DPDK patches and discussions
 help / color / mirror / Atom feed
* [PATCH v1] crypto/ipsec_mb: bump minimum IPsec MB version
@ 2024-10-04 14:58 Brian Dooley
  2024-10-07 10:09 ` Ji, Kai
                   ` (3 more replies)
  0 siblings, 4 replies; 9+ messages in thread
From: Brian Dooley @ 2024-10-04 14:58 UTC (permalink / raw)
  To: Kai Ji, Pablo de Lara; +Cc: dev, gakhil, wathsala.vithanage, Brian Dooley

AESNI_MB SW PMDs increment Intel IPsec MB version to 1.4.
A minimum IPsec Multi-buffer version of 1.4 or greater is now required
for the 24.11 LTS release.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
This patch relates to a deprecation notice sent in the 24.03 release.
Intel IPsec MB minimum version being bumped to 1.4 for the 24.11 release.
https://patches.dpdk.org/project/dpdk/patch/20240314103731.3242086-2-brian.dooley@intel.com/
---
 doc/guides/cryptodevs/aesni_gcm.rst         |   3 +-
 doc/guides/cryptodevs/aesni_mb.rst          |   3 +-
 doc/guides/cryptodevs/chacha20_poly1305.rst |   3 +-
 doc/guides/cryptodevs/kasumi.rst            |   3 +-
 doc/guides/cryptodevs/snow3g.rst            |   3 +-
 doc/guides/cryptodevs/zuc.rst               |   3 +-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c      |  24 ---
 drivers/crypto/ipsec_mb/meson.build         |   2 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 164 --------------------
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h |   9 --
 10 files changed, 13 insertions(+), 204 deletions(-)

diff --git a/doc/guides/cryptodevs/aesni_gcm.rst b/doc/guides/cryptodevs/aesni_gcm.rst
index 3af1486553..7592d33da2 100644
--- a/doc/guides/cryptodevs/aesni_gcm.rst
+++ b/doc/guides/cryptodevs/aesni_gcm.rst
@@ -74,7 +74,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.11 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================
 
 Initialization
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 3c77d0f463..c2f6633ee6 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -132,7 +132,8 @@ and the Multi-Buffer library version supported by them:
    DPDK version    Multi-buffer library version
    ==============  ============================
    20.11 - 21.08   0.53 - 1.3
-   21.11+          1.0  - 1.5
+   21.11 - 24.07   1.0  - 1.5
+   24.11+          1.4  - 1.5
    ==============  ============================
 
 Initialization
diff --git a/doc/guides/cryptodevs/chacha20_poly1305.rst b/doc/guides/cryptodevs/chacha20_poly1305.rst
index 44cff85918..b5a980b247 100644
--- a/doc/guides/cryptodevs/chacha20_poly1305.rst
+++ b/doc/guides/cryptodevs/chacha20_poly1305.rst
@@ -66,7 +66,8 @@ and the external crypto libraries supported by them:
    =============  ================================
    DPDK version   Crypto library version
    =============  ================================
-   21.11+         Multi-buffer library 1.0-1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================
 
 Initialization
diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst
index 4070f025e1..b57f18b56f 100644
--- a/doc/guides/cryptodevs/kasumi.rst
+++ b/doc/guides/cryptodevs/kasumi.rst
@@ -80,7 +80,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================
 
 Initialization
diff --git a/doc/guides/cryptodevs/snow3g.rst b/doc/guides/cryptodevs/snow3g.rst
index 6eb8229fb5..fb4e0448ac 100644
--- a/doc/guides/cryptodevs/snow3g.rst
+++ b/doc/guides/cryptodevs/snow3g.rst
@@ -89,7 +89,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================
 
 Initialization
diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index 29fe6279aa..4615562246 100644
--- a/doc/guides/cryptodevs/zuc.rst
+++ b/doc/guides/cryptodevs/zuc.rst
@@ -88,7 +88,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================
 
 Initialization
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
index ba899604d2..910efb1a97 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
@@ -11,8 +11,6 @@
 
 #include "ipsec_mb_private.h"
 
-#define IMB_MP_REQ_VER_STR "1.1.0"
-
 /** Configure device */
 int
 ipsec_mb_config(__rte_unused struct rte_cryptodev *dev,
@@ -147,15 +145,10 @@ ipsec_mb_qp_release(struct rte_cryptodev *dev, uint16_t qp_id)
 	if (rte_eal_process_type() == RTE_PROC_PRIMARY) {
 		rte_ring_free(rte_ring_lookup(qp->name));
 
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-		if (qp->mb_mgr)
-			free_mb_mgr(qp->mb_mgr);
-#else
 		if (qp->mb_mgr_mz) {
 			rte_memzone_free(qp->mb_mgr_mz);
 			qp->mb_mgr = NULL;
 		}
-#endif
 		rte_free(qp);
 		dev->data->queue_pairs[qp_id] = NULL;
 	} else { /* secondary process */
@@ -211,7 +204,6 @@ static struct rte_ring
 			       RING_F_SP_ENQ | RING_F_SC_DEQ);
 }
 
-#if IMB_VERSION(1, 1, 0) <= IMB_VERSION_NUM
 static IMB_MGR *
 ipsec_mb_alloc_mgr_from_memzone(const struct rte_memzone **mb_mgr_mz,
 		const char *mb_mgr_mz_name)
@@ -244,7 +236,6 @@ ipsec_mb_alloc_mgr_from_memzone(const struct rte_memzone **mb_mgr_mz,
 	}
 	return mb_mgr;
 }
-#endif
 
 /** Setup a queue pair */
 int
@@ -260,12 +251,6 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	int ret;
 
 	if (rte_eal_process_type() == RTE_PROC_SECONDARY) {
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-		IPSEC_MB_LOG(ERR, "The intel-ipsec-mb version (%s) does not support multiprocess,"
-				"the minimum version required for this feature is %s.",
-				IMB_VERSION_STR, IMB_MP_REQ_VER_STR);
-		return -EINVAL;
-#endif
 		qp = dev->data->queue_pairs[qp_id];
 		if (qp == NULL) {
 			IPSEC_MB_LOG(DEBUG, "Secondary process setting up device qp.");
@@ -285,15 +270,11 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 			return -ENOMEM;
 	}
 
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-	qp->mb_mgr = alloc_init_mb_mgr();
-#else
 	char mz_name[IPSEC_MB_MAX_MZ_NAME];
 	snprintf(mz_name, sizeof(mz_name), "IMB_MGR_DEV_%d_QP_%d",
 			dev->data->dev_id, qp_id);
 	qp->mb_mgr = ipsec_mb_alloc_mgr_from_memzone(&(qp->mb_mgr_mz),
 			mz_name);
-#endif
 	if (qp->mb_mgr == NULL) {
 		ret = -ENOMEM;
 		goto qp_setup_cleanup;
@@ -330,14 +311,9 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	return 0;
 
 qp_setup_cleanup:
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-	if (qp->mb_mgr)
-		free_mb_mgr(qp->mb_mgr);
-#else
 	if (rte_eal_process_type() == RTE_PROC_SECONDARY)
 		return ret;
 	rte_memzone_free(qp->mb_mgr_mz);
-#endif
 	rte_free(qp);
 	return ret;
 }
diff --git a/drivers/crypto/ipsec_mb/meson.build b/drivers/crypto/ipsec_mb/meson.build
index 87bf965554..0c988d7411 100644
--- a/drivers/crypto/ipsec_mb/meson.build
+++ b/drivers/crypto/ipsec_mb/meson.build
@@ -7,7 +7,7 @@ if is_windows
     subdir_done()
 endif
 
-IMB_required_ver = '1.0.0'
+IMB_required_ver = '1.4.0'
 IMB_header = '#include<intel-ipsec-mb.h>'
 if arch_subdir == 'arm'
     IMB_header = '#include<ipsec-mb.h>'
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index ef4228bd38..0f11b36d35 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -216,13 +216,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 			}
 		} else if (xform->auth.key.length == 32) {
 			sess->template_job.hash_alg = IMB_AUTH_ZUC256_EIA3_BITLEN;
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 			if (sess->auth.req_digest_len != 4 &&
 					sess->auth.req_digest_len != 8 &&
 					sess->auth.req_digest_len != 16) {
-#else
-			if (sess->auth.req_digest_len != 4) {
-#endif
 				IPSEC_MB_LOG(ERR, "Invalid digest size\n");
 				return -EINVAL;
 			}
@@ -879,11 +875,9 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
 		}
 	}
 
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 	sess->session_id = imb_set_session(mb_mgr, &sess->template_job);
 	sess->pid = getpid();
 	RTE_PER_LCORE(pid) = sess->pid;
-#endif
 
 	return 0;
 }
@@ -1016,9 +1010,7 @@ aesni_mb_set_docsis_sec_session_parameters(
 		goto error_exit;
 	}
 
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 	ipsec_sess->session_id = imb_set_session(mb_mgr, &ipsec_sess->template_job);
-#endif
 
 error_exit:
 	free_mb_mgr(mb_mgr);
@@ -1273,7 +1265,6 @@ imb_lib_support_sgl_algo(IMB_CIPHER_MODE alg)
 	return 0;
 }
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 static inline int
 single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
 		int oop, uint32_t offset, struct rte_mbuf *m_src,
@@ -1358,7 +1349,6 @@ single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
 	job->sgl_io_segs = sgl_segs;
 	return 0;
 }
-#endif
 
 static inline int
 multi_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
@@ -1428,9 +1418,7 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,
 		job->msg_len_to_hash_in_bytes = 0;
 		job->msg_len_to_cipher_in_bytes = 0;
 		job->cipher_start_src_offset_in_bytes = 0;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 		imb_set_session(mb_mgr, job);
-#endif
 	} else {
 		job->hash_start_src_offset_in_bytes =
 				op->sym->aead.data.offset;
@@ -1458,13 +1446,11 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,
 		job->src = NULL;
 		job->dst = NULL;
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 		if (m_src->nb_segs <= MAX_NUM_SEGS)
 			return single_sgl_job(job, op, oop,
 					m_offset, m_src, m_dst,
 					qp_data->sgl_segs);
 		else
-#endif
 			return multi_sgl_job(job, op, oop,
 					m_offset, m_src, m_dst, mb_mgr);
 	} else {
@@ -1554,10 +1540,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 	uint8_t sgl = 0;
 	uint8_t lb_sgl = 0;
 
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-	(void) pid;
-#endif
-
 	session = ipsec_mb_get_session_private(qp, op);
 	if (session == NULL) {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1567,12 +1549,10 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 	const IMB_CIPHER_MODE cipher_mode =
 			session->template_job.cipher_mode;
 
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 	if (session->pid != pid) {
 		memcpy(job, &session->template_job, sizeof(IMB_JOB));
 		imb_set_session(mb_mgr, job);
 	} else if (job->session_id != session->session_id)
-#endif
 		memcpy(job, &session->template_job, sizeof(IMB_JOB));
 
 	if (!op->sym->m_dst) {
@@ -1613,9 +1593,7 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 			job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
 			job->cipher_mode = IMB_CIPHER_GCM_SGL;
 			job->hash_alg = IMB_AUTH_GCM_SGL;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 			imb_set_session(mb_mgr, job);
-#endif
 		}
 		break;
 	case IMB_AUTH_AES_GMAC_128:
@@ -1640,9 +1618,7 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 			job->u.CHACHA20_POLY1305.ctx = &qp_data->chacha_sgl_ctx;
 			job->cipher_mode = IMB_CIPHER_CHACHA20_POLY1305_SGL;
 			job->hash_alg = IMB_AUTH_CHACHA20_POLY1305_SGL;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 			imb_set_session(mb_mgr, job);
-#endif
 		}
 		break;
 	default:
@@ -1838,13 +1814,11 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		if (lb_sgl)
 			return handle_sgl_linear(job, op, m_offset, session);
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 		if (m_src->nb_segs <= MAX_NUM_SEGS)
 			return single_sgl_job(job, op, oop,
 					m_offset, m_src, m_dst,
 					qp_data->sgl_segs);
 		else
-#endif
 			return multi_sgl_job(job, op, oop,
 					m_offset, m_src, m_dst, mb_mgr);
 	}
@@ -2164,7 +2138,6 @@ set_job_null_op(IMB_JOB *job, struct rte_crypto_op *op)
 	return job;
 }
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 uint16_t
 aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 		uint16_t nb_ops)
@@ -2297,144 +2270,7 @@ aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 
 	return processed_jobs;
 }
-#else
-
-/**
- * Process a completed IMB_JOB job and keep processing jobs until
- * get_completed_job return NULL
- *
- * @param qp		Queue Pair to process
- * @param mb_mgr	IMB_MGR to use
- * @param job		IMB_JOB job
- * @param ops		crypto ops to fill
- * @param nb_ops	number of crypto ops
- *
- * @return
- * - Number of processed jobs
- */
-static unsigned
-handle_completed_jobs(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
-		IMB_JOB *job, struct rte_crypto_op **ops,
-		uint16_t nb_ops)
-{
-	struct rte_crypto_op *op = NULL;
-	uint16_t processed_jobs = 0;
-
-	while (job != NULL) {
-		op = post_process_mb_job(qp, job);
-
-		if (op) {
-			ops[processed_jobs++] = op;
-			qp->stats.dequeued_count++;
-		} else {
-			qp->stats.dequeue_err_count++;
-			break;
-		}
-		if (processed_jobs == nb_ops)
-			break;
-
-		job = IMB_GET_COMPLETED_JOB(mb_mgr);
-	}
-
-	return processed_jobs;
-}
-
-static inline uint16_t
-flush_mb_mgr(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
-		struct rte_crypto_op **ops, uint16_t nb_ops)
-{
-	int processed_ops = 0;
-
-	/* Flush the remaining jobs */
-	IMB_JOB *job = IMB_FLUSH_JOB(mb_mgr);
-
-	if (job)
-		processed_ops += handle_completed_jobs(qp, mb_mgr, job,
-				&ops[processed_ops], nb_ops - processed_ops);
-
-	return processed_ops;
-}
-
-uint16_t
-aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
-		uint16_t nb_ops)
-{
-	struct ipsec_mb_qp *qp = queue_pair;
-	IMB_MGR *mb_mgr = qp->mb_mgr;
-	struct rte_crypto_op *op;
-	IMB_JOB *job;
-	int retval, processed_jobs = 0;
-	pid_t pid = 0;
 
-	if (unlikely(nb_ops == 0 || mb_mgr == NULL))
-		return 0;
-
-	uint8_t digest_idx = qp->digest_idx;
-
-	do {
-		/* Get next free mb job struct from mb manager */
-		job = IMB_GET_NEXT_JOB(mb_mgr);
-		if (unlikely(job == NULL)) {
-			/* if no free mb job structs we need to flush mb_mgr */
-			processed_jobs += flush_mb_mgr(qp, mb_mgr,
-					&ops[processed_jobs],
-					nb_ops - processed_jobs);
-
-			if (nb_ops == processed_jobs)
-				break;
-
-			job = IMB_GET_NEXT_JOB(mb_mgr);
-		}
-
-		/*
-		 * Get next operation to process from ingress queue.
-		 * There is no need to return the job to the IMB_MGR
-		 * if there are no more operations to process, since the IMB_MGR
-		 * can use that pointer again in next get_next calls.
-		 */
-		retval = rte_ring_dequeue(qp->ingress_queue, (void **)&op);
-		if (retval < 0)
-			break;
-
-		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-			retval = set_sec_mb_job_params(job, qp, op,
-						&digest_idx);
-		else
-			retval = set_mb_job_params(job, qp, op,
-				&digest_idx, mb_mgr, pid);
-
-		if (unlikely(retval != 0)) {
-			qp->stats.dequeue_err_count++;
-			set_job_null_op(job, op);
-		}
-
-		/* Submit job to multi-buffer for processing */
-#ifdef RTE_LIBRTE_PMD_AESNI_MB_DEBUG
-		job = IMB_SUBMIT_JOB(mb_mgr);
-#else
-		job = IMB_SUBMIT_JOB_NOCHECK(mb_mgr);
-#endif
-		/*
-		 * If submit returns a processed job then handle it,
-		 * before submitting subsequent jobs
-		 */
-		if (job)
-			processed_jobs += handle_completed_jobs(qp, mb_mgr,
-					job, &ops[processed_jobs],
-					nb_ops - processed_jobs);
-
-	} while (processed_jobs < nb_ops);
-
-	qp->digest_idx = digest_idx;
-
-	if (processed_jobs < 1)
-		processed_jobs += flush_mb_mgr(qp, mb_mgr,
-				&ops[processed_jobs],
-				nb_ops - processed_jobs);
-
-	return processed_jobs;
-}
-#endif
 static inline int
 check_crypto_sgl(union rte_crypto_sym_ofs so, const struct rte_crypto_sgl *sgl)
 {
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index d6af2d4ded..6af699bfdd 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -17,9 +17,7 @@
 #define HMAC_IPAD_VALUE			(0x36)
 #define HMAC_OPAD_VALUE			(0x5C)
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 #define MAX_NUM_SEGS 16
-#endif
 
 int
 aesni_mb_session_configure(IMB_MGR * m __rte_unused, void *priv_sess,
@@ -580,13 +578,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 				},
 				.digest_size = {
 					.min = 4,
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 					.max = 16,
 					.increment = 4
-#else
-					.max = 4,
-					.increment = 0
-#endif
 				},
 				.iv_size = {
 					.min = 16,
@@ -741,9 +734,7 @@ struct aesni_mb_qp_data {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 	struct IMB_SGL_IOV sgl_segs[MAX_NUM_SEGS];
-#endif
 	union {
 		struct gcm_context_data gcm_sgl_ctx;
 		struct chacha20_poly1305_context_data chacha_sgl_ctx;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH v1] crypto/ipsec_mb: bump minimum IPsec MB version
  2024-10-04 14:58 [PATCH v1] crypto/ipsec_mb: bump minimum IPsec MB version Brian Dooley
@ 2024-10-07 10:09 ` Ji, Kai
  2024-10-07 12:49   ` Dooley, Brian
  2024-10-07 10:20 ` De Lara Guarch, Pablo
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 9+ messages in thread
From: Ji, Kai @ 2024-10-07 10:09 UTC (permalink / raw)
  To: Dooley, Brian, De Lara Guarch, Pablo; +Cc: dev, gakhil, wathsala.vithanage

[-- Attachment #1: Type: text/plain, Size: 21897 bytes --]

Acked-by: Kai Ji <kai.ji@intel.com>

Any release doc needs to be updated ?
________________________________
From: Dooley, Brian <brian.dooley@intel.com>
Sent: 04 October 2024 15:58
To: Ji, Kai <kai.ji@intel.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
Cc: dev@dpdk.org <dev@dpdk.org>; gakhil@marvell.com <gakhil@marvell.com>; wathsala.vithanage@arm.com <wathsala.vithanage@arm.com>; Dooley, Brian <brian.dooley@intel.com>
Subject: [PATCH v1] crypto/ipsec_mb: bump minimum IPsec MB version

AESNI_MB SW PMDs increment Intel IPsec MB version to 1.4.
A minimum IPsec Multi-buffer version of 1.4 or greater is now required
for the 24.11 LTS release.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
This patch relates to a deprecation notice sent in the 24.03 release.
Intel IPsec MB minimum version being bumped to 1.4 for the 24.11 release.
https://patches.dpdk.org/project/dpdk/patch/20240314103731.3242086-2-brian.dooley@intel.com/
---
 doc/guides/cryptodevs/aesni_gcm.rst         |   3 +-
 doc/guides/cryptodevs/aesni_mb.rst          |   3 +-
 doc/guides/cryptodevs/chacha20_poly1305.rst |   3 +-
 doc/guides/cryptodevs/kasumi.rst            |   3 +-
 doc/guides/cryptodevs/snow3g.rst            |   3 +-
 doc/guides/cryptodevs/zuc.rst               |   3 +-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c      |  24 ---
 drivers/crypto/ipsec_mb/meson.build         |   2 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 164 --------------------
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h |   9 --
 10 files changed, 13 insertions(+), 204 deletions(-)

diff --git a/doc/guides/cryptodevs/aesni_gcm.rst b/doc/guides/cryptodevs/aesni_gcm.rst
index 3af1486553..7592d33da2 100644
--- a/doc/guides/cryptodevs/aesni_gcm.rst
+++ b/doc/guides/cryptodevs/aesni_gcm.rst
@@ -74,7 +74,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.11 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================

 Initialization
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 3c77d0f463..c2f6633ee6 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -132,7 +132,8 @@ and the Multi-Buffer library version supported by them:
    DPDK version    Multi-buffer library version
    ==============  ============================
    20.11 - 21.08   0.53 - 1.3
-   21.11+          1.0  - 1.5
+   21.11 - 24.07   1.0  - 1.5
+   24.11+          1.4  - 1.5
    ==============  ============================

 Initialization
diff --git a/doc/guides/cryptodevs/chacha20_poly1305.rst b/doc/guides/cryptodevs/chacha20_poly1305.rst
index 44cff85918..b5a980b247 100644
--- a/doc/guides/cryptodevs/chacha20_poly1305.rst
+++ b/doc/guides/cryptodevs/chacha20_poly1305.rst
@@ -66,7 +66,8 @@ and the external crypto libraries supported by them:
    =============  ================================
    DPDK version   Crypto library version
    =============  ================================
-   21.11+         Multi-buffer library 1.0-1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================

 Initialization
diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst
index 4070f025e1..b57f18b56f 100644
--- a/doc/guides/cryptodevs/kasumi.rst
+++ b/doc/guides/cryptodevs/kasumi.rst
@@ -80,7 +80,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================

 Initialization
diff --git a/doc/guides/cryptodevs/snow3g.rst b/doc/guides/cryptodevs/snow3g.rst
index 6eb8229fb5..fb4e0448ac 100644
--- a/doc/guides/cryptodevs/snow3g.rst
+++ b/doc/guides/cryptodevs/snow3g.rst
@@ -89,7 +89,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================

 Initialization
diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index 29fe6279aa..4615562246 100644
--- a/doc/guides/cryptodevs/zuc.rst
+++ b/doc/guides/cryptodevs/zuc.rst
@@ -88,7 +88,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================

 Initialization
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
index ba899604d2..910efb1a97 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
@@ -11,8 +11,6 @@

 #include "ipsec_mb_private.h"

-#define IMB_MP_REQ_VER_STR "1.1.0"
-
 /** Configure device */
 int
 ipsec_mb_config(__rte_unused struct rte_cryptodev *dev,
@@ -147,15 +145,10 @@ ipsec_mb_qp_release(struct rte_cryptodev *dev, uint16_t qp_id)
         if (rte_eal_process_type() == RTE_PROC_PRIMARY) {
                 rte_ring_free(rte_ring_lookup(qp->name));

-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-               if (qp->mb_mgr)
-                       free_mb_mgr(qp->mb_mgr);
-#else
                 if (qp->mb_mgr_mz) {
                         rte_memzone_free(qp->mb_mgr_mz);
                         qp->mb_mgr = NULL;
                 }
-#endif
                 rte_free(qp);
                 dev->data->queue_pairs[qp_id] = NULL;
         } else { /* secondary process */
@@ -211,7 +204,6 @@ static struct rte_ring
                                RING_F_SP_ENQ | RING_F_SC_DEQ);
 }

-#if IMB_VERSION(1, 1, 0) <= IMB_VERSION_NUM
 static IMB_MGR *
 ipsec_mb_alloc_mgr_from_memzone(const struct rte_memzone **mb_mgr_mz,
                 const char *mb_mgr_mz_name)
@@ -244,7 +236,6 @@ ipsec_mb_alloc_mgr_from_memzone(const struct rte_memzone **mb_mgr_mz,
         }
         return mb_mgr;
 }
-#endif

 /** Setup a queue pair */
 int
@@ -260,12 +251,6 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
         int ret;

         if (rte_eal_process_type() == RTE_PROC_SECONDARY) {
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-               IPSEC_MB_LOG(ERR, "The intel-ipsec-mb version (%s) does not support multiprocess,"
-                               "the minimum version required for this feature is %s.",
-                               IMB_VERSION_STR, IMB_MP_REQ_VER_STR);
-               return -EINVAL;
-#endif
                 qp = dev->data->queue_pairs[qp_id];
                 if (qp == NULL) {
                         IPSEC_MB_LOG(DEBUG, "Secondary process setting up device qp.");
@@ -285,15 +270,11 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
                         return -ENOMEM;
         }

-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-       qp->mb_mgr = alloc_init_mb_mgr();
-#else
         char mz_name[IPSEC_MB_MAX_MZ_NAME];
         snprintf(mz_name, sizeof(mz_name), "IMB_MGR_DEV_%d_QP_%d",
                         dev->data->dev_id, qp_id);
         qp->mb_mgr = ipsec_mb_alloc_mgr_from_memzone(&(qp->mb_mgr_mz),
                         mz_name);
-#endif
         if (qp->mb_mgr == NULL) {
                 ret = -ENOMEM;
                 goto qp_setup_cleanup;
@@ -330,14 +311,9 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
         return 0;

 qp_setup_cleanup:
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-       if (qp->mb_mgr)
-               free_mb_mgr(qp->mb_mgr);
-#else
         if (rte_eal_process_type() == RTE_PROC_SECONDARY)
                 return ret;
         rte_memzone_free(qp->mb_mgr_mz);
-#endif
         rte_free(qp);
         return ret;
 }
diff --git a/drivers/crypto/ipsec_mb/meson.build b/drivers/crypto/ipsec_mb/meson.build
index 87bf965554..0c988d7411 100644
--- a/drivers/crypto/ipsec_mb/meson.build
+++ b/drivers/crypto/ipsec_mb/meson.build
@@ -7,7 +7,7 @@ if is_windows
     subdir_done()
 endif

-IMB_required_ver = '1.0.0'
+IMB_required_ver = '1.4.0'
 IMB_header = '#include<intel-ipsec-mb.h>'
 if arch_subdir == 'arm'
     IMB_header = '#include<ipsec-mb.h>'
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index ef4228bd38..0f11b36d35 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -216,13 +216,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
                         }
                 } else if (xform->auth.key.length == 32) {
                         sess->template_job.hash_alg = IMB_AUTH_ZUC256_EIA3_BITLEN;
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
                         if (sess->auth.req_digest_len != 4 &&
                                         sess->auth.req_digest_len != 8 &&
                                         sess->auth.req_digest_len != 16) {
-#else
-                       if (sess->auth.req_digest_len != 4) {
-#endif
                                 IPSEC_MB_LOG(ERR, "Invalid digest size\n");
                                 return -EINVAL;
                         }
@@ -879,11 +875,9 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
                 }
         }

-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
         sess->session_id = imb_set_session(mb_mgr, &sess->template_job);
         sess->pid = getpid();
         RTE_PER_LCORE(pid) = sess->pid;
-#endif

         return 0;
 }
@@ -1016,9 +1010,7 @@ aesni_mb_set_docsis_sec_session_parameters(
                 goto error_exit;
         }

-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
         ipsec_sess->session_id = imb_set_session(mb_mgr, &ipsec_sess->template_job);
-#endif

 error_exit:
         free_mb_mgr(mb_mgr);
@@ -1273,7 +1265,6 @@ imb_lib_support_sgl_algo(IMB_CIPHER_MODE alg)
         return 0;
 }

-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 static inline int
 single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
                 int oop, uint32_t offset, struct rte_mbuf *m_src,
@@ -1358,7 +1349,6 @@ single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
         job->sgl_io_segs = sgl_segs;
         return 0;
 }
-#endif

 static inline int
 multi_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
@@ -1428,9 +1418,7 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,
                 job->msg_len_to_hash_in_bytes = 0;
                 job->msg_len_to_cipher_in_bytes = 0;
                 job->cipher_start_src_offset_in_bytes = 0;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
                 imb_set_session(mb_mgr, job);
-#endif
         } else {
                 job->hash_start_src_offset_in_bytes =
                                 op->sym->aead.data.offset;
@@ -1458,13 +1446,11 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,
                 job->src = NULL;
                 job->dst = NULL;

-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
                 if (m_src->nb_segs <= MAX_NUM_SEGS)
                         return single_sgl_job(job, op, oop,
                                         m_offset, m_src, m_dst,
                                         qp_data->sgl_segs);
                 else
-#endif
                         return multi_sgl_job(job, op, oop,
                                         m_offset, m_src, m_dst, mb_mgr);
         } else {
@@ -1554,10 +1540,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
         uint8_t sgl = 0;
         uint8_t lb_sgl = 0;

-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-       (void) pid;
-#endif
-
         session = ipsec_mb_get_session_private(qp, op);
         if (session == NULL) {
                 op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1567,12 +1549,10 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
         const IMB_CIPHER_MODE cipher_mode =
                         session->template_job.cipher_mode;

-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
         if (session->pid != pid) {
                 memcpy(job, &session->template_job, sizeof(IMB_JOB));
                 imb_set_session(mb_mgr, job);
         } else if (job->session_id != session->session_id)
-#endif
                 memcpy(job, &session->template_job, sizeof(IMB_JOB));

         if (!op->sym->m_dst) {
@@ -1613,9 +1593,7 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
                         job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
                         job->cipher_mode = IMB_CIPHER_GCM_SGL;
                         job->hash_alg = IMB_AUTH_GCM_SGL;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
                         imb_set_session(mb_mgr, job);
-#endif
                 }
                 break;
         case IMB_AUTH_AES_GMAC_128:
@@ -1640,9 +1618,7 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
                         job->u.CHACHA20_POLY1305.ctx = &qp_data->chacha_sgl_ctx;
                         job->cipher_mode = IMB_CIPHER_CHACHA20_POLY1305_SGL;
                         job->hash_alg = IMB_AUTH_CHACHA20_POLY1305_SGL;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
                         imb_set_session(mb_mgr, job);
-#endif
                 }
                 break;
         default:
@@ -1838,13 +1814,11 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
                 if (lb_sgl)
                         return handle_sgl_linear(job, op, m_offset, session);

-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
                 if (m_src->nb_segs <= MAX_NUM_SEGS)
                         return single_sgl_job(job, op, oop,
                                         m_offset, m_src, m_dst,
                                         qp_data->sgl_segs);
                 else
-#endif
                         return multi_sgl_job(job, op, oop,
                                         m_offset, m_src, m_dst, mb_mgr);
         }
@@ -2164,7 +2138,6 @@ set_job_null_op(IMB_JOB *job, struct rte_crypto_op *op)
         return job;
 }

-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 uint16_t
 aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
                 uint16_t nb_ops)
@@ -2297,144 +2270,7 @@ aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,

         return processed_jobs;
 }
-#else
-
-/**
- * Process a completed IMB_JOB job and keep processing jobs until
- * get_completed_job return NULL
- *
- * @param qp           Queue Pair to process
- * @param mb_mgr       IMB_MGR to use
- * @param job          IMB_JOB job
- * @param ops          crypto ops to fill
- * @param nb_ops       number of crypto ops
- *
- * @return
- * - Number of processed jobs
- */
-static unsigned
-handle_completed_jobs(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
-               IMB_JOB *job, struct rte_crypto_op **ops,
-               uint16_t nb_ops)
-{
-       struct rte_crypto_op *op = NULL;
-       uint16_t processed_jobs = 0;
-
-       while (job != NULL) {
-               op = post_process_mb_job(qp, job);
-
-               if (op) {
-                       ops[processed_jobs++] = op;
-                       qp->stats.dequeued_count++;
-               } else {
-                       qp->stats.dequeue_err_count++;
-                       break;
-               }
-               if (processed_jobs == nb_ops)
-                       break;
-
-               job = IMB_GET_COMPLETED_JOB(mb_mgr);
-       }
-
-       return processed_jobs;
-}
-
-static inline uint16_t
-flush_mb_mgr(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
-               struct rte_crypto_op **ops, uint16_t nb_ops)
-{
-       int processed_ops = 0;
-
-       /* Flush the remaining jobs */
-       IMB_JOB *job = IMB_FLUSH_JOB(mb_mgr);
-
-       if (job)
-               processed_ops += handle_completed_jobs(qp, mb_mgr, job,
-                               &ops[processed_ops], nb_ops - processed_ops);
-
-       return processed_ops;
-}
-
-uint16_t
-aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
-               uint16_t nb_ops)
-{
-       struct ipsec_mb_qp *qp = queue_pair;
-       IMB_MGR *mb_mgr = qp->mb_mgr;
-       struct rte_crypto_op *op;
-       IMB_JOB *job;
-       int retval, processed_jobs = 0;
-       pid_t pid = 0;

-       if (unlikely(nb_ops == 0 || mb_mgr == NULL))
-               return 0;
-
-       uint8_t digest_idx = qp->digest_idx;
-
-       do {
-               /* Get next free mb job struct from mb manager */
-               job = IMB_GET_NEXT_JOB(mb_mgr);
-               if (unlikely(job == NULL)) {
-                       /* if no free mb job structs we need to flush mb_mgr */
-                       processed_jobs += flush_mb_mgr(qp, mb_mgr,
-                                       &ops[processed_jobs],
-                                       nb_ops - processed_jobs);
-
-                       if (nb_ops == processed_jobs)
-                               break;
-
-                       job = IMB_GET_NEXT_JOB(mb_mgr);
-               }
-
-               /*
-                * Get next operation to process from ingress queue.
-                * There is no need to return the job to the IMB_MGR
-                * if there are no more operations to process, since the IMB_MGR
-                * can use that pointer again in next get_next calls.
-                */
-               retval = rte_ring_dequeue(qp->ingress_queue, (void **)&op);
-               if (retval < 0)
-                       break;
-
-               if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-                       retval = set_sec_mb_job_params(job, qp, op,
-                                               &digest_idx);
-               else
-                       retval = set_mb_job_params(job, qp, op,
-                               &digest_idx, mb_mgr, pid);
-
-               if (unlikely(retval != 0)) {
-                       qp->stats.dequeue_err_count++;
-                       set_job_null_op(job, op);
-               }
-
-               /* Submit job to multi-buffer for processing */
-#ifdef RTE_LIBRTE_PMD_AESNI_MB_DEBUG
-               job = IMB_SUBMIT_JOB(mb_mgr);
-#else
-               job = IMB_SUBMIT_JOB_NOCHECK(mb_mgr);
-#endif
-               /*
-                * If submit returns a processed job then handle it,
-                * before submitting subsequent jobs
-                */
-               if (job)
-                       processed_jobs += handle_completed_jobs(qp, mb_mgr,
-                                       job, &ops[processed_jobs],
-                                       nb_ops - processed_jobs);
-
-       } while (processed_jobs < nb_ops);
-
-       qp->digest_idx = digest_idx;
-
-       if (processed_jobs < 1)
-               processed_jobs += flush_mb_mgr(qp, mb_mgr,
-                               &ops[processed_jobs],
-                               nb_ops - processed_jobs);
-
-       return processed_jobs;
-}
-#endif
 static inline int
 check_crypto_sgl(union rte_crypto_sym_ofs so, const struct rte_crypto_sgl *sgl)
 {
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index d6af2d4ded..6af699bfdd 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -17,9 +17,7 @@
 #define HMAC_IPAD_VALUE                 (0x36)
 #define HMAC_OPAD_VALUE                 (0x5C)

-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 #define MAX_NUM_SEGS 16
-#endif

 int
 aesni_mb_session_configure(IMB_MGR * m __rte_unused, void *priv_sess,
@@ -580,13 +578,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
                                 },
                                 .digest_size = {
                                         .min = 4,
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
                                         .max = 16,
                                         .increment = 4
-#else
-                                       .max = 4,
-                                       .increment = 0
-#endif
                                 },
                                 .iv_size = {
                                         .min = 16,
@@ -741,9 +734,7 @@ struct aesni_mb_qp_data {
          * by the driver when verifying a digest provided
          * by the user (using authentication verify operation)
          */
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
         struct IMB_SGL_IOV sgl_segs[MAX_NUM_SEGS];
-#endif
         union {
                 struct gcm_context_data gcm_sgl_ctx;
                 struct chacha20_poly1305_context_data chacha_sgl_ctx;
--
2.25.1


[-- Attachment #2: Type: text/html, Size: 47693 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* RE: [PATCH v1] crypto/ipsec_mb: bump minimum IPsec MB version
  2024-10-04 14:58 [PATCH v1] crypto/ipsec_mb: bump minimum IPsec MB version Brian Dooley
  2024-10-07 10:09 ` Ji, Kai
@ 2024-10-07 10:20 ` De Lara Guarch, Pablo
  2024-10-07 16:49 ` [PATCH v2] " Brian Dooley
  2024-10-10 10:13 ` [PATCH v3] " Brian Dooley
  3 siblings, 0 replies; 9+ messages in thread
From: De Lara Guarch, Pablo @ 2024-10-07 10:20 UTC (permalink / raw)
  To: Dooley, Brian, Ji, Kai; +Cc: dev, gakhil, wathsala.vithanage

> -----Original Message-----
> From: Dooley, Brian <brian.dooley@intel.com>
> Sent: Friday, October 4, 2024 3:58 PM
> To: Ji, Kai <kai.ji@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: dev@dpdk.org; gakhil@marvell.com; wathsala.vithanage@arm.com;
> Dooley, Brian <brian.dooley@intel.com>
> Subject: [PATCH v1] crypto/ipsec_mb: bump minimum IPsec MB version
> 
> AESNI_MB SW PMDs increment Intel IPsec MB version to 1.4.
> A minimum IPsec Multi-buffer version of 1.4 or greater is now required for the
> 24.11 LTS release.
> 
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>

Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH v1] crypto/ipsec_mb: bump minimum IPsec MB version
  2024-10-07 10:09 ` Ji, Kai
@ 2024-10-07 12:49   ` Dooley, Brian
  0 siblings, 0 replies; 9+ messages in thread
From: Dooley, Brian @ 2024-10-07 12:49 UTC (permalink / raw)
  To: Ji, Kai, De Lara Guarch, Pablo; +Cc: dev, gakhil, wathsala.vithanage

[-- Attachment #1: Type: text/plain, Size: 22368 bytes --]

Good point Kai, i'll update the patch.

Thanks,
Brian
________________________________
From: Ji, Kai <kai.ji@intel.com>
Sent: Monday, October 7, 2024 11:09 AM
To: Dooley, Brian <brian.dooley@intel.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
Cc: dev@dpdk.org <dev@dpdk.org>; gakhil@marvell.com <gakhil@marvell.com>; wathsala.vithanage@arm.com <wathsala.vithanage@arm.com>
Subject: Re: [PATCH v1] crypto/ipsec_mb: bump minimum IPsec MB version

Acked-by: Kai Ji <kai.ji@intel.com>

Any release doc needs to be updated ?
________________________________
From: Dooley, Brian <brian.dooley@intel.com>
Sent: 04 October 2024 15:58
To: Ji, Kai <kai.ji@intel.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
Cc: dev@dpdk.org <dev@dpdk.org>; gakhil@marvell.com <gakhil@marvell.com>; wathsala.vithanage@arm.com <wathsala.vithanage@arm.com>; Dooley, Brian <brian.dooley@intel.com>
Subject: [PATCH v1] crypto/ipsec_mb: bump minimum IPsec MB version

AESNI_MB SW PMDs increment Intel IPsec MB version to 1.4.
A minimum IPsec Multi-buffer version of 1.4 or greater is now required
for the 24.11 LTS release.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
This patch relates to a deprecation notice sent in the 24.03 release.
Intel IPsec MB minimum version being bumped to 1.4 for the 24.11 release.
https://patches.dpdk.org/project/dpdk/patch/20240314103731.3242086-2-brian.dooley@intel.com/
---
 doc/guides/cryptodevs/aesni_gcm.rst         |   3 +-
 doc/guides/cryptodevs/aesni_mb.rst          |   3 +-
 doc/guides/cryptodevs/chacha20_poly1305.rst |   3 +-
 doc/guides/cryptodevs/kasumi.rst            |   3 +-
 doc/guides/cryptodevs/snow3g.rst            |   3 +-
 doc/guides/cryptodevs/zuc.rst               |   3 +-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c      |  24 ---
 drivers/crypto/ipsec_mb/meson.build         |   2 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 164 --------------------
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h |   9 --
 10 files changed, 13 insertions(+), 204 deletions(-)

diff --git a/doc/guides/cryptodevs/aesni_gcm.rst b/doc/guides/cryptodevs/aesni_gcm.rst
index 3af1486553..7592d33da2 100644
--- a/doc/guides/cryptodevs/aesni_gcm.rst
+++ b/doc/guides/cryptodevs/aesni_gcm.rst
@@ -74,7 +74,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.11 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================

 Initialization
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 3c77d0f463..c2f6633ee6 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -132,7 +132,8 @@ and the Multi-Buffer library version supported by them:
    DPDK version    Multi-buffer library version
    ==============  ============================
    20.11 - 21.08   0.53 - 1.3
-   21.11+          1.0  - 1.5
+   21.11 - 24.07   1.0  - 1.5
+   24.11+          1.4  - 1.5
    ==============  ============================

 Initialization
diff --git a/doc/guides/cryptodevs/chacha20_poly1305.rst b/doc/guides/cryptodevs/chacha20_poly1305.rst
index 44cff85918..b5a980b247 100644
--- a/doc/guides/cryptodevs/chacha20_poly1305.rst
+++ b/doc/guides/cryptodevs/chacha20_poly1305.rst
@@ -66,7 +66,8 @@ and the external crypto libraries supported by them:
    =============  ================================
    DPDK version   Crypto library version
    =============  ================================
-   21.11+         Multi-buffer library 1.0-1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================

 Initialization
diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst
index 4070f025e1..b57f18b56f 100644
--- a/doc/guides/cryptodevs/kasumi.rst
+++ b/doc/guides/cryptodevs/kasumi.rst
@@ -80,7 +80,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================

 Initialization
diff --git a/doc/guides/cryptodevs/snow3g.rst b/doc/guides/cryptodevs/snow3g.rst
index 6eb8229fb5..fb4e0448ac 100644
--- a/doc/guides/cryptodevs/snow3g.rst
+++ b/doc/guides/cryptodevs/snow3g.rst
@@ -89,7 +89,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================

 Initialization
diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index 29fe6279aa..4615562246 100644
--- a/doc/guides/cryptodevs/zuc.rst
+++ b/doc/guides/cryptodevs/zuc.rst
@@ -88,7 +88,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================

 Initialization
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
index ba899604d2..910efb1a97 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
@@ -11,8 +11,6 @@

 #include "ipsec_mb_private.h"

-#define IMB_MP_REQ_VER_STR "1.1.0"
-
 /** Configure device */
 int
 ipsec_mb_config(__rte_unused struct rte_cryptodev *dev,
@@ -147,15 +145,10 @@ ipsec_mb_qp_release(struct rte_cryptodev *dev, uint16_t qp_id)
         if (rte_eal_process_type() == RTE_PROC_PRIMARY) {
                 rte_ring_free(rte_ring_lookup(qp->name));

-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-               if (qp->mb_mgr)
-                       free_mb_mgr(qp->mb_mgr);
-#else
                 if (qp->mb_mgr_mz) {
                         rte_memzone_free(qp->mb_mgr_mz);
                         qp->mb_mgr = NULL;
                 }
-#endif
                 rte_free(qp);
                 dev->data->queue_pairs[qp_id] = NULL;
         } else { /* secondary process */
@@ -211,7 +204,6 @@ static struct rte_ring
                                RING_F_SP_ENQ | RING_F_SC_DEQ);
 }

-#if IMB_VERSION(1, 1, 0) <= IMB_VERSION_NUM
 static IMB_MGR *
 ipsec_mb_alloc_mgr_from_memzone(const struct rte_memzone **mb_mgr_mz,
                 const char *mb_mgr_mz_name)
@@ -244,7 +236,6 @@ ipsec_mb_alloc_mgr_from_memzone(const struct rte_memzone **mb_mgr_mz,
         }
         return mb_mgr;
 }
-#endif

 /** Setup a queue pair */
 int
@@ -260,12 +251,6 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
         int ret;

         if (rte_eal_process_type() == RTE_PROC_SECONDARY) {
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-               IPSEC_MB_LOG(ERR, "The intel-ipsec-mb version (%s) does not support multiprocess,"
-                               "the minimum version required for this feature is %s.",
-                               IMB_VERSION_STR, IMB_MP_REQ_VER_STR);
-               return -EINVAL;
-#endif
                 qp = dev->data->queue_pairs[qp_id];
                 if (qp == NULL) {
                         IPSEC_MB_LOG(DEBUG, "Secondary process setting up device qp.");
@@ -285,15 +270,11 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
                         return -ENOMEM;
         }

-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-       qp->mb_mgr = alloc_init_mb_mgr();
-#else
         char mz_name[IPSEC_MB_MAX_MZ_NAME];
         snprintf(mz_name, sizeof(mz_name), "IMB_MGR_DEV_%d_QP_%d",
                         dev->data->dev_id, qp_id);
         qp->mb_mgr = ipsec_mb_alloc_mgr_from_memzone(&(qp->mb_mgr_mz),
                         mz_name);
-#endif
         if (qp->mb_mgr == NULL) {
                 ret = -ENOMEM;
                 goto qp_setup_cleanup;
@@ -330,14 +311,9 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
         return 0;

 qp_setup_cleanup:
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-       if (qp->mb_mgr)
-               free_mb_mgr(qp->mb_mgr);
-#else
         if (rte_eal_process_type() == RTE_PROC_SECONDARY)
                 return ret;
         rte_memzone_free(qp->mb_mgr_mz);
-#endif
         rte_free(qp);
         return ret;
 }
diff --git a/drivers/crypto/ipsec_mb/meson.build b/drivers/crypto/ipsec_mb/meson.build
index 87bf965554..0c988d7411 100644
--- a/drivers/crypto/ipsec_mb/meson.build
+++ b/drivers/crypto/ipsec_mb/meson.build
@@ -7,7 +7,7 @@ if is_windows
     subdir_done()
 endif

-IMB_required_ver = '1.0.0'
+IMB_required_ver = '1.4.0'
 IMB_header = '#include<intel-ipsec-mb.h>'
 if arch_subdir == 'arm'
     IMB_header = '#include<ipsec-mb.h>'
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index ef4228bd38..0f11b36d35 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -216,13 +216,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
                         }
                 } else if (xform->auth.key.length == 32) {
                         sess->template_job.hash_alg = IMB_AUTH_ZUC256_EIA3_BITLEN;
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
                         if (sess->auth.req_digest_len != 4 &&
                                         sess->auth.req_digest_len != 8 &&
                                         sess->auth.req_digest_len != 16) {
-#else
-                       if (sess->auth.req_digest_len != 4) {
-#endif
                                 IPSEC_MB_LOG(ERR, "Invalid digest size\n");
                                 return -EINVAL;
                         }
@@ -879,11 +875,9 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
                 }
         }

-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
         sess->session_id = imb_set_session(mb_mgr, &sess->template_job);
         sess->pid = getpid();
         RTE_PER_LCORE(pid) = sess->pid;
-#endif

         return 0;
 }
@@ -1016,9 +1010,7 @@ aesni_mb_set_docsis_sec_session_parameters(
                 goto error_exit;
         }

-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
         ipsec_sess->session_id = imb_set_session(mb_mgr, &ipsec_sess->template_job);
-#endif

 error_exit:
         free_mb_mgr(mb_mgr);
@@ -1273,7 +1265,6 @@ imb_lib_support_sgl_algo(IMB_CIPHER_MODE alg)
         return 0;
 }

-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 static inline int
 single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
                 int oop, uint32_t offset, struct rte_mbuf *m_src,
@@ -1358,7 +1349,6 @@ single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
         job->sgl_io_segs = sgl_segs;
         return 0;
 }
-#endif

 static inline int
 multi_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
@@ -1428,9 +1418,7 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,
                 job->msg_len_to_hash_in_bytes = 0;
                 job->msg_len_to_cipher_in_bytes = 0;
                 job->cipher_start_src_offset_in_bytes = 0;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
                 imb_set_session(mb_mgr, job);
-#endif
         } else {
                 job->hash_start_src_offset_in_bytes =
                                 op->sym->aead.data.offset;
@@ -1458,13 +1446,11 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,
                 job->src = NULL;
                 job->dst = NULL;

-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
                 if (m_src->nb_segs <= MAX_NUM_SEGS)
                         return single_sgl_job(job, op, oop,
                                         m_offset, m_src, m_dst,
                                         qp_data->sgl_segs);
                 else
-#endif
                         return multi_sgl_job(job, op, oop,
                                         m_offset, m_src, m_dst, mb_mgr);
         } else {
@@ -1554,10 +1540,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
         uint8_t sgl = 0;
         uint8_t lb_sgl = 0;

-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-       (void) pid;
-#endif
-
         session = ipsec_mb_get_session_private(qp, op);
         if (session == NULL) {
                 op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1567,12 +1549,10 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
         const IMB_CIPHER_MODE cipher_mode =
                         session->template_job.cipher_mode;

-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
         if (session->pid != pid) {
                 memcpy(job, &session->template_job, sizeof(IMB_JOB));
                 imb_set_session(mb_mgr, job);
         } else if (job->session_id != session->session_id)
-#endif
                 memcpy(job, &session->template_job, sizeof(IMB_JOB));

         if (!op->sym->m_dst) {
@@ -1613,9 +1593,7 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
                         job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
                         job->cipher_mode = IMB_CIPHER_GCM_SGL;
                         job->hash_alg = IMB_AUTH_GCM_SGL;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
                         imb_set_session(mb_mgr, job);
-#endif
                 }
                 break;
         case IMB_AUTH_AES_GMAC_128:
@@ -1640,9 +1618,7 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
                         job->u.CHACHA20_POLY1305.ctx = &qp_data->chacha_sgl_ctx;
                         job->cipher_mode = IMB_CIPHER_CHACHA20_POLY1305_SGL;
                         job->hash_alg = IMB_AUTH_CHACHA20_POLY1305_SGL;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
                         imb_set_session(mb_mgr, job);
-#endif
                 }
                 break;
         default:
@@ -1838,13 +1814,11 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
                 if (lb_sgl)
                         return handle_sgl_linear(job, op, m_offset, session);

-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
                 if (m_src->nb_segs <= MAX_NUM_SEGS)
                         return single_sgl_job(job, op, oop,
                                         m_offset, m_src, m_dst,
                                         qp_data->sgl_segs);
                 else
-#endif
                         return multi_sgl_job(job, op, oop,
                                         m_offset, m_src, m_dst, mb_mgr);
         }
@@ -2164,7 +2138,6 @@ set_job_null_op(IMB_JOB *job, struct rte_crypto_op *op)
         return job;
 }

-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 uint16_t
 aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
                 uint16_t nb_ops)
@@ -2297,144 +2270,7 @@ aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,

         return processed_jobs;
 }
-#else
-
-/**
- * Process a completed IMB_JOB job and keep processing jobs until
- * get_completed_job return NULL
- *
- * @param qp           Queue Pair to process
- * @param mb_mgr       IMB_MGR to use
- * @param job          IMB_JOB job
- * @param ops          crypto ops to fill
- * @param nb_ops       number of crypto ops
- *
- * @return
- * - Number of processed jobs
- */
-static unsigned
-handle_completed_jobs(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
-               IMB_JOB *job, struct rte_crypto_op **ops,
-               uint16_t nb_ops)
-{
-       struct rte_crypto_op *op = NULL;
-       uint16_t processed_jobs = 0;
-
-       while (job != NULL) {
-               op = post_process_mb_job(qp, job);
-
-               if (op) {
-                       ops[processed_jobs++] = op;
-                       qp->stats.dequeued_count++;
-               } else {
-                       qp->stats.dequeue_err_count++;
-                       break;
-               }
-               if (processed_jobs == nb_ops)
-                       break;
-
-               job = IMB_GET_COMPLETED_JOB(mb_mgr);
-       }
-
-       return processed_jobs;
-}
-
-static inline uint16_t
-flush_mb_mgr(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
-               struct rte_crypto_op **ops, uint16_t nb_ops)
-{
-       int processed_ops = 0;
-
-       /* Flush the remaining jobs */
-       IMB_JOB *job = IMB_FLUSH_JOB(mb_mgr);
-
-       if (job)
-               processed_ops += handle_completed_jobs(qp, mb_mgr, job,
-                               &ops[processed_ops], nb_ops - processed_ops);
-
-       return processed_ops;
-}
-
-uint16_t
-aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
-               uint16_t nb_ops)
-{
-       struct ipsec_mb_qp *qp = queue_pair;
-       IMB_MGR *mb_mgr = qp->mb_mgr;
-       struct rte_crypto_op *op;
-       IMB_JOB *job;
-       int retval, processed_jobs = 0;
-       pid_t pid = 0;

-       if (unlikely(nb_ops == 0 || mb_mgr == NULL))
-               return 0;
-
-       uint8_t digest_idx = qp->digest_idx;
-
-       do {
-               /* Get next free mb job struct from mb manager */
-               job = IMB_GET_NEXT_JOB(mb_mgr);
-               if (unlikely(job == NULL)) {
-                       /* if no free mb job structs we need to flush mb_mgr */
-                       processed_jobs += flush_mb_mgr(qp, mb_mgr,
-                                       &ops[processed_jobs],
-                                       nb_ops - processed_jobs);
-
-                       if (nb_ops == processed_jobs)
-                               break;
-
-                       job = IMB_GET_NEXT_JOB(mb_mgr);
-               }
-
-               /*
-                * Get next operation to process from ingress queue.
-                * There is no need to return the job to the IMB_MGR
-                * if there are no more operations to process, since the IMB_MGR
-                * can use that pointer again in next get_next calls.
-                */
-               retval = rte_ring_dequeue(qp->ingress_queue, (void **)&op);
-               if (retval < 0)
-                       break;
-
-               if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-                       retval = set_sec_mb_job_params(job, qp, op,
-                                               &digest_idx);
-               else
-                       retval = set_mb_job_params(job, qp, op,
-                               &digest_idx, mb_mgr, pid);
-
-               if (unlikely(retval != 0)) {
-                       qp->stats.dequeue_err_count++;
-                       set_job_null_op(job, op);
-               }
-
-               /* Submit job to multi-buffer for processing */
-#ifdef RTE_LIBRTE_PMD_AESNI_MB_DEBUG
-               job = IMB_SUBMIT_JOB(mb_mgr);
-#else
-               job = IMB_SUBMIT_JOB_NOCHECK(mb_mgr);
-#endif
-               /*
-                * If submit returns a processed job then handle it,
-                * before submitting subsequent jobs
-                */
-               if (job)
-                       processed_jobs += handle_completed_jobs(qp, mb_mgr,
-                                       job, &ops[processed_jobs],
-                                       nb_ops - processed_jobs);
-
-       } while (processed_jobs < nb_ops);
-
-       qp->digest_idx = digest_idx;
-
-       if (processed_jobs < 1)
-               processed_jobs += flush_mb_mgr(qp, mb_mgr,
-                               &ops[processed_jobs],
-                               nb_ops - processed_jobs);
-
-       return processed_jobs;
-}
-#endif
 static inline int
 check_crypto_sgl(union rte_crypto_sym_ofs so, const struct rte_crypto_sgl *sgl)
 {
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index d6af2d4ded..6af699bfdd 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -17,9 +17,7 @@
 #define HMAC_IPAD_VALUE                 (0x36)
 #define HMAC_OPAD_VALUE                 (0x5C)

-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 #define MAX_NUM_SEGS 16
-#endif

 int
 aesni_mb_session_configure(IMB_MGR * m __rte_unused, void *priv_sess,
@@ -580,13 +578,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
                                 },
                                 .digest_size = {
                                         .min = 4,
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
                                         .max = 16,
                                         .increment = 4
-#else
-                                       .max = 4,
-                                       .increment = 0
-#endif
                                 },
                                 .iv_size = {
                                         .min = 16,
@@ -741,9 +734,7 @@ struct aesni_mb_qp_data {
          * by the driver when verifying a digest provided
          * by the user (using authentication verify operation)
          */
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
         struct IMB_SGL_IOV sgl_segs[MAX_NUM_SEGS];
-#endif
         union {
                 struct gcm_context_data gcm_sgl_ctx;
                 struct chacha20_poly1305_context_data chacha_sgl_ctx;
--
2.25.1


[-- Attachment #2: Type: text/html, Size: 49278 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [PATCH v2] crypto/ipsec_mb: bump minimum IPsec MB version
  2024-10-04 14:58 [PATCH v1] crypto/ipsec_mb: bump minimum IPsec MB version Brian Dooley
  2024-10-07 10:09 ` Ji, Kai
  2024-10-07 10:20 ` De Lara Guarch, Pablo
@ 2024-10-07 16:49 ` Brian Dooley
  2024-10-09 10:03   ` [EXTERNAL] " Akhil Goyal
  2024-10-10 10:13 ` [PATCH v3] " Brian Dooley
  3 siblings, 1 reply; 9+ messages in thread
From: Brian Dooley @ 2024-10-07 16:49 UTC (permalink / raw)
  To: Kai Ji, Pablo de Lara; +Cc: dev, gakhil, Brian Dooley

AESNI_MB SW PMDs increment Intel IPsec MB version to 1.4.
A minimum IPsec Multi-buffer version of 1.4 or greater is now required
for the 24.11 LTS release.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
This patch relates to a deprecation notice sent in the 24.03 release.
Intel IPsec MB minimum version being bumped to 1.4 for the 24.11 release.
https://patches.dpdk.org/project/dpdk/patch/20240314103731.3242086-2-brian.dooley@intel.com/

v2:
	Added release note
	Remove more IMB_VERSION checks
---
 doc/guides/cryptodevs/aesni_gcm.rst         |   3 +-
 doc/guides/cryptodevs/aesni_mb.rst          |   3 +-
 doc/guides/cryptodevs/chacha20_poly1305.rst |   3 +-
 doc/guides/cryptodevs/kasumi.rst            |   3 +-
 doc/guides/cryptodevs/snow3g.rst            |   3 +-
 doc/guides/cryptodevs/zuc.rst               |   3 +-
 doc/guides/rel_notes/release_24_11.rst      |   7 +
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c      |  24 --
 drivers/crypto/ipsec_mb/meson.build         |   2 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 268 +-------------------
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h |   9 -
 11 files changed, 23 insertions(+), 305 deletions(-)

diff --git a/doc/guides/cryptodevs/aesni_gcm.rst b/doc/guides/cryptodevs/aesni_gcm.rst
index 3af1486553..7592d33da2 100644
--- a/doc/guides/cryptodevs/aesni_gcm.rst
+++ b/doc/guides/cryptodevs/aesni_gcm.rst
@@ -74,7 +74,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.11 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================
 
 Initialization
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 3c77d0f463..c2f6633ee6 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -132,7 +132,8 @@ and the Multi-Buffer library version supported by them:
    DPDK version    Multi-buffer library version
    ==============  ============================
    20.11 - 21.08   0.53 - 1.3
-   21.11+          1.0  - 1.5
+   21.11 - 24.07   1.0  - 1.5
+   24.11+          1.4  - 1.5
    ==============  ============================
 
 Initialization
diff --git a/doc/guides/cryptodevs/chacha20_poly1305.rst b/doc/guides/cryptodevs/chacha20_poly1305.rst
index 44cff85918..b5a980b247 100644
--- a/doc/guides/cryptodevs/chacha20_poly1305.rst
+++ b/doc/guides/cryptodevs/chacha20_poly1305.rst
@@ -66,7 +66,8 @@ and the external crypto libraries supported by them:
    =============  ================================
    DPDK version   Crypto library version
    =============  ================================
-   21.11+         Multi-buffer library 1.0-1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================
 
 Initialization
diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst
index 4070f025e1..b57f18b56f 100644
--- a/doc/guides/cryptodevs/kasumi.rst
+++ b/doc/guides/cryptodevs/kasumi.rst
@@ -80,7 +80,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================
 
 Initialization
diff --git a/doc/guides/cryptodevs/snow3g.rst b/doc/guides/cryptodevs/snow3g.rst
index 6eb8229fb5..fb4e0448ac 100644
--- a/doc/guides/cryptodevs/snow3g.rst
+++ b/doc/guides/cryptodevs/snow3g.rst
@@ -89,7 +89,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================
 
 Initialization
diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index 29fe6279aa..4615562246 100644
--- a/doc/guides/cryptodevs/zuc.rst
+++ b/doc/guides/cryptodevs/zuc.rst
@@ -88,7 +88,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================
 
 Initialization
diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst
index e0a9aa55a1..11eb786fd4 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -67,6 +67,13 @@ New Features
 
   The new statistics are useful for debugging and profiling.
 
+* **Updated IPsec_MB crypto driver.**
+
+  * In 24.11 LTS release the Intel IPsec Multi-buffer version is bumped to a
+    minimum version of v1.4. This will effect the KASUMI, SNOW3G, ZUC,
+    AESNI GCM, AESNI MB and CHACHAPOLY SW PMDs.
+
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
index ba899604d2..910efb1a97 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
@@ -11,8 +11,6 @@
 
 #include "ipsec_mb_private.h"
 
-#define IMB_MP_REQ_VER_STR "1.1.0"
-
 /** Configure device */
 int
 ipsec_mb_config(__rte_unused struct rte_cryptodev *dev,
@@ -147,15 +145,10 @@ ipsec_mb_qp_release(struct rte_cryptodev *dev, uint16_t qp_id)
 	if (rte_eal_process_type() == RTE_PROC_PRIMARY) {
 		rte_ring_free(rte_ring_lookup(qp->name));
 
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-		if (qp->mb_mgr)
-			free_mb_mgr(qp->mb_mgr);
-#else
 		if (qp->mb_mgr_mz) {
 			rte_memzone_free(qp->mb_mgr_mz);
 			qp->mb_mgr = NULL;
 		}
-#endif
 		rte_free(qp);
 		dev->data->queue_pairs[qp_id] = NULL;
 	} else { /* secondary process */
@@ -211,7 +204,6 @@ static struct rte_ring
 			       RING_F_SP_ENQ | RING_F_SC_DEQ);
 }
 
-#if IMB_VERSION(1, 1, 0) <= IMB_VERSION_NUM
 static IMB_MGR *
 ipsec_mb_alloc_mgr_from_memzone(const struct rte_memzone **mb_mgr_mz,
 		const char *mb_mgr_mz_name)
@@ -244,7 +236,6 @@ ipsec_mb_alloc_mgr_from_memzone(const struct rte_memzone **mb_mgr_mz,
 	}
 	return mb_mgr;
 }
-#endif
 
 /** Setup a queue pair */
 int
@@ -260,12 +251,6 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	int ret;
 
 	if (rte_eal_process_type() == RTE_PROC_SECONDARY) {
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-		IPSEC_MB_LOG(ERR, "The intel-ipsec-mb version (%s) does not support multiprocess,"
-				"the minimum version required for this feature is %s.",
-				IMB_VERSION_STR, IMB_MP_REQ_VER_STR);
-		return -EINVAL;
-#endif
 		qp = dev->data->queue_pairs[qp_id];
 		if (qp == NULL) {
 			IPSEC_MB_LOG(DEBUG, "Secondary process setting up device qp.");
@@ -285,15 +270,11 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 			return -ENOMEM;
 	}
 
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-	qp->mb_mgr = alloc_init_mb_mgr();
-#else
 	char mz_name[IPSEC_MB_MAX_MZ_NAME];
 	snprintf(mz_name, sizeof(mz_name), "IMB_MGR_DEV_%d_QP_%d",
 			dev->data->dev_id, qp_id);
 	qp->mb_mgr = ipsec_mb_alloc_mgr_from_memzone(&(qp->mb_mgr_mz),
 			mz_name);
-#endif
 	if (qp->mb_mgr == NULL) {
 		ret = -ENOMEM;
 		goto qp_setup_cleanup;
@@ -330,14 +311,9 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	return 0;
 
 qp_setup_cleanup:
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-	if (qp->mb_mgr)
-		free_mb_mgr(qp->mb_mgr);
-#else
 	if (rte_eal_process_type() == RTE_PROC_SECONDARY)
 		return ret;
 	rte_memzone_free(qp->mb_mgr_mz);
-#endif
 	rte_free(qp);
 	return ret;
 }
diff --git a/drivers/crypto/ipsec_mb/meson.build b/drivers/crypto/ipsec_mb/meson.build
index 87bf965554..0c988d7411 100644
--- a/drivers/crypto/ipsec_mb/meson.build
+++ b/drivers/crypto/ipsec_mb/meson.build
@@ -7,7 +7,7 @@ if is_windows
     subdir_done()
 endif
 
-IMB_required_ver = '1.0.0'
+IMB_required_ver = '1.4.0'
 IMB_header = '#include<intel-ipsec-mb.h>'
 if arch_subdir == 'arm'
     IMB_header = '#include<ipsec-mb.h>'
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index f3633091a9..b8f103496f 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -15,51 +15,6 @@ struct aesni_mb_op_buf_data {
 	uint32_t offset;
 };
 
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-/**
- * Calculate the authentication pre-computes
- *
- * @param one_block_hash	Function pointer
- *				to calculate digest on ipad/opad
- * @param ipad			Inner pad output byte array
- * @param opad			Outer pad output byte array
- * @param hkey			Authentication key
- * @param hkey_len		Authentication key length
- * @param blocksize		Block size of selected hash algo
- */
-static void
-calculate_auth_precomputes(hash_one_block_t one_block_hash,
-		uint8_t *ipad, uint8_t *opad,
-		const uint8_t *hkey, uint16_t hkey_len,
-		uint16_t blocksize)
-{
-	uint32_t i, length;
-
-	alignas(16) uint8_t ipad_buf[blocksize];
-	alignas(16) uint8_t opad_buf[blocksize];
-
-	/* Setup inner and outer pads */
-	memset(ipad_buf, HMAC_IPAD_VALUE, blocksize);
-	memset(opad_buf, HMAC_OPAD_VALUE, blocksize);
-
-	/* XOR hash key with inner and outer pads */
-	length = hkey_len > blocksize ? blocksize : hkey_len;
-
-	for (i = 0; i < length; i++) {
-		ipad_buf[i] ^= hkey[i];
-		opad_buf[i] ^= hkey[i];
-	}
-
-	/* Compute partial hashes */
-	(*one_block_hash)(ipad_buf, ipad);
-	(*one_block_hash)(opad_buf, opad);
-
-	/* Clean up stack */
-	memset(ipad_buf, 0, blocksize);
-	memset(opad_buf, 0, blocksize);
-}
-#endif
-
 static inline int
 is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode)
 {
@@ -74,10 +29,6 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 		struct aesni_mb_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-	hash_one_block_t hash_oneblock_fn = NULL;
-	unsigned int key_larger_block_size = 0;
-#endif
 	uint8_t hashed_key[HMAC_MAX_BLOCK_SIZE] = { 0 };
 	uint32_t auth_precompute = 1;
 
@@ -216,13 +167,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 			}
 		} else if (xform->auth.key.length == 32) {
 			sess->template_job.hash_alg = IMB_AUTH_ZUC256_EIA3_BITLEN;
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 			if (sess->auth.req_digest_len != 4 &&
 					sess->auth.req_digest_len != 8 &&
 					sess->auth.req_digest_len != 16) {
-#else
-			if (sess->auth.req_digest_len != 4) {
-#endif
 				IPSEC_MB_LOG(ERR, "Invalid digest size");
 				return -EINVAL;
 			}
@@ -273,24 +220,15 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 	switch (xform->auth.algo) {
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
 		sess->template_job.hash_alg = IMB_AUTH_MD5;
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-		hash_oneblock_fn = mb_mgr->md5_one_block;
-#endif
 		break;
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_1;
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-		hash_oneblock_fn = mb_mgr->sha1_one_block;
-#endif
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_1)) {
 			IMB_SHA1(mb_mgr,
 				xform->auth.key.data,
 				xform->auth.key.length,
 				hashed_key);
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-			key_larger_block_size = 1;
-#endif
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -299,18 +237,12 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 		break;
 	case RTE_CRYPTO_AUTH_SHA224_HMAC:
 		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_224;
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-		hash_oneblock_fn = mb_mgr->sha224_one_block;
-#endif
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_224)) {
 			IMB_SHA224(mb_mgr,
 				xform->auth.key.data,
 				xform->auth.key.length,
 				hashed_key);
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-			key_larger_block_size = 1;
-#endif
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA224:
@@ -319,18 +251,12 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 		break;
 	case RTE_CRYPTO_AUTH_SHA256_HMAC:
 		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_256;
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-		hash_oneblock_fn = mb_mgr->sha256_one_block;
-#endif
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_256)) {
 			IMB_SHA256(mb_mgr,
 				xform->auth.key.data,
 				xform->auth.key.length,
 				hashed_key);
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-			key_larger_block_size = 1;
-#endif
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA256:
@@ -339,18 +265,12 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 		break;
 	case RTE_CRYPTO_AUTH_SHA384_HMAC:
 		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_384;
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-		hash_oneblock_fn = mb_mgr->sha384_one_block;
-#endif
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_384)) {
 			IMB_SHA384(mb_mgr,
 				xform->auth.key.data,
 				xform->auth.key.length,
 				hashed_key);
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-			key_larger_block_size = 1;
-#endif
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA384:
@@ -359,18 +279,12 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 		break;
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_512;
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-		hash_oneblock_fn = mb_mgr->sha512_one_block;
-#endif
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_512)) {
 			IMB_SHA512(mb_mgr,
 				xform->auth.key.data,
 				xform->auth.key.length,
 				hashed_key);
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-			key_larger_block_size = 1;
-#endif
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA512:
@@ -404,25 +318,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 		return 0;
 
 	/* Calculate Authentication precomputes */
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
-		imb_hmac_ipad_opad(mb_mgr, sess->template_job.hash_alg,
-					xform->auth.key.data, xform->auth.key.length,
-					sess->auth.pads.inner, sess->auth.pads.outer);
-#else
-	if (key_larger_block_size) {
-		calculate_auth_precomputes(hash_oneblock_fn,
-			sess->auth.pads.inner, sess->auth.pads.outer,
-			hashed_key,
-			xform->auth.key.length,
-			get_auth_algo_blocksize(sess->template_job.hash_alg));
-	} else {
-		calculate_auth_precomputes(hash_oneblock_fn,
-			sess->auth.pads.inner, sess->auth.pads.outer,
-			xform->auth.key.data,
-			xform->auth.key.length,
-			get_auth_algo_blocksize(sess->template_job.hash_alg));
-	}
-#endif
+	imb_hmac_ipad_opad(mb_mgr, sess->template_job.hash_alg,
+				xform->auth.key.data, xform->auth.key.length,
+				sess->auth.pads.inner, sess->auth.pads.outer);
 	sess->template_job.u.HMAC._hashed_auth_key_xor_ipad =
 		sess->auth.pads.inner;
 	sess->template_job.u.HMAC._hashed_auth_key_xor_opad =
@@ -879,11 +777,9 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
 		}
 	}
 
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 	sess->session_id = imb_set_session(mb_mgr, &sess->template_job);
 	sess->pid = getpid();
 	RTE_PER_LCORE(pid) = sess->pid;
-#endif
 
 	return 0;
 }
@@ -1016,9 +912,7 @@ aesni_mb_set_docsis_sec_session_parameters(
 		goto error_exit;
 	}
 
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 	ipsec_sess->session_id = imb_set_session(mb_mgr, &ipsec_sess->template_job);
-#endif
 
 error_exit:
 	free_mb_mgr(mb_mgr);
@@ -1273,7 +1167,6 @@ imb_lib_support_sgl_algo(IMB_CIPHER_MODE alg)
 	return 0;
 }
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 static inline int
 single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
 		int oop, uint32_t offset, struct rte_mbuf *m_src,
@@ -1358,7 +1251,6 @@ single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
 	job->sgl_io_segs = sgl_segs;
 	return 0;
 }
-#endif
 
 static inline int
 multi_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
@@ -1428,9 +1320,7 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,
 		job->msg_len_to_hash_in_bytes = 0;
 		job->msg_len_to_cipher_in_bytes = 0;
 		job->cipher_start_src_offset_in_bytes = 0;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 		imb_set_session(mb_mgr, job);
-#endif
 	} else {
 		job->hash_start_src_offset_in_bytes =
 				op->sym->aead.data.offset;
@@ -1458,13 +1348,11 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,
 		job->src = NULL;
 		job->dst = NULL;
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 		if (m_src->nb_segs <= MAX_NUM_SEGS)
 			return single_sgl_job(job, op, oop,
 					m_offset, m_src, m_dst,
 					qp_data->sgl_segs);
 		else
-#endif
 			return multi_sgl_job(job, op, oop,
 					m_offset, m_src, m_dst, mb_mgr);
 	} else {
@@ -1554,10 +1442,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 	uint8_t sgl = 0;
 	uint8_t lb_sgl = 0;
 
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-	(void) pid;
-#endif
-
 	session = ipsec_mb_get_session_private(qp, op);
 	if (session == NULL) {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1567,12 +1451,10 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 	const IMB_CIPHER_MODE cipher_mode =
 			session->template_job.cipher_mode;
 
