From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1D7FB42646 for ; Tue, 26 Sep 2023 20:32:46 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 16ACB40269; Tue, 26 Sep 2023 20:32:46 +0200 (CEST) Received: from mail-yw1-f225.google.com (mail-yw1-f225.google.com [209.85.128.225]) by mails.dpdk.org (Postfix) with ESMTP id 08C1B40269 for ; Tue, 26 Sep 2023 20:32:45 +0200 (CEST) Received: by mail-yw1-f225.google.com with SMTP id 00721157ae682-59c0d329a8bso116335167b3.1 for ; Tue, 26 Sep 2023 11:32:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iol.unh.edu; s=unh-iol; t=1695753164; x=1696357964; darn=dpdk.org; h=cc:to:from:subject:message-id:date:from:to:cc:subject:date :message-id:reply-to; bh=mf3LDZdycGqX0T10j24vueect9JrToIDF9At465fPF8=; b=DlsVucQonglXQGvSPh6WqzBDmIcUM/tYPRnyVk9OW22NvEC4/EZUIV79jTZvQg4sRn HKz4dmr78y/mgKLe8C30+abAyj0s1gUNFWEqTFkazw0LeuWshg5KSa873AqJaXAZr8bJ uB1VXw/MGcEoZuzPXgLYrEELkUqHlaxUuKRZY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695753164; x=1696357964; h=cc:to:from:subject:message-id:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mf3LDZdycGqX0T10j24vueect9JrToIDF9At465fPF8=; b=eRjcwhnsgxUsMxKjjF2R6kMFUd419W9MJolrDvIKfHPUyeaO+vs35orADLbl76LokP TSUXLPreQyJ1NugkNZFUs8R1D9RCjO1QK0V+LQFVQyZ73DyPeYTw1fZTTqGqtXN7yhDk p1cf5GFFT4BqXkIhpQO/PHZxTGew/BPo9PpSi1TYeSRy0mgAge4JqWYAmExOKi/3sQWh PoS4XvyL7rdMjBcxSx2NU4FkwqtWT3dF6jAmdgHma/GkMtA0FYadCsU7Dnsrm3+TW6bW BT3hF7GRU07G5m+548X2hbmVCElbMIJtsqRoBjt4jnnt6uXpLgSDDWynIEc0MYYIuJXe Hx8A== X-Gm-Message-State: AOJu0Yz+Jy3ubqtMK5koSsgt41Q8zP2ODZN7TIzAz2qhFwAaNWOgo3zu aGqLJjR/TwVsXy9SEC8lPMbT7UmdTsGwOIUxQ34dxUCOfrmAbdWQM7KOOA== X-Google-Smtp-Source: AGHT+IFzncHQ0G76GHcjGmDz4+YXqvjDyBgepmz6k1RNoS2bISgu3wAtLtrr76oiqG6cMOisaJlhJxUF/T3l X-Received: by 2002:a0d:d40b:0:b0:59b:c847:bce0 with SMTP id w11-20020a0dd40b000000b0059bc847bce0mr10063859ywd.42.1695753164304; Tue, 26 Sep 2023 11:32:44 -0700 (PDT) Received: from postal.iol.unh.edu (postal.iol.unh.edu. [132.177.123.84]) by smtp-relay.gmail.com with ESMTPS id g4-20020a81fd04000000b005862733891esm841512ywn.73.2023.09.26.11.32.44 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 Sep 2023 11:32:44 -0700 (PDT) X-Relaying-Domain: iol.unh.edu Date: Tue, 26 Sep 2023 11:32:44 -0700 (PDT) Message-ID: <651323cc.810a0220.f3ca1.db1bSMTPIN_ADDED_MISSING@mx.google.com> Received: from [172.21.0.2] (unknown [172.18.0.240]) by postal.iol.unh.edu (Postfix) with ESMTP id EA86E605C351; Tue, 26 Sep 2023 14:32:43 -0400 (EDT) Subject: |WARNING| pw131937 [PATCH] [v4] security: hide security context From: dpdklab@iol.unh.edu To: test-report@dpdk.org Cc: dpdk-test-reports@iol.unh.edu Content-Type: text/plain X-BeenThere: test-report@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: automatic DPDK test reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: test-report-bounces@dpdk.org Test-Label: iol-testing Test-Status: WARNING http://dpdk.org/patch/131937 _apply patch failure_ Submitter: Akhil Goyal Date: Tuesday, September 26 2023 08:08:50 Applied on: CommitID:d419c85a7299a57fb94edcc00f1d2f816e22fb40 Apply patch set 131937 failed: Checking patch app/test-crypto-perf/cperf_ops.c... error: while searching for: else sess_conf.ipsec.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; struct rte_security_ctx *ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx(dev_id); /* Create security session */ return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp); error: patch failed: app/test-crypto-perf/cperf_ops.c:749 error: while searching for: .crypto_xform = &cipher_xform }; struct rte_security_ctx *ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx(dev_id); /* Create security session */ return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp); error: patch failed: app/test-crypto-perf/cperf_ops.c:853 error: while searching for: } }, .crypto_xform = &cipher_xform }; struct rte_security_ctx *ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx(dev_id); /* Create security session */ return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp); error: patch failed: app/test-crypto-perf/cperf_ops.c:901 Checking patch app/test-crypto-perf/cperf_test_latency.c... error: while searching for: else if (ctx->options->op_type == CPERF_PDCP || ctx->options->op_type == CPERF_DOCSIS || ctx->options->op_type == CPERF_IPSEC) { struct rte_security_ctx *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id); rte_security_session_destroy(sec_ctx, ctx->sess); } #endif error: patch failed: app/test-crypto-perf/cperf_test_latency.c:53 Checking patch app/test-crypto-perf/cperf_test_pmd_cyclecount.c... error: while searching for: #ifdef RTE_LIB_SECURITY if (ctx->options->op_type == CPERF_PDCP || ctx->options->op_type == CPERF_DOCSIS) { struct rte_security_ctx *sec_ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx(ctx->dev_id); rte_security_session_destroy(sec_ctx, (void *)ctx->sess); } else #endif rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess); error: patch failed: app/test-crypto-perf/cperf_test_pmd_cyclecount.c:67 Checking patch app/test-crypto-perf/cperf_test_throughput.c... error: while searching for: else if (ctx->options->op_type == CPERF_PDCP || ctx->options->op_type == CPERF_DOCSIS || ctx->options->op_type == CPERF_IPSEC) { struct rte_security_ctx *sec_ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx(ctx->dev_id); rte_security_session_destroy( sec_ctx, (void *)ctx->sess); } #endif else error: patch failed: app/test-crypto-perf/cperf_test_throughput.c:44 Checking patch app/test-crypto-perf/cperf_test_verify.c... error: while searching for: else if (ctx->options->op_type == CPERF_PDCP || ctx->options->op_type == CPERF_DOCSIS || ctx->options->op_type == CPERF_IPSEC) { struct rte_security_ctx *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id); rte_security_session_destroy(sec_ctx, ctx->sess); } #endif error: patch failed: app/test-crypto-perf/cperf_test_verify.c:48 Checking patch app/test-security-perf/test_security_perf.c... error: while searching for: struct rte_security_session_conf sess_conf; int i, ret, nb_sessions, nb_sess_total; struct rte_security_session **sess; struct rte_security_ctx *sec_ctx; double setup_rate, destroy_rate; uint64_t setup_ms, destroy_ms; struct lcore_conf *conf = arg; error: patch failed: app/test-security-perf/test_security_perf.c:344 Checking patch app/test/test_cryptodev.c... error: while searching for: const struct rte_security_capability *capability; uint16_t i = 0; struct rte_security_ctx *ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx( ts_params->valid_devs[0]); capabilities = rte_security_capabilities_get(ctx); error: patch failed: app/test/test_cryptodev.c:8931 error: while searching for: struct crypto_unittest_params *ut_params = &unittest_params; uint8_t *plaintext; int ret = TEST_SUCCESS; struct rte_security_ctx *ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx( ts_params->valid_devs[0]); struct rte_cryptodev_info dev_info; uint64_t feat_flags; error: patch failed: app/test/test_cryptodev.c:8973 error: while searching for: unsigned int trn_data = 0; struct rte_cryptodev_info dev_info; uint64_t feat_flags; struct rte_security_ctx *ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx( ts_params->valid_devs[0]); struct rte_mbuf *temp_mbuf; rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); error: patch failed: app/test/test_cryptodev.c:9180 error: while searching for: struct ipsec_test_data *res_d_tmp = NULL; uint8_t input_text[IPSEC_TEXT_MAX_LEN]; int salt_len, i, ret = TEST_SUCCESS; struct rte_security_ctx *ctx; uint32_t src, dst; uint32_t verify; error: patch failed: app/test/test_cryptodev.c:9905 error: while searching for: uint32_t crc_data_len; int ret = TEST_SUCCESS; struct rte_security_ctx *ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx( ts_params->valid_devs[0]); /* Verify the capabilities */ struct rte_security_capability_idx sec_cap_idx; error: patch failed: app/test/test_cryptodev.c:11088 error: while searching for: int32_t cipher_len, crc_len; int ret = TEST_SUCCESS; struct rte_security_ctx *ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx( ts_params->valid_devs[0]); /* Verify the capabilities */ struct rte_security_capability_idx sec_cap_idx; error: patch failed: app/test/test_cryptodev.c:11272 Checking patch app/test/test_cryptodev_security_ipsec.c... error: while searching for: } int test_ipsec_stats_verify(struct rte_security_ctx *ctx, void *sess, const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir) error: patch failed: app/test/test_cryptodev_security_ipsec.c:1249 Checking patch app/test/test_cryptodev_security_ipsec.h... error: while searching for: enum rte_security_ipsec_sa_direction dir, int pkt_num); int test_ipsec_stats_verify(struct rte_security_ctx *ctx, void *sess, const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir); error: patch failed: app/test/test_cryptodev_security_ipsec.h:302 Checking patch app/test/test_security_inline_macsec.c... error: while searching for: static int init_mempools(unsigned int nb_mbuf) { struct rte_security_ctx *sec_ctx; uint16_t nb_sess = 512; uint32_t sess_sz; char s[64]; error: patch failed: app/test/test_security_inline_macsec.c:136 error: while searching for: } static void mcs_stats_dump(struct rte_security_ctx *ctx, enum mcs_op op, void *rx_sess, void *tx_sess, uint8_t rx_sc_id, uint8_t tx_sc_id, uint16_t rx_sa_id[], uint16_t tx_sa_id[]) error: patch failed: app/test/test_security_inline_macsec.c:482 error: while searching for: } static int mcs_stats_check(struct rte_security_ctx *ctx, enum mcs_op op, const struct mcs_test_opts *opts, const struct mcs_test_vector *td, void *rx_sess, void *tx_sess, error: patch failed: app/test/test_security_inline_macsec.c:667 error: while searching for: struct rte_security_macsec_sa sa_conf = {0}; struct rte_security_macsec_sc sc_conf = {0}; struct mcs_err_vector err_vector = {0}; struct rte_security_ctx *ctx; int nb_rx = 0, nb_sent; int i, j = 0, ret, id, an = 0; uint8_t tci_off; error: patch failed: app/test/test_security_inline_macsec.c:900 error: while searching for: memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * opts->nb_td); ctx = (struct rte_security_ctx *)rte_eth_dev_get_sec_ctx(port_id); if (ctx == NULL) { printf("Ethernet device doesn't support security features.\n"); return TEST_SKIPPED; error: patch failed: app/test/test_security_inline_macsec.c:908 Checking patch app/test/test_security_inline_proto.c... error: while searching for: /* Create Inline IPsec session */ static int create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid, void **sess, struct rte_security_ctx **ctx, uint32_t *ol_flags, const struct ipsec_test_flags *flags, struct rte_security_session_conf *sess_conf) { error: patch failed: app/test/test_security_inline_proto.c:136 error: while searching for: struct rte_security_capability_idx sec_cap_idx; const struct rte_security_capability *sec_cap; enum rte_security_ipsec_sa_direction dir; struct rte_security_ctx *sec_ctx; uint32_t verify; sess_conf->action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL; error: patch failed: app/test/test_security_inline_proto.c:149 error: while searching for: sess_conf->userdata = (void *) sa; sec_ctx = (struct rte_security_ctx *)rte_eth_dev_get_sec_ctx(portid); if (sec_ctx == NULL) { printf("Ethernet device doesn't support security features.\n"); return TEST_SKIPPED; error: patch failed: app/test/test_security_inline_proto.c:221 error: while searching for: static int init_mempools(unsigned int nb_mbuf) { struct rte_security_ctx *sec_ctx; uint16_t nb_sess = 512; uint32_t sess_sz; char s[64]; error: patch failed: app/test/test_security_inline_proto.c:503 error: while searching for: struct rte_crypto_sym_xform auth_in = {0}; struct rte_crypto_sym_xform aead_in = {0}; struct ipsec_test_data sa_data; struct rte_security_ctx *ctx; unsigned int i, nb_rx = 0, j; uint32_t ol_flags; bool outer_ipv4; error: patch failed: app/test/test_security_inline_proto.c:846 error: while searching for: struct rte_crypto_sym_xform auth = {0}; struct rte_crypto_sym_xform aead = {0}; struct sa_expiry_vector vector = {0}; struct rte_security_ctx *ctx; int nb_rx = 0, nb_sent; uint32_t ol_flags; int i, j = 0, ret; error: patch failed: app/test/test_security_inline_proto.c:1113 error: while searching for: struct rte_mbuf *tx_pkt = NULL; int nb_rx, nb_sent; void *ses; struct rte_security_ctx *ctx; uint32_t ol_flags; bool outer_ipv4; int i, ret; error: patch failed: app/test/test_security_inline_proto.c:1398 Checking patch doc/guides/prog_guide/rte_security.rst... error: while searching for: Once the session mempools have been created, ``rte_security_session_create()`` is used to allocate and initialize a session for the required crypto/ethernet device. Session APIs need a parameter ``rte_security_ctx`` to identify the crypto/ethernet security ops. This parameter can be retrieved using the APIs ``rte_cryptodev_get_sec_ctx()`` (for crypto device) or ``rte_eth_dev_get_sec_ctx`` (for ethernet port). error: patch failed: doc/guides/prog_guide/rte_security.rst:637 Checking patch doc/guides/rel_notes/deprecation.rst... error: while searching for: which got error interrupt to the application, so that application can reset that particular queue pair. * security: Hide structures ``rte_security_ops`` and ``rte_security_ctx`` as these are internal to DPDK library and drivers. * eventdev: The single-event (non-burst) enqueue and dequeue operations, used by static inline burst enqueue and dequeue functions in ``rte_eventdev.h``, will be removed in DPDK 23.11. error: patch failed: doc/guides/rel_notes/deprecation.rst:139 Checking patch doc/guides/rel_notes/release_23_11.rst... error: while searching for: except ``rte_thread_setname()`` and ``rte_ctrl_thread_create()`` which are replaced with ``rte_thread_set_name()`` and ``rte_thread_create_control()``. ABI Changes ----------- error: patch failed: doc/guides/rel_notes/release_23_11.rst:144 Checking patch examples/ipsec-secgw/ipsec-secgw.c... error: while searching for: static inline void process_pkts(struct lcore_conf *qconf, struct rte_mbuf **pkts, uint8_t nb_pkts, uint16_t portid, struct rte_security_ctx *ctx) { struct ipsec_traffic traffic; error: patch failed: examples/ipsec-secgw/ipsec-secgw.c:568 Checking patch examples/ipsec-secgw/ipsec.c... error: while searching for: static inline int verify_security_capabilities(struct rte_security_ctx *ctx, struct rte_security_session_conf *sess_conf, uint32_t *ol_flags) { error: patch failed: examples/ipsec-secgw/ipsec.c:205 error: while searching for: }; if (ips->type == RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) { struct rte_security_ctx *ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx( cdev_id); /* Set IPsec parameters in conf */ set_ipsec_conf(sa, &(sess_conf.ipsec)); error: patch failed: examples/ipsec-secgw/ipsec.c:327 error: while searching for: struct rte_ipsec_session *ips) { int32_t ret = 0; struct rte_security_ctx *sec_ctx; struct rte_security_session_conf sess_conf = { .action_type = ips->type, .protocol = RTE_SECURITY_PROTOCOL_IPSEC, error: patch failed: examples/ipsec-secgw/ipsec.c:411 error: while searching for: struct rte_flow_error err; int ret = 0; sec_ctx = (struct rte_security_ctx *) rte_eth_dev_get_sec_ctx( sa->portid); if (sec_ctx == NULL) { RTE_LOG(ERR, IPSEC, " rte_eth_dev_get_sec_ctx failed\n"); error: patch failed: examples/ipsec-secgw/ipsec.c:490 error: while searching for: return -1; } } else if (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) { sec_ctx = (struct rte_security_ctx *) rte_eth_dev_get_sec_ctx(sa->portid); if (sec_ctx == NULL) { RTE_LOG(ERR, IPSEC, error: patch failed: examples/ipsec-secgw/ipsec.c:657 Checking patch examples/ipsec-secgw/ipsec.h... error: while searching for: struct lcore_rx_queue { uint16_t port_id; uint8_t queue_id; struct rte_security_ctx *sec_ctx; } __rte_cache_aligned; struct buffer { error: patch failed: examples/ipsec-secgw/ipsec.h:279 Checking patch examples/ipsec-secgw/ipsec_worker.c... error: while searching for: struct port_drv_mode_data { void *sess; struct rte_security_ctx *ctx; }; typedef void (*ipsec_worker_fn_t)(void); error: patch failed: examples/ipsec-secgw/ipsec_worker.c:20 Checking patch examples/ipsec-secgw/ipsec_worker.h... error: while searching for: } static __rte_always_inline void prepare_one_packet(struct rte_security_ctx *ctx, struct rte_mbuf *pkt, struct ipsec_traffic *t) { uint32_t ptype = pkt->packet_type; error: patch failed: examples/ipsec-secgw/ipsec_worker.h:119 error: while searching for: } static __rte_always_inline void prepare_traffic(struct rte_security_ctx *ctx, struct rte_mbuf **pkts, struct ipsec_traffic *t, uint16_t nb_pkts) { int32_t i; error: patch failed: examples/ipsec-secgw/ipsec_worker.h:230 Checking patch lib/security/rte_security.c... error: while searching for: } void * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp) { struct rte_security_session *sess = NULL; uint32_t sess_priv_size; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL); error: patch failed: lib/security/rte_security.c:60 error: while searching for: } int rte_security_session_update(struct rte_security_ctx *instance, void *sess, struct rte_security_session_conf *conf) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL, -ENOTSUP); RTE_PTR_OR_ERR_RET(sess, -EINVAL); error: patch failed: lib/security/rte_security.c:93 error: while searching for: } unsigned int rte_security_session_get_size(struct rte_security_ctx *instance) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_get_size, 0, 0); return (sizeof(struct rte_security_session) + error: patch failed: lib/security/rte_security.c:106 error: while searching for: } int rte_security_session_stats_get(struct rte_security_ctx *instance, void *sess, struct rte_security_stats *stats) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL, -ENOTSUP); /* Parameter sess can be NULL in case of getting global statistics. */ error: patch failed: lib/security/rte_security.c:115 error: while searching for: } int rte_security_session_destroy(struct rte_security_ctx *instance, void *sess) { int ret; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL, error: patch failed: lib/security/rte_security.c:128 error: while searching for: } int rte_security_macsec_sc_create(struct rte_security_ctx *instance, struct rte_security_macsec_sc *conf) { int sc_id; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_create, -EINVAL, -ENOTSUP); error: patch failed: lib/security/rte_security.c:149 error: while searching for: } int rte_security_macsec_sa_create(struct rte_security_ctx *instance, struct rte_security_macsec_sa *conf) { int sa_id; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_create, -EINVAL, -ENOTSUP); error: patch failed: lib/security/rte_security.c:165 error: while searching for: } int rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id, enum rte_security_macsec_direction dir) { int ret; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_destroy, -EINVAL, -ENOTSUP); error: patch failed: lib/security/rte_security.c:181 error: while searching for: } int rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id, enum rte_security_macsec_direction dir) { int ret; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_destroy, -EINVAL, -ENOTSUP); error: patch failed: lib/security/rte_security.c:199 error: while searching for: } int rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, uint16_t sc_id, enum rte_security_macsec_direction dir, struct rte_security_macsec_sc_stats *stats) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_stats_get, -EINVAL, -ENOTSUP); RTE_PTR_OR_ERR_RET(stats, -EINVAL); error: patch failed: lib/security/rte_security.c:217 error: while searching for: } int rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, uint16_t sa_id, enum rte_security_macsec_direction dir, struct rte_security_macsec_sa_stats *stats) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_stats_get, -EINVAL, -ENOTSUP); RTE_PTR_OR_ERR_RET(stats, -EINVAL); error: patch failed: lib/security/rte_security.c:228 error: while searching for: } int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, void *sess, struct rte_mbuf *m, void *params) { #ifdef RTE_DEBUG RTE_PTR_OR_ERR_RET(sess, -EINVAL); RTE_PTR_OR_ERR_RET(instance, -EINVAL); error: patch failed: lib/security/rte_security.c:239 error: while searching for: } const struct rte_security_capability * rte_security_capabilities_get(struct rte_security_ctx *instance) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL); return instance->ops->capabilities_get(instance->device); } const struct rte_security_capability * rte_security_capability_get(struct rte_security_ctx *instance, struct rte_security_capability_idx *idx) { const struct rte_security_capability *capabilities; const struct rte_security_capability *capability; uint16_t i = 0; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL); error: patch failed: lib/security/rte_security.c:255 error: while searching for: security_capabilities_from_dev_id(int dev_id, const void **caps) { const struct rte_security_capability *capabilities; struct rte_security_ctx *sec_ctx; if (rte_cryptodev_is_valid_dev(dev_id) == 0) return -EINVAL; sec_ctx = (struct rte_security_ctx *)rte_cryptodev_get_sec_ctx(dev_id); RTE_PTR_OR_ERR_RET(sec_ctx, -EINVAL); capabilities = rte_security_capabilities_get(sec_ctx); error: patch failed: lib/security/rte_security.c:401 Checking patch lib/security/rte_security.h... error: while searching for: #define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR 0x1 #define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR 0x2 /** * Security context for crypto/eth devices * * Security instance for each driver to register security operations. * The application can get the security context from the crypto/eth device id * using the APIs rte_cryptodev_get_sec_ctx()/rte_eth_dev_get_sec_ctx() * This structure is used to identify the device(crypto/eth) for which the * security operations need to be performed. */ struct rte_security_ctx { void *device; /**< Crypto/ethernet device attached */ const struct rte_security_ops *ops; /**< Pointer to security ops for the device */ uint16_t sess_cnt; /**< Number of sessions attached to this context */ uint16_t macsec_sc_cnt; /**< Number of MACsec SC attached to this context */ uint16_t macsec_sa_cnt; /**< Number of MACsec SA attached to this context */ uint32_t flags; /**< Flags for security context */ }; #define RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001 /**< Driver uses fast metadata update without using driver specific callback. * For fast mdata, mbuf dynamic field would be registered by driver error: patch failed: lib/security/rte_security.h:56 error: while searching for: * - On failure, NULL */ void * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp); error: patch failed: lib/security/rte_security.h:695 error: while searching for: */ __rte_experimental int rte_security_session_update(struct rte_security_ctx *instance, void *sess, struct rte_security_session_conf *conf); error: patch failed: lib/security/rte_security.h:711 error: while searching for: * - 0 if device is invalid or does not support the operation. */ unsigned int rte_security_session_get_size(struct rte_security_ctx *instance); /** * Free security session header and the session private data and error: patch failed: lib/security/rte_security.h:725 error: while searching for: * - other negative values in case of freeing private data errors. */ int rte_security_session_destroy(struct rte_security_ctx *instance, void *sess); /** * @warning error: patch failed: lib/security/rte_security.h:742 error: while searching for: */ __rte_experimental int rte_security_macsec_sc_create(struct rte_security_ctx *instance, struct rte_security_macsec_sc *conf); /** error: patch failed: lib/security/rte_security.h:761 error: while searching for: */ __rte_experimental int rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id, enum rte_security_macsec_direction dir); /** error: patch failed: lib/security/rte_security.h:780 error: while searching for: */ __rte_experimental int rte_security_macsec_sa_create(struct rte_security_ctx *instance, struct rte_security_macsec_sa *conf); /** error: patch failed: lib/security/rte_security.h:800 error: while searching for: */ __rte_experimental int rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id, enum rte_security_macsec_direction dir); /** Device-specific metadata field type */ error: patch failed: lib/security/rte_security.h:819 error: while searching for: return rte_security_dynfield_offset >= 0; } #define RTE_SECURITY_SESS_OPAQUE_DATA_OFF 0 #define RTE_SECURITY_SESS_FAST_MDATA_OFF 1 /** error: patch failed: lib/security/rte_security.h:889 error: while searching for: /** Function to call PMD specific function pointer set_pkt_metadata() */ __rte_experimental int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, void *sess, struct rte_mbuf *m, void *params); error: patch failed: lib/security/rte_security.h:933 error: while searching for: * - On failure, a negative value. */ static inline int rte_security_set_pkt_metadata(struct rte_security_ctx *instance, void *sess, struct rte_mbuf *mb, void *params) { /* Fast Path */ if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) { *rte_security_dynfield(mb) = (rte_security_dynfield_t) rte_security_session_fast_mdata_get(sess); return 0; error: patch failed: lib/security/rte_security.h:951 error: while searching for: */ __rte_experimental int rte_security_session_stats_get(struct rte_security_ctx *instance, void *sess, struct rte_security_stats *stats); error: patch failed: lib/security/rte_security.h:1105 error: while searching for: */ __rte_experimental int rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, uint16_t sa_id, enum rte_security_macsec_direction dir, struct rte_security_macsec_sa_stats *stats); error: patch failed: lib/security/rte_security.h:1125 error: while searching for: */ __rte_experimental int rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, uint16_t sc_id, enum rte_security_macsec_direction dir, struct rte_security_macsec_sc_stats *stats); error: patch failed: lib/security/rte_security.h:1145 error: while searching for: * - Return NULL if no capabilities available. */ const struct rte_security_capability * rte_security_capabilities_get(struct rte_security_ctx *instance); /** * Query if a specific capability is available on security instance error: patch failed: lib/security/rte_security.h:1296 error: while searching for: * - Return NULL if the capability not matched on security instance. */ const struct rte_security_capability * rte_security_capability_get(struct rte_security_ctx *instance, struct rte_security_capability_idx *idx); #ifdef __cplusplus error: patch failed: lib/security/rte_security.h:1310 Checking patch lib/security/rte_security_driver.h... error: while searching for: /**< Private session material, variable size (depends on driver) */ }; /** * Helper macro to get driver private data */ error: patch failed: lib/security/rte_security_driver.h:37 Applying patch app/test-crypto-perf/cperf_ops.c with 3 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Applying patch app/test-crypto-perf/cperf_test_latency.c with 1 reject... Rejected hunk #1. Applying patch app/test-crypto-perf/cperf_test_pmd_cyclecount.c with 1 reject... Rejected hunk #1. Applying patch app/test-crypto-perf/cperf_test_throughput.c with 1 reject... Rejected hunk #1. Applying patch app/test-crypto-perf/cperf_test_verify.c with 1 reject... Rejected hunk #1. Applying patch app/test-security-perf/test_security_perf.c with 1 reject... Rejected hunk #1. Applying patch app/test/test_cryptodev.c with 6 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Rejected hunk #4. Rejected hunk #5. Rejected hunk #6. Applying patch app/test/test_cryptodev_security_ipsec.c with 1 reject... Rejected hunk #1. Applying patch app/test/test_cryptodev_security_ipsec.h with 1 reject... Rejected hunk #1. Applying patch app/test/test_security_inline_macsec.c with 5 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Rejected hunk #4. Rejected hunk #5. Applying patch app/test/test_security_inline_proto.c with 7 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Rejected hunk #4. Rejected hunk #5. Rejected hunk #6. Rejected hunk #7. Applying patch doc/guides/prog_guide/rte_security.rst with 1 reject... Rejected hunk #1. Applying patch doc/guides/rel_notes/deprecation.rst with 1 reject... Rejected hunk #1. Applying patch doc/guides/rel_notes/release_23_11.rst with 1 reject... Rejected hunk #1. Applying patch examples/ipsec-secgw/ipsec-secgw.c with 1 reject... Rejected hunk #1. Applying patch examples/ipsec-secgw/ipsec.c with 5 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Rejected hunk #4. Rejected hunk #5. Applying patch examples/ipsec-secgw/ipsec.h with 1 reject... Rejected hunk #1. Applying patch examples/ipsec-secgw/ipsec_worker.c with 1 reject... Rejected hunk #1. Applying patch examples/ipsec-secgw/ipsec_worker.h with 2 rejects... Rejected hunk #1. Rejected hunk #2. Applying patch lib/security/rte_security.c with 14 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Rejected hunk #4. Rejected hunk #5. Rejected hunk #6. Rejected hunk #7. Rejected hunk #8. Rejected hunk #9. Rejected hunk #10. Rejected hunk #11. Rejected hunk #12. Rejected hunk #13. Rejected hunk #14. Applying patch lib/security/rte_security.h with 17 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Rejected hunk #4. Rejected hunk #5. Rejected hunk #6. Rejected hunk #7. Rejected hunk #8. Rejected hunk #9. Rejected hunk #10. Rejected hunk #11. Rejected hunk #12. Rejected hunk #13. Rejected hunk #14. Rejected hunk #15. Rejected hunk #16. Rejected hunk #17. Applying patch lib/security/rte_security_driver.h with 1 reject... Rejected hunk #1. hint: Use 'git am --show-current-patch' to see the failed patch diff a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c (rejected hunks) @@ -749,8 +749,7 @@ create_ipsec_session(struct rte_mempool *sess_mp, else sess_conf.ipsec.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx(dev_id); + void *ctx = rte_cryptodev_get_sec_ctx(dev_id); /* Create security session */ return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp); @@ -853,8 +852,7 @@ cperf_create_session(struct rte_mempool *sess_mp, .crypto_xform = &cipher_xform }; - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx(dev_id); + void *ctx = rte_cryptodev_get_sec_ctx(dev_id); /* Create security session */ return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp); @@ -901,8 +899,7 @@ cperf_create_session(struct rte_mempool *sess_mp, } }, .crypto_xform = &cipher_xform }; - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx(dev_id); + void *ctx = rte_cryptodev_get_sec_ctx(dev_id); /* Create security session */ return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp); diff a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c (rejected hunks) @@ -53,8 +53,7 @@ cperf_latency_test_free(struct cperf_latency_ctx *ctx) else if (ctx->options->op_type == CPERF_PDCP || ctx->options->op_type == CPERF_DOCSIS || ctx->options->op_type == CPERF_IPSEC) { - struct rte_security_ctx *sec_ctx = - rte_cryptodev_get_sec_ctx(ctx->dev_id); + void *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id); rte_security_session_destroy(sec_ctx, ctx->sess); } #endif diff a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c (rejected hunks) @@ -67,11 +67,9 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx) #ifdef RTE_LIB_SECURITY if (ctx->options->op_type == CPERF_PDCP || ctx->options->op_type == CPERF_DOCSIS) { - struct rte_security_ctx *sec_ctx = - (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx(ctx->dev_id); - rte_security_session_destroy(sec_ctx, - (void *)ctx->sess); + void *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id); + + rte_security_session_destroy(sec_ctx, (void *)ctx->sess); } else #endif rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess); diff a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c (rejected hunks) @@ -44,12 +44,9 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx) else if (ctx->options->op_type == CPERF_PDCP || ctx->options->op_type == CPERF_DOCSIS || ctx->options->op_type == CPERF_IPSEC) { - struct rte_security_ctx *sec_ctx = - (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx(ctx->dev_id); - rte_security_session_destroy( - sec_ctx, - (void *)ctx->sess); + void *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id); + + rte_security_session_destroy(sec_ctx, (void *)ctx->sess); } #endif else diff a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c (rejected hunks) @@ -48,8 +48,8 @@ cperf_verify_test_free(struct cperf_verify_ctx *ctx) else if (ctx->options->op_type == CPERF_PDCP || ctx->options->op_type == CPERF_DOCSIS || ctx->options->op_type == CPERF_IPSEC) { - struct rte_security_ctx *sec_ctx = - rte_cryptodev_get_sec_ctx(ctx->dev_id); + void *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id); + rte_security_session_destroy(sec_ctx, ctx->sess); } #endif diff a/app/test-security-perf/test_security_perf.c b/app/test-security-perf/test_security_perf.c (rejected hunks) @@ -344,7 +344,7 @@ test_security_session_perf(void *arg) struct rte_security_session_conf sess_conf; int i, ret, nb_sessions, nb_sess_total; struct rte_security_session **sess; - struct rte_security_ctx *sec_ctx; + void *sec_ctx; double setup_rate, destroy_rate; uint64_t setup_ms, destroy_ms; struct lcore_conf *conf = arg; diff a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c (rejected hunks) @@ -8931,9 +8931,7 @@ security_proto_supported(enum rte_security_session_action_type action, const struct rte_security_capability *capability; uint16_t i = 0; - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx( - ts_params->valid_devs[0]); + void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]); capabilities = rte_security_capabilities_get(ctx); @@ -8973,9 +8971,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc, struct crypto_unittest_params *ut_params = &unittest_params; uint8_t *plaintext; int ret = TEST_SUCCESS; - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx( - ts_params->valid_devs[0]); + void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]); struct rte_cryptodev_info dev_info; uint64_t feat_flags; @@ -9180,9 +9176,7 @@ test_pdcp_proto_SGL(int i, int oop, unsigned int trn_data = 0; struct rte_cryptodev_info dev_info; uint64_t feat_flags; - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx( - ts_params->valid_devs[0]); + void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]); struct rte_mbuf *temp_mbuf; rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); @@ -9905,7 +9899,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], struct ipsec_test_data *res_d_tmp = NULL; uint8_t input_text[IPSEC_TEXT_MAX_LEN]; int salt_len, i, ret = TEST_SUCCESS; - struct rte_security_ctx *ctx; + void *ctx; uint32_t src, dst; uint32_t verify; @@ -11088,9 +11082,7 @@ test_docsis_proto_uplink(const void *data) uint32_t crc_data_len; int ret = TEST_SUCCESS; - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx( - ts_params->valid_devs[0]); + void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]); /* Verify the capabilities */ struct rte_security_capability_idx sec_cap_idx; @@ -11272,9 +11264,7 @@ test_docsis_proto_downlink(const void *data) int32_t cipher_len, crc_len; int ret = TEST_SUCCESS; - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx( - ts_params->valid_devs[0]); + void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]); /* Verify the capabilities */ struct rte_security_capability_idx sec_cap_idx; diff a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c (rejected hunks) @@ -1249,7 +1249,7 @@ test_ipsec_status_check(const struct ipsec_test_data *td, } int -test_ipsec_stats_verify(struct rte_security_ctx *ctx, +test_ipsec_stats_verify(void *ctx, void *sess, const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir) diff a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h (rejected hunks) @@ -302,7 +302,7 @@ int test_ipsec_status_check(const struct ipsec_test_data *td, enum rte_security_ipsec_sa_direction dir, int pkt_num); -int test_ipsec_stats_verify(struct rte_security_ctx *ctx, +int test_ipsec_stats_verify(void *ctx, void *sess, const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir); diff a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c (rejected hunks) @@ -136,7 +136,7 @@ init_packet(struct rte_mempool *mp, const uint8_t *data, unsigned int len) static int init_mempools(unsigned int nb_mbuf) { - struct rte_security_ctx *sec_ctx; + void *sec_ctx; uint16_t nb_sess = 512; uint32_t sess_sz; char s[64]; @@ -482,7 +482,7 @@ test_macsec_post_process(struct rte_mbuf *m, const struct mcs_test_vector *td, } static void -mcs_stats_dump(struct rte_security_ctx *ctx, enum mcs_op op, +mcs_stats_dump(void *ctx, enum mcs_op op, void *rx_sess, void *tx_sess, uint8_t rx_sc_id, uint8_t tx_sc_id, uint16_t rx_sa_id[], uint16_t tx_sa_id[]) @@ -667,7 +667,7 @@ mcs_stats_dump(struct rte_security_ctx *ctx, enum mcs_op op, } static int -mcs_stats_check(struct rte_security_ctx *ctx, enum mcs_op op, +mcs_stats_check(void *ctx, enum mcs_op op, const struct mcs_test_opts *opts, const struct mcs_test_vector *td, void *rx_sess, void *tx_sess, @@ -900,7 +900,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs struct rte_security_macsec_sa sa_conf = {0}; struct rte_security_macsec_sc sc_conf = {0}; struct mcs_err_vector err_vector = {0}; - struct rte_security_ctx *ctx; + void *ctx; int nb_rx = 0, nb_sent; int i, j = 0, ret, id, an = 0; uint8_t tci_off; @@ -908,7 +908,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * opts->nb_td); - ctx = (struct rte_security_ctx *)rte_eth_dev_get_sec_ctx(port_id); + ctx = rte_eth_dev_get_sec_ctx(port_id); if (ctx == NULL) { printf("Ethernet device doesn't support security features.\n"); return TEST_SKIPPED; diff a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c (rejected hunks) @@ -136,7 +136,7 @@ static struct rte_flow *default_flow[RTE_MAX_ETHPORTS]; /* Create Inline IPsec session */ static int create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid, - void **sess, struct rte_security_ctx **ctx, + void **sess, void **ctx, uint32_t *ol_flags, const struct ipsec_test_flags *flags, struct rte_security_session_conf *sess_conf) { @@ -149,7 +149,7 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid, struct rte_security_capability_idx sec_cap_idx; const struct rte_security_capability *sec_cap; enum rte_security_ipsec_sa_direction dir; - struct rte_security_ctx *sec_ctx; + void *sec_ctx; uint32_t verify; sess_conf->action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL; @@ -221,7 +221,7 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid, sess_conf->userdata = (void *) sa; - sec_ctx = (struct rte_security_ctx *)rte_eth_dev_get_sec_ctx(portid); + sec_ctx = rte_eth_dev_get_sec_ctx(portid); if (sec_ctx == NULL) { printf("Ethernet device doesn't support security features.\n"); return TEST_SKIPPED; @@ -503,7 +503,7 @@ init_packet(struct rte_mempool *mp, const uint8_t *data, unsigned int len, bool static int init_mempools(unsigned int nb_mbuf) { - struct rte_security_ctx *sec_ctx; + void *sec_ctx; uint16_t nb_sess = 512; uint32_t sess_sz; char s[64]; @@ -846,7 +846,7 @@ test_ipsec_with_reassembly(struct reassembly_vector *vector, struct rte_crypto_sym_xform auth_in = {0}; struct rte_crypto_sym_xform aead_in = {0}; struct ipsec_test_data sa_data; - struct rte_security_ctx *ctx; + void *ctx; unsigned int i, nb_rx = 0, j; uint32_t ol_flags; bool outer_ipv4; @@ -1113,7 +1113,7 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td, struct rte_crypto_sym_xform auth = {0}; struct rte_crypto_sym_xform aead = {0}; struct sa_expiry_vector vector = {0}; - struct rte_security_ctx *ctx; + void *ctx; int nb_rx = 0, nb_sent; uint32_t ol_flags; int i, j = 0, ret; @@ -1398,7 +1398,7 @@ test_ipsec_inline_proto_process_with_esn(struct ipsec_test_data td[], struct rte_mbuf *tx_pkt = NULL; int nb_rx, nb_sent; void *ses; - struct rte_security_ctx *ctx; + void *ctx; uint32_t ol_flags; bool outer_ipv4; int i, ret; diff a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst (rejected hunks) @@ -637,7 +637,7 @@ And the session mempool object size should be enough to accommodate Once the session mempools have been created, ``rte_security_session_create()`` is used to allocate and initialize a session for the required crypto/ethernet device. -Session APIs need a parameter ``rte_security_ctx`` to identify the crypto/ethernet +Session APIs need an opaque handle to identify the crypto/ethernet security ops. This parameter can be retrieved using the APIs ``rte_cryptodev_get_sec_ctx()`` (for crypto device) or ``rte_eth_dev_get_sec_ctx`` (for ethernet port). diff a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst (rejected hunks) @@ -139,9 +139,6 @@ Deprecation Notices which got error interrupt to the application, so that application can reset that particular queue pair. -* security: Hide structures ``rte_security_ops`` and ``rte_security_ctx`` - as these are internal to DPDK library and drivers. - * eventdev: The single-event (non-burst) enqueue and dequeue operations, used by static inline burst enqueue and dequeue functions in ``rte_eventdev.h``, will be removed in DPDK 23.11. diff a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst (rejected hunks) @@ -144,6 +144,9 @@ API Changes except ``rte_thread_setname()`` and ``rte_ctrl_thread_create()`` which are replaced with ``rte_thread_set_name()`` and ``rte_thread_create_control()``. +* security: Structures ``rte_security_ops`` and ``rte_security_ctx`` were moved to + internal library headers not visible to application. + ABI Changes ----------- diff a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c (rejected hunks) @@ -568,7 +568,7 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, static inline void process_pkts(struct lcore_conf *qconf, struct rte_mbuf **pkts, - uint8_t nb_pkts, uint16_t portid, struct rte_security_ctx *ctx) + uint8_t nb_pkts, uint16_t portid, void *ctx) { struct ipsec_traffic traffic; diff a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c (rejected hunks) @@ -205,7 +205,7 @@ verify_ipsec_capabilities(struct rte_security_ipsec_xform *ipsec_xform, static inline int -verify_security_capabilities(struct rte_security_ctx *ctx, +verify_security_capabilities(void *ctx, struct rte_security_session_conf *sess_conf, uint32_t *ol_flags) { @@ -327,9 +327,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx_lcore[], }; if (ips->type == RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) { - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx( - cdev_id); + void *ctx = rte_cryptodev_get_sec_ctx(cdev_id); /* Set IPsec parameters in conf */ set_ipsec_conf(sa, &(sess_conf.ipsec)); @@ -411,7 +409,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, struct rte_ipsec_session *ips) { int32_t ret = 0; - struct rte_security_ctx *sec_ctx; + void *sec_ctx; struct rte_security_session_conf sess_conf = { .action_type = ips->type, .protocol = RTE_SECURITY_PROTOCOL_IPSEC, @@ -490,9 +488,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, struct rte_flow_error err; int ret = 0; - sec_ctx = (struct rte_security_ctx *) - rte_eth_dev_get_sec_ctx( - sa->portid); + sec_ctx = rte_eth_dev_get_sec_ctx(sa->portid); if (sec_ctx == NULL) { RTE_LOG(ERR, IPSEC, " rte_eth_dev_get_sec_ctx failed\n"); @@ -657,8 +653,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, return -1; } } else if (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) { - sec_ctx = (struct rte_security_ctx *) - rte_eth_dev_get_sec_ctx(sa->portid); + sec_ctx = rte_eth_dev_get_sec_ctx(sa->portid); if (sec_ctx == NULL) { RTE_LOG(ERR, IPSEC, diff a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h (rejected hunks) @@ -279,7 +279,7 @@ struct cnt_blk { struct lcore_rx_queue { uint16_t port_id; uint8_t queue_id; - struct rte_security_ctx *sec_ctx; + void *sec_ctx; } __rte_cache_aligned; struct buffer { diff a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c (rejected hunks) @@ -20,7 +20,7 @@ struct port_drv_mode_data { void *sess; - struct rte_security_ctx *ctx; + void *ctx; }; typedef void (*ipsec_worker_fn_t)(void); diff a/examples/ipsec-secgw/ipsec_worker.h b/examples/ipsec-secgw/ipsec_worker.h (rejected hunks) @@ -119,7 +119,7 @@ adjust_ipv6_pktlen(struct rte_mbuf *m, const struct rte_ipv6_hdr *iph, } static __rte_always_inline void -prepare_one_packet(struct rte_security_ctx *ctx, struct rte_mbuf *pkt, +prepare_one_packet(void *ctx, struct rte_mbuf *pkt, struct ipsec_traffic *t) { uint32_t ptype = pkt->packet_type; @@ -230,7 +230,7 @@ prepare_one_packet(struct rte_security_ctx *ctx, struct rte_mbuf *pkt, } static __rte_always_inline void -prepare_traffic(struct rte_security_ctx *ctx, struct rte_mbuf **pkts, +prepare_traffic(void *ctx, struct rte_mbuf **pkts, struct ipsec_traffic *t, uint16_t nb_pkts) { int32_t i; diff a/lib/security/rte_security.c b/lib/security/rte_security.c (rejected hunks) @@ -60,11 +60,12 @@ rte_security_oop_dynfield_register(void) } void * -rte_security_session_create(struct rte_security_ctx *instance, +rte_security_session_create(void *ctx, struct rte_security_session_conf *conf, struct rte_mempool *mp) { struct rte_security_session *sess = NULL; + struct rte_security_ctx *instance = ctx; uint32_t sess_priv_size; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL); @@ -93,10 +94,10 @@ rte_security_session_create(struct rte_security_ctx *instance, } int -rte_security_session_update(struct rte_security_ctx *instance, - void *sess, - struct rte_security_session_conf *conf) +rte_security_session_update(void *ctx, void *sess, struct rte_security_session_conf *conf) { + struct rte_security_ctx *instance = ctx; + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL, -ENOTSUP); RTE_PTR_OR_ERR_RET(sess, -EINVAL); @@ -106,8 +107,10 @@ rte_security_session_update(struct rte_security_ctx *instance, } unsigned int -rte_security_session_get_size(struct rte_security_ctx *instance) +rte_security_session_get_size(void *ctx) { + struct rte_security_ctx *instance = ctx; + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_get_size, 0, 0); return (sizeof(struct rte_security_session) + @@ -115,10 +118,10 @@ rte_security_session_get_size(struct rte_security_ctx *instance) } int -rte_security_session_stats_get(struct rte_security_ctx *instance, - void *sess, - struct rte_security_stats *stats) +rte_security_session_stats_get(void *ctx, void *sess, struct rte_security_stats *stats) { + struct rte_security_ctx *instance = ctx; + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL, -ENOTSUP); /* Parameter sess can be NULL in case of getting global statistics. */ @@ -128,8 +131,9 @@ rte_security_session_stats_get(struct rte_security_ctx *instance, } int -rte_security_session_destroy(struct rte_security_ctx *instance, void *sess) +rte_security_session_destroy(void *ctx, void *sess) { + struct rte_security_ctx *instance = ctx; int ret; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL, @@ -149,9 +153,9 @@ rte_security_session_destroy(struct rte_security_ctx *instance, void *sess) } int -rte_security_macsec_sc_create(struct rte_security_ctx *instance, - struct rte_security_macsec_sc *conf) +rte_security_macsec_sc_create(void *ctx, struct rte_security_macsec_sc *conf) { + struct rte_security_ctx *instance = ctx; int sc_id; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_create, -EINVAL, -ENOTSUP); @@ -165,9 +169,9 @@ rte_security_macsec_sc_create(struct rte_security_ctx *instance, } int -rte_security_macsec_sa_create(struct rte_security_ctx *instance, - struct rte_security_macsec_sa *conf) +rte_security_macsec_sa_create(void *ctx, struct rte_security_macsec_sa *conf) { + struct rte_security_ctx *instance = ctx; int sa_id; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_create, -EINVAL, -ENOTSUP); @@ -181,9 +185,10 @@ rte_security_macsec_sa_create(struct rte_security_ctx *instance, } int -rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id, +rte_security_macsec_sc_destroy(void *ctx, uint16_t sc_id, enum rte_security_macsec_direction dir) { + struct rte_security_ctx *instance = ctx; int ret; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_destroy, -EINVAL, -ENOTSUP); @@ -199,9 +204,10 @@ rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id } int -rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id, +rte_security_macsec_sa_destroy(void *ctx, uint16_t sa_id, enum rte_security_macsec_direction dir) { + struct rte_security_ctx *instance = ctx; int ret; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_destroy, -EINVAL, -ENOTSUP); @@ -217,10 +223,12 @@ rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id } int -rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, uint16_t sc_id, +rte_security_macsec_sc_stats_get(void *ctx, uint16_t sc_id, enum rte_security_macsec_direction dir, struct rte_security_macsec_sc_stats *stats) { + struct rte_security_ctx *instance = ctx; + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_stats_get, -EINVAL, -ENOTSUP); RTE_PTR_OR_ERR_RET(stats, -EINVAL); @@ -228,10 +236,12 @@ rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, uint16_t sc_ } int -rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, uint16_t sa_id, +rte_security_macsec_sa_stats_get(void *ctx, uint16_t sa_id, enum rte_security_macsec_direction dir, struct rte_security_macsec_sa_stats *stats) { + struct rte_security_ctx *instance = ctx; + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_stats_get, -EINVAL, -ENOTSUP); RTE_PTR_OR_ERR_RET(stats, -EINVAL); @@ -239,10 +249,9 @@ rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, uint16_t sa_ } int -__rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - void *sess, - struct rte_mbuf *m, void *params) +__rte_security_set_pkt_metadata(void *ctx, void *sess, struct rte_mbuf *m, void *params) { + struct rte_security_ctx *instance = ctx; #ifdef RTE_DEBUG RTE_PTR_OR_ERR_RET(sess, -EINVAL); RTE_PTR_OR_ERR_RET(instance, -EINVAL); @@ -255,19 +264,21 @@ __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, } const struct rte_security_capability * -rte_security_capabilities_get(struct rte_security_ctx *instance) +rte_security_capabilities_get(void *ctx) { + struct rte_security_ctx *instance = ctx; + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL); return instance->ops->capabilities_get(instance->device); } const struct rte_security_capability * -rte_security_capability_get(struct rte_security_ctx *instance, - struct rte_security_capability_idx *idx) +rte_security_capability_get(void *ctx, struct rte_security_capability_idx *idx) { const struct rte_security_capability *capabilities; const struct rte_security_capability *capability; + struct rte_security_ctx *instance = ctx; uint16_t i = 0; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL); @@ -401,12 +412,12 @@ static int security_capabilities_from_dev_id(int dev_id, const void **caps) { const struct rte_security_capability *capabilities; - struct rte_security_ctx *sec_ctx; + void *sec_ctx; if (rte_cryptodev_is_valid_dev(dev_id) == 0) return -EINVAL; - sec_ctx = (struct rte_security_ctx *)rte_cryptodev_get_sec_ctx(dev_id); + sec_ctx = rte_cryptodev_get_sec_ctx(dev_id); RTE_PTR_OR_ERR_RET(sec_ctx, -EINVAL); capabilities = rte_security_capabilities_get(sec_ctx); diff a/lib/security/rte_security.h b/lib/security/rte_security.h (rejected hunks) @@ -56,30 +56,6 @@ enum rte_security_ipsec_tunnel_type { #define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR 0x1 #define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR 0x2 -/** - * Security context for crypto/eth devices - * - * Security instance for each driver to register security operations. - * The application can get the security context from the crypto/eth device id - * using the APIs rte_cryptodev_get_sec_ctx()/rte_eth_dev_get_sec_ctx() - * This structure is used to identify the device(crypto/eth) for which the - * security operations need to be performed. - */ -struct rte_security_ctx { - void *device; - /**< Crypto/ethernet device attached */ - const struct rte_security_ops *ops; - /**< Pointer to security ops for the device */ - uint16_t sess_cnt; - /**< Number of sessions attached to this context */ - uint16_t macsec_sc_cnt; - /**< Number of MACsec SC attached to this context */ - uint16_t macsec_sa_cnt; - /**< Number of MACsec SA attached to this context */ - uint32_t flags; - /**< Flags for security context */ -}; - #define RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001 /**< Driver uses fast metadata update without using driver specific callback. * For fast mdata, mbuf dynamic field would be registered by driver @@ -695,7 +671,7 @@ struct rte_security_session_conf { * - On failure, NULL */ void * -rte_security_session_create(struct rte_security_ctx *instance, +rte_security_session_create(void *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp); @@ -711,7 +687,7 @@ rte_security_session_create(struct rte_security_ctx *instance, */ __rte_experimental int -rte_security_session_update(struct rte_security_ctx *instance, +rte_security_session_update(void *instance, void *sess, struct rte_security_session_conf *conf); @@ -725,7 +701,7 @@ rte_security_session_update(struct rte_security_ctx *instance, * - 0 if device is invalid or does not support the operation. */ unsigned int -rte_security_session_get_size(struct rte_security_ctx *instance); +rte_security_session_get_size(void *instance); /** * Free security session header and the session private data and @@ -742,7 +718,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance); * - other negative values in case of freeing private data errors. */ int -rte_security_session_destroy(struct rte_security_ctx *instance, void *sess); +rte_security_session_destroy(void *instance, void *sess); /** * @warning @@ -761,7 +737,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance, void *sess); */ __rte_experimental int -rte_security_macsec_sc_create(struct rte_security_ctx *instance, +rte_security_macsec_sc_create(void *instance, struct rte_security_macsec_sc *conf); /** @@ -780,7 +756,7 @@ rte_security_macsec_sc_create(struct rte_security_ctx *instance, */ __rte_experimental int -rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id, +rte_security_macsec_sc_destroy(void *instance, uint16_t sc_id, enum rte_security_macsec_direction dir); /** @@ -800,7 +776,7 @@ rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id */ __rte_experimental int -rte_security_macsec_sa_create(struct rte_security_ctx *instance, +rte_security_macsec_sa_create(void *instance, struct rte_security_macsec_sa *conf); /** @@ -819,7 +795,7 @@ rte_security_macsec_sa_create(struct rte_security_ctx *instance, */ __rte_experimental int -rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id, +rte_security_macsec_sa_destroy(void *instance, uint16_t sa_id, enum rte_security_macsec_direction dir); /** Device-specific metadata field type */ @@ -889,6 +865,27 @@ static inline bool rte_security_dynfield_is_registered(void) return rte_security_dynfield_offset >= 0; } +#define RTE_SECURITY_CTX_FLAGS_OFF 4 +/** + * Get security flags from security instance. + */ +static inline uint32_t +rte_security_ctx_flags_get(void *ctx) +{ + return *((uint32_t *)ctx + RTE_SECURITY_CTX_FLAGS_OFF); +} + +/** + * Set security flags in security instance. + */ +static inline void +rte_security_ctx_flags_set(void *ctx, uint32_t flags) +{ + uint32_t *data; + data = (((uint32_t *)ctx) + RTE_SECURITY_CTX_FLAGS_OFF); + *data = flags; +} + #define RTE_SECURITY_SESS_OPAQUE_DATA_OFF 0 #define RTE_SECURITY_SESS_FAST_MDATA_OFF 1 /** @@ -933,7 +930,7 @@ rte_security_session_fast_mdata_set(void *sess, uint64_t fdata) /** Function to call PMD specific function pointer set_pkt_metadata() */ __rte_experimental -int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, +int __rte_security_set_pkt_metadata(void *instance, void *sess, struct rte_mbuf *m, void *params); @@ -951,12 +948,12 @@ int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, * - On failure, a negative value. */ static inline int -rte_security_set_pkt_metadata(struct rte_security_ctx *instance, +rte_security_set_pkt_metadata(void *instance, void *sess, struct rte_mbuf *mb, void *params) { /* Fast Path */ - if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) { + if (rte_security_ctx_flags_get(instance) & RTE_SEC_CTX_F_FAST_SET_MDATA) { *rte_security_dynfield(mb) = (rte_security_dynfield_t) rte_security_session_fast_mdata_get(sess); return 0; @@ -1105,7 +1102,7 @@ struct rte_security_stats { */ __rte_experimental int -rte_security_session_stats_get(struct rte_security_