From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1238F455AD for ; Mon, 15 Jul 2024 17:28:22 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0E5A540A7D; Mon, 15 Jul 2024 17:28:22 +0200 (CEST) Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) by mails.dpdk.org (Postfix) with ESMTP id 593A6402DD for ; Mon, 15 Jul 2024 17:28:20 +0200 (CEST) Received: by mail-wr1-f43.google.com with SMTP id ffacd0b85a97d-3678aa359b7so3329978f8f.1 for ; Mon, 15 Jul 2024 08:28:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721057300; x=1721662100; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0+VaUWdef2zVlDH5J/fTesu/uujHXoxtsg0MXkx05AY=; b=mtKaoRH3U6m8AsZ/ky6XQOwtLva0L053cK7FTF/5Noz9rS4yaUHI9SRteOQke3KsVO fykLPx6YPA2HjBjGPv5JtGAGC+0BCXsG3SEhYgKx6GOecxTUgdvmzXyuVzFYNpuwrAon WkQj4v5T+iBULHZewq1FdTOCVdgHlFqhbRODDY4OFNT6V2ATI6fcx5pdBRvaqGP+POa5 YM9YDrVvRlDfROvoGd8PO2oEpRhue5Xm7thBaJpvgHnxwnaKiW5wAia0EAo1+U+JcD/q MziyEyUbNOYBIB6RRAYwPkeRMCWqYSV1VfrgUOj+Wn74QmWflbbor+E1sRghYBwMYrSu PbgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721057300; x=1721662100; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0+VaUWdef2zVlDH5J/fTesu/uujHXoxtsg0MXkx05AY=; b=lkxaTp1CUCi7gI3IITNKESQGp5H6Y58b9IXZzArCiroBPjV2xlKc1E8V7/Snjz/jVs 56CUh1eTw4O2lEHqCVHA8PpGFPrFuWlIxnYxg7LxgTSUJuPBF5hFrbWth43I9SHZzZCY SDMtqaATNNAfYOrw6joULON5SMPT92mGLJ74WlxgpBjMelu8/YmKgGfhkHL2yoPS6tMQ 3Co7lVSFiEMOtA2qpDUjK5yVGO4S21S+qNW+HVkJCtgKcIy212RRcrYoI4u8kGU17Uh7 qmT2+b6MOASnh8BXUHYokMtW6dDJCJ2b7q67C+uVVden2xLbhy7khNx5oANh5O0W6kBE PtIA== X-Gm-Message-State: AOJu0YxhCzy+zsiZwksPFMmcRG9IZ5MaSJmCVZdg7RQhVj0QHnaEyMEa 7x74a8Zh/R3bzilXrAw3LdmX21O20tJ2zZqbn+dWcvyNJwKVt+v75yZFLWXh X-Google-Smtp-Source: AGHT+IF1HsNwfh9pn+fuwiV98nJEVIqVia0DiHShfPlSGFl1VGczwlpom5POKrEpPgpMGHRnrcpgxg== X-Received: by 2002:a5d:4bcb:0:b0:361:94d9:1e9f with SMTP id ffacd0b85a97d-367ff6e8a96mr8140147f8f.7.1721057299979; Mon, 15 Jul 2024 08:28:19 -0700 (PDT) Received: from localhost ([137.220.120.171]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-427a5e83273sm91585065e9.17.2024.07.15.08.28.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jul 2024 08:28:19 -0700 (PDT) From: luca.boccassi@gmail.com To: Gagandeep Singh Cc: dpdk stable Subject: patch 'crypto/dpaa_sec: fix IPsec descriptor' has been queued to stable release 22.11.6 Date: Mon, 15 Jul 2024 16:26:02 +0100 Message-Id: <20240715152704.2229503-24-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240715152704.2229503-1-luca.boccassi@gmail.com> References: <20240624235907.885628-81-luca.boccassi@gmail.com> <20240715152704.2229503-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 22.11.6 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 07/17/24. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/bluca/dpdk-stable This queued commit can be viewed at: https://github.com/bluca/dpdk-stable/commit/ac47aa31a1b2330b2c3dc5de71850826e2cf26fe Thanks. Luca Boccassi --- >From ac47aa31a1b2330b2c3dc5de71850826e2cf26fe Mon Sep 17 00:00:00 2001 From: Gagandeep Singh Date: Wed, 3 Jul 2024 15:56:41 +0530 Subject: [PATCH] crypto/dpaa_sec: fix IPsec descriptor [ upstream commit 046341575bd6e1210d6c12b595405ede41150da7 ] During IPsec operations, driver code pre-check whether KEYS can be inlined to limited size descriptor or not and based on that it decides to copy the complete KEY in descriptor or just give the memory pointer of KEY in descriptor. This pre-check code does not take care of padding required for security engine to make the KEYs inline which results in incorrect length descriptor for some algorithms. This patch fixes this issue by updating the pre-check code with proper padding size included for each supported algorithm. Fixes: 453b9593a3cf ("crypto/dpaax_sec: fix inline query for descriptors") Signed-off-by: Gagandeep Singh --- drivers/common/dpaax/caamflib/desc/ipsec.h | 68 ++++++++++++++++++++++ drivers/crypto/dpaa_sec/dpaa_sec.c | 4 +- 2 files changed, 70 insertions(+), 2 deletions(-) diff --git a/drivers/common/dpaax/caamflib/desc/ipsec.h b/drivers/common/dpaax/caamflib/desc/ipsec.h index 8ec6aac915..26bf52827e 100644 --- a/drivers/common/dpaax/caamflib/desc/ipsec.h +++ b/drivers/common/dpaax/caamflib/desc/ipsec.h @@ -726,6 +726,74 @@ static inline void __gen_auth_key(struct program *program, authdata->key, authdata->key_type); } +/** + * rta_inline_ipsec_query() - Provide