[PATCH 20.11] crypto/octeontx2: fix lookaside IPsec IPv6

[PATCH 20.11] crypto/octeontx2: fix lookaside IPsec IPv6

[Tejasree Kondoj]

[ upstream commit f063054f8a54ca2218bae327a252a352614671b0 ]

Fixing IPv6 mixed tunnel mode support by updating
inputs to firmware.

Fixes: 4edede7bc6ee ("crypto/octeontx2: support lookaside IPsec IPv6")
Cc: stable@dpdk.org

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c |  6 +++---
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 13 ++++++++-----
 drivers/crypto/octeontx2/otx2_cryptodev_sec.h |  2 --
 drivers/crypto/octeontx2/otx2_ipsec_po.h      |  2 --
 drivers/crypto/octeontx2/otx2_ipsec_po_ops.h  | 10 +++-------
 5 files changed, 14 insertions(+), 19 deletions(-)

diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 5f2ccc0872..662c8bc001 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -893,10 +893,10 @@ otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp)
 
 	if (word0->s.opcode.major == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) {
 		data = rte_pktmbuf_mtod(m, char *);
+		ip = (struct rte_ipv4_hdr *)(data +
+			OTX2_IPSEC_PO_INB_RPTR_HDR);
 
-		if (rsp[4] == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
-			ip = (struct rte_ipv4_hdr *)(data +
-				OTX2_IPSEC_PO_INB_RPTR_HDR);
+		if ((ip->version_ihl >> 4) == 4) {
 			m_len = rte_be_to_cpu_16(ip->total_length);
 		} else {
 			ip6 = (struct rte_ipv6_hdr *)(data +
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index bad9c5ca9f..c6a707c646 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -189,9 +189,6 @@ set_session_misc_attributes(struct otx2_sec_session_ipsec_lp *sess,
 		sess->auth_iv_length = auth_xform->auth.iv.length;
 		sess->mac_len = auth_xform->auth.digest_length;
 	}
-
-	sess->ucmd_param1 = OTX2_IPSEC_PO_PER_PKT_IV;
-	sess->ucmd_param2 = 0;
 }
 
 static int
@@ -228,7 +225,6 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 	lp->ip_id = 0;
 	lp->seq_lo = 1;
 	lp->seq_hi = 0;
-	lp->tunnel_type = ipsec->tunnel.type;
 
 	ret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl);
 	if (ret)
@@ -327,6 +323,10 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 	lp->ucmd_opcode = (lp->ctx_len << 8) |
 				(OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB);
 
+	/* Set per packet IV and IKEv2 bits */
+	lp->ucmd_param1 = BIT(11) | BIT(9);
+	lp->ucmd_param2 = 0;
+
 	set_session_misc_attributes(lp, crypto_xform,
 				    auth_xform, cipher_xform);
 
@@ -367,7 +367,6 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 	if (ret)
 		return ret;
 
-	lp->tunnel_type = ipsec->tunnel.type;
 	auth_xform = crypto_xform;
 	cipher_xform = crypto_xform->next;
 
@@ -410,6 +409,10 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 	lp->cpt_inst_w7 = inst.u64[7];
 	lp->ucmd_opcode = (lp->ctx_len << 8) |
 				(OTX2_IPSEC_PO_PROCESS_IPSEC_INB);
+	lp->ucmd_param1 = 0;
+
+	/* Set IKEv2 bit */
+	lp->ucmd_param2 = BIT(12);
 
 	set_session_misc_attributes(lp, crypto_xform,
 				    auth_xform, cipher_xform);
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
index 2849c1ab75..ff3329c9c1 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
@@ -55,8 +55,6 @@ struct otx2_sec_session_ipsec_lp {
 	uint8_t iv_length;
 	/** Auth IV length in bytes */
 	uint8_t auth_iv_length;
-	/** IPsec tunnel type */
-	enum rte_security_ipsec_tunnel_type tunnel_type;
 };
 
 int otx2_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev);
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h
index da24f6a5d4..520daa5ff2 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_po.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h
@@ -15,8 +15,6 @@
 #define OTX2_IPSEC_PO_MAX_INB_CTX_LEN    0x22
 #define OTX2_IPSEC_PO_MAX_OUTB_CTX_LEN   0x38
 