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 	if (session->pid != pid) {
 		memcpy(job, &session->template_job, sizeof(IMB_JOB));
 		imb_set_session(mb_mgr, job);
 	} else if (job->session_id != session->session_id)
-#endif
 		memcpy(job, &session->template_job, sizeof(IMB_JOB));
 
 	if (!op->sym->m_dst) {
@@ -1613,9 +1495,7 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 			job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
 			job->cipher_mode = IMB_CIPHER_GCM_SGL;
 			job->hash_alg = IMB_AUTH_GCM_SGL;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 			imb_set_session(mb_mgr, job);
-#endif
 		}
 		break;
 	case IMB_AUTH_AES_GMAC_128:
@@ -1640,9 +1520,7 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 			job->u.CHACHA20_POLY1305.ctx = &qp_data->chacha_sgl_ctx;
 			job->cipher_mode = IMB_CIPHER_CHACHA20_POLY1305_SGL;
 			job->hash_alg = IMB_AUTH_CHACHA20_POLY1305_SGL;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 			imb_set_session(mb_mgr, job);
-#endif
 		}
 		break;
 	default:
@@ -1838,13 +1716,11 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		if (lb_sgl)
 			return handle_sgl_linear(job, op, m_offset, session);
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 		if (m_src->nb_segs <= MAX_NUM_SEGS)
 			return single_sgl_job(job, op, oop,
 					m_offset, m_src, m_dst,
 					qp_data->sgl_segs);
 		else
-#endif
 			return multi_sgl_job(job, op, oop,
 					m_offset, m_src, m_dst, mb_mgr);
 	}
@@ -2164,7 +2040,6 @@ set_job_null_op(IMB_JOB *job, struct rte_crypto_op *op)
 	return job;
 }
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 uint16_t
 aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 		uint16_t nb_ops)
@@ -2297,144 +2172,7 @@ aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 
 	return processed_jobs;
 }
-#else
-
-/**
- * Process a completed IMB_JOB job and keep processing jobs until
- * get_completed_job return NULL
- *
- * @param qp		Queue Pair to process
- * @param mb_mgr	IMB_MGR to use
- * @param job		IMB_JOB job
- * @param ops		crypto ops to fill
- * @param nb_ops	number of crypto ops
- *
- * @return
- * - Number of processed jobs
- */
-static unsigned
-handle_completed_jobs(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
-		IMB_JOB *job, struct rte_crypto_op **ops,
-		uint16_t nb_ops)
-{
-	struct rte_crypto_op *op = NULL;
-	uint16_t processed_jobs = 0;
-
-	while (job != NULL) {
-		op = post_process_mb_job(qp, job);
-
-		if (op) {
-			ops[processed_jobs++] = op;
-			qp->stats.dequeued_count++;
-		} else {
-			qp->stats.dequeue_err_count++;
-			break;
-		}
-		if (processed_jobs == nb_ops)
-			break;
-
-		job = IMB_GET_COMPLETED_JOB(mb_mgr);
-	}
-
-	return processed_jobs;
-}
-
-static inline uint16_t
-flush_mb_mgr(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
-		struct rte_crypto_op **ops, uint16_t nb_ops)
-{
-	int processed_ops = 0;
-
-	/* Flush the remaining jobs */
-	IMB_JOB *job = IMB_FLUSH_JOB(mb_mgr);
-
-	if (job)
-		processed_ops += handle_completed_jobs(qp, mb_mgr, job,
-				&ops[processed_ops], nb_ops - processed_ops);
-
-	return processed_ops;
-}
-
-uint16_t
-aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
-		uint16_t nb_ops)
-{
-	struct ipsec_mb_qp *qp = queue_pair;
-	IMB_MGR *mb_mgr = qp->mb_mgr;
-	struct rte_crypto_op *op;
-	IMB_JOB *job;
-	int retval, processed_jobs = 0;
-	pid_t pid = 0;
-
-	if (unlikely(nb_ops == 0 || mb_mgr == NULL))
-		return 0;
-
-	uint8_t digest_idx = qp->digest_idx;
 
-	do {
-		/* Get next free mb job struct from mb manager */
-		job = IMB_GET_NEXT_JOB(mb_mgr);
-		if (unlikely(job == NULL)) {
-			/* if no free mb job structs we need to flush mb_mgr */
-			processed_jobs += flush_mb_mgr(qp, mb_mgr,
-					&ops[processed_jobs],
-					nb_ops - processed_jobs);
-
-			if (nb_ops == processed_jobs)
-				break;
-
-			job = IMB_GET_NEXT_JOB(mb_mgr);
-		}
-
-		/*
-		 * Get next operation to process from ingress queue.
-		 * There is no need to return the job to the IMB_MGR
-		 * if there are no more operations to process, since the IMB_MGR
-		 * can use that pointer again in next get_next calls.
-		 */
-		retval = rte_ring_dequeue(qp->ingress_queue, (void **)&op);
-		if (retval < 0)
-			break;
-
-		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-			retval = set_sec_mb_job_params(job, qp, op,
-						&digest_idx);
-		else
-			retval = set_mb_job_params(job, qp, op,
-				&digest_idx, mb_mgr, pid);
-
-		if (unlikely(retval != 0)) {
-			qp->stats.dequeue_err_count++;
-			set_job_null_op(job, op);
-		}
-
-		/* Submit job to multi-buffer for processing */
-#ifdef RTE_LIBRTE_PMD_AESNI_MB_DEBUG
-		job = IMB_SUBMIT_JOB(mb_mgr);
-#else
-		job = IMB_SUBMIT_JOB_NOCHECK(mb_mgr);
-#endif
-		/*
-		 * If submit returns a processed job then handle it,
-		 * before submitting subsequent jobs
-		 */
-		if (job)
-			processed_jobs += handle_completed_jobs(qp, mb_mgr,
-					job, &ops[processed_jobs],
-					nb_ops - processed_jobs);
-
-	} while (processed_jobs < nb_ops);
-
-	qp->digest_idx = digest_idx;
-
-	if (processed_jobs < 1)
-		processed_jobs += flush_mb_mgr(qp, mb_mgr,
-				&ops[processed_jobs],
-				nb_ops - processed_jobs);
-
-	return processed_jobs;
-}
-#endif
 static inline int
 check_crypto_sgl(union rte_crypto_sym_ofs so, const struct rte_crypto_sgl *sgl)
 {
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index d6af2d4ded..6af699bfdd 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -17,9 +17,7 @@
 #define HMAC_IPAD_VALUE			(0x36)
 #define HMAC_OPAD_VALUE			(0x5C)
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 #define MAX_NUM_SEGS 16
-#endif
 
 int
 aesni_mb_session_configure(IMB_MGR * m __rte_unused, void *priv_sess,
@@ -580,13 +578,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 				},
 				.digest_size = {
 					.min = 4,
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 					.max = 16,
 					.increment = 4
-#else
-					.max = 4,
-					.increment = 0
-#endif
 				},
 				.iv_size = {
 					.min = 16,
@@ -741,9 +734,7 @@ struct aesni_mb_qp_data {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 	struct IMB_SGL_IOV sgl_segs[MAX_NUM_SEGS];
-#endif
 	union {
 		struct gcm_context_data gcm_sgl_ctx;
 		struct chacha20_poly1305_context_data chacha_sgl_ctx;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 9+ messages in thread

* RE: [EXTERNAL] [PATCH v2] crypto/ipsec_mb: bump minimum IPsec MB version
  2024-10-07 16:49 ` [PATCH v2] " Brian Dooley
@ 2024-10-09 10:03   ` Akhil Goyal
  0 siblings, 0 replies; 9+ messages in thread
From: Akhil Goyal @ 2024-10-09 10:03 UTC (permalink / raw)
  To: Brian Dooley, Kai Ji, Pablo de Lara; +Cc: dev

> AESNI_MB SW PMDs increment Intel IPsec MB version to 1.4.
> A minimum IPsec Multi-buffer version of 1.4 or greater is now required
> for the 24.11 LTS release.
> 
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> Acked-by: Kai Ji <kai.ji@intel.com>
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
> This patch relates to a deprecation notice sent in the 24.03 release.

You should also remove the deprecation notice in this patch.

> Intel IPsec MB minimum version being bumped to 1.4 for the 24.11 release.
> https://patches.dpdk.org/project/dpdk/patch/20240314103731.3242086-2-brian.dooley@intel.com/
> 
> v2:
> 	Added release note
> 	Remove more IMB_VERSION checks
> ---
>  doc/guides/cryptodevs/aesni_gcm.rst         |   3 +-
>  doc/guides/cryptodevs/aesni_mb.rst          |   3 +-
>  doc/guides/cryptodevs/chacha20_poly1305.rst |   3 +-
>  doc/guides/cryptodevs/kasumi.rst            |   3 +-
>  doc/guides/cryptodevs/snow3g.rst            |   3 +-
>  doc/guides/cryptodevs/zuc.rst               |   3 +-
>  doc/guides/rel_notes/release_24_11.rst      |   7 +
>  drivers/crypto/ipsec_mb/ipsec_mb_ops.c      |  24 --
>  drivers/crypto/ipsec_mb/meson.build         |   2 +-
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 268 +-------------------
>  drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h |   9 -
>  11 files changed, 23 insertions(+), 305 deletions(-)
> 
> diff --git a/doc/guides/cryptodevs/aesni_gcm.rst
> b/doc/guides/cryptodevs/aesni_gcm.rst
> index 3af1486553..7592d33da2 100644
> --- a/doc/guides/cryptodevs/aesni_gcm.rst
> +++ b/doc/guides/cryptodevs/aesni_gcm.rst
> @@ -74,7 +74,8 @@ and the external crypto libraries supported by them:
>     DPDK version   Crypto library version
>     =============  ================================
>     20.11 - 21.08  Multi-buffer library 0.53 - 1.3
> -   21.11+         Multi-buffer library 1.0  - 1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+         Multi-buffer library 1.4  - 1.5
>     =============  ================================
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/aesni_mb.rst
> b/doc/guides/cryptodevs/aesni_mb.rst
> index 3c77d0f463..c2f6633ee6 100644
> --- a/doc/guides/cryptodevs/aesni_mb.rst
> +++ b/doc/guides/cryptodevs/aesni_mb.rst
> @@ -132,7 +132,8 @@ and the Multi-Buffer library version supported by them:
>     DPDK version    Multi-buffer library version
>     ==============  ============================
>     20.11 - 21.08   0.53 - 1.3
> -   21.11+          1.0  - 1.5
> +   21.11 - 24.07   1.0  - 1.5
> +   24.11+          1.4  - 1.5
>     ==============  ============================
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/chacha20_poly1305.rst
> b/doc/guides/cryptodevs/chacha20_poly1305.rst
> index 44cff85918..b5a980b247 100644
> --- a/doc/guides/cryptodevs/chacha20_poly1305.rst
> +++ b/doc/guides/cryptodevs/chacha20_poly1305.rst
> @@ -66,7 +66,8 @@ and the external crypto libraries supported by them:
>     =============  ================================
>     DPDK version   Crypto library version
>     =============  ================================
> -   21.11+         Multi-buffer library 1.0-1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+         Multi-buffer library 1.4  - 1.5
>     =============  ================================
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/kasumi.rst
> b/doc/guides/cryptodevs/kasumi.rst
> index 4070f025e1..b57f18b56f 100644
> --- a/doc/guides/cryptodevs/kasumi.rst
> +++ b/doc/guides/cryptodevs/kasumi.rst
> @@ -80,7 +80,8 @@ and the external crypto libraries supported by them:
>     DPDK version   Crypto library version
>     =============  ================================
>     20.02 - 21.08  Multi-buffer library 0.53 - 1.3
> -   21.11+         Multi-buffer library 1.0  - 1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+         Multi-buffer library 1.4  - 1.5
>     =============  ================================
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/snow3g.rst
> b/doc/guides/cryptodevs/snow3g.rst
> index 6eb8229fb5..fb4e0448ac 100644
> --- a/doc/guides/cryptodevs/snow3g.rst
> +++ b/doc/guides/cryptodevs/snow3g.rst
> @@ -89,7 +89,8 @@ and the external crypto libraries supported by them:
>     DPDK version   Crypto library version
>     =============  ================================
>     20.02 - 21.08  Multi-buffer library 0.53 - 1.3
> -   21.11+         Multi-buffer library 1.0  - 1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+         Multi-buffer library 1.4  - 1.5
>     =============  ================================
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
> index 29fe6279aa..4615562246 100644
> --- a/doc/guides/cryptodevs/zuc.rst
> +++ b/doc/guides/cryptodevs/zuc.rst
> @@ -88,7 +88,8 @@ and the external crypto libraries supported by them:
>     DPDK version   Crypto library version
>     =============  ================================
>     20.02 - 21.08  Multi-buffer library 0.53 - 1.3
> -   21.11+         Multi-buffer library 1.0  - 1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+         Multi-buffer library 1.4  - 1.5
>     =============  ================================
> 
>  Initialization
> diff --git a/doc/guides/rel_notes/release_24_11.rst
> b/doc/guides/rel_notes/release_24_11.rst
> index e0a9aa55a1..11eb786fd4 100644
> --- a/doc/guides/rel_notes/release_24_11.rst
> +++ b/doc/guides/rel_notes/release_24_11.rst
> @@ -67,6 +67,13 @@ New Features
> 
>    The new statistics are useful for debugging and profiling.
> 
> +* **Updated IPsec_MB crypto driver.**
> +
> +  * In 24.11 LTS release the Intel IPsec Multi-buffer version is bumped to a
> +    minimum version of v1.4. This will effect the KASUMI, SNOW3G, ZUC,
> +    AESNI GCM, AESNI MB and CHACHAPOLY SW PMDs.
> +
> +
> 
>  Removed Items
>  -------------
> diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
> b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
> index ba899604d2..910efb1a97 100644
> --- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
> +++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
> @@ -11,8 +11,6 @@
> 
>  #include "ipsec_mb_private.h"
> 
> -#define IMB_MP_REQ_VER_STR "1.1.0"
> -
>  /** Configure device */
>  int
>  ipsec_mb_config(__rte_unused struct rte_cryptodev *dev,
> @@ -147,15 +145,10 @@ ipsec_mb_qp_release(struct rte_cryptodev *dev,
> uint16_t qp_id)
>  	if (rte_eal_process_type() == RTE_PROC_PRIMARY) {
>  		rte_ring_free(rte_ring_lookup(qp->name));
> 
> -#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
> -		if (qp->mb_mgr)
> -			free_mb_mgr(qp->mb_mgr);
> -#else
>  		if (qp->mb_mgr_mz) {
>  			rte_memzone_free(qp->mb_mgr_mz);
>  			qp->mb_mgr = NULL;
>  		}
> -#endif
>  		rte_free(qp);
>  		dev->data->queue_pairs[qp_id] = NULL;
>  	} else { /* secondary process */
> @@ -211,7 +204,6 @@ static struct rte_ring
>  			       RING_F_SP_ENQ | RING_F_SC_DEQ);
>  }
> 
> -#if IMB_VERSION(1, 1, 0) <= IMB_VERSION_NUM
>  static IMB_MGR *
>  ipsec_mb_alloc_mgr_from_memzone(const struct rte_memzone **mb_mgr_mz,
>  		const char *mb_mgr_mz_name)
> @@ -244,7 +236,6 @@ ipsec_mb_alloc_mgr_from_memzone(const struct
> rte_memzone **mb_mgr_mz,
>  	}
>  	return mb_mgr;
>  }
> -#endif
> 
>  /** Setup a queue pair */
>  int
> @@ -260,12 +251,6 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev,
> uint16_t qp_id,
>  	int ret;
> 
>  	if (rte_eal_process_type() == RTE_PROC_SECONDARY) {
> -#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
> -		IPSEC_MB_LOG(ERR, "The intel-ipsec-mb version (%s) does not
> support multiprocess,"
> -				"the minimum version required for this feature
> is %s.",
> -				IMB_VERSION_STR, IMB_MP_REQ_VER_STR);
> -		return -EINVAL;
> -#endif
>  		qp = dev->data->queue_pairs[qp_id];
>  		if (qp == NULL) {
>  			IPSEC_MB_LOG(DEBUG, "Secondary process setting up
> device qp.");
> @@ -285,15 +270,11 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev,
> uint16_t qp_id,
>  			return -ENOMEM;
>  	}
> 
> -#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
> -	qp->mb_mgr = alloc_init_mb_mgr();
> -#else
>  	char mz_name[IPSEC_MB_MAX_MZ_NAME];
>  	snprintf(mz_name, sizeof(mz_name), "IMB_MGR_DEV_%d_QP_%d",
>  			dev->data->dev_id, qp_id);
>  	qp->mb_mgr = ipsec_mb_alloc_mgr_from_memzone(&(qp-
> >mb_mgr_mz),
>  			mz_name);
> -#endif
>  	if (qp->mb_mgr == NULL) {
>  		ret = -ENOMEM;
>  		goto qp_setup_cleanup;
> @@ -330,14 +311,9 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev,
> uint16_t qp_id,
>  	return 0;
> 
>  qp_setup_cleanup:
> -#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
> -	if (qp->mb_mgr)
> -		free_mb_mgr(qp->mb_mgr);
> -#else
>  	if (rte_eal_process_type() == RTE_PROC_SECONDARY)
>  		return ret;
>  	rte_memzone_free(qp->mb_mgr_mz);
> -#endif
>  	rte_free(qp);
>  	return ret;
>  }
> diff --git a/drivers/crypto/ipsec_mb/meson.build
> b/drivers/crypto/ipsec_mb/meson.build
> index 87bf965554..0c988d7411 100644
> --- a/drivers/crypto/ipsec_mb/meson.build
> +++ b/drivers/crypto/ipsec_mb/meson.build
> @@ -7,7 +7,7 @@ if is_windows
>      subdir_done()
>  endif
> 
> -IMB_required_ver = '1.0.0'
> +IMB_required_ver = '1.4.0'
>  IMB_header = '#include<intel-ipsec-mb.h>'
>  if arch_subdir == 'arm'
>      IMB_header = '#include<ipsec-mb.h>'
> diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> index f3633091a9..b8f103496f 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> @@ -15,51 +15,6 @@ struct aesni_mb_op_buf_data {
>  	uint32_t offset;
>  };
> 
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -/**
> - * Calculate the authentication pre-computes
> - *
> - * @param one_block_hash	Function pointer
> - *				to calculate digest on ipad/opad
> - * @param ipad			Inner pad output byte array
> - * @param opad			Outer pad output byte array
> - * @param hkey			Authentication key
> - * @param hkey_len		Authentication key length
> - * @param blocksize		Block size of selected hash algo
> - */
> -static void
> -calculate_auth_precomputes(hash_one_block_t one_block_hash,
> -		uint8_t *ipad, uint8_t *opad,
> -		const uint8_t *hkey, uint16_t hkey_len,
> -		uint16_t blocksize)
> -{
> -	uint32_t i, length;
> -
> -	alignas(16) uint8_t ipad_buf[blocksize];
> -	alignas(16) uint8_t opad_buf[blocksize];
> -
> -	/* Setup inner and outer pads */
> -	memset(ipad_buf, HMAC_IPAD_VALUE, blocksize);
> -	memset(opad_buf, HMAC_OPAD_VALUE, blocksize);
> -
> -	/* XOR hash key with inner and outer pads */
> -	length = hkey_len > blocksize ? blocksize : hkey_len;
> -
> -	for (i = 0; i < length; i++) {
> -		ipad_buf[i] ^= hkey[i];
> -		opad_buf[i] ^= hkey[i];
> -	}
> -
> -	/* Compute partial hashes */
> -	(*one_block_hash)(ipad_buf, ipad);
> -	(*one_block_hash)(opad_buf, opad);
> -
> -	/* Clean up stack */
> -	memset(ipad_buf, 0, blocksize);
> -	memset(opad_buf, 0, blocksize);
> -}
> -#endif
> -
>  static inline int
>  is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode)
>  {
> @@ -74,10 +29,6 @@ aesni_mb_set_session_auth_parameters(IMB_MGR
> *mb_mgr,
>  		struct aesni_mb_session *sess,
>  		const struct rte_crypto_sym_xform *xform)
>  {
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -	hash_one_block_t hash_oneblock_fn = NULL;
> -	unsigned int key_larger_block_size = 0;
> -#endif
>  	uint8_t hashed_key[HMAC_MAX_BLOCK_SIZE] = { 0 };
>  	uint32_t auth_precompute = 1;
> 
> @@ -216,13 +167,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR
> *mb_mgr,
>  			}
>  		} else if (xform->auth.key.length == 32) {
>  			sess->template_job.hash_alg =
> IMB_AUTH_ZUC256_EIA3_BITLEN;
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>  			if (sess->auth.req_digest_len != 4 &&
>  					sess->auth.req_digest_len != 8 &&
>  					sess->auth.req_digest_len != 16) {
> -#else
> -			if (sess->auth.req_digest_len != 4) {
> -#endif
>  				IPSEC_MB_LOG(ERR, "Invalid digest size");
>  				return -EINVAL;
>  			}
> @@ -273,24 +220,15 @@ aesni_mb_set_session_auth_parameters(IMB_MGR
> *mb_mgr,
>  	switch (xform->auth.algo) {
>  	case RTE_CRYPTO_AUTH_MD5_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_MD5;
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->md5_one_block;
> -#endif
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA1_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_1;
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->sha1_one_block;
> -#endif
>  		if (xform->auth.key.length > get_auth_algo_blocksize(
>  				IMB_AUTH_HMAC_SHA_1)) {
>  			IMB_SHA1(mb_mgr,
>  				xform->auth.key.data,
>  				xform->auth.key.length,
>  				hashed_key);
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -			key_larger_block_size = 1;
> -#endif
>  		}
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA1:
> @@ -299,18 +237,12 @@ aesni_mb_set_session_auth_parameters(IMB_MGR
> *mb_mgr,
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA224_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_224;
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->sha224_one_block;
> -#endif
>  		if (xform->auth.key.length > get_auth_algo_blocksize(
>  				IMB_AUTH_HMAC_SHA_224)) {
>  			IMB_SHA224(mb_mgr,
>  				xform->auth.key.data,
>  				xform->auth.key.length,
>  				hashed_key);
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -			key_larger_block_size = 1;
> -#endif
>  		}
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA224:
> @@ -319,18 +251,12 @@ aesni_mb_set_session_auth_parameters(IMB_MGR
> *mb_mgr,
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA256_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_256;
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->sha256_one_block;
> -#endif
>  		if (xform->auth.key.length > get_auth_algo_blocksize(
>  				IMB_AUTH_HMAC_SHA_256)) {
>  			IMB_SHA256(mb_mgr,
>  				xform->auth.key.data,
>  				xform->auth.key.length,
>  				hashed_key);
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -			key_larger_block_size = 1;
> -#endif
>  		}
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA256:
> @@ -339,18 +265,12 @@ aesni_mb_set_session_auth_parameters(IMB_MGR
> *mb_mgr,
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA384_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_384;
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->sha384_one_block;
> -#endif
>  		if (xform->auth.key.length > get_auth_algo_blocksize(
>  				IMB_AUTH_HMAC_SHA_384)) {
>  			IMB_SHA384(mb_mgr,
>  				xform->auth.key.data,
>  				xform->auth.key.length,
>  				hashed_key);
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -			key_larger_block_size = 1;
> -#endif
>  		}
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA384:
> @@ -359,18 +279,12 @@ aesni_mb_set_session_auth_parameters(IMB_MGR
> *mb_mgr,
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA512_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_512;
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->sha512_one_block;
> -#endif
>  		if (xform->auth.key.length > get_auth_algo_blocksize(
>  				IMB_AUTH_HMAC_SHA_512)) {
>  			IMB_SHA512(mb_mgr,
>  				xform->auth.key.data,
>  				xform->auth.key.length,
>  				hashed_key);
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -			key_larger_block_size = 1;
> -#endif
>  		}
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA512:
> @@ -404,25 +318,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR
> *mb_mgr,
>  		return 0;
> 
>  	/* Calculate Authentication precomputes */
> -#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
> -		imb_hmac_ipad_opad(mb_mgr, sess->template_job.hash_alg,
> -					xform->auth.key.data, xform-
> >auth.key.length,
> -					sess->auth.pads.inner, sess-
> >auth.pads.outer);
> -#else
> -	if (key_larger_block_size) {
> -		calculate_auth_precomputes(hash_oneblock_fn,
> -			sess->auth.pads.inner, sess->auth.pads.outer,
> -			hashed_key,
> -			xform->auth.key.length,
> -			get_auth_algo_blocksize(sess->template_job.hash_alg));
> -	} else {
> -		calculate_auth_precomputes(hash_oneblock_fn,
> -			sess->auth.pads.inner, sess->auth.pads.outer,
> -			xform->auth.key.data,
> -			xform->auth.key.length,
> -			get_auth_algo_blocksize(sess->template_job.hash_alg));
> -	}
> -#endif
> +	imb_hmac_ipad_opad(mb_mgr, sess->template_job.hash_alg,
> +				xform->auth.key.data, xform->auth.key.length,
> +				sess->auth.pads.inner, sess->auth.pads.outer);
>  	sess->template_job.u.HMAC._hashed_auth_key_xor_ipad =
>  		sess->auth.pads.inner;
>  	sess->template_job.u.HMAC._hashed_auth_key_xor_opad =
> @@ -879,11 +777,9 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
>  		}
>  	}
> 
> -#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
>  	sess->session_id = imb_set_session(mb_mgr, &sess->template_job);
>  	sess->pid = getpid();
>  	RTE_PER_LCORE(pid) = sess->pid;
> -#endif
> 
>  	return 0;
>  }
> @@ -1016,9 +912,7 @@ aesni_mb_set_docsis_sec_session_parameters(
>  		goto error_exit;
>  	}
> 
> -#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
>  	ipsec_sess->session_id = imb_set_session(mb_mgr, &ipsec_sess-
> >template_job);
> -#endif
> 
>  error_exit:
>  	free_mb_mgr(mb_mgr);
> @@ -1273,7 +1167,6 @@ imb_lib_support_sgl_algo(IMB_CIPHER_MODE alg)
>  	return 0;
>  }
> 
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>  static inline int
>  single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
>  		int oop, uint32_t offset, struct rte_mbuf *m_src,
> @@ -1358,7 +1251,6 @@ single_sgl_job(IMB_JOB *job, struct rte_crypto_op
> *op,
>  	job->sgl_io_segs = sgl_segs;
>  	return 0;
>  }
> -#endif
> 
>  static inline int
>  multi_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
> @@ -1428,9 +1320,7 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job,
> const uint8_t sgl,
>  		job->msg_len_to_hash_in_bytes = 0;
>  		job->msg_len_to_cipher_in_bytes = 0;
>  		job->cipher_start_src_offset_in_bytes = 0;
> -#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
>  		imb_set_session(mb_mgr, job);
> -#endif
>  	} else {
>  		job->hash_start_src_offset_in_bytes =
>  				op->sym->aead.data.offset;
> @@ -1458,13 +1348,11 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job,
> const uint8_t sgl,
>  		job->src = NULL;
>  		job->dst = NULL;
> 
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>  		if (m_src->nb_segs <= MAX_NUM_SEGS)
>  			return single_sgl_job(job, op, oop,
>  					m_offset, m_src, m_dst,
>  					qp_data->sgl_segs);
>  		else
> -#endif
>  			return multi_sgl_job(job, op, oop,
>  					m_offset, m_src, m_dst, mb_mgr);
>  	} else {
> @@ -1554,10 +1442,6 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  	uint8_t sgl = 0;
>  	uint8_t lb_sgl = 0;
> 
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -	(void) pid;
> -#endif
> -
>  	session = ipsec_mb_get_session_private(qp, op);
>  	if (session == NULL) {
>  		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
> @@ -1567,12 +1451,10 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  	const IMB_CIPHER_MODE cipher_mode =
>  			session->template_job.cipher_mode;
> 
> -#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
>  	if (session->pid != pid) {
>  		memcpy(job, &session->template_job, sizeof(IMB_JOB));
>  		imb_set_session(mb_mgr, job);
>  	} else if (job->session_id != session->session_id)
> -#endif
>  		memcpy(job, &session->template_job, sizeof(IMB_JOB));
> 
>  	if (!op->sym->m_dst) {
> @@ -1613,9 +1495,7 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  			job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
>  			job->cipher_mode = IMB_CIPHER_GCM_SGL;
>  			job->hash_alg = IMB_AUTH_GCM_SGL;
> -#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
>  			imb_set_session(mb_mgr, job);
> -#endif
>  		}
>  		break;
>  	case IMB_AUTH_AES_GMAC_128:
> @@ -1640,9 +1520,7 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  			job->u.CHACHA20_POLY1305.ctx = &qp_data-
> >chacha_sgl_ctx;
>  			job->cipher_mode =
> IMB_CIPHER_CHACHA20_POLY1305_SGL;
>  			job->hash_alg =
> IMB_AUTH_CHACHA20_POLY1305_SGL;
> -#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
>  			imb_set_session(mb_mgr, job);
> -#endif
>  		}
>  		break;
>  	default:
> @@ -1838,13 +1716,11 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  		if (lb_sgl)
>  			return handle_sgl_linear(job, op, m_offset, session);
> 
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>  		if (m_src->nb_segs <= MAX_NUM_SEGS)
>  			return single_sgl_job(job, op, oop,
>  					m_offset, m_src, m_dst,
>  					qp_data->sgl_segs);
>  		else
> -#endif
>  			return multi_sgl_job(job, op, oop,
>  					m_offset, m_src, m_dst, mb_mgr);
>  	}
> @@ -2164,7 +2040,6 @@ set_job_null_op(IMB_JOB *job, struct rte_crypto_op
> *op)
>  	return job;
>  }
> 
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>  uint16_t
>  aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
>  		uint16_t nb_ops)
> @@ -2297,144 +2172,7 @@ aesni_mb_dequeue_burst(void *queue_pair, struct
> rte_crypto_op **ops,
> 
>  	return processed_jobs;
>  }
> -#else
> -
> -/**
> - * Process a completed IMB_JOB job and keep processing jobs until
> - * get_completed_job return NULL
> - *
> - * @param qp		Queue Pair to process
> - * @param mb_mgr	IMB_MGR to use
> - * @param job		IMB_JOB job
> - * @param ops		crypto ops to fill
> - * @param nb_ops	number of crypto ops
> - *
> - * @return
> - * - Number of processed jobs
> - */
> -static unsigned
> -handle_completed_jobs(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
> -		IMB_JOB *job, struct rte_crypto_op **ops,
> -		uint16_t nb_ops)
> -{
> -	struct rte_crypto_op *op = NULL;
> -	uint16_t processed_jobs = 0;
> -
> -	while (job != NULL) {
> -		op = post_process_mb_job(qp, job);
> -
> -		if (op) {
> -			ops[processed_jobs++] = op;
> -			qp->stats.dequeued_count++;
> -		} else {
> -			qp->stats.dequeue_err_count++;
> -			break;
> -		}
> -		if (processed_jobs == nb_ops)
> -			break;
> -
> -		job = IMB_GET_COMPLETED_JOB(mb_mgr);
> -	}
> -
> -	return processed_jobs;
> -}
> -
> -static inline uint16_t
> -flush_mb_mgr(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
> -		struct rte_crypto_op **ops, uint16_t nb_ops)
> -{
> -	int processed_ops = 0;
> -
> -	/* Flush the remaining jobs */
> -	IMB_JOB *job = IMB_FLUSH_JOB(mb_mgr);
> -
> -	if (job)
> -		processed_ops += handle_completed_jobs(qp, mb_mgr, job,
> -				&ops[processed_ops], nb_ops - processed_ops);
> -
> -	return processed_ops;
> -}
> -
> -uint16_t
> -aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
> -		uint16_t nb_ops)
> -{
> -	struct ipsec_mb_qp *qp = queue_pair;
> -	IMB_MGR *mb_mgr = qp->mb_mgr;
> -	struct rte_crypto_op *op;
> -	IMB_JOB *job;
> -	int retval, processed_jobs = 0;
> -	pid_t pid = 0;
> -
> -	if (unlikely(nb_ops == 0 || mb_mgr == NULL))
> -		return 0;
> -
> -	uint8_t digest_idx = qp->digest_idx;
> 
> -	do {
> -		/* Get next free mb job struct from mb manager */
> -		job = IMB_GET_NEXT_JOB(mb_mgr);
> -		if (unlikely(job == NULL)) {
> -			/* if no free mb job structs we need to flush mb_mgr */
> -			processed_jobs += flush_mb_mgr(qp, mb_mgr,
> -					&ops[processed_jobs],
> -					nb_ops - processed_jobs);
> -
> -			if (nb_ops == processed_jobs)
> -				break;
> -
> -			job = IMB_GET_NEXT_JOB(mb_mgr);
> -		}
> -
> -		/*
> -		 * Get next operation to process from ingress queue.
> -		 * There is no need to return the job to the IMB_MGR
> -		 * if there are no more operations to process, since the
> IMB_MGR
> -		 * can use that pointer again in next get_next calls.
> -		 */
> -		retval = rte_ring_dequeue(qp->ingress_queue, (void **)&op);
> -		if (retval < 0)
> -			break;
> -
> -		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
> -			retval = set_sec_mb_job_params(job, qp, op,
> -						&digest_idx);
> -		else
> -			retval = set_mb_job_params(job, qp, op,
> -				&digest_idx, mb_mgr, pid);
> -
> -		if (unlikely(retval != 0)) {
> -			qp->stats.dequeue_err_count++;
> -			set_job_null_op(job, op);
> -		}
> -
> -		/* Submit job to multi-buffer for processing */
> -#ifdef RTE_LIBRTE_PMD_AESNI_MB_DEBUG
> -		job = IMB_SUBMIT_JOB(mb_mgr);
> -#else
> -		job = IMB_SUBMIT_JOB_NOCHECK(mb_mgr);
> -#endif
> -		/*
> -		 * If submit returns a processed job then handle it,
> -		 * before submitting subsequent jobs
> -		 */
> -		if (job)
> -			processed_jobs += handle_completed_jobs(qp, mb_mgr,
> -					job, &ops[processed_jobs],
> -					nb_ops - processed_jobs);
> -
> -	} while (processed_jobs < nb_ops);
> -
> -	qp->digest_idx = digest_idx;
> -
> -	if (processed_jobs < 1)
> -		processed_jobs += flush_mb_mgr(qp, mb_mgr,
> -				&ops[processed_jobs],
> -				nb_ops - processed_jobs);
> -
> -	return processed_jobs;
> -}
> -#endif
>  static inline int
>  check_crypto_sgl(union rte_crypto_sym_ofs so, const struct rte_crypto_sgl *sgl)
>  {
> diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> index d6af2d4ded..6af699bfdd 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> @@ -17,9 +17,7 @@
>  #define HMAC_IPAD_VALUE			(0x36)
>  #define HMAC_OPAD_VALUE			(0x5C)
> 
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>  #define MAX_NUM_SEGS 16
> -#endif
> 
>  int
>  aesni_mb_session_configure(IMB_MGR * m __rte_unused, void *priv_sess,
> @@ -580,13 +578,8 @@ static const struct rte_cryptodev_capabilities
> aesni_mb_capabilities[] = {
>  				},
>  				.digest_size = {
>  					.min = 4,
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>  					.max = 16,
>  					.increment = 4
> -#else
> -					.max = 4,
> -					.increment = 0
> -#endif
>  				},
>  				.iv_size = {
>  					.min = 16,
> @@ -741,9 +734,7 @@ struct aesni_mb_qp_data {
>  	 * by the driver when verifying a digest provided
>  	 * by the user (using authentication verify operation)
>  	 */
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>  	struct IMB_SGL_IOV sgl_segs[MAX_NUM_SEGS];
> -#endif
>  	union {
>  		struct gcm_context_data gcm_sgl_ctx;
>  		struct chacha20_poly1305_context_data chacha_sgl_ctx;
> --
> 2.25.1


