From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1BCB9A0518 for ; Fri, 24 Jul 2020 14:07:11 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 127271BFE7; Fri, 24 Jul 2020 14:07:11 +0200 (CEST) Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com [209.85.221.65]) by dpdk.org (Postfix) with ESMTP id 5B5711BFE7 for ; Fri, 24 Jul 2020 14:07:09 +0200 (CEST) Received: by mail-wr1-f65.google.com with SMTP id q5so8085048wru.6 for ; Fri, 24 Jul 2020 05:07:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=q9V+hMM3ytnwPpNLm5fEtpf/Bk+i7Ipt2BOoghQbt7I=; b=R4CW+HD/Gi2jdZo2KrHVJ8fJjo5VPCRIXlGxDbGwUhWvVewBUf0CYzEMp5PYwPov3O hxbh1ZAaud5drdCbMJzsRDFtx13GSpqBDJT9oUBZZRnnIZ8WDQBWv46C5hJEQK6P0Rm9 ErkMOSq1GUuEYaXb+8vTc/Dp2v081A8xoYM2Gs3DbIqdVBVMnh7lt8vMo1UusTMqjdxO peTzJ5Jf6AKPnM2I1UQBkwcdk5G+fS+y7xHjP3x0oCfUGZi/li3WDcPANfJ1OBMA4H0q gXKdHsZg5tVDeCF/Kg4agSCSlPsDsiCb9PYUyUuJIfgGlw9W6IR863mk1VRED1mMAzzF LVqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=q9V+hMM3ytnwPpNLm5fEtpf/Bk+i7Ipt2BOoghQbt7I=; b=WYCaL97AwDElhVjySCuGKkYCPsC1O7Z1hh/DPgvCf3nQty1G4Qyp5Vfg6pKUi4DIHP D+4Z8ifYwIjqKQmGxxg/ukjbjd+FnuynF9hoobSUGEY9cE/4wU7NBjLIXSKguxxb1wUp jiJMf/GlYV/JQQGAtcwP7fNg8zG+ivKeugE6swOdVahmaI17DHvArRJHH7W02TDQOiO4 URXbD3fRUHqJBGXkWl6pI4WqCQiqTBtMhdx/tpWMsVIrYrp5Cb0Ob8ZL1dfm1UAa6wJC MrokND1IMG6EdtywWOo7DrvWpCc/+PmaAwvD87sWKPYYR2CsljkHXTkebZDwgbscjg0f zw8Q== X-Gm-Message-State: AOAM5326LBZgptIc2/0dx3eGPli0oe/GRQ4eY5bQApeGImY2YP5TsB6w S+nLX4abT9Ann6xKpOB7XH4= X-Google-Smtp-Source: ABdhPJwNuT8Dldq7P6J3TcQCYpb8UUPJu60r9hgY2So2ACCy3s3ZPAF7v4yafW7e/IEfMCxxm4i+yw== X-Received: by 2002:a5d:4a0d:: with SMTP id m13mr8932976wrq.12.1595592429094; Fri, 24 Jul 2020 05:07:09 -0700 (PDT) Received: from localhost ([2a01:4b00:f419:6f00:7a8e:ed70:5c52:ea3]) by smtp.gmail.com with ESMTPSA id t7sm7571704wmg.41.2020.07.24.05.07.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Jul 2020 05:07:08 -0700 (PDT) From: luca.boccassi@gmail.com To: Akhil Goyal Cc: Hemant Agrawal , dpdk stable Date: Fri, 24 Jul 2020 12:58:54 +0100 Message-Id: <20200724120030.1863487-96-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200724120030.1863487-1-luca.boccassi@gmail.com> References: <20200724120030.1863487-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'crypto/dpaax_sec: fix 18-bit PDCP cases with HFN override' has been queued to stable release 19.11.4 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to stable release 19.11.4 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 07/26/20. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Thanks. Luca Boccassi --- >From a0ba121fcbf194c0a17c8db2508b75677dc3f769 Mon Sep 17 00:00:00 2001 From: Akhil Goyal Date: Mon, 1 Jun 2020 22:47:45 +0530 Subject: [PATCH] crypto/dpaax_sec: fix 18-bit PDCP cases with HFN override [ upstream commit f6ab96f13d7a23b39fb5135b64ed8e99c425c7a9 ] In case of RTA_SEC_ERA = 8, where the length of shared desc is large for some of PDCP cases, the descriptor buffer cannot hold 2 extra words when HFN override is enabled. As a result, the descriptor fails. This patch converts one of the keys from immediate key to reference key hence reducing the length of the descriptor. Fixes: 2e4cbdb4b2c2 ("crypto/dpaax_sec: support PDCP U-Plane with integrity") Signed-off-by: Akhil Goyal Acked-by: Hemant Agrawal --- drivers/common/dpaax/caamflib/desc/pdcp.h | 44 +++++++++++++++++++++ drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 8 ++++ drivers/crypto/dpaa_sec/dpaa_sec.c | 33 +++------------- 3 files changed, 58 insertions(+), 27 deletions(-) diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h index b5e2d24e4..99eb0f71a 100644 --- a/drivers/common/dpaax/caamflib/desc/pdcp.h +++ b/drivers/common/dpaax/caamflib/desc/pdcp.h @@ -262,6 +262,50 @@ enum pdb_type_e { PDCP_PDB_TYPE_INVALID }; +/** + * rta_inline_pdcp_query() - Provide indications if a key can be passed as + * immediate data or shall be referenced in a + * shared descriptor. + * Return: 0 if data can be inlined or 1 if referenced. + */ +static inline int +rta_inline_pdcp_query(enum auth_type_pdcp auth_alg, + enum cipher_type_pdcp cipher_alg, + enum pdcp_sn_size sn_size, + int8_t hfn_ovd) +{ + /** + * Shared Descriptors for some of the cases does not fit in the + * MAX_DESC_SIZE of the descriptor especially when non-protocol + * descriptors are formed as in 18bit cases and when HFN override + * is enabled as 2 extra words are added in the job descriptor. + * The cases which exceed are for RTA_SEC_ERA=8 and HFN override + * enabled and 18bit uplane and either of following Algo combinations. + * - SNOW-AES + * - AES-SNOW + * - SNOW-SNOW + * - ZUC-SNOW + * + * We cannot make inline for all cases, as this will impact performance + * due to extra memory accesses for the keys. + */ + if ((rta_sec_era == RTA_SEC_ERA_8) && hfn_ovd && + (sn_size == PDCP_SN_SIZE_18) && + ((cipher_alg == PDCP_CIPHER_TYPE_SNOW && + auth_alg == PDCP_AUTH_TYPE_AES) || + (cipher_alg == PDCP_CIPHER_TYPE_AES && + auth_alg == PDCP_AUTH_TYPE_SNOW) || + (cipher_alg == PDCP_CIPHER_TYPE_SNOW && + auth_alg == PDCP_AUTH_TYPE_SNOW) || + (cipher_alg == PDCP_CIPHER_TYPE_ZUC && + auth_alg == PDCP_AUTH_TYPE_SNOW))) { + + return 1; + } + + return 0; +} + /* * Function for appending the portion of a PDCP Control Plane shared descriptor * which performs NULL encryption and integrity (i.e. copies the input frame diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c index 6ed2701ab..434310cfd 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c @@ -3145,6 +3145,14 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev, goto out; } + if (rta_inline_pdcp_query(authdata.algtype, + cipherdata.algtype, + session->pdcp.sn_size, + session->pdcp.hfn_ovd)) { + cipherdata.key = DPAA2_VADDR_TO_IOVA(cipherdata.key); + cipherdata.key_type = RTA_DATA_PTR; + } + if (pdcp_xform->domain == RTE_SECURITY_PDCP_MODE_CONTROL) { if (session->dir == DIR_ENC) bufsize = cnstr_shdsc_pdcp_c_plane_encap( diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c index df684d265..4442469e2 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c @@ -237,7 +237,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) struct sec_cdb *cdb = &ses->cdb; struct alginfo *p_authdata = NULL; int32_t shared_desc_len = 0; - int err; #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN int swap = false; #else @@ -251,10 +250,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) cipherdata.algtype = ses->cipher_key.alg; cipherdata.algmode = ses->cipher_key.algmode; - cdb->sh_desc[0] = cipherdata.keylen; - cdb->sh_desc[1] = 0; - cdb->sh_desc[2] = 0; - if (ses->auth_alg) { authdata.key = (size_t)ses->auth_key.data; authdata.keylen = ses->auth_key.length; @@ -264,33 +259,17 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) authdata.algmode = ses->auth_key.algmode; p_authdata = &authdata; - - cdb->sh_desc[1] = authdata.keylen; - } - - err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN, - MIN_JOB_DESC_SIZE, - (unsigned int *)cdb->sh_desc, - &cdb->sh_desc[2], 2); - if (err < 0) { - DPAA_SEC_ERR("Crypto: Incorrect key lengths"); - return err; } - if (!(cdb->sh_desc[2] & 1) && cipherdata.keylen) { + if (rta_inline_pdcp_query(authdata.algtype, + cipherdata.algtype, + ses->pdcp.sn_size, + ses->pdcp.hfn_ovd)) { cipherdata.key = - (size_t)rte_dpaa_mem_vtop((void *)(size_t)cipherdata.key); + (size_t)rte_dpaa_mem_vtop((void *) + (size_t)cipherdata.key); cipherdata.key_type = RTA_DATA_PTR; } - if (!(cdb->sh_desc[2] & (1 << 1)) && authdata.keylen) { - authdata.key = - (size_t)rte_dpaa_mem_vtop((void *)(size_t)authdata.key); - authdata.key_type = RTA_DATA_PTR; - } - - cdb->sh_desc[0] = 0; - cdb->sh_desc[1] = 0; - cdb->sh_desc[2] = 0; if (ses->pdcp.domain == RTE_SECURITY_PDCP_MODE_CONTROL) { if (ses->dir == DIR_ENC) -- 2.20.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2020-07-24 12:53:52.244900566 +0100 +++ 0096-crypto-dpaax_sec-fix-18-bit-PDCP-cases-with-HFN-over.patch 2020-07-24 12:53:48.331007279 +0100 @@ -1,8 +1,10 @@ -From f6ab96f13d7a23b39fb5135b64ed8e99c425c7a9 Mon Sep 17 00:00:00 2001 +From a0ba121fcbf194c0a17c8db2508b75677dc3f769 Mon Sep 17 00:00:00 2001 From: Akhil Goyal Date: Mon, 1 Jun 2020 22:47:45 +0530 Subject: [PATCH] crypto/dpaax_sec: fix 18-bit PDCP cases with HFN override +[ upstream commit f6ab96f13d7a23b39fb5135b64ed8e99c425c7a9 ] + In case of RTA_SEC_ERA = 8, where the length of shared desc is large for some of PDCP cases, the descriptor buffer cannot hold 2 extra words when HFN override is enabled. As a result, @@ -12,7 +14,6 @@ reference key hence reducing the length of the descriptor. Fixes: 2e4cbdb4b2c2 ("crypto/dpaax_sec: support PDCP U-Plane with integrity") -Cc: stable@dpdk.org Signed-off-by: Akhil Goyal Acked-by: Hemant Agrawal @@ -78,10 +79,10 @@ * Function for appending the portion of a PDCP Control Plane shared descriptor * which performs NULL encryption and integrity (i.e. copies the input frame diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c -index 12f833136..60fdced78 100644 +index 6ed2701ab..434310cfd 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c -@@ -3154,6 +3154,14 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev, +@@ -3145,6 +3145,14 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev, goto out; } @@ -97,10 +98,10 @@ if (session->dir == DIR_ENC) bufsize = cnstr_shdsc_pdcp_c_plane_encap( diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c -index d9fa8bb36..01e79c8ea 100644 +index df684d265..4442469e2 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c -@@ -240,7 +240,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) +@@ -237,7 +237,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) struct sec_cdb *cdb = &ses->cdb; struct alginfo *p_authdata = NULL; int32_t shared_desc_len = 0; @@ -108,7 +109,7 @@ #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN int swap = false; #else -@@ -254,10 +253,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) +@@ -251,10 +250,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) cipherdata.algtype = ses->cipher_key.alg; cipherdata.algmode = ses->cipher_key.algmode; @@ -119,7 +120,7 @@ if (ses->auth_alg) { authdata.key = (size_t)ses->auth_key.data; authdata.keylen = ses->auth_key.length; -@@ -267,33 +262,17 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) +@@ -264,33 +259,17 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) authdata.algmode = ses->auth_key.algmode; p_authdata = &authdata;