-#define OTX2_IPSEC_PO_PER_PKT_IV  BIT(11)
-
 #define OTX2_IPSEC_PO_WRITE_IPSEC_OUTB     0x20
 #define OTX2_IPSEC_PO_WRITE_IPSEC_INB      0x21
 #define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB   0x23
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
index ee30131f17..887d13eb51 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
@@ -25,8 +25,7 @@ otx2_ipsec_po_out_rlen_get(struct otx2_sec_session_ipsec_lp *sess,
 }
 
 static __rte_always_inline struct cpt_request_info *
-alloc_request_struct(char *maddr, void *cop, int mdata_len,
-		     enum rte_security_ipsec_tunnel_type tunnel_type)
+alloc_request_struct(char *maddr, void *cop, int mdata_len)
 {
 	struct cpt_request_info *req;
 	struct cpt_meta_info *meta;
@@ -48,7 +47,6 @@ alloc_request_struct(char *maddr, void *cop, int mdata_len,
 	op[1] = (uintptr_t)cop;
 	op[2] = (uintptr_t)req;
 	op[3] = mdata_len;
-	op[4] = tunnel_type;
 
 	return req;
 }
@@ -84,8 +82,7 @@ process_outb_sa(struct rte_crypto_op *cop,
 	}
 
 	mdata += extend_tail; /* mdata follows encrypted data */
-	req = alloc_request_struct(mdata, (void *)cop, mdata_len,
-		sess->tunnel_type);
+	req = alloc_request_struct(mdata, (void *)cop, mdata_len);
 
 	data = rte_pktmbuf_prepend(m_src, extend_head);
 	if (unlikely(data == NULL)) {
@@ -149,8 +146,7 @@ process_inb_sa(struct rte_crypto_op *cop,
 		goto exit;
 	}
 
-	req = alloc_request_struct(mdata, (void *)cop, mdata_len,
-		sess->tunnel_type);
+	req = alloc_request_struct(mdata, (void *)cop, mdata_len);
 
 	/* Prepare CPT instruction */
 	word0.u64 = sess->ucmd_w0;
-- 
2.27.0

Re: [PATCH 20.11] crypto/octeontx2: fix lookaside IPsec IPv6

[Xueming(Steven) Li]

Thanks, applied!

On Thu, 2021-12-02 at 17:48 +0530, Tejasree Kondoj wrote:
> [ upstream commit f063054f8a54ca2218bae327a252a352614671b0 ]
> 
> Fixing IPv6 mixed tunnel mode support by updating
> inputs to firmware.
> 
> Fixes: 4edede7bc6ee ("crypto/octeontx2: support lookaside IPsec IPv6")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---
>  drivers/crypto/octeontx2/otx2_cryptodev_ops.c |  6 +++---
>  drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 13 ++++++++-----
>  drivers/crypto/octeontx2/otx2_cryptodev_sec.h |  2 --
>  drivers/crypto/octeontx2/otx2_ipsec_po.h      |  2 --
>  drivers/crypto/octeontx2/otx2_ipsec_po_ops.h  | 10 +++-------
>  5 files changed, 14 insertions(+), 19 deletions(-)
> 
> diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> index 5f2ccc0872..662c8bc001 100644
> --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> @@ -893,10 +893,10 @@ otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp)
>  
>  	if (word0->s.opcode.major == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) {
>  		data = rte_pktmbuf_mtod(m, char *);
> +		ip = (struct rte_ipv4_hdr *)(data +
> +			OTX2_IPSEC_PO_INB_RPTR_HDR);
>  
> -		if (rsp[4] == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
> -			ip = (struct rte_ipv4_hdr *)(data +
> -				OTX2_IPSEC_PO_INB_RPTR_HDR);
> +		if ((ip->version_ihl >> 4) == 4) {
>  			m_len = rte_be_to_cpu_16(ip->total_length);
>  		} else {
>  			ip6 = (struct rte_ipv6_hdr *)(data +
> diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
> index bad9c5ca9f..c6a707c646 100644
> --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
> +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
> @@ -189,9 +189,6 @@ set_session_misc_attributes(struct otx2_sec_session_ipsec_lp *sess,
>  		sess->auth_iv_length = auth_xform->auth.iv.length;
>  		sess->mac_len = auth_xform->auth.digest_length;
>  	}
> -
> -	sess->ucmd_param1 = OTX2_IPSEC_PO_PER_PKT_IV;
> -	sess->ucmd_param2 = 0;
>  }
>  
>  static int
> @@ -228,7 +225,6 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
>  	lp->ip_id = 0;
>  	lp->seq_lo = 1;
>  	lp->seq_hi = 0;
> -	lp->tunnel_type = ipsec->tunnel.type;
>  
>  	ret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl);
>  	if (ret)
> @@ -327,6 +323,10 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
>  	lp->ucmd_opcode = (lp->ctx_len << 8) |
>  				(OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB);
>  
> +	/* Set per packet IV and IKEv2 bits */
> +	lp->ucmd_param1 = BIT(11) | BIT(9);
> +	lp->ucmd_param2 = 0;
> +
>  	set_session_misc_attributes(lp, crypto_xform,
>  				    auth_xform, cipher_xform);
>  
> @@ -367,7 +367,6 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
>  	if (ret)
>  		return ret;
>  
> -	lp->tunnel_type = ipsec->tunnel.type;
>  	auth_xform = crypto_xform;
>  	cipher_xform = crypto_xform->next;
>  
> @@ -410,6 +409,10 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
>  	lp->cpt_inst_w7 = inst.u64[7];
>  	lp->ucmd_opcode = (lp->ctx_len << 8) |
>  				(OTX2_IPSEC_PO_PROCESS_IPSEC_INB);
> +	lp->ucmd_param1 = 0;
> +
> +	/* Set IKEv2 bit */
> +	lp->ucmd_param2 = BIT(12);
>  
>  	set_session_misc_attributes(lp, crypto_xform,
>  				    auth_xform, cipher_xform);
> diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
> index 2849c1ab75..ff3329c9c1 100644
> --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
> +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
> @@ -55,8 +55,6 @@ struct otx2_sec_session_ipsec_lp {
>  	uint8_t iv_length;
>  	/** Auth IV length in bytes */
>  	uint8_t auth_iv_length;
> -	/** IPsec tunnel type */
> -	enum rte_security_ipsec_tunnel_type tunnel_type;
>  };
>  
>  int otx2_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev);
> diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h
> index da24f6a5d4..520daa5ff2 100644
> --- a/drivers/crypto/octeontx2/otx2_ipsec_po.h
> +++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h
> @@ -15,8 +15,6 @@
>  #define OTX2_IPSEC_PO_MAX_INB_CTX_LEN    0x22
>  #define OTX2_IPSEC_PO_MAX_OUTB_CTX_LEN   0x38
>  
> -#define OTX2_IPSEC_PO_PER_PKT_IV  BIT(11)
> -
>  #define OTX2_IPSEC_PO_WRITE_IPSEC_OUTB     0x20
>  #define OTX2_IPSEC_PO_WRITE_IPSEC_INB      0x21
>  #define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB   0x23
> diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
> index ee30131f17..887d13eb51 100644
> --- a/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
> +++ b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
> @@ -25,8 +25,7 @@ otx2_ipsec_po_out_rlen_get(struct otx2_sec_session_ipsec_lp *sess,
>  }
>  
>  static __rte_always_inline struct cpt_request_info *
> -alloc_request_struct(char *maddr, void *cop, int mdata_len,
> -		     enum rte_security_ipsec_tunnel_type tunnel_type)
> +alloc_request_struct(char *maddr, void *cop, int mdata_len)
>  {
>  	struct cpt_request_info *req;
>  	struct cpt_meta_info *meta;
> @@ -48,7 +47,6 @@ alloc_request_struct(char *maddr, void *cop, int mdata_len,
>  	op[1] = (uintptr_t)cop;
>  	op[2] = (uintptr_t)req;
>  	op[3] = mdata_len;
> -	op[4] = tunnel_type;
>  
>  	return req;
>  }
> @@ -84,8 +82,7 @@ process_outb_sa(struct rte_crypto_op *cop,
>  	}
>  
>  	mdata += extend_tail; /* mdata follows encrypted data */
> -	req = alloc_request_struct(mdata, (void *)cop, mdata_len,
> -		sess->tunnel_type);
> +	req = alloc_request_struct(mdata, (void *)cop, mdata_len);
>  
>  	data = rte_pktmbuf_prepend(m_src, extend_head);
>  	if (unlikely(data == NULL)) {
> @@ -149,8 +146,7 @@ process_inb_sa(struct rte_crypto_op *cop,
>  		goto exit;
>  	}
>  
> -	req = alloc_request_struct(mdata, (void *)cop, mdata_len,
> -		sess->tunnel_type);
> +	req = alloc_request_struct(mdata, (void *)cop, mdata_len);
>  
>  	/* Prepare CPT instruction */
>  	word0.u64 = sess->ucmd_w0;