^ permalink raw reply	[flat|nested] 9+ messages in thread

* [PATCH v3] crypto/ipsec_mb: bump minimum IPsec MB version
  2024-10-04 14:58 [PATCH v1] crypto/ipsec_mb: bump minimum IPsec MB version Brian Dooley
                   ` (2 preceding siblings ...)
  2024-10-07 16:49 ` [PATCH v2] " Brian Dooley
@ 2024-10-10 10:13 ` Brian Dooley
  2024-10-18 12:54   ` Dooley, Brian
  2024-10-30 16:53   ` Wathsala Wathawana Vithanage
  3 siblings, 2 replies; 9+ messages in thread
From: Brian Dooley @ 2024-10-10 10:13 UTC (permalink / raw)
  To: Kai Ji, Pablo de Lara; +Cc: dev, gakhil, Brian Dooley

AESNI_MB SW PMDs increment Intel IPsec MB version to 1.4.
A minimum IPsec Multi-buffer version of 1.4 or greater is now required
for the 24.11 LTS release.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
This patch relates to a deprecation notice sent in the 24.03 release.
Intel IPsec MB minimum version being bumped to 1.4 for the 24.11 release.
https://patches.dpdk.org/project/dpdk/patch/20240314103731.3242086-2-brian.dooley@intel.com/

v2:
	Added release note
	Remove more IMB_VERSION checks
v3:
	Remove deprecation notice
---
 doc/guides/cryptodevs/aesni_gcm.rst         |   3 +-
 doc/guides/cryptodevs/aesni_mb.rst          |   3 +-
 doc/guides/cryptodevs/chacha20_poly1305.rst |   3 +-
 doc/guides/cryptodevs/kasumi.rst            |   3 +-
 doc/guides/cryptodevs/snow3g.rst            |   3 +-
 doc/guides/cryptodevs/zuc.rst               |   3 +-
 doc/guides/rel_notes/deprecation.rst        |   5 -
 doc/guides/rel_notes/release_24_11.rst      |   3 +
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c      |  24 --
 drivers/crypto/ipsec_mb/meson.build         |   2 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 268 +-------------------
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h |   9 -
 12 files changed, 19 insertions(+), 310 deletions(-)

diff --git a/doc/guides/cryptodevs/aesni_gcm.rst b/doc/guides/cryptodevs/aesni_gcm.rst
index 3af1486553..7592d33da2 100644
--- a/doc/guides/cryptodevs/aesni_gcm.rst
+++ b/doc/guides/cryptodevs/aesni_gcm.rst
@@ -74,7 +74,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.11 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================
 
 Initialization
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index ca930be1bd..16d82147b2 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -137,7 +137,8 @@ and the Multi-Buffer library version supported by them:
    DPDK version    Multi-buffer library version
    ==============  ============================
    20.11 - 21.08   0.53 - 1.3
-   21.11+          1.0  - 1.5
+   21.11 - 24.07   1.0  - 1.5
+   24.11+          1.4  - 1.5
    ==============  ============================
 
 Initialization
diff --git a/doc/guides/cryptodevs/chacha20_poly1305.rst b/doc/guides/cryptodevs/chacha20_poly1305.rst
index 44cff85918..b5a980b247 100644
--- a/doc/guides/cryptodevs/chacha20_poly1305.rst
+++ b/doc/guides/cryptodevs/chacha20_poly1305.rst
@@ -66,7 +66,8 @@ and the external crypto libraries supported by them:
    =============  ================================
    DPDK version   Crypto library version
    =============  ================================
-   21.11+         Multi-buffer library 1.0-1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================
 
 Initialization
diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst
index 4070f025e1..b57f18b56f 100644
--- a/doc/guides/cryptodevs/kasumi.rst
+++ b/doc/guides/cryptodevs/kasumi.rst
@@ -80,7 +80,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================
 
 Initialization
diff --git a/doc/guides/cryptodevs/snow3g.rst b/doc/guides/cryptodevs/snow3g.rst
index 6eb8229fb5..fb4e0448ac 100644
--- a/doc/guides/cryptodevs/snow3g.rst
+++ b/doc/guides/cryptodevs/snow3g.rst
@@ -89,7 +89,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================
 
 Initialization
diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index 29fe6279aa..4615562246 100644
--- a/doc/guides/cryptodevs/zuc.rst
+++ b/doc/guides/cryptodevs/zuc.rst
@@ -88,7 +88,8 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+         Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+         Multi-buffer library 1.4  - 1.5
    =============  ================================
 
 Initialization
diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst
index 1535ea7abf..dd920bc3d7 100644
--- a/doc/guides/rel_notes/deprecation.rst
+++ b/doc/guides/rel_notes/deprecation.rst
@@ -169,11 +169,6 @@ Deprecation Notices
 * fib: A new flag field will be introduced in ``rte_fib_conf`` structure
   in DPDK 24.11. This field will be used to pass extra configuration settings.
 
-* cryptodev: The Intel IPsec Multi-Buffer version will be bumped
-  to a minimum version of v1.4.
-  This will effect the KASUMI, SNOW3G, ZUC, AESNI GCM, AESNI MB and CHACHAPOLY
-  SW PMDs.
-
 * eventdev: The single-event (non-burst) enqueue and dequeue operations,
   used by static inline burst enqueue and dequeue functions in ``rte_eventdev.h``,
   will be removed in DPDK 23.11.
diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst
index 6a8ffe6f19..4430cf5b3a 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -82,6 +82,9 @@ New Features
   * Added support for SM3 algorithm.
   * Added support for SM3 HMAC algorithm.
   * Added support for SM4 CBC, SM4 ECB and SM4 CTR algorithms.
+  * In 24.11 LTS release the Intel IPsec Multi-buffer version is bumped to a
+    minimum version of v1.4. This will effect the KASUMI, SNOW3G, ZUC,
+    AESNI GCM, AESNI MB and CHACHAPOLY SW PMDs.
 
 * **Updated openssl crypto driver.**
 
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
index ba899604d2..910efb1a97 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
@@ -11,8 +11,6 @@
 
 #include "ipsec_mb_private.h"
 
-#define IMB_MP_REQ_VER_STR "1.1.0"
-
 /** Configure device */
 int
 ipsec_mb_config(__rte_unused struct rte_cryptodev *dev,
@@ -147,15 +145,10 @@ ipsec_mb_qp_release(struct rte_cryptodev *dev, uint16_t qp_id)
 	if (rte_eal_process_type() == RTE_PROC_PRIMARY) {
 		rte_ring_free(rte_ring_lookup(qp->name));
 
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-		if (qp->mb_mgr)
-			free_mb_mgr(qp->mb_mgr);
-#else
 		if (qp->mb_mgr_mz) {
 			rte_memzone_free(qp->mb_mgr_mz);
 			qp->mb_mgr = NULL;
 		}
-#endif
 		rte_free(qp);
 		dev->data->queue_pairs[qp_id] = NULL;
 	} else { /* secondary process */
@@ -211,7 +204,6 @@ static struct rte_ring
 			       RING_F_SP_ENQ | RING_F_SC_DEQ);
 }
 
-#if IMB_VERSION(1, 1, 0) <= IMB_VERSION_NUM
 static IMB_MGR *
 ipsec_mb_alloc_mgr_from_memzone(const struct rte_memzone **mb_mgr_mz,
 		const char *mb_mgr_mz_name)
@@ -244,7 +236,6 @@ ipsec_mb_alloc_mgr_from_memzone(const struct rte_memzone **mb_mgr_mz,
 	}
 	return mb_mgr;
 }
-#endif
 
 /** Setup a queue pair */
 int
@@ -260,12 +251,6 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	int ret;
 
 	if (rte_eal_process_type() == RTE_PROC_SECONDARY) {
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-		IPSEC_MB_LOG(ERR, "The intel-ipsec-mb version (%s) does not support multiprocess,"
-				"the minimum version required for this feature is %s.",
-				IMB_VERSION_STR, IMB_MP_REQ_VER_STR);
-		return -EINVAL;
-#endif
 		qp = dev->data->queue_pairs[qp_id];
 		if (qp == NULL) {
 			IPSEC_MB_LOG(DEBUG, "Secondary process setting up device qp.");
@@ -285,15 +270,11 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 			return -ENOMEM;
 	}
 
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-	qp->mb_mgr = alloc_init_mb_mgr();
-#else
 	char mz_name[IPSEC_MB_MAX_MZ_NAME];
 	snprintf(mz_name, sizeof(mz_name), "IMB_MGR_DEV_%d_QP_%d",
 			dev->data->dev_id, qp_id);
 	qp->mb_mgr = ipsec_mb_alloc_mgr_from_memzone(&(qp->mb_mgr_mz),
 			mz_name);
-#endif
 	if (qp->mb_mgr == NULL) {
 		ret = -ENOMEM;
 		goto qp_setup_cleanup;
@@ -330,14 +311,9 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	return 0;
 
 qp_setup_cleanup:
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-	if (qp->mb_mgr)
-		free_mb_mgr(qp->mb_mgr);
-#else
 	if (rte_eal_process_type() == RTE_PROC_SECONDARY)
 		return ret;
 	rte_memzone_free(qp->mb_mgr_mz);
-#endif
 	rte_free(qp);
 	return ret;
 }
diff --git a/drivers/crypto/ipsec_mb/meson.build b/drivers/crypto/ipsec_mb/meson.build
index 87bf965554..0c988d7411 100644
--- a/drivers/crypto/ipsec_mb/meson.build
+++ b/drivers/crypto/ipsec_mb/meson.build
@@ -7,7 +7,7 @@ if is_windows
     subdir_done()
 endif
 
-IMB_required_ver = '1.0.0'
+IMB_required_ver = '1.4.0'
 IMB_header = '#include<intel-ipsec-mb.h>'
 if arch_subdir == 'arm'
     IMB_header = '#include<ipsec-mb.h>'
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index a275ff0fe2..05dc1a039f 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -15,51 +15,6 @@ struct aesni_mb_op_buf_data {
 	uint32_t offset;
 };
 
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-/**
- * Calculate the authentication pre-computes
- *
- * @param one_block_hash	Function pointer
- *				to calculate digest on ipad/opad
- * @param ipad			Inner pad output byte array
- * @param opad			Outer pad output byte array
- * @param hkey			Authentication key
- * @param hkey_len		Authentication key length
- * @param blocksize		Block size of selected hash algo
- */
-static void
-calculate_auth_precomputes(hash_one_block_t one_block_hash,
-		uint8_t *ipad, uint8_t *opad,
-		const uint8_t *hkey, uint16_t hkey_len,
-		uint16_t blocksize)
-{
-	uint32_t i, length;
-
-	alignas(16) uint8_t ipad_buf[blocksize];
-	alignas(16) uint8_t opad_buf[blocksize];
-
-	/* Setup inner and outer pads */
-	memset(ipad_buf, HMAC_IPAD_VALUE, blocksize);
-	memset(opad_buf, HMAC_OPAD_VALUE, blocksize);
-
-	/* XOR hash key with inner and outer pads */
-	length = hkey_len > blocksize ? blocksize : hkey_len;
-
-	for (i = 0; i < length; i++) {
-		ipad_buf[i] ^= hkey[i];
-		opad_buf[i] ^= hkey[i];
-	}
-
-	/* Compute partial hashes */
-	(*one_block_hash)(ipad_buf, ipad);
-	(*one_block_hash)(opad_buf, opad);
-
-	/* Clean up stack */
-	memset(ipad_buf, 0, blocksize);
-	memset(opad_buf, 0, blocksize);
-}
-#endif
-
 static inline int
 is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode)
 {
@@ -74,10 +29,6 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 		struct aesni_mb_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-	hash_one_block_t hash_oneblock_fn = NULL;
-	unsigned int key_larger_block_size = 0;
-#endif
 	uint8_t hashed_key[HMAC_MAX_BLOCK_SIZE] = { 0 };
 	uint32_t auth_precompute = 1;
 
@@ -216,13 +167,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 			}
 		} else if (xform->auth.key.length == 32) {
 			sess->template_job.hash_alg = IMB_AUTH_ZUC256_EIA3_BITLEN;
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 			if (sess->auth.req_digest_len != 4 &&
 					sess->auth.req_digest_len != 8 &&
 					sess->auth.req_digest_len != 16) {
-#else
-			if (sess->auth.req_digest_len != 4) {
-#endif
 				IPSEC_MB_LOG(ERR, "Invalid digest size");
 				return -EINVAL;
 			}
@@ -273,24 +220,15 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 	switch (xform->auth.algo) {
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
 		sess->template_job.hash_alg = IMB_AUTH_MD5;
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-		hash_oneblock_fn = mb_mgr->md5_one_block;
-#endif
 		break;
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_1;
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-		hash_oneblock_fn = mb_mgr->sha1_one_block;
-#endif
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_1)) {
 			IMB_SHA1(mb_mgr,
 				xform->auth.key.data,
 				xform->auth.key.length,
 				hashed_key);
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-			key_larger_block_size = 1;
-#endif
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -299,18 +237,12 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 		break;
 	case RTE_CRYPTO_AUTH_SHA224_HMAC:
 		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_224;
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-		hash_oneblock_fn = mb_mgr->sha224_one_block;
-#endif
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_224)) {
 			IMB_SHA224(mb_mgr,
 				xform->auth.key.data,
 				xform->auth.key.length,
 				hashed_key);
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-			key_larger_block_size = 1;
-#endif
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA224:
@@ -319,18 +251,12 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 		break;
 	case RTE_CRYPTO_AUTH_SHA256_HMAC:
 		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_256;
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-		hash_oneblock_fn = mb_mgr->sha256_one_block;
-#endif
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_256)) {
 			IMB_SHA256(mb_mgr,
 				xform->auth.key.data,
 				xform->auth.key.length,
 				hashed_key);
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-			key_larger_block_size = 1;
-#endif
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA256:
@@ -339,18 +265,12 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 		break;
 	case RTE_CRYPTO_AUTH_SHA384_HMAC:
 		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_384;
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-		hash_oneblock_fn = mb_mgr->sha384_one_block;
-#endif
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_384)) {
 			IMB_SHA384(mb_mgr,
 				xform->auth.key.data,
 				xform->auth.key.length,
 				hashed_key);
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-			key_larger_block_size = 1;
-#endif
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA384:
@@ -359,18 +279,12 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 		break;
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_512;
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-		hash_oneblock_fn = mb_mgr->sha512_one_block;
-#endif
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_512)) {
 			IMB_SHA512(mb_mgr,
 				xform->auth.key.data,
 				xform->auth.key.length,
 				hashed_key);
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-			key_larger_block_size = 1;
-#endif
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA512:
@@ -412,25 +326,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 		return 0;
 