indications on which data items can be inlined + * and which shall be referenced in IPsec shared descriptor. + * @sd_base_len: Shared descriptor base length - bytes consumed by the commands, + * excluding the data items to be inlined (or corresponding + * pointer if an item is not inlined). Each cnstr_* function that + * generates descriptors should have a define mentioning + * corresponding length. + * @jd_len: Maximum length of the job descriptor(s) that will be used + * together with the shared descriptor. + * @data_len: Array of lengths of the data items trying to be inlined + * @inl_mask: 32bit mask with bit x = 1 if data item x can be inlined, 0 + * otherwise. + * @count: Number of data items (size of @data_len array); must be <= 32 + * @auth_algtype: Authentication algorithm type. + * @auth_index: Index value of data_len for authentication key length. + * -1 if authentication key length is not present in data_len. + * + * Return: 0 if data can be inlined / referenced, negative value if not. If 0, + * check @inl_mask for details. + */ +static inline int +rta_inline_ipsec_query(unsigned int sd_base_len, + unsigned int jd_len, + unsigned int *data_len, + uint32_t *inl_mask, + unsigned int count, + uint32_t auth_algtype, + int32_t auth_index) +{ + uint32_t dkp_protid; + + switch (auth_algtype & OP_PCL_IPSEC_AUTH_MASK) { + case OP_PCL_IPSEC_HMAC_MD5_96: + case OP_PCL_IPSEC_HMAC_MD5_128: + dkp_protid = OP_PCLID_DKP_MD5; + break; + case OP_PCL_IPSEC_HMAC_SHA1_96: + case OP_PCL_IPSEC_HMAC_SHA1_160: + dkp_protid = OP_PCLID_DKP_SHA1; + break; + case OP_PCL_IPSEC_HMAC_SHA2_256_128: + dkp_protid = OP_PCLID_DKP_SHA256; + break; + case OP_PCL_IPSEC_HMAC_SHA2_384_192: + dkp_protid = OP_PCLID_DKP_SHA384; + break; + case OP_PCL_IPSEC_HMAC_SHA2_512_256: + dkp_protid = OP_PCLID_DKP_SHA512; + break; + default: + return rta_inline_query(sd_base_len, + jd_len, + data_len, + inl_mask, count); + } + + /* Updating the maximum supported inline key length */ + if (auth_index != -1) { + if (split_key_len(dkp_protid) > data_len[auth_index]) + data_len[auth_index] = split_key_len(dkp_protid); + } + return rta_inline_query(sd_base_len, + jd_len, + data_len, + inl_mask, count); +} + /** * cnstr_shdsc_ipsec_encap - IPSec ESP encapsulation protocol-level shared * descriptor. diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c index 7807c83e54..8687e3e75e 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c @@ -398,10 +398,10 @@ dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses) cdb->sh_desc[0] = cipherdata.keylen; cdb->sh_desc[1] = authdata.keylen; - err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN, + err = rta_inline_ipsec_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN, DESC_JOB_IO_LEN, (unsigned int *)cdb->sh_desc, - &cdb->sh_desc[2], 2); + &cdb->sh_desc[2], 2, authdata.algtype, 1); if (err < 0) { DPAA_SEC_ERR("Crypto: Incorrect key lengths"); -- 2.39.2 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2024-07-15 16:19:35.969416915 +0100 +++ 0024-crypto-dpaa_sec-fix-IPsec-descriptor.patch 2024-07-15 16:19:34.508205182 +0100 @@ -1 +1 @@ -From 046341575bd6e1210d6c12b595405ede41150da7 Mon Sep 17 00:00:00 2001 +From ac47aa31a1b2330b2c3dc5de71850826e2cf26fe Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 046341575bd6e1210d6c12b595405ede41150da7 ] + @@ -20 +21,0 @@ -Cc: stable@dpdk.org @@ -24 +25 @@ - drivers/common/dpaax/caamflib/desc/ipsec.h | 73 ++++++++++++++++++++++ + drivers/common/dpaax/caamflib/desc/ipsec.h | 68 ++++++++++++++++++++++ @@ -26 +27 @@ - 2 files changed, 75 insertions(+), 2 deletions(-) + 2 files changed, 70 insertions(+), 2 deletions(-) @@ -29 +30 @@ -index eff26f6f8b..b902873970 100644 +index 8ec6aac915..26bf52827e 100644 @@ -32 +33 @@ -@@ -728,6 +728,79 @@ static inline void __gen_auth_key(struct program *program, +@@ -726,6 +726,74 @@ static inline void __gen_auth_key(struct program *program, @@ -86,5 +86,0 @@ -+ case OP_PCL_IPSEC_HMAC_SHA2_224_96: -+ case OP_PCL_IPSEC_HMAC_SHA2_224_112: -+ case OP_PCL_IPSEC_HMAC_SHA2_224_224: -+ dkp_protid = OP_PCLID_DKP_SHA224; -+ break; @@ -113 +109 @@ -index 7aa163330a..bf2a11a4d4 100644 +index 7807c83e54..8687e3e75e 100644 @@ -116 +112 @@ -@@ -395,10 +395,10 @@ dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses) +@@ -398,10 +398,10 @@ dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses)