun.yang@nxp.com>
Make header room big enough for IPSec with TX dynamic confirm enabled.
Ingress minimum header room:
64(size of parser result) + 8(address of SEC context) * 2.
Egress minimum header room:
88(FAEAD offset) + 8(FAEAD size) + 8(address of SEC context) * 2 +
114(expansion).
Signed-off-by: Jun Yang <jun.yang@nxp.com>
---
drivers/bus/fslmc/portal/dpaa2_hw_pvt.h | 10 ++++++++++
drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 4 +---
drivers/net/dpaa2/base/dpaa2_hw_dpni.c | 18 ++++++++++++++++--
drivers/net/dpaa2/base/dpaa2_hw_dpni_annot.h | 6 ++++++
drivers/net/dpaa2/dpaa2_ethdev.h | 6 +++++-
5 files changed, 38 insertions(+), 6 deletions(-)
diff --git a/drivers/bus/fslmc/portal/dpaa2_hw_pvt.h b/drivers/bus/fslmc/portal/dpaa2_hw_pvt.h
index be0719aac6..10bc191645 100644
--- a/drivers/bus/fslmc/portal/dpaa2_hw_pvt.h
+++ b/drivers/bus/fslmc/portal/dpaa2_hw_pvt.h
@@ -84,6 +84,16 @@
#define DPAA2_INVALID_FLOW_ID 0xffff
#define DPAA2_INVALID_CGID 0xff
+#define SEC_FLC_DHR_OUTBOUND (-114)
+#define SEC_FLC_DHR_INBOUND 0
+
+/** Consider aligning with 8 bytes to multiply point size with 2.*/
+#define DPAA2_SEC_SIMPLE_FD_OB_MIN \
+ ((-SEC_FLC_DHR_OUTBOUND) + sizeof(void *) * 2)
+
+#define DPAA2_SEC_SIMPLE_FD_IB_MIN \
+ ((-SEC_FLC_DHR_INBOUND) + sizeof(void *) * 2)
+
struct dpaa2_queue;
struct eqresp_metadata {
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index e9b601c035..755c8e9cc3 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2016,2020-2023 NXP
+ * Copyright 2016,2020-2024 NXP
*
*/
@@ -20,8 +20,6 @@ extern uint8_t cryptodev_driver_id;
#define FLE_POOL_BUF_SIZE 256
#define FLE_POOL_CACHE_SIZE 512
#define FLE_SG_MEM_SIZE(num) (FLE_POOL_BUF_SIZE + ((num) * 32))
-#define SEC_FLC_DHR_OUTBOUND -114
-#define SEC_FLC_DHR_INBOUND 0
#define MAX_QUEUES 64
#define MAX_DESC_SIZE 64
diff --git a/drivers/net/dpaa2/base/dpaa2_hw_dpni.c b/drivers/net/dpaa2/base/dpaa2_hw_dpni.c
index 8d00a86032..b1d473429a 100644
--- a/drivers/net/dpaa2/base/dpaa2_hw_dpni.c
+++ b/drivers/net/dpaa2/base/dpaa2_hw_dpni.c
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2016-2021 NXP
+ * Copyright 2016-2021,2023-2024 NXP
*
*/
@@ -492,7 +492,21 @@ dpaa2_attach_bp_list(struct dpaa2_dev_priv *priv,
*/
/* ... rx buffer layout ... */
- tot_size = RTE_PKTMBUF_HEADROOM;
+ if (priv->flags & DPAA2_TX_DYNAMIC_CONF_ENABLE) {
+ int out_min_hdr_room, in_min_hdr_room;
+ /** Additional headroom layout for IPSec with TX configure
+ * dynamic enabled.
+ */
+ in_min_hdr_room = DPAA2_RX_MIN_FD_OFFSET +
+ DPAA2_SEC_SIMPLE_FD_IB_MIN;
+ out_min_hdr_room = DPAA2_DYN_TX_MIN_FD_OFFSET +
+ DPAA2_SEC_SIMPLE_FD_OB_MIN;
+ tot_size = RTE_MAX(in_min_hdr_room, out_min_hdr_room);
+ if (tot_size < RTE_PKTMBUF_HEADROOM)
+ tot_size = RTE_PKTMBUF_HEADROOM;
+ } else {
+ tot_size = RTE_PKTMBUF_HEADROOM;
+ }
tot_size = RTE_ALIGN_CEIL(tot_size, DPAA2_PACKET_LAYOUT_ALIGN);
memset(&layout, 0, sizeof(struct dpni_buffer_layout));
diff --git a/drivers/net/dpaa2/base/dpaa2_hw_dpni_annot.h b/drivers/net/dpaa2/base/dpaa2_hw_dpni_annot.h
index fb026d6e49..d156b07087 100644
--- a/drivers/net/dpaa2/base/dpaa2_hw_dpni_annot.h
+++ b/drivers/net/dpaa2/base/dpaa2_hw_dpni_annot.h
@@ -253,6 +253,9 @@ struct dpaa2_annot_hdr {
#define PARSE_ERROR_CODE(var) ((uint64_t)(var) & 0xFF00000000000000)
#define SOFT_PARSING_CONTEXT(var) ((uint64_t)(var) & 0x00FFFFFFFFFFFFFF)
+#define DPAA2_RX_MIN_FD_OFFSET \
+ (DPAA2_FD_PTA_SIZE + sizeof(struct dpaa2_annot_hdr))
+
/*FAEAD offset in anmotation area*/
#define DPAA2_FD_HW_ANNOT_FAEAD_OFFSET 0x58
@@ -261,6 +264,9 @@ struct dpaa2_faead {
uint32_t ctrl;
};
+#define DPAA2_DYN_TX_MIN_FD_OFFSET \
+ (DPAA2_FD_HW_ANNOT_FAEAD_OFFSET + sizeof(struct dpaa2_faead))
+
/*FAEAD bits */
/*A2 OMB contains valid data*/
#define DPAA2_ANNOT_FAEAD_A2V 0x20000000
diff --git a/drivers/net/dpaa2/dpaa2_ethdev.h b/drivers/net/dpaa2/dpaa2_ethdev.h
index fd3119247a..b9dd9b22fd 100644
--- a/drivers/net/dpaa2/dpaa2_ethdev.h
+++ b/drivers/net/dpaa2/dpaa2_ethdev.h
@@ -70,8 +70,12 @@
/* Disable RX tail drop, default is enable */
#define DPAA2_RX_TAILDROP_OFF 0x04
/* Tx confirmation enabled */
-#define DPAA2_TX_CONF_ENABLE 0x06
+#define DPAA2_TX_CONF_ENABLE 0x08
+/* Tx dynamic confirmation enabled,
+ * only valid with Tx confirmation enabled.
+ */
+#define DPAA2_TX_DYNAMIC_CONF_ENABLE 0x10
/* DPDMUX index for DPMAC */
#define DPAA2_DPDMUX_DPMAC_IDX 0
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v2 8/9] mempool/dpaa2: mempool operation index
2025-05-21 6:56 ` [PATCH v2 0/9] DPAA2 crypto driver changes Gagandeep Singh
` (6 preceding siblings ...)
2025-05-21 6:56 ` [PATCH v2 7/9] net/dpaa2: configure buffer layout Gagandeep Singh
@ 2025-05-21 6:56 ` Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 9/9] crypto/dpaa2_sec: add support for simple IPsec FD Gagandeep Singh
2025-05-21 11:59 ` [EXTERNAL] [PATCH v2 0/9] DPAA2 crypto driver changes Akhil Goyal
9 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-21 6:56 UTC (permalink / raw)
To: dev, gakhil, Hemant Agrawal, Sachin Saxena; +Cc: Jun Yang
From: Jun Yang <jun.yang@nxp.com>
For user to identify dpaa2 mempool by operation index.
Signed-off-by: Jun Yang <jun.yang@nxp.com>
---
drivers/mempool/dpaa2/dpaa2_hw_mempool.c | 20 +++++++++++++++++++-
drivers/mempool/dpaa2/dpaa2_hw_mempool.h | 5 ++++-
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/drivers/mempool/dpaa2/dpaa2_hw_mempool.c b/drivers/mempool/dpaa2/dpaa2_hw_mempool.c
index 09729d2828..118eb76db7 100644
--- a/drivers/mempool/dpaa2/dpaa2_hw_mempool.c
+++ b/drivers/mempool/dpaa2/dpaa2_hw_mempool.c
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2016-2019 NXP
+ * Copyright 2016-2019,2022-2025 NXP
*
*/
@@ -38,6 +38,14 @@ RTE_EXPORT_INTERNAL_SYMBOL(rte_dpaa2_bpid_info)
struct dpaa2_bp_info *rte_dpaa2_bpid_info;
static struct dpaa2_bp_list *h_bp_list;
+static int16_t s_dpaa2_pool_ops_idx = RTE_MEMPOOL_MAX_OPS_IDX;
+
+RTE_EXPORT_INTERNAL_SYMBOL(rte_dpaa2_mpool_get_ops_idx)
+int rte_dpaa2_mpool_get_ops_idx(void)
+{
+ return s_dpaa2_pool_ops_idx;
+}
+
static int
rte_hw_mbuf_create_pool(struct rte_mempool *mp)
{
@@ -119,6 +127,14 @@ rte_hw_mbuf_create_pool(struct rte_mempool *mp)
bp_list->buf_pool.dpbp_node = avail_dpbp;
/* Identification for our offloaded pool_data structure */
bp_list->dpaa2_ops_index = mp->ops_index;
+ if (s_dpaa2_pool_ops_idx == RTE_MEMPOOL_MAX_OPS_IDX) {
+ s_dpaa2_pool_ops_idx = mp->ops_index;
+ } else if (s_dpaa2_pool_ops_idx != mp->ops_index) {
+ DPAA2_MEMPOOL_ERR("Only single ops index only");
+ ret = -EINVAL;
+ goto err4;
+ }
+
bp_list->next = h_bp_list;
bp_list->mp = mp;
@@ -150,6 +166,8 @@ rte_hw_mbuf_create_pool(struct rte_mempool *mp)
}
return 0;
+err4:
+ rte_free(bp_list);
err3:
rte_free(bp_info);
err2:
diff --git a/drivers/mempool/dpaa2/dpaa2_hw_mempool.h b/drivers/mempool/dpaa2/dpaa2_hw_mempool.h
index 9e21823fb6..8b2718bfa1 100644
--- a/drivers/mempool/dpaa2/dpaa2_hw_mempool.h
+++ b/drivers/mempool/dpaa2/dpaa2_hw_mempool.h
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2016-2019 NXP
+ * Copyright 2016-2024 NXP
*
*/
@@ -65,4 +65,7 @@ __rte_internal
int rte_dpaa2_mbuf_alloc_bulk(struct rte_mempool *pool,
void **obj_table, unsigned int count);
+__rte_internal
+int rte_dpaa2_mpool_get_ops_idx(void);
+
#endif /* _DPAA2_HW_DPBP_H_ */
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v2 9/9] crypto/dpaa2_sec: add support for simple IPsec FD
2025-05-21 6:56 ` [PATCH v2 0/9] DPAA2 crypto driver changes Gagandeep Singh
` (7 preceding siblings ...)
2025-05-21 6:56 ` [PATCH v2 8/9] mempool/dpaa2: mempool operation index Gagandeep Singh
@ 2025-05-21 6:56 ` Gagandeep Singh
2025-05-21 11:59 ` [EXTERNAL] [PATCH v2 0/9] DPAA2 crypto driver changes Akhil Goyal
9 siblings, 0 replies; 26+ messages in thread
From: Gagandeep Singh @ 2025-05-21 6:56 UTC (permalink / raw)
To: dev, gakhil, Hemant Agrawal; +Cc: Jun Yang
From: Jun Yang <jun.yang@nxp.com>
For IVP mode of simple IPsec FD, store op context point just
before expansion and align with point size(8).
Otherwise, store op context point in offset to mbuf with
rte_mbuf_dynfield register.
Signed-off-by: Jun Yang <jun.yang@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 143 +++++++++++++++-----
drivers/crypto/dpaa2_sec/meson.build | 3 +-
2 files changed, 108 insertions(+), 38 deletions(-)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 5995eb58d8..ca10d88da7 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -35,6 +35,7 @@
#include "dpaa2_sec_priv.h"
#include "dpaa2_sec_event.h"
#include "dpaa2_sec_logs.h"
+#include "dpaa2_hw_dpni_annot.h"
/* RTA header files */
#include <desc/ipsec.h>
@@ -67,6 +68,14 @@ enum dpaa2_sec_dump_levels {
uint8_t cryptodev_driver_id;
uint8_t dpaa2_sec_dp_dump = DPAA2_SEC_DP_ERR_DUMP;
+static int s_dpaa2_sec_cntx_pos = -1;
+
+static const struct rte_mbuf_dynfield s_dpaa2_sec_cntx_pos_dyn = {
+ .name = "dpaa2_sec_cntx_pos_dyn",
+ .size = sizeof(void *),
+ .align = alignof(void *),
+};
+
static inline void
dpaa2_sec_dp_fd_dump(const struct qbman_fd *fd, uint16_t bpid,
struct rte_mbuf *mbuf, bool tx)
@@ -319,30 +328,58 @@ build_proto_fd(dpaa2_sec_session *sess,
struct qbman_fd *fd, uint16_t bpid, struct dpaa2_sec_qp *qp)
{
struct rte_crypto_sym_op *sym_op = op->sym;
+ struct sec_flow_context *flc;
+ struct ctxt_priv *priv = sess->ctxt;
+ int min_hdr;
+ void **op_context;
+
if (sym_op->m_dst)
return build_proto_compound_fd(sess, op, fd, bpid, qp);
- struct ctxt_priv *priv = sess->ctxt;
- struct sec_flow_context *flc;
- struct rte_mbuf *mbuf = sym_op->m_src;
-
- if (likely(bpid < MAX_BPID))
- DPAA2_SET_FD_BPID(fd, bpid);
+ if (sess->dir == DIR_ENC)
+ min_hdr = -SEC_FLC_DHR_OUTBOUND;
else
- DPAA2_SET_FD_IVP(fd);
+ min_hdr = SEC_FLC_DHR_INBOUND;
- /* Save the shared descriptor */
flc = &priv->flc_desc[0].flc;
+ if (likely(bpid < MAX_BPID)) {
+ if (unlikely(s_dpaa2_sec_cntx_pos < 0)) {
+ DPAA2_SEC_ERR("SEC context position not registered!");
+ return -EINVAL;
+ }
+ op_context = (void *)((uint8_t *)sym_op->m_src +
+ s_dpaa2_sec_cntx_pos);
+ *op_context = op;
+ DPAA2_SET_FD_BPID(fd, bpid);
+ } else {
+ op_context = rte_pktmbuf_mtod_offset(sym_op->m_src,
+ void **, -(min_hdr + sizeof(void *)));
+ op_context = (void **)RTE_ALIGN_FLOOR((uintptr_t)op_context,
+ sizeof(void *));
+ if (unlikely((uint64_t)op_context <
+ (uint64_t)sym_op->m_src->buf_addr)) {
+ DPAA2_SEC_ERR("Too short offset to save context %p < %p",
+ op_context, sym_op->m_src->buf_addr);
+ return -EINVAL;
+ }
+ if (unlikely(sess->dir == DIR_ENC &&
+ (uint64_t)op_context <
+ ((uint64_t)sym_op->m_src->buf_addr +
+ DPAA2_DYN_TX_MIN_FD_OFFSET))) {
+ DPAA2_SEC_ERR("ENC FAEAD being overlapped %p < %p + %" PRIu64,
+ op_context, sym_op->m_src->buf_addr,
+ (uint64_t)DPAA2_DYN_TX_MIN_FD_OFFSET);
+ return -EINVAL;
+ }
+ DPAA2_SET_FD_IVP(fd);
+ }
+
DPAA2_SET_FD_ADDR(fd, DPAA2_MBUF_VADDR_TO_IOVA(sym_op->m_src));
DPAA2_SET_FD_OFFSET(fd, sym_op->m_src->data_off);
DPAA2_SET_FD_LEN(fd, sym_op->m_src->pkt_len);
DPAA2_SET_FD_FLC(fd, DPAA2_VADDR_TO_IOVA(flc));
- /* save physical address of mbuf */
- op->sym->aead.digest.phys_addr = mbuf->buf_iova;
- mbuf->buf_iova = (size_t)op;
-
return 0;
}
@@ -1503,7 +1540,11 @@ dpaa2_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
/*Clear the unused FD fields before sending*/
memset(&fd_arr[loop], 0, sizeof(struct qbman_fd));
mb_pool = (*ops)->sym->m_src->pool;
- bpid = mempool_to_bpid(mb_pool);
+ if (mb_pool->ops_index ==
+ rte_dpaa2_mpool_get_ops_idx())
+ bpid = mempool_to_bpid(mb_pool);
+ else
+ bpid = MAX_BPID;
ret = build_sec_fd(*ops, &fd_arr[loop], bpid, dpaa2_qp);
if (ret) {
DPAA2_SEC_DP_DEBUG("FD build failed");
@@ -1549,37 +1590,51 @@ dpaa2_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
}
static inline struct rte_crypto_op *
-sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
+dpaa2_sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
{
struct rte_crypto_op *op;
- uint16_t len = DPAA2_GET_FD_LEN(fd);
+ uint16_t len = DPAA2_GET_FD_LEN(fd), bpid = MAX_BPID;
int16_t diff = 0;
- dpaa2_sec_session *sess_priv __rte_unused;
+ struct rte_mbuf *mbuf;
+ dpaa2_sec_session *sess_priv;
+ uint8_t *vir;
+ void **op_context;
+
+ vir = DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd));
+
+ if (likely(!DPAA2_GET_FD_IVP(fd))) {
+ bpid = DPAA2_GET_FD_BPID(fd);
+ mbuf = DPAA2_INLINE_MBUF_FROM_BUF(vir,
+ rte_dpaa2_bpid_info[bpid].meta_data_size);
+ if (unlikely(s_dpaa2_sec_cntx_pos < 0)) {
+ DPAA2_SEC_ERR("SEC context position not registered!");
+ return NULL;
+ }
+ op_context = (void *)((uintptr_t)mbuf + s_dpaa2_sec_cntx_pos);
+ op = *op_context;
+ } else {
+ op_context = (void **)RTE_PTR_ALIGN_FLOOR(vir +
+ DPAA2_GET_FD_OFFSET(fd) - sizeof(void *),
+ sizeof(void *));
- if (unlikely(DPAA2_GET_FD_IVP(fd))) {
- DPAA2_SEC_ERR("error: non inline buffer");
- return NULL;
+ op = *op_context;
+ mbuf = op->sym->m_src;
}
- struct rte_mbuf *mbuf = DPAA2_INLINE_MBUF_FROM_BUF(
- DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd)),
- rte_dpaa2_bpid_info[DPAA2_GET_FD_BPID(fd)].meta_data_size);
+ sess_priv = SECURITY_GET_SESS_PRIV(op->sym->session);
diff = len - mbuf->pkt_len;
mbuf->pkt_len += diff;
mbuf->data_len += diff;
- op = (struct rte_crypto_op *)(size_t)mbuf->buf_iova;
- mbuf->buf_iova = op->sym->aead.digest.phys_addr;
- op->sym->aead.digest.phys_addr = 0L;
- sess_priv = SECURITY_GET_SESS_PRIV(op->sym->session);
if (sess_priv->dir == DIR_ENC)
mbuf->data_off += SEC_FLC_DHR_OUTBOUND;
else
mbuf->data_off += SEC_FLC_DHR_INBOUND;
if (unlikely(fd->simple.frc)) {
- DPAA2_SEC_ERR("SEC returned Error - %x",
- fd->simple.frc);
+ DPAA2_SEC_ERR("SEC %s returned Error - %x",
+ sess_priv->dir == DIR_ENC ? "encap" : "decap",
+ fd->simple.frc);
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
} else {
op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
@@ -1589,14 +1644,15 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
}
static inline struct rte_crypto_op *
-sec_fd_to_mbuf(const struct qbman_fd *fd, struct dpaa2_sec_qp *qp)
+dpaa2_sec_fd_to_mbuf(const struct qbman_fd *fd,
+ struct dpaa2_sec_qp *qp)
{
struct qbman_fle *fle;
struct rte_crypto_op *op;
struct rte_mbuf *dst, *src;
if (DPAA2_FD_GET_FORMAT(fd) == qbman_fd_single)
- return sec_simple_fd_to_mbuf(fd);
+ return dpaa2_sec_simple_fd_to_mbuf(fd);
fle = (struct qbman_fle *)DPAA2_IOVA_TO_VADDR(DPAA2_GET_FD_ADDR(fd));
@@ -1728,7 +1784,7 @@ dpaa2_sec_free_eqresp_buf(uint16_t eqresp_ci,
dpaa2_qp = container_of(dpaa2_q, struct dpaa2_sec_qp, tx_vq);
fd = qbman_result_eqresp_fd(&dpio_dev->eqresp[eqresp_ci]);
- op = sec_fd_to_mbuf(fd, dpaa2_qp);
+ op = dpaa2_sec_fd_to_mbuf(fd, dpaa2_qp);
/* Instead of freeing, enqueue it to the sec tx queue (sec->core)
* after setting an error in FD. But this will have performance impact.
*/
@@ -1843,7 +1899,11 @@ dpaa2_sec_enqueue_burst_ordered(void *qp, struct rte_crypto_op **ops,
/*Clear the unused FD fields before sending*/
memset(&fd_arr[loop], 0, sizeof(struct qbman_fd));
mb_pool = (*ops)->sym->m_src->pool;
- bpid = mempool_to_bpid(mb_pool);
+ if (mb_pool->ops_index ==
+ rte_dpaa2_mpool_get_ops_idx())
+ bpid = mempool_to_bpid(mb_pool);
+ else
+ bpid = MAX_BPID;
ret = build_sec_fd(*ops, &fd_arr[loop], bpid, dpaa2_qp);
if (ret) {
DPAA2_SEC_DP_DEBUG("FD build failed");
@@ -1965,7 +2025,7 @@ dpaa2_sec_dequeue_burst(void *qp, struct rte_crypto_op **ops,
}
fd = qbman_result_DQ_fd(dq_storage);
- ops[num_rx] = sec_fd_to_mbuf(fd, dpaa2_qp);
+ ops[num_rx] = dpaa2_sec_fd_to_mbuf(fd, dpaa2_qp);
if (unlikely(fd->simple.frc)) {
/* TODO Parse SEC errors */
@@ -3374,6 +3434,15 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
goto out;
}
+ ret = rte_mbuf_dynfield_register(&s_dpaa2_sec_cntx_pos_dyn);
+ if (ret < 0) {
+ DPAA2_SEC_ERR("Failed to register context pos");
+ goto out;
+ }
+ DPAA2_SEC_INFO("Register mbuf offset(%d) for sec context pos",
+ ret);
+ s_dpaa2_sec_cntx_pos = ret;
+
flc->word1_sdl = (uint8_t)bufsize;
flc_iova = DPAA2_VADDR_TO_IOVA(flc);
@@ -4028,7 +4097,7 @@ dpaa2_sec_process_parallel_event(struct qbman_swp *swp,
ev->sched_type = rxq->ev.sched_type;
ev->queue_id = rxq->ev.queue_id;
ev->priority = rxq->ev.priority;
- ev->event_ptr = sec_fd_to_mbuf(fd, qp);
+ ev->event_ptr = dpaa2_sec_fd_to_mbuf(fd, qp);
qbman_swp_dqrr_consume(swp, dq);
}
@@ -4053,7 +4122,7 @@ dpaa2_sec_process_atomic_event(struct qbman_swp *swp __rte_unused,
ev->queue_id = rxq->ev.queue_id;
ev->priority = rxq->ev.priority;
- crypto_op = sec_fd_to_mbuf(fd, qp);
+ crypto_op = dpaa2_sec_fd_to_mbuf(fd, qp);
dqrr_index = qbman_get_dqrr_idx(dq);
*dpaa2_seqn(crypto_op->sym->m_src) = QBMAN_ENQUEUE_FLAG_DCA | dqrr_index;
DPAA2_PER_LCORE_DQRR_SIZE++;
@@ -4080,7 +4149,7 @@ dpaa2_sec_process_ordered_event(struct qbman_swp *swp,
ev->sched_type = rxq->ev.sched_type;
ev->queue_id = rxq->ev.queue_id;
ev->priority = rxq->ev.priority;
- crypto_op = sec_fd_to_mbuf(fd, qp);
+ crypto_op = dpaa2_sec_fd_to_mbuf(fd, qp);
*dpaa2_seqn(crypto_op->sym->m_src) = DPAA2_ENQUEUE_FLAG_ORP;
*dpaa2_seqn(crypto_op->sym->m_src) |= qbman_result_DQ_odpid(dq) <<
@@ -4355,7 +4424,7 @@ dpaa2_sec_dev_init(struct rte_cryptodev *cryptodev)
}
/* Initialize security_ctx only for primary process*/
- security_instance = rte_malloc("rte_security_instances_ops",
+ security_instance = rte_zmalloc("rte_security_instances_ops",
sizeof(struct rte_security_ctx), 0);
if (security_instance == NULL)
return -ENOMEM;
diff --git a/drivers/crypto/dpaa2_sec/meson.build b/drivers/crypto/dpaa2_sec/meson.build
index acca4176b0..31a441824d 100644
--- a/drivers/crypto/dpaa2_sec/meson.build
+++ b/drivers/crypto/dpaa2_sec/meson.build
@@ -1,5 +1,5 @@
# SPDX-License-Identifier: BSD-3-Clause
-# Copyright 2018,2021 NXP
+# Copyright 2018,2021-2024 NXP
if not is_linux
build = false
@@ -14,3 +14,4 @@ sources = files(
)
includes += include_directories('mc', '../../common/dpaax', '../../common/dpaax/caamflib')
+includes += include_directories('../../net/dpaa2/base')
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: [EXTERNAL] [PATCH v2 0/9] DPAA2 crypto driver changes
2025-05-21 6:56 ` [PATCH v2 0/9] DPAA2 crypto driver changes Gagandeep Singh
` (8 preceding siblings ...)
2025-05-21 6:56 ` [PATCH v2 9/9] crypto/dpaa2_sec: add support for simple IPsec FD Gagandeep Singh
@ 2025-05-21 11:59 ` Akhil Goyal
9 siblings, 0 replies; 26+ messages in thread
From: Akhil Goyal @ 2025-05-21 11:59 UTC (permalink / raw)
To: Gagandeep Singh, dev; +Cc: hemant.agrawal
> V2 changes:
> - fix checkpatch warning
> - fix 32 bit compilation error
> - fix a commit message
> - update document
>
> Gagandeep Singh (5):
> common/dpaax: fix invalid key command error
> common/dpaax: fix for PDCP AES only 12bit SN case
> common/dpaax: support 12bit SN in pdcp uplane
> crypto/dpaa2_sec: change custom device API to standard
> crypto/dpaa2_sec: add null algo capability
>
> Jun Yang (3):
> net/dpaa2: configure buffer layout
> mempool/dpaa2: mempool operation index
> crypto/dpaa2_sec: add support for simple IPsec FD
>
> Vanshika Shukla (1):
> crypto/dpaa2_sec: fix coverity Issues
Split the patchset for appropriate trees. There are patches for net and mempool which will not go in crypto tree. And I don't see them as dependent patches for crypto.
>
> doc/guides/cryptodevs/dpaa2_sec.rst | 2 +
> doc/guides/cryptodevs/features/dpaa2_sec.ini | 2 +
> drivers/bus/fslmc/portal/dpaa2_hw_pvt.h | 10 +
> drivers/common/dpaax/caamflib/desc/pdcp.h | 31 +++-
> drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 182 ++++++++++++-------
> drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 45 ++++-
> drivers/crypto/dpaa2_sec/meson.build | 3 +-
> drivers/crypto/dpaa_sec/dpaa_sec.c | 42 ++---
> drivers/mempool/dpaa2/dpaa2_hw_mempool.c | 20 +-
> drivers/mempool/dpaa2/dpaa2_hw_mempool.h | 5 +-
> drivers/net/dpaa2/base/dpaa2_hw_dpni.c | 18 +-
> drivers/net/dpaa2/base/dpaa2_hw_dpni_annot.h | 6 +
> drivers/net/dpaa2/dpaa2_ethdev.h | 6 +-
> 13 files changed, 263 insertions(+), 109 deletions(-)
>
> --
> 2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
end of thread, other threads:[~2025-05-21 11:59 UTC | newest]
Thread overview: 26+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-05-20 5:51 [PATCH 1/9] common/dpaax: fix invalid key command error Gagandeep Singh
2025-05-20 5:51 ` [PATCH 2/9] common/dpaax: fix for PDCP AES only 12bit SN case Gagandeep Singh
2025-05-20 5:51 ` [PATCH 3/9] common/dpaax: support 12bit SN in pdcp uplane Gagandeep Singh
2025-05-20 6:18 ` Hemant Agrawal
2025-05-21 4:50 ` Gagandeep Singh
2025-05-20 5:51 ` [PATCH 4/9] crypto/dpaa2_sec: change custom device API to standard Gagandeep Singh
2025-05-20 5:51 ` [PATCH 5/9] crypto/dpaa2_sec: fix coverity Issues Gagandeep Singh
2025-05-20 5:51 ` [PATCH 6/9] crypto/dpaa2_sec: add null algo capability Gagandeep Singh
2025-05-20 6:20 ` Hemant Agrawal
2025-05-21 4:51 ` Gagandeep Singh
2025-05-20 5:51 ` [PATCH 7/9] net/dpaa2: configure buffer layout Gagandeep Singh
2025-05-20 5:51 ` [PATCH 8/9] mempool/dpaa2: mempool operation index Gagandeep Singh
2025-05-20 5:51 ` [PATCH 9/9] crypto/dpaa2_sec: add support for simple IPsec FD Gagandeep Singh
2025-05-20 6:16 ` [PATCH 1/9] common/dpaax: fix invalid key command error Hemant Agrawal
2025-05-21 4:43 ` Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 0/9] DPAA2 crypto driver changes Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 1/9] common/dpaax: fix invalid key command error Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 2/9] common/dpaax: fix for PDCP AES only 12bit SN case Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 3/9] common/dpaax: support 12bit SN in pdcp uplane Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 4/9] crypto/dpaa2_sec: change custom device API to standard Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 5/9] crypto/dpaa2_sec: fix coverity Issues Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 6/9] crypto/dpaa2_sec: add null algo capability Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 7/9] net/dpaa2: configure buffer layout Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 8/9] mempool/dpaa2: mempool operation index Gagandeep Singh
2025-05-21 6:56 ` [PATCH v2 9/9] crypto/dpaa2_sec: add support for simple IPsec FD Gagandeep Singh
2025-05-21 11:59 ` [EXTERNAL] [PATCH v2 0/9] DPAA2 crypto driver changes Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).