 	/* Calculate Authentication precomputes */
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
-		imb_hmac_ipad_opad(mb_mgr, sess->template_job.hash_alg,
-					xform->auth.key.data, xform->auth.key.length,
-					sess->auth.pads.inner, sess->auth.pads.outer);
-#else
-	if (key_larger_block_size) {
-		calculate_auth_precomputes(hash_oneblock_fn,
-			sess->auth.pads.inner, sess->auth.pads.outer,
-			hashed_key,
-			xform->auth.key.length,
-			get_auth_algo_blocksize(sess->template_job.hash_alg));
-	} else {
-		calculate_auth_precomputes(hash_oneblock_fn,
-			sess->auth.pads.inner, sess->auth.pads.outer,
-			xform->auth.key.data,
-			xform->auth.key.length,
-			get_auth_algo_blocksize(sess->template_job.hash_alg));
-	}
-#endif
+	imb_hmac_ipad_opad(mb_mgr, sess->template_job.hash_alg,
+				xform->auth.key.data, xform->auth.key.length,
+				sess->auth.pads.inner, sess->auth.pads.outer);
 	sess->template_job.u.HMAC._hashed_auth_key_xor_ipad =
 		sess->auth.pads.inner;
 	sess->template_job.u.HMAC._hashed_auth_key_xor_opad =
@@ -915,11 +813,9 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
 		}
 	}
 
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 	sess->session_id = imb_set_session(mb_mgr, &sess->template_job);
 	sess->pid = getpid();
 	RTE_PER_LCORE(pid) = sess->pid;
-#endif
 
 	return 0;
 }
@@ -1052,9 +948,7 @@ aesni_mb_set_docsis_sec_session_parameters(
 		goto error_exit;
 	}
 
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 	ipsec_sess->session_id = imb_set_session(mb_mgr, &ipsec_sess->template_job);
-#endif
 
 error_exit:
 	free_mb_mgr(mb_mgr);
@@ -1309,7 +1203,6 @@ imb_lib_support_sgl_algo(IMB_CIPHER_MODE alg)
 	return 0;
 }
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 static inline int
 single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
 		int oop, uint32_t offset, struct rte_mbuf *m_src,
@@ -1394,7 +1287,6 @@ single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
 	job->sgl_io_segs = sgl_segs;
 	return 0;
 }
-#endif
 
 static inline int
 multi_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
@@ -1464,9 +1356,7 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,
 		job->msg_len_to_hash_in_bytes = 0;
 		job->msg_len_to_cipher_in_bytes = 0;
 		job->cipher_start_src_offset_in_bytes = 0;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 		imb_set_session(mb_mgr, job);
-#endif
 	} else {
 		job->hash_start_src_offset_in_bytes =
 				op->sym->aead.data.offset;
@@ -1494,13 +1384,11 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,
 		job->src = NULL;
 		job->dst = NULL;
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 		if (m_src->nb_segs <= MAX_NUM_SEGS)
 			return single_sgl_job(job, op, oop,
 					m_offset, m_src, m_dst,
 					qp_data->sgl_segs);
 		else
-#endif
 			return multi_sgl_job(job, op, oop,
 					m_offset, m_src, m_dst, mb_mgr);
 	} else {
@@ -1590,10 +1478,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 	uint8_t sgl = 0;
 	uint8_t lb_sgl = 0;
 
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-	(void) pid;
-#endif
-
 	session = ipsec_mb_get_session_private(qp, op);
 	if (session == NULL) {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1603,12 +1487,10 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 	const IMB_CIPHER_MODE cipher_mode =
 			session->template_job.cipher_mode;
 
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 	if (session->pid != pid) {
 		memcpy(job, &session->template_job, sizeof(IMB_JOB));
 		imb_set_session(mb_mgr, job);
 	} else if (job->session_id != session->session_id)
-#endif
 		memcpy(job, &session->template_job, sizeof(IMB_JOB));
 
 	if (!op->sym->m_dst) {
@@ -1649,9 +1531,7 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 			job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
 			job->cipher_mode = IMB_CIPHER_GCM_SGL;
 			job->hash_alg = IMB_AUTH_GCM_SGL;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 			imb_set_session(mb_mgr, job);
-#endif
 		}
 		break;
 	case IMB_AUTH_AES_GMAC_128:
@@ -1676,9 +1556,7 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 			job->u.CHACHA20_POLY1305.ctx = &qp_data->chacha_sgl_ctx;
 			job->cipher_mode = IMB_CIPHER_CHACHA20_POLY1305_SGL;
 			job->hash_alg = IMB_AUTH_CHACHA20_POLY1305_SGL;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 			imb_set_session(mb_mgr, job);
-#endif
 		}
 		break;
 	default:
@@ -1874,13 +1752,11 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		if (lb_sgl)
 			return handle_sgl_linear(job, op, m_offset, session);
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 		if (m_src->nb_segs <= MAX_NUM_SEGS)
 			return single_sgl_job(job, op, oop,
 					m_offset, m_src, m_dst,
 					qp_data->sgl_segs);
 		else
-#endif
 			return multi_sgl_job(job, op, oop,
 					m_offset, m_src, m_dst, mb_mgr);
 	}
@@ -2200,7 +2076,6 @@ set_job_null_op(IMB_JOB *job, struct rte_crypto_op *op)
 	return job;
 }
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 uint16_t
 aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 		uint16_t nb_ops)
@@ -2333,144 +2208,7 @@ aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 
 	return processed_jobs;
 }
-#else
-
-/**
- * Process a completed IMB_JOB job and keep processing jobs until
- * get_completed_job return NULL
- *
- * @param qp		Queue Pair to process
- * @param mb_mgr	IMB_MGR to use
- * @param job		IMB_JOB job
- * @param ops		crypto ops to fill
- * @param nb_ops	number of crypto ops
- *
- * @return
- * - Number of processed jobs
- */
-static unsigned
-handle_completed_jobs(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
-		IMB_JOB *job, struct rte_crypto_op **ops,
-		uint16_t nb_ops)
-{
-	struct rte_crypto_op *op = NULL;
-	uint16_t processed_jobs = 0;
-
-	while (job != NULL) {
-		op = post_process_mb_job(qp, job);
-
-		if (op) {
-			ops[processed_jobs++] = op;
-			qp->stats.dequeued_count++;
-		} else {
-			qp->stats.dequeue_err_count++;
-			break;
-		}
-		if (processed_jobs == nb_ops)
-			break;
-
-		job = IMB_GET_COMPLETED_JOB(mb_mgr);
-	}
-
-	return processed_jobs;
-}
-
-static inline uint16_t
-flush_mb_mgr(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
-		struct rte_crypto_op **ops, uint16_t nb_ops)
-{
-	int processed_ops = 0;
-
-	/* Flush the remaining jobs */
-	IMB_JOB *job = IMB_FLUSH_JOB(mb_mgr);
-
-	if (job)
-		processed_ops += handle_completed_jobs(qp, mb_mgr, job,
-				&ops[processed_ops], nb_ops - processed_ops);
-
-	return processed_ops;
-}
-
-uint16_t
-aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
-		uint16_t nb_ops)
-{
-	struct ipsec_mb_qp *qp = queue_pair;
-	IMB_MGR *mb_mgr = qp->mb_mgr;
-	struct rte_crypto_op *op;
-	IMB_JOB *job;
-	int retval, processed_jobs = 0;
-	pid_t pid = 0;
-
-	if (unlikely(nb_ops == 0 || mb_mgr == NULL))
-		return 0;
-
-	uint8_t digest_idx = qp->digest_idx;
 
-	do {
-		/* Get next free mb job struct from mb manager */
-		job = IMB_GET_NEXT_JOB(mb_mgr);
-		if (unlikely(job == NULL)) {
-			/* if no free mb job structs we need to flush mb_mgr */
-			processed_jobs += flush_mb_mgr(qp, mb_mgr,
-					&ops[processed_jobs],
-					nb_ops - processed_jobs);
-
-			if (nb_ops == processed_jobs)
-				break;
-
-			job = IMB_GET_NEXT_JOB(mb_mgr);
-		}
-
-		/*
-		 * Get next operation to process from ingress queue.
-		 * There is no need to return the job to the IMB_MGR
-		 * if there are no more operations to process, since the IMB_MGR
-		 * can use that pointer again in next get_next calls.
-		 */
-		retval = rte_ring_dequeue(qp->ingress_queue, (void **)&op);
-		if (retval < 0)
-			break;
-
-		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-			retval = set_sec_mb_job_params(job, qp, op,
-						&digest_idx);
-		else
-			retval = set_mb_job_params(job, qp, op,
-				&digest_idx, mb_mgr, pid);
-
-		if (unlikely(retval != 0)) {
-			qp->stats.dequeue_err_count++;
-			set_job_null_op(job, op);
-		}
-
-		/* Submit job to multi-buffer for processing */
-#ifdef RTE_LIBRTE_PMD_AESNI_MB_DEBUG
-		job = IMB_SUBMIT_JOB(mb_mgr);
-#else
-		job = IMB_SUBMIT_JOB_NOCHECK(mb_mgr);
-#endif
-		/*
-		 * If submit returns a processed job then handle it,
-		 * before submitting subsequent jobs
-		 */
-		if (job)
-			processed_jobs += handle_completed_jobs(qp, mb_mgr,
-					job, &ops[processed_jobs],
-					nb_ops - processed_jobs);
-
-	} while (processed_jobs < nb_ops);
-
-	qp->digest_idx = digest_idx;
-
-	if (processed_jobs < 1)
-		processed_jobs += flush_mb_mgr(qp, mb_mgr,
-				&ops[processed_jobs],
-				nb_ops - processed_jobs);
-
-	return processed_jobs;
-}
-#endif
 static inline int
 check_crypto_sgl(union rte_crypto_sym_ofs so, const struct rte_crypto_sgl *sgl)
 {
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 6120a2f62d..468a1f35eb 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -17,9 +17,7 @@
 #define HMAC_IPAD_VALUE			(0x36)
 #define HMAC_OPAD_VALUE			(0x5C)
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 #define MAX_NUM_SEGS 16
-#endif
 
 int
 aesni_mb_session_configure(IMB_MGR * m __rte_unused, void *priv_sess,
@@ -580,13 +578,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 				},
 				.digest_size = {
 					.min = 4,
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 					.max = 16,
 					.increment = 4
-#else
-					.max = 4,
-					.increment = 0
-#endif
 				},
 				.iv_size = {
 					.min = 16,
@@ -843,9 +836,7 @@ struct aesni_mb_qp_data {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 	struct IMB_SGL_IOV sgl_segs[MAX_NUM_SEGS];
-#endif
 	union {
 		struct gcm_context_data gcm_sgl_ctx;
 		struct chacha20_poly1305_context_data chacha_sgl_ctx;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 9+ messages in thread

* RE: [PATCH v3] crypto/ipsec_mb: bump minimum IPsec MB version
  2024-10-10 10:13 ` [PATCH v3] " Brian Dooley
@ 2024-10-18 12:54   ` Dooley, Brian
  2024-10-30 16:53   ` Wathsala Wathawana Vithanage
  1 sibling, 0 replies; 9+ messages in thread
From: Dooley, Brian @ 2024-10-18 12:54 UTC (permalink / raw)
  To: Wathsala Wathawana Vithanage, Nagarahalli, Honnappa,
	"Ruifeng Wang", "Jack Bond-Preston"
  Cc: dev, gakhil, Ji, Kai, De Lara Guarch, Pablo

Hey ARM folks,

Intel IPsec MB minimum version is being bumped to 1.4.

> -----Original Message-----
> From: Dooley, Brian <brian.dooley@intel.com>
> Sent: Thursday 10 October 2024 11:13
> To: Ji, Kai <kai.ji@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: dev@dpdk.org; gakhil@marvell.com; Dooley, Brian
> <brian.dooley@intel.com>
> Subject: [PATCH v3] crypto/ipsec_mb: bump minimum IPsec MB version
> 
> AESNI_MB SW PMDs increment Intel IPsec MB version to 1.4.
> A minimum IPsec Multi-buffer version of 1.4 or greater is now required for the
> 24.11 LTS release.
> 
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> Acked-by: Kai Ji <kai.ji@intel.com>
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
> This patch relates to a deprecation notice sent in the 24.03 release.
> Intel IPsec MB minimum version being bumped to 1.4 for the 24.11 release.
> https://patches.dpdk.org/project/dpdk/patch/20240314103731.3242086-
> 2-brian.dooley@intel.com/
> 
> v2:
> 	Added release note
> 	Remove more IMB_VERSION checks
> v3:
> 	Remove deprecation notice
> ---
>  doc/guides/cryptodevs/aesni_gcm.rst         |   3 +-
>  doc/guides/cryptodevs/aesni_mb.rst          |   3 +-
>  doc/guides/cryptodevs/chacha20_poly1305.rst |   3 +-
>  doc/guides/cryptodevs/kasumi.rst            |   3 +-
>  doc/guides/cryptodevs/snow3g.rst            |   3 +-
>  doc/guides/cryptodevs/zuc.rst               |   3 +-
>  doc/guides/rel_notes/deprecation.rst        |   5 -
>  doc/guides/rel_notes/release_24_11.rst      |   3 +
>  drivers/crypto/ipsec_mb/ipsec_mb_ops.c      |  24 --
>  drivers/crypto/ipsec_mb/meson.build         |   2 +-
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 268 +-------------------
>  drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h |   9 -
>  12 files changed, 19 insertions(+), 310 deletions(-)
> 
> diff --git a/doc/guides/cryptodevs/aesni_gcm.rst
> b/doc/guides/cryptodevs/aesni_gcm.rst
> index 3af1486553..7592d33da2 100644
> --- a/doc/guides/cryptodevs/aesni_gcm.rst
> +++ b/doc/guides/cryptodevs/aesni_gcm.rst
> @@ -74,7 +74,8 @@ and the external crypto libraries supported by them:
>     DPDK version   Crypto library version
>     =============  ================================
>     20.11 - 21.08  Multi-buffer library 0.53 - 1.3
> -   21.11+         Multi-buffer library 1.0  - 1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+         Multi-buffer library 1.4  - 1.5
>     =============  ================================
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/aesni_mb.rst
> b/doc/guides/cryptodevs/aesni_mb.rst
> index ca930be1bd..16d82147b2 100644
> --- a/doc/guides/cryptodevs/aesni_mb.rst
> +++ b/doc/guides/cryptodevs/aesni_mb.rst
> @@ -137,7 +137,8 @@ and the Multi-Buffer library version supported by
> them:
>     DPDK version    Multi-buffer library version
>     ==============  ============================
>     20.11 - 21.08   0.53 - 1.3
> -   21.11+          1.0  - 1.5
> +   21.11 - 24.07   1.0  - 1.5
> +   24.11+          1.4  - 1.5
>     ==============  ============================
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/chacha20_poly1305.rst
> b/doc/guides/cryptodevs/chacha20_poly1305.rst
> index 44cff85918..b5a980b247 100644
> --- a/doc/guides/cryptodevs/chacha20_poly1305.rst
> +++ b/doc/guides/cryptodevs/chacha20_poly1305.rst
> @@ -66,7 +66,8 @@ and the external crypto libraries supported by them:
>     =============  ================================
>     DPDK version   Crypto library version
>     =============  ================================
> -   21.11+         Multi-buffer library 1.0-1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+         Multi-buffer library 1.4  - 1.5
>     =============  ================================
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/kasumi.rst
> b/doc/guides/cryptodevs/kasumi.rst
> index 4070f025e1..b57f18b56f 100644
> --- a/doc/guides/cryptodevs/kasumi.rst
> +++ b/doc/guides/cryptodevs/kasumi.rst
> @@ -80,7 +80,8 @@ and the external crypto libraries supported by them:
>     DPDK version   Crypto library version
>     =============  ================================
>     20.02 - 21.08  Multi-buffer library 0.53 - 1.3
> -   21.11+         Multi-buffer library 1.0  - 1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+         Multi-buffer library 1.4  - 1.5
>     =============  ================================
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/snow3g.rst
> b/doc/guides/cryptodevs/snow3g.rst
> index 6eb8229fb5..fb4e0448ac 100644
> --- a/doc/guides/cryptodevs/snow3g.rst
> +++ b/doc/guides/cryptodevs/snow3g.rst
> @@ -89,7 +89,8 @@ and the external crypto libraries supported by them:
>     DPDK version   Crypto library version
>     =============  ================================
>     20.02 - 21.08  Multi-buffer library 0.53 - 1.3
> -   21.11+         Multi-buffer library 1.0  - 1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+         Multi-buffer library 1.4  - 1.5
>     =============  ================================
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
> index 29fe6279aa..4615562246 100644
> --- a/doc/guides/cryptodevs/zuc.rst
> +++ b/doc/guides/cryptodevs/zuc.rst
> @@ -88,7 +88,8 @@ and the external crypto libraries supported by them:
>     DPDK version   Crypto library version
>     =============  ================================
>     20.02 - 21.08  Multi-buffer library 0.53 - 1.3
> -   21.11+         Multi-buffer library 1.0  - 1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+         Multi-buffer library 1.4  - 1.5
>     =============  ================================
> 
>  Initialization
> diff --git a/doc/guides/rel_notes/deprecation.rst
> b/doc/guides/rel_notes/deprecation.rst
> index 1535ea7abf..dd920bc3d7 100644
> --- a/doc/guides/rel_notes/deprecation.rst
> +++ b/doc/guides/rel_notes/deprecation.rst
> @@ -169,11 +169,6 @@ Deprecation Notices
>  * fib: A new flag field will be introduced in ``rte_fib_conf`` structure
>    in DPDK 24.11. This field will be used to pass extra configuration settings.
> 
> -* cryptodev: The Intel IPsec Multi-Buffer version will be bumped
> -  to a minimum version of v1.4.
> -  This will effect the KASUMI, SNOW3G, ZUC, AESNI GCM, AESNI MB and
> CHACHAPOLY
> -  SW PMDs.
> -
>  * eventdev: The single-event (non-burst) enqueue and dequeue operations,
>    used by static inline burst enqueue and dequeue functions in
> ``rte_eventdev.h``,
>    will be removed in DPDK 23.11.
> diff --git a/doc/guides/rel_notes/release_24_11.rst
> b/doc/guides/rel_notes/release_24_11.rst
> index 6a8ffe6f19..4430cf5b3a 100644
> --- a/doc/guides/rel_notes/release_24_11.rst
> +++ b/doc/guides/rel_notes/release_24_11.rst
> @@ -82,6 +82,9 @@ New Features
>    * Added support for SM3 algorithm.
>    * Added support for SM3 HMAC algorithm.
>    * Added support for SM4 CBC, SM4 ECB and SM4 CTR algorithms.
> +  * In 24.11 LTS release the Intel IPsec Multi-buffer version is bumped to a
> +    minimum version of v1.4. This will effect the KASUMI, SNOW3G, ZUC,
> +    AESNI GCM, AESNI MB and CHACHAPOLY SW PMDs.
> 
>  * **Updated openssl crypto driver.**
> 
> diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
> b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
> index ba899604d2..910efb1a97 100644
> --- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
> +++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
> @@ -11,8 +11,6 @@
> 
>  #include "ipsec_mb_private.h"
> 
> -#define IMB_MP_REQ_VER_STR "1.1.0"
> -
>  /** Configure device */
>  int
>  ipsec_mb_config(__rte_unused struct rte_cryptodev *dev, @@ -147,15
> +145,10 @@ ipsec_mb_qp_release(struct rte_cryptodev *dev, uint16_t
> qp_id)
>  	if (rte_eal_process_type() == RTE_PROC_PRIMARY) {
>  		rte_ring_free(rte_ring_lookup(qp->name));
> 
> -#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
> -		if (qp->mb_mgr)
> -			free_mb_mgr(qp->mb_mgr);
> -#else
>  		if (qp->mb_mgr_mz) {
>  			rte_memzone_free(qp->mb_mgr_mz);
>  			qp->mb_mgr = NULL;
>  		}
> -#endif
>  		rte_free(qp);
>  		dev->data->queue_pairs[qp_id] = NULL;
>  	} else { /* secondary process */
> @@ -211,7 +204,6 @@ static struct rte_ring
>  			       RING_F_SP_ENQ | RING_F_SC_DEQ);  }
> 
> -#if IMB_VERSION(1, 1, 0) <= IMB_VERSION_NUM  static IMB_MGR *
> ipsec_mb_alloc_mgr_from_memzone(const struct rte_memzone
> **mb_mgr_mz,
>  		const char *mb_mgr_mz_name)
> @@ -244,7 +236,6 @@ ipsec_mb_alloc_mgr_from_memzone(const struct
> rte_memzone **mb_mgr_mz,
>  	}
>  	return mb_mgr;
>  }
> -#endif
> 
>  /** Setup a queue pair */
>  int
> @@ -260,12 +251,6 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev,
> uint16_t qp_id,
>  	int ret;
> 
>  	if (rte_eal_process_type() == RTE_PROC_SECONDARY) { -#if
> IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
> -		IPSEC_MB_LOG(ERR, "The intel-ipsec-mb version (%s) does
> not support multiprocess,"
> -				"the minimum version required for this
> feature is %s.",
> -				IMB_VERSION_STR, IMB_MP_REQ_VER_STR);
> -		return -EINVAL;
> -#endif
>  		qp = dev->data->queue_pairs[qp_id];
>  		if (qp == NULL) {
>  			IPSEC_MB_LOG(DEBUG, "Secondary process setting
> up device qp."); @@ -285,15 +270,11 @@ ipsec_mb_qp_setup(struct
> rte_cryptodev *dev, uint16_t qp_id,
>  			return -ENOMEM;
>  	}
> 
> -#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
> -	qp->mb_mgr = alloc_init_mb_mgr();
> -#else
>  	char mz_name[IPSEC_MB_MAX_MZ_NAME];
>  	snprintf(mz_name, sizeof(mz_name), "IMB_MGR_DEV_%d_QP_%d",
>  			dev->data->dev_id, qp_id);
>  	qp->mb_mgr = ipsec_mb_alloc_mgr_from_memzone(&(qp-
> >mb_mgr_mz),
>  			mz_name);
> -#endif
>  	if (qp->mb_mgr == NULL) {
>  		ret = -ENOMEM;
>  		goto qp_setup_cleanup;
> @@ -330,14 +311,9 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev,
> uint16_t qp_id,
>  	return 0;
> 
>  qp_setup_cleanup:
> -#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
> -	if (qp->mb_mgr)
> -		free_mb_mgr(qp->mb_mgr);
> -#else
>  	if (rte_eal_process_type() == RTE_PROC_SECONDARY)
>  		return ret;
>  	rte_memzone_free(qp->mb_mgr_mz);
> -#endif
>  	rte_free(qp);
>  	return ret;
>  }
> diff --git a/drivers/crypto/ipsec_mb/meson.build
> b/drivers/crypto/ipsec_mb/meson.build
> index 87bf965554..0c988d7411 100644
> --- a/drivers/crypto/ipsec_mb/meson.build
> +++ b/drivers/crypto/ipsec_mb/meson.build
> @@ -7,7 +7,7 @@ if is_windows
>      subdir_done()
>  endif
> 
> -IMB_required_ver = '1.0.0'
> +IMB_required_ver = '1.4.0'
>  IMB_header = '#include<intel-ipsec-mb.h>'
>  if arch_subdir == 'arm'
>      IMB_header = '#include<ipsec-mb.h>'
> diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> index a275ff0fe2..05dc1a039f 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> @@ -15,51 +15,6 @@ struct aesni_mb_op_buf_data {
>  	uint32_t offset;
>  };
> 
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -/**
> - * Calculate the authentication pre-computes
> - *
> - * @param one_block_hash	Function pointer
> - *				to calculate digest on ipad/opad
> - * @param ipad			Inner pad output byte array
> - * @param opad			Outer pad output byte array
> - * @param hkey			Authentication key
> - * @param hkey_len		Authentication key length
> - * @param blocksize		Block size of selected hash algo
> - */
> -static void
> -calculate_auth_precomputes(hash_one_block_t one_block_hash,
> -		uint8_t *ipad, uint8_t *opad,
> -		const uint8_t *hkey, uint16_t hkey_len,
> -		uint16_t blocksize)
> -{
> -	uint32_t i, length;
> -
> -	alignas(16) uint8_t ipad_buf[blocksize];
> -	alignas(16) uint8_t opad_buf[blocksize];
> -
> -	/* Setup inner and outer pads */
> -	memset(ipad_buf, HMAC_IPAD_VALUE, blocksize);
> -	memset(opad_buf, HMAC_OPAD_VALUE, blocksize);
> -
> -	/* XOR hash key with inner and outer pads */
> -	length = hkey_len > blocksize ? blocksize : hkey_len;
> -
> -	for (i = 0; i < length; i++) {
> -		ipad_buf[i] ^= hkey[i];
> -		opad_buf[i] ^= hkey[i];
> -	}
> -
> -	/* Compute partial hashes */
> -	(*one_block_hash)(ipad_buf, ipad);
> -	(*one_block_hash)(opad_buf, opad);
> -
> -	/* Clean up stack */
> -	memset(ipad_buf, 0, blocksize);
> -	memset(opad_buf, 0, blocksize);
> -}
> -#endif
> -
>  static inline int
>  is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode)  {
> @@ -74,10 +29,6 @@ aesni_mb_set_session_auth_parameters(IMB_MGR
> *mb_mgr,
>  		struct aesni_mb_session *sess,
>  		const struct rte_crypto_sym_xform *xform)  { -#if
> IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -	hash_one_block_t hash_oneblock_fn = NULL;
> -	unsigned int key_larger_block_size = 0;
> -#endif
>  	uint8_t hashed_key[HMAC_MAX_BLOCK_SIZE] = { 0 };
>  	uint32_t auth_precompute = 1;
> 
> @@ -216,13 +167,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR
> *mb_mgr,
>  			}
>  		} else if (xform->auth.key.length == 32) {
>  			sess->template_job.hash_alg =
> IMB_AUTH_ZUC256_EIA3_BITLEN; -#if IMB_VERSION(1, 2, 0) <
> IMB_VERSION_NUM
>  			if (sess->auth.req_digest_len != 4 &&
>  					sess->auth.req_digest_len != 8 &&
>  					sess->auth.req_digest_len != 16) { -
> #else
> -			if (sess->auth.req_digest_len != 4) {
> -#endif
>  				IPSEC_MB_LOG(ERR, "Invalid digest size");
>  				return -EINVAL;
>  			}
> @@ -273,24 +220,15 @@
> aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
>  	switch (xform->auth.algo) {
>  	case RTE_CRYPTO_AUTH_MD5_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_MD5; -#if
> IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->md5_one_block;
> -#endif
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA1_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_1; -#if
> IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->sha1_one_block;
> -#endif
>  		if (xform->auth.key.length > get_auth_algo_blocksize(
>  				IMB_AUTH_HMAC_SHA_1)) {
>  			IMB_SHA1(mb_mgr,
>  				xform->auth.key.data,
>  				xform->auth.key.length,
>  				hashed_key);
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -			key_larger_block_size = 1;
> -#endif
>  		}
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA1:
> @@ -299,18 +237,12 @@
> aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA224_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_224;
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->sha224_one_block;
> -#endif
>  		if (xform->auth.key.length > get_auth_algo_blocksize(
>  				IMB_AUTH_HMAC_SHA_224)) {
>  			IMB_SHA224(mb_mgr,
>  				xform->auth.key.data,
>  				xform->auth.key.length,
>  				hashed_key);
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -			key_larger_block_size = 1;
> -#endif
>  		}
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA224:
> @@ -319,18 +251,12 @@
> aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA256_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_256;
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->sha256_one_block;
> -#endif
>  		if (xform->auth.key.length > get_auth_algo_blocksize(
>  				IMB_AUTH_HMAC_SHA_256)) {
>  			IMB_SHA256(mb_mgr,
>  				xform->auth.key.data,
>  				xform->auth.key.length,
>  				hashed_key);
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -			key_larger_block_size = 1;
> -#endif
>  		}
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA256:
> @@ -339,18 +265,12 @@
> aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA384_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_384;
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->sha384_one_block;
> -#endif
>  		if (xform->auth.key.length > get_auth_algo_blocksize(
>  				IMB_AUTH_HMAC_SHA_384)) {
>  			IMB_SHA384(mb_mgr,
>  				xform->auth.key.data,
>  				xform->auth.key.length,
>  				hashed_key);
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -			key_larger_block_size = 1;
> -#endif
>  		}
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA384:
> @@ -359,18 +279,12 @@
> aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA512_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_512;
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->sha512_one_block;
> -#endif
>  		if (xform->auth.key.length > get_auth_algo_blocksize(
>  				IMB_AUTH_HMAC_SHA_512)) {
>  			IMB_SHA512(mb_mgr,
>  				xform->auth.key.data,
>  				xform->auth.key.length,
>  				hashed_key);
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -			key_larger_block_size = 1;
> -#endif
>  		}
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA512:
> @@ -412,25 +326,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR
> *mb_mgr,
>  		return 0;
> 
>  	/* Calculate Authentication precomputes */ -#if IMB_VERSION(1, 3,
> 0) < IMB_VERSION_NUM
> -		imb_hmac_ipad_opad(mb_mgr, sess-
> >template_job.hash_alg,
> -					xform->auth.key.data, xform-
> >auth.key.length,
> -					sess->auth.pads.inner, sess-
> >auth.pads.outer);
> -#else
> -	if (key_larger_block_size) {
> -		calculate_auth_precomputes(hash_oneblock_fn,
> -			sess->auth.pads.inner, sess->auth.pads.outer,
> -			hashed_key,
> -			xform->auth.key.length,
> -			get_auth_algo_blocksize(sess-
> >template_job.hash_alg));
> -	} else {
> -		calculate_auth_precomputes(hash_oneblock_fn,
> -			sess->auth.pads.inner, sess->auth.pads.outer,
> -			xform->auth.key.data,
> -			xform->auth.key.length,
> -			get_auth_algo_blocksize(sess-
> >template_job.hash_alg));
> -	}
> -#endif
> +	imb_hmac_ipad_opad(mb_mgr, sess->template_job.hash_alg,
> +				xform->auth.key.data, xform-
> >auth.key.length,
> +				sess->auth.pads.inner, sess-
> >auth.pads.outer);
>  	sess->template_job.u.HMAC._hashed_auth_key_xor_ipad =
>  		sess->auth.pads.inner;
>  	sess->template_job.u.HMAC._hashed_auth_key_xor_opad = @@ -
> 915,11 +813,9 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
>  		}
>  	}
> 
> -#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
>  	sess->session_id = imb_set_session(mb_mgr, &sess->template_job);
>  	sess->pid = getpid();
>  	RTE_PER_LCORE(pid) = sess->pid;
> -#endif
> 
>  	return 0;
>  }
> @@ -1052,9 +948,7 @@ aesni_mb_set_docsis_sec_session_parameters(
>  		goto error_exit;
>  	}
> 
> -#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
>  	ipsec_sess->session_id = imb_set_session(mb_mgr, &ipsec_sess-
> >template_job); -#endif
> 
>  error_exit:
>  	free_mb_mgr(mb_mgr);
> @@ -1309,7 +1203,6 @@ imb_lib_support_sgl_algo(IMB_CIPHER_MODE alg)
>  	return 0;
>  }
> 
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM  static inline int
> single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
>  		int oop, uint32_t offset, struct rte_mbuf *m_src, @@ -1394,7
> +1287,6 @@ single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
>  	job->sgl_io_segs = sgl_segs;
>  	return 0;
>  }
> -#endif
> 
>  static inline int
>  multi_sgl_job(IMB_JOB *job, struct rte_crypto_op *op, @@ -1464,9 +1356,7
> @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,
>  		job->msg_len_to_hash_in_bytes = 0;
>  		job->msg_len_to_cipher_in_bytes = 0;
>  		job->cipher_start_src_offset_in_bytes = 0; -#if
> IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
>  		imb_set_session(mb_mgr, job);
> -#endif
>  	} else {
>  		job->hash_start_src_offset_in_bytes =
>  				op->sym->aead.data.offset;
> @@ -1494,13 +1384,11 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB
> *job, const uint8_t sgl,
>  		job->src = NULL;
>  		job->dst = NULL;
> 
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>  		if (m_src->nb_segs <= MAX_NUM_SEGS)
>  			return single_sgl_job(job, op, oop,
>  					m_offset, m_src, m_dst,
>  					qp_data->sgl_segs);
>  		else
> -#endif
>  			return multi_sgl_job(job, op, oop,
>  					m_offset, m_src, m_dst, mb_mgr);
>  	} else {
> @@ -1590,10 +1478,6 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  	uint8_t sgl = 0;
>  	uint8_t lb_sgl = 0;
> 
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -	(void) pid;
> -#endif
> -
>  	session = ipsec_mb_get_session_private(qp, op);
>  	if (session == NULL) {
>  		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
> @@ -1603,12 +1487,10 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  	const IMB_CIPHER_MODE cipher_mode =
>  			session->template_job.cipher_mode;
> 
> -#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
>  	if (session->pid != pid) {
>  		memcpy(job, &session->template_job, sizeof(IMB_JOB));
>  		imb_set_session(mb_mgr, job);
>  	} else if (job->session_id != session->session_id) -#endif
>  		memcpy(job, &session->template_job, sizeof(IMB_JOB));
> 
>  	if (!op->sym->m_dst) {
> @@ -1649,9 +1531,7 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  			job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
>  			job->cipher_mode = IMB_CIPHER_GCM_SGL;
>  			job->hash_alg = IMB_AUTH_GCM_SGL;
> -#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
>  			imb_set_session(mb_mgr, job);
> -#endif
>  		}
>  		break;
>  	case IMB_AUTH_AES_GMAC_128:
> @@ -1676,9 +1556,7 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  			job->u.CHACHA20_POLY1305.ctx = &qp_data-
> >chacha_sgl_ctx;
>  			job->cipher_mode =
> IMB_CIPHER_CHACHA20_POLY1305_SGL;
>  			job->hash_alg =
> IMB_AUTH_CHACHA20_POLY1305_SGL; -#if IMB_VERSION(1, 3, 0) <
> IMB_VERSION_NUM
>  			imb_set_session(mb_mgr, job);
> -#endif
>  		}
>  		break;
>  	default:
> @@ -1874,13 +1752,11 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  		if (lb_sgl)
>  			return handle_sgl_linear(job, op, m_offset, session);
> 
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>  		if (m_src->nb_segs <= MAX_NUM_SEGS)
>  			return single_sgl_job(job, op, oop,
>  					m_offset, m_src, m_dst,
>  					qp_data->sgl_segs);
>  		else
> -#endif
>  			return multi_sgl_job(job, op, oop,
>  					m_offset, m_src, m_dst, mb_mgr);
>  	}
> @@ -2200,7 +2076,6 @@ set_job_null_op(IMB_JOB *job, struct
> rte_crypto_op *op)
>  	return job;
>  }
> 
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM  uint16_t
> aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
>  		uint16_t nb_ops)
> @@ -2333,144 +2208,7 @@ aesni_mb_dequeue_burst(void *queue_pair,
> struct rte_crypto_op **ops,
> 
>  	return processed_jobs;
>  }
> -#else
> -
> -/**
> - * Process a completed IMB_JOB job and keep processing jobs until
> - * get_completed_job return NULL
> - *
> - * @param qp		Queue Pair to process
> - * @param mb_mgr	IMB_MGR to use
> - * @param job		IMB_JOB job
> - * @param ops		crypto ops to fill
> - * @param nb_ops	number of crypto ops
> - *
> - * @return
> - * - Number of processed jobs
> - */
> -static unsigned
> -handle_completed_jobs(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
> -		IMB_JOB *job, struct rte_crypto_op **ops,
> -		uint16_t nb_ops)
> -{
> -	struct rte_crypto_op *op = NULL;
> -	uint16_t processed_jobs = 0;
> -
> -	while (job != NULL) {
> -		op = post_process_mb_job(qp, job);
> -
> -		if (op) {
> -			ops[processed_jobs++] = op;
> -			qp->stats.dequeued_count++;
> -		} else {
> -			qp->stats.dequeue_err_count++;
> -			break;
> -		}
> -		if (processed_jobs == nb_ops)
> -			break;
> -
> -		job = IMB_GET_COMPLETED_JOB(mb_mgr);
> -	}
> -
> -	return processed_jobs;
> -}
> -
> -static inline uint16_t
> -flush_mb_mgr(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
> -		struct rte_crypto_op **ops, uint16_t nb_ops)
> -{
> -	int processed_ops = 0;
> -
> -	/* Flush the remaining jobs */
> -	IMB_JOB *job = IMB_FLUSH_JOB(mb_mgr);
> -
> -	if (job)
> -		processed_ops += handle_completed_jobs(qp, mb_mgr, job,
> -				&ops[processed_ops], nb_ops -
> processed_ops);
> -
> -	return processed_ops;
> -}
> -
> -uint16_t
> -aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
> -		uint16_t nb_ops)
> -{
> -	struct ipsec_mb_qp *qp = queue_pair;
> -	IMB_MGR *mb_mgr = qp->mb_mgr;
> -	struct rte_crypto_op *op;
> -	IMB_JOB *job;
> -	int retval, processed_jobs = 0;
> -	pid_t pid = 0;
> -
> -	if (unlikely(nb_ops == 0 || mb_mgr == NULL))
> -		return 0;
> -
> -	uint8_t digest_idx = qp->digest_idx;
> 
> -	do {
> -		/* Get next free mb job struct from mb manager */
> -		job = IMB_GET_NEXT_JOB(mb_mgr);
> -		if (unlikely(job == NULL)) {
> -			/* if no free mb job structs we need to flush mb_mgr
> */
> -			processed_jobs += flush_mb_mgr(qp, mb_mgr,
> -					&ops[processed_jobs],
> -					nb_ops - processed_jobs);
> -
> -			if (nb_ops == processed_jobs)
> -				break;
> -
> -			job = IMB_GET_NEXT_JOB(mb_mgr);
> -		}
> -
> -		/*
> -		 * Get next operation to process from ingress queue.
> -		 * There is no need to return the job to the IMB_MGR
> -		 * if there are no more operations to process, since the
> IMB_MGR
> -		 * can use that pointer again in next get_next calls.
> -		 */
> -		retval = rte_ring_dequeue(qp->ingress_queue, (void **)&op);
> -		if (retval < 0)
> -			break;
> -
> -		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
> -			retval = set_sec_mb_job_params(job, qp, op,
> -						&digest_idx);
> -		else
> -			retval = set_mb_job_params(job, qp, op,
> -				&digest_idx, mb_mgr, pid);
> -
> -		if (unlikely(retval != 0)) {
> -			qp->stats.dequeue_err_count++;
> -			set_job_null_op(job, op);
> -		}
> -
> -		/* Submit job to multi-buffer for processing */
> -#ifdef RTE_LIBRTE_PMD_AESNI_MB_DEBUG
> -		job = IMB_SUBMIT_JOB(mb_mgr);
> -#else
> -		job = IMB_SUBMIT_JOB_NOCHECK(mb_mgr);
> -#endif
> -		/*
> -		 * If submit returns a processed job then handle it,
> -		 * before submitting subsequent jobs
> -		 */
> -		if (job)
> -			processed_jobs += handle_completed_jobs(qp,
> mb_mgr,
> -					job, &ops[processed_jobs],
> -					nb_ops - processed_jobs);
> -
> -	} while (processed_jobs < nb_ops);
> -
> -	qp->digest_idx = digest_idx;
> -
> -	if (processed_jobs < 1)
> -		processed_jobs += flush_mb_mgr(qp, mb_mgr,
> -				&ops[processed_jobs],
> -				nb_ops - processed_jobs);
> -
> -	return processed_jobs;
> -}
> -#endif
>  static inline int
>  check_crypto_sgl(union rte_crypto_sym_ofs so, const struct rte_crypto_sgl
> *sgl)  { diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> index 6120a2f62d..468a1f35eb 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> @@ -17,9 +17,7 @@
>  #define HMAC_IPAD_VALUE			(0x36)
>  #define HMAC_OPAD_VALUE			(0x5C)
> 
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM  #define MAX_NUM_SEGS
> 16 -#endif
> 
>  int
>  aesni_mb_session_configure(IMB_MGR * m __rte_unused, void *priv_sess,
> @@ -580,13 +578,8 @@ static const struct rte_cryptodev_capabilities
> aesni_mb_capabilities[] = {
>  				},
>  				.digest_size = {
>  					.min = 4,
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>  					.max = 16,
>  					.increment = 4
> -#else
> -					.max = 4,
> -					.increment = 0
> -#endif
>  				},
>  				.iv_size = {
>  					.min = 16,
> @@ -843,9 +836,7 @@ struct aesni_mb_qp_data {
>  	 * by the driver when verifying a digest provided
>  	 * by the user (using authentication verify operation)
>  	 */
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>  	struct IMB_SGL_IOV sgl_segs[MAX_NUM_SEGS]; -#endif
>  	union {
>  		struct gcm_context_data gcm_sgl_ctx;
>  		struct chacha20_poly1305_context_data chacha_sgl_ctx;
> --
> 2.25.1


^ permalink raw reply	[flat|nested] 9+ messages in thread

* RE: [PATCH v3] crypto/ipsec_mb: bump minimum IPsec MB version
  2024-10-10 10:13 ` [PATCH v3] " Brian Dooley
  2024-10-18 12:54   ` Dooley, Brian
@ 2024-10-30 16:53   ` Wathsala Wathawana Vithanage
  1 sibling, 0 replies; 9+ messages in thread
From: Wathsala Wathawana Vithanage @ 2024-10-30 16:53 UTC (permalink / raw)
  To: Brian Dooley, Kai Ji, Pablo de Lara; +Cc: dev, gakhil, nd


> Subject: [PATCH v3] crypto/ipsec_mb: bump minimum IPsec MB version
> 
> AESNI_MB SW PMDs increment Intel IPsec MB version to 1.4.
> A minimum IPsec Multi-buffer version of 1.4 or greater is now required for the
> 24.11 LTS release.
> 
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> Acked-by: Kai Ji <kai.ji@intel.com>
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

Acked-by: Wathsala Vithanage <wathsala.vithanage@arm.com>

> ---
> This patch relates to a deprecation notice sent in the 24.03 release.
> Intel IPsec MB minimum version being bumped to 1.4 for the 24.11 release.
> https://patches.dpdk.org/project/dpdk/patch/20240314103731.3242086-
> 2-brian.dooley@intel.com/
> 
> v2:
> 	Added release note
> 	Remove more IMB_VERSION checks
> v3:
> 	Remove deprecation notice
> ---
>  doc/guides/cryptodevs/aesni_gcm.rst         |   3 +-
>  doc/guides/cryptodevs/aesni_mb.rst          |   3 +-
>  doc/guides/cryptodevs/chacha20_poly1305.rst |   3 +-
>  doc/guides/cryptodevs/kasumi.rst            |   3 +-
>  doc/guides/cryptodevs/snow3g.rst            |   3 +-
>  doc/guides/cryptodevs/zuc.rst               |   3 +-
>  doc/guides/rel_notes/deprecation.rst        |   5 -
>  doc/guides/rel_notes/release_24_11.rst      |   3 +
>  drivers/crypto/ipsec_mb/ipsec_mb_ops.c      |  24 --
>  drivers/crypto/ipsec_mb/meson.build         |   2 +-
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 268 +-------------------
>  drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h |   9 -
>  12 files changed, 19 insertions(+), 310 deletions(-)
> 
> diff --git a/doc/guides/cryptodevs/aesni_gcm.rst
> b/doc/guides/cryptodevs/aesni_gcm.rst
> index 3af1486553..7592d33da2 100644
> --- a/doc/guides/cryptodevs/aesni_gcm.rst
> +++ b/doc/guides/cryptodevs/aesni_gcm.rst
> @@ -74,7 +74,8 @@ and the external crypto libraries supported by them:
>     DPDK version   Crypto library version
>     =============  ================================
>     20.11 - 21.08  Multi-buffer library 0.53 - 1.3
> -   21.11+         Multi-buffer library 1.0  - 1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+         Multi-buffer library 1.4  - 1.5
>     =============  ================================
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/aesni_mb.rst
> b/doc/guides/cryptodevs/aesni_mb.rst
> index ca930be1bd..16d82147b2 100644
> --- a/doc/guides/cryptodevs/aesni_mb.rst
> +++ b/doc/guides/cryptodevs/aesni_mb.rst
> @@ -137,7 +137,8 @@ and the Multi-Buffer library version supported by
> them:
>     DPDK version    Multi-buffer library version
>     ==============  ============================
>     20.11 - 21.08   0.53 - 1.3
> -   21.11+          1.0  - 1.5
> +   21.11 - 24.07   1.0  - 1.5
> +   24.11+          1.4  - 1.5
>     ==============  ============================
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/chacha20_poly1305.rst
> b/doc/guides/cryptodevs/chacha20_poly1305.rst
> index 44cff85918..b5a980b247 100644
> --- a/doc/guides/cryptodevs/chacha20_poly1305.rst
> +++ b/doc/guides/cryptodevs/chacha20_poly1305.rst
> @@ -66,7 +66,8 @@ and the external crypto libraries supported by them:
>     =============  ================================
>     DPDK version   Crypto library version
>     =============  ================================
> -   21.11+         Multi-buffer library 1.0-1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+         Multi-buffer library 1.4  - 1.5
>     =============  ================================
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/kasumi.rst
> b/doc/guides/cryptodevs/kasumi.rst
> index 4070f025e1..b57f18b56f 100644
> --- a/doc/guides/cryptodevs/kasumi.rst
> +++ b/doc/guides/cryptodevs/kasumi.rst
> @@ -80,7 +80,8 @@ and the external crypto libraries supported by them:
>     DPDK version   Crypto library version
>     =============  ================================
>     20.02 - 21.08  Multi-buffer library 0.53 - 1.3
> -   21.11+         Multi-buffer library 1.0  - 1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+         Multi-buffer library 1.4  - 1.5
>     =============  ================================
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/snow3g.rst
> b/doc/guides/cryptodevs/snow3g.rst
> index 6eb8229fb5..fb4e0448ac 100644
> --- a/doc/guides/cryptodevs/snow3g.rst
> +++ b/doc/guides/cryptodevs/snow3g.rst
> @@ -89,7 +89,8 @@ and the external crypto libraries supported by them:
>     DPDK version   Crypto library version
>     =============  ================================
>     20.02 - 21.08  Multi-buffer library 0.53 - 1.3
> -   21.11+         Multi-buffer library 1.0  - 1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+         Multi-buffer library 1.4  - 1.5
>     =============  ================================
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
> index 29fe6279aa..4615562246 100644
> --- a/doc/guides/cryptodevs/zuc.rst
> +++ b/doc/guides/cryptodevs/zuc.rst
> @@ -88,7 +88,8 @@ and the external crypto libraries supported by them:
>     DPDK version   Crypto library version
>     =============  ================================
>     20.02 - 21.08  Multi-buffer library 0.53 - 1.3
> -   21.11+         Multi-buffer library 1.0  - 1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+         Multi-buffer library 1.4  - 1.5
>     =============  ================================
> 
>  Initialization
> diff --git a/doc/guides/rel_notes/deprecation.rst
> b/doc/guides/rel_notes/deprecation.rst
> index 1535ea7abf..dd920bc3d7 100644
> --- a/doc/guides/rel_notes/deprecation.rst
> +++ b/doc/guides/rel_notes/deprecation.rst
> @@ -169,11 +169,6 @@ Deprecation Notices
>  * fib: A new flag field will be introduced in ``rte_fib_conf`` structure
>    in DPDK 24.11. This field will be used to pass extra configuration settings.
> 
> -* cryptodev: The Intel IPsec Multi-Buffer version will be bumped
> -  to a minimum version of v1.4.
> -  This will effect the KASUMI, SNOW3G, ZUC, AESNI GCM, AESNI MB and
> CHACHAPOLY
> -  SW PMDs.
> -
>  * eventdev: The single-event (non-burst) enqueue and dequeue operations,
>    used by static inline burst enqueue and dequeue functions in
> ``rte_eventdev.h``,
>    will be removed in DPDK 23.11.
> diff --git a/doc/guides/rel_notes/release_24_11.rst
> b/doc/guides/rel_notes/release_24_11.rst
> index 6a8ffe6f19..4430cf5b3a 100644
> --- a/doc/guides/rel_notes/release_24_11.rst
> +++ b/doc/guides/rel_notes/release_24_11.rst
> @@ -82,6 +82,9 @@ New Features
>    * Added support for SM3 algorithm.
>    * Added support for SM3 HMAC algorithm.
>    * Added support for SM4 CBC, SM4 ECB and SM4 CTR algorithms.
> +  * In 24.11 LTS release the Intel IPsec Multi-buffer version is bumped to a
> +    minimum version of v1.4. This will effect the KASUMI, SNOW3G, ZUC,
> +    AESNI GCM, AESNI MB and CHACHAPOLY SW PMDs.
> 
>  * **Updated openssl crypto driver.**
> 
> diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
> b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
> index ba899604d2..910efb1a97 100644
> --- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
> +++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
> @@ -11,8 +11,6 @@
> 
>  #include "ipsec_mb_private.h"
> 
> -#define IMB_MP_REQ_VER_STR "1.1.0"
> -
>  /** Configure device */
>  int
>  ipsec_mb_config(__rte_unused struct rte_cryptodev *dev, @@ -147,15
> +145,10 @@ ipsec_mb_qp_release(struct rte_cryptodev *dev, uint16_t
> qp_id)
>  	if (rte_eal_process_type() == RTE_PROC_PRIMARY) {
>  		rte_ring_free(rte_ring_lookup(qp->name));
> 
> -#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
> -		if (qp->mb_mgr)
> -			free_mb_mgr(qp->mb_mgr);
> -#else
>  		if (qp->mb_mgr_mz) {
>  			rte_memzone_free(qp->mb_mgr_mz);
>  			qp->mb_mgr = NULL;
>  		}
> -#endif
>  		rte_free(qp);
>  		dev->data->queue_pairs[qp_id] = NULL;
>  	} else { /* secondary process */
> @@ -211,7 +204,6 @@ static struct rte_ring
>  			       RING_F_SP_ENQ | RING_F_SC_DEQ);  }
> 
> -#if IMB_VERSION(1, 1, 0) <= IMB_VERSION_NUM  static IMB_MGR *
> ipsec_mb_alloc_mgr_from_memzone(const struct rte_memzone
> **mb_mgr_mz,
>  		const char *mb_mgr_mz_name)
> @@ -244,7 +236,6 @@ ipsec_mb_alloc_mgr_from_memzone(const struct
> rte_memzone **mb_mgr_mz,
>  	}
>  	return mb_mgr;
>  }
> -#endif
> 
>  /** Setup a queue pair */
>  int
> @@ -260,12 +251,6 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev,
> uint16_t qp_id,
>  	int ret;
> 
>  	if (rte_eal_process_type() == RTE_PROC_SECONDARY) { -#if
> IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
> -		IPSEC_MB_LOG(ERR, "The intel-ipsec-mb version (%s) does
> not support multiprocess,"
> -				"the minimum version required for this
> feature is %s.",
> -				IMB_VERSION_STR, IMB_MP_REQ_VER_STR);
> -		return -EINVAL;
> -#endif
>  		qp = dev->data->queue_pairs[qp_id];
>  		if (qp == NULL) {
>  			IPSEC_MB_LOG(DEBUG, "Secondary process setting
> up device qp."); @@ -285,15 +270,11 @@ ipsec_mb_qp_setup(struct
> rte_cryptodev *dev, uint16_t qp_id,
>  			return -ENOMEM;
>  	}
> 
> -#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
> -	qp->mb_mgr = alloc_init_mb_mgr();
> -#else
>  	char mz_name[IPSEC_MB_MAX_MZ_NAME];
>  	snprintf(mz_name, sizeof(mz_name), "IMB_MGR_DEV_%d_QP_%d",
>  			dev->data->dev_id, qp_id);
>  	qp->mb_mgr = ipsec_mb_alloc_mgr_from_memzone(&(qp-
> >mb_mgr_mz),
>  			mz_name);
> -#endif
>  	if (qp->mb_mgr == NULL) {
>  		ret = -ENOMEM;
>  		goto qp_setup_cleanup;
> @@ -330,14 +311,9 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev,
> uint16_t qp_id,
>  	return 0;
> 
>  qp_setup_cleanup:
> -#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
> -	if (qp->mb_mgr)
> -		free_mb_mgr(qp->mb_mgr);
> -#else
>  	if (rte_eal_process_type() == RTE_PROC_SECONDARY)
>  		return ret;
>  	rte_memzone_free(qp->mb_mgr_mz);
> -#endif
>  	rte_free(qp);
>  	return ret;
>  }
> diff --git a/drivers/crypto/ipsec_mb/meson.build
> b/drivers/crypto/ipsec_mb/meson.build
> index 87bf965554..0c988d7411 100644
> --- a/drivers/crypto/ipsec_mb/meson.build
> +++ b/drivers/crypto/ipsec_mb/meson.build
> @@ -7,7 +7,7 @@ if is_windows
>      subdir_done()
>  endif
> 
> -IMB_required_ver = '1.0.0'
> +IMB_required_ver = '1.4.0'
>  IMB_header = '#include<intel-ipsec-mb.h>'
>  if arch_subdir == 'arm'
>      IMB_header = '#include<ipsec-mb.h>'
> diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> index a275ff0fe2..05dc1a039f 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> @@ -15,51 +15,6 @@ struct aesni_mb_op_buf_data {
>  	uint32_t offset;
>  };
> 
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -/**
> - * Calculate the authentication pre-computes
> - *
> - * @param one_block_hash	Function pointer
> - *				to calculate digest on ipad/opad
> - * @param ipad			Inner pad output byte array
> - * @param opad			Outer pad output byte array
> - * @param hkey			Authentication key
> - * @param hkey_len		Authentication key length
> - * @param blocksize		Block size of selected hash algo
> - */
> -static void
> -calculate_auth_precomputes(hash_one_block_t one_block_hash,
> -		uint8_t *ipad, uint8_t *opad,
> -		const uint8_t *hkey, uint16_t hkey_len,
> -		uint16_t blocksize)
> -{
> -	uint32_t i, length;
> -
> -	alignas(16) uint8_t ipad_buf[blocksize];
> -	alignas(16) uint8_t opad_buf[blocksize];
> -
> -	/* Setup inner and outer pads */
> -	memset(ipad_buf, HMAC_IPAD_VALUE, blocksize);
> -	memset(opad_buf, HMAC_OPAD_VALUE, blocksize);
> -
> -	/* XOR hash key with inner and outer pads */
> -	length = hkey_len > blocksize ? blocksize : hkey_len;
> -
> -	for (i = 0; i < length; i++) {
> -		ipad_buf[i] ^= hkey[i];
> -		opad_buf[i] ^= hkey[i];
> -	}
> -
> -	/* Compute partial hashes */
> -	(*one_block_hash)(ipad_buf, ipad);
> -	(*one_block_hash)(opad_buf, opad);
> -
> -	/* Clean up stack */
> -	memset(ipad_buf, 0, blocksize);
> -	memset(opad_buf, 0, blocksize);
> -}
> -#endif
> -
>  static inline int
>  is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode)  {
> @@ -74,10 +29,6 @@ aesni_mb_set_session_auth_parameters(IMB_MGR
> *mb_mgr,
>  		struct aesni_mb_session *sess,
>  		const struct rte_crypto_sym_xform *xform)  { -#if
> IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -	hash_one_block_t hash_oneblock_fn = NULL;
> -	unsigned int key_larger_block_size = 0;
> -#endif
>  	uint8_t hashed_key[HMAC_MAX_BLOCK_SIZE] = { 0 };
>  	uint32_t auth_precompute = 1;
> 
> @@ -216,13 +167,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR
> *mb_mgr,
>  			}
>  		} else if (xform->auth.key.length == 32) {
>  			sess->template_job.hash_alg =
> IMB_AUTH_ZUC256_EIA3_BITLEN; -#if IMB_VERSION(1, 2, 0) <
> IMB_VERSION_NUM
>  			if (sess->auth.req_digest_len != 4 &&
>  					sess->auth.req_digest_len != 8 &&
>  					sess->auth.req_digest_len != 16) { -
> #else
> -			if (sess->auth.req_digest_len != 4) {
> -#endif
>  				IPSEC_MB_LOG(ERR, "Invalid digest size");
>  				return -EINVAL;
>  			}
> @@ -273,24 +220,15 @@
> aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
>  	switch (xform->auth.algo) {
>  	case RTE_CRYPTO_AUTH_MD5_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_MD5; -#if
> IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->md5_one_block;
> -#endif
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA1_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_1; -#if
> IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->sha1_one_block;
> -#endif
>  		if (xform->auth.key.length > get_auth_algo_blocksize(
>  				IMB_AUTH_HMAC_SHA_1)) {
>  			IMB_SHA1(mb_mgr,
>  				xform->auth.key.data,
>  				xform->auth.key.length,
>  				hashed_key);
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -			key_larger_block_size = 1;
> -#endif
>  		}
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA1:
> @@ -299,18 +237,12 @@
> aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA224_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_224;
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->sha224_one_block;
> -#endif
>  		if (xform->auth.key.length > get_auth_algo_blocksize(
>  				IMB_AUTH_HMAC_SHA_224)) {
>  			IMB_SHA224(mb_mgr,
>  				xform->auth.key.data,
>  				xform->auth.key.length,
>  				hashed_key);
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -			key_larger_block_size = 1;
> -#endif
>  		}
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA224:
> @@ -319,18 +251,12 @@
> aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA256_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_256;
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->sha256_one_block;
> -#endif
>  		if (xform->auth.key.length > get_auth_algo_blocksize(
>  				IMB_AUTH_HMAC_SHA_256)) {
>  			IMB_SHA256(mb_mgr,
>  				xform->auth.key.data,
>  				xform->auth.key.length,
>  				hashed_key);
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -			key_larger_block_size = 1;
> -#endif
>  		}
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA256:
> @@ -339,18 +265,12 @@
> aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA384_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_384;
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->sha384_one_block;
> -#endif
>  		if (xform->auth.key.length > get_auth_algo_blocksize(
>  				IMB_AUTH_HMAC_SHA_384)) {
>  			IMB_SHA384(mb_mgr,
>  				xform->auth.key.data,
>  				xform->auth.key.length,
>  				hashed_key);
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -			key_larger_block_size = 1;
> -#endif
>  		}
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA384:
> @@ -359,18 +279,12 @@
> aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA512_HMAC:
>  		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_512;
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -		hash_oneblock_fn = mb_mgr->sha512_one_block;
> -#endif
>  		if (xform->auth.key.length > get_auth_algo_blocksize(
>  				IMB_AUTH_HMAC_SHA_512)) {
>  			IMB_SHA512(mb_mgr,
>  				xform->auth.key.data,
>  				xform->auth.key.length,
>  				hashed_key);
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -			key_larger_block_size = 1;
> -#endif
>  		}
>  		break;
>  	case RTE_CRYPTO_AUTH_SHA512:
> @@ -412,25 +326,9 @@ aesni_mb_set_session_auth_parameters(IMB_MGR
> *mb_mgr,
>  		return 0;
> 
>  	/* Calculate Authentication precomputes */ -#if IMB_VERSION(1, 3,
> 0) < IMB_VERSION_NUM
> -		imb_hmac_ipad_opad(mb_mgr, sess-
> >template_job.hash_alg,
> -					xform->auth.key.data, xform-
> >auth.key.length,
> -					sess->auth.pads.inner, sess-
> >auth.pads.outer);
> -#else
> -	if (key_larger_block_size) {
> -		calculate_auth_precomputes(hash_oneblock_fn,
> -			sess->auth.pads.inner, sess->auth.pads.outer,
> -			hashed_key,
> -			xform->auth.key.length,
> -			get_auth_algo_blocksize(sess-
> >template_job.hash_alg));
> -	} else {
> -		calculate_auth_precomputes(hash_oneblock_fn,
> -			sess->auth.pads.inner, sess->auth.pads.outer,
> -			xform->auth.key.data,
> -			xform->auth.key.length,
> -			get_auth_algo_blocksize(sess-
> >template_job.hash_alg));
> -	}
> -#endif
> +	imb_hmac_ipad_opad(mb_mgr, sess->template_job.hash_alg,
> +				xform->auth.key.data, xform-
> >auth.key.length,
> +				sess->auth.pads.inner, sess-
> >auth.pads.outer);
>  	sess->template_job.u.HMAC._hashed_auth_key_xor_ipad =
>  		sess->auth.pads.inner;
>  	sess->template_job.u.HMAC._hashed_auth_key_xor_opad = @@ -
> 915,11 +813,9 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
>  		}
>  	}
> 
> -#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
>  	sess->session_id = imb_set_session(mb_mgr, &sess->template_job);
>  	sess->pid = getpid();
>  	RTE_PER_LCORE(pid) = sess->pid;
> -#endif
> 
>  	return 0;
>  }
> @@ -1052,9 +948,7 @@ aesni_mb_set_docsis_sec_session_parameters(
>  		goto error_exit;
>  	}
> 
> -#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
>  	ipsec_sess->session_id = imb_set_session(mb_mgr, &ipsec_sess-
> >template_job); -#endif
> 
>  error_exit:
>  	free_mb_mgr(mb_mgr);
> @@ -1309,7 +1203,6 @@ imb_lib_support_sgl_algo(IMB_CIPHER_MODE alg)
>  	return 0;
>  }
> 
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM  static inline int
> single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
>  		int oop, uint32_t offset, struct rte_mbuf *m_src, @@ -1394,7
> +1287,6 @@ single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
>  	job->sgl_io_segs = sgl_segs;
>  	return 0;
>  }
> -#endif
> 
>  static inline int
>  multi_sgl_job(IMB_JOB *job, struct rte_crypto_op *op, @@ -1464,9 +1356,7
> @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,
>  		job->msg_len_to_hash_in_bytes = 0;
>  		job->msg_len_to_cipher_in_bytes = 0;
>  		job->cipher_start_src_offset_in_bytes = 0; -#if
> IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
>  		imb_set_session(mb_mgr, job);
> -#endif
>  	} else {
>  		job->hash_start_src_offset_in_bytes =
>  				op->sym->aead.data.offset;
> @@ -1494,13 +1384,11 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB
> *job, const uint8_t sgl,
>  		job->src = NULL;
>  		job->dst = NULL;
> 
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>  		if (m_src->nb_segs <= MAX_NUM_SEGS)
>  			return single_sgl_job(job, op, oop,
>  					m_offset, m_src, m_dst,
>  					qp_data->sgl_segs);
>  		else
> -#endif
>  			return multi_sgl_job(job, op, oop,
>  					m_offset, m_src, m_dst, mb_mgr);
>  	} else {
> @@ -1590,10 +1478,6 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  	uint8_t sgl = 0;
>  	uint8_t lb_sgl = 0;
> 
> -#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
> -	(void) pid;
> -#endif
> -
>  	session = ipsec_mb_get_session_private(qp, op);
>  	if (session == NULL) {
>  		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
> @@ -1603,12 +1487,10 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  	const IMB_CIPHER_MODE cipher_mode =
>  			session->template_job.cipher_mode;
> 
> -#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
>  	if (session->pid != pid) {
>  		memcpy(job, &session->template_job, sizeof(IMB_JOB));
>  		imb_set_session(mb_mgr, job);
>  	} else if (job->session_id != session->session_id) -#endif
>  		memcpy(job, &session->template_job, sizeof(IMB_JOB));
> 
>  	if (!op->sym->m_dst) {
> @@ -1649,9 +1531,7 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  			job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
>  			job->cipher_mode = IMB_CIPHER_GCM_SGL;
>  			job->hash_alg = IMB_AUTH_GCM_SGL;
> -#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
>  			imb_set_session(mb_mgr, job);
> -#endif
>  		}
>  		break;
>  	case IMB_AUTH_AES_GMAC_128:
> @@ -1676,9 +1556,7 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  			job->u.CHACHA20_POLY1305.ctx = &qp_data-
> >chacha_sgl_ctx;
>  			job->cipher_mode =
> IMB_CIPHER_CHACHA20_POLY1305_SGL;
>  			job->hash_alg =
> IMB_AUTH_CHACHA20_POLY1305_SGL; -#if IMB_VERSION(1, 3, 0) <
> IMB_VERSION_NUM
>  			imb_set_session(mb_mgr, job);
> -#endif
>  		}
>  		break;
>  	default:
> @@ -1874,13 +1752,11 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  		if (lb_sgl)
>  			return handle_sgl_linear(job, op, m_offset, session);
> 
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>  		if (m_src->nb_segs <= MAX_NUM_SEGS)
>  			return single_sgl_job(job, op, oop,
>  					m_offset, m_src, m_dst,
>  					qp_data->sgl_segs);
>  		else
> -#endif
>  			return multi_sgl_job(job, op, oop,
>  					m_offset, m_src, m_dst, mb_mgr);
>  	}
> @@ -2200,7 +2076,6 @@ set_job_null_op(IMB_JOB *job, struct
> rte_crypto_op *op)
>  	return job;
>  }
> 
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM  uint16_t
> aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
>  		uint16_t nb_ops)
> @@ -2333,144 +2208,7 @@ aesni_mb_dequeue_burst(void *queue_pair,
> struct rte_crypto_op **ops,
> 
>  	return processed_jobs;
>  }
> -#else
> -
> -/**
> - * Process a completed IMB_JOB job and keep processing jobs until
> - * get_completed_job return NULL
> - *
> - * @param qp		Queue Pair to process
> - * @param mb_mgr	IMB_MGR to use
> - * @param job		IMB_JOB job
> - * @param ops		crypto ops to fill
> - * @param nb_ops	number of crypto ops
> - *
> - * @return
> - * - Number of processed jobs
> - */
> -static unsigned
> -handle_completed_jobs(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
> -		IMB_JOB *job, struct rte_crypto_op **ops,
> -		uint16_t nb_ops)
> -{
> -	struct rte_crypto_op *op = NULL;
> -	uint16_t processed_jobs = 0;
> -
> -	while (job != NULL) {
> -		op = post_process_mb_job(qp, job);
> -
> -		if (op) {
> -			ops[processed_jobs++] = op;
> -			qp->stats.dequeued_count++;
> -		} else {
> -			qp->stats.dequeue_err_count++;
> -			break;
> -		}
> -		if (processed_jobs == nb_ops)
> -			break;
> -
> -		job = IMB_GET_COMPLETED_JOB(mb_mgr);
> -	}
> -
> -	return processed_jobs;
> -}
> -
> -static inline uint16_t
> -flush_mb_mgr(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
> -		struct rte_crypto_op **ops, uint16_t nb_ops)
> -{
> -	int processed_ops = 0;
> -
> -	/* Flush the remaining jobs */
> -	IMB_JOB *job = IMB_FLUSH_JOB(mb_mgr);
> -
> -	if (job)
> -		processed_ops += handle_completed_jobs(qp, mb_mgr, job,
> -				&ops[processed_ops], nb_ops -
> processed_ops);
> -
> -	return processed_ops;
> -}
> -
> -uint16_t
> -aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
> -		uint16_t nb_ops)
> -{
> -	struct ipsec_mb_qp *qp = queue_pair;
> -	IMB_MGR *mb_mgr = qp->mb_mgr;
> -	struct rte_crypto_op *op;
> -	IMB_JOB *job;
> -	int retval, processed_jobs = 0;
> -	pid_t pid = 0;
> -
> -	if (unlikely(nb_ops == 0 || mb_mgr == NULL))
> -		return 0;
> -
> -	uint8_t digest_idx = qp->digest_idx;
> 
> -	do {
> -		/* Get next free mb job struct from mb manager */
> -		job = IMB_GET_NEXT_JOB(mb_mgr);
> -		if (unlikely(job == NULL)) {
> -			/* if no free mb job structs we need to flush mb_mgr
> */
> -			processed_jobs += flush_mb_mgr(qp, mb_mgr,
> -					&ops[processed_jobs],
> -					nb_ops - processed_jobs);
> -
> -			if (nb_ops == processed_jobs)
> -				break;
> -
> -			job = IMB_GET_NEXT_JOB(mb_mgr);
> -		}
> -
> -		/*
> -		 * Get next operation to process from ingress queue.
> -		 * There is no need to return the job to the IMB_MGR
> -		 * if there are no more operations to process, since the
> IMB_MGR
> -		 * can use that pointer again in next get_next calls.
> -		 */
> -		retval = rte_ring_dequeue(qp->ingress_queue, (void **)&op);
> -		if (retval < 0)
> -			break;
> -
> -		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
> -			retval = set_sec_mb_job_params(job, qp, op,
> -						&digest_idx);
> -		else
> -			retval = set_mb_job_params(job, qp, op,
> -				&digest_idx, mb_mgr, pid);
> -
> -		if (unlikely(retval != 0)) {
> -			qp->stats.dequeue_err_count++;
> -			set_job_null_op(job, op);
> -		}
> -
> -		/* Submit job to multi-buffer for processing */
> -#ifdef RTE_LIBRTE_PMD_AESNI_MB_DEBUG
> -		job = IMB_SUBMIT_JOB(mb_mgr);
> -#else
> -		job = IMB_SUBMIT_JOB_NOCHECK(mb_mgr);
> -#endif
> -		/*
> -		 * If submit returns a processed job then handle it,
> -		 * before submitting subsequent jobs
> -		 */
> -		if (job)
> -			processed_jobs += handle_completed_jobs(qp,
> mb_mgr,
> -					job, &ops[processed_jobs],
> -					nb_ops - processed_jobs);
> -
> -	} while (processed_jobs < nb_ops);
> -
> -	qp->digest_idx = digest_idx;
> -
> -	if (processed_jobs < 1)
> -		processed_jobs += flush_mb_mgr(qp, mb_mgr,
> -				&ops[processed_jobs],
> -				nb_ops - processed_jobs);
> -
> -	return processed_jobs;
> -}
> -#endif
>  static inline int
>  check_crypto_sgl(union rte_crypto_sym_ofs so, const struct rte_crypto_sgl
> *sgl)  { diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> index 6120a2f62d..468a1f35eb 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> @@ -17,9 +17,7 @@
>  #define HMAC_IPAD_VALUE			(0x36)
>  #define HMAC_OPAD_VALUE			(0x5C)
> 
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM  #define MAX_NUM_SEGS
> 16 -#endif
> 
>  int
>  aesni_mb_session_configure(IMB_MGR * m __rte_unused, void *priv_sess,
> @@ -580,13 +578,8 @@ static const struct rte_cryptodev_capabilities
> aesni_mb_capabilities[] = {
>  				},
>  				.digest_size = {
>  					.min = 4,
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>  					.max = 16,
>  					.increment = 4
> -#else
> -					.max = 4,
> -					.increment = 0
> -#endif
>  				},
>  				.iv_size = {
>  					.min = 16,
> @@ -843,9 +836,7 @@ struct aesni_mb_qp_data {
>  	 * by the driver when verifying a digest provided
>  	 * by the user (using authentication verify operation)
>  	 */
> -#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>  	struct IMB_SGL_IOV sgl_segs[MAX_NUM_SEGS]; -#endif
>  	union {
>  		struct gcm_context_data gcm_sgl_ctx;
>  		struct chacha20_poly1305_context_data chacha_sgl_ctx;
> --
> 2.25.1


^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2024-10-30 16:53 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-04 14:58 [PATCH v1] crypto/ipsec_mb: bump minimum IPsec MB version Brian Dooley
2024-10-07 10:09 ` Ji, Kai
2024-10-07 12:49   ` Dooley, Brian
2024-10-07 10:20 ` De Lara Guarch, Pablo
2024-10-07 16:49 ` [PATCH v2] " Brian Dooley
2024-10-09 10:03   ` [EXTERNAL] " Akhil Goyal
2024-10-10 10:13 ` [PATCH v3] " Brian Dooley
2024-10-18 12:54   ` Dooley, Brian
2024-10-30 16:53   ` Wathsala Wathawana Vithanage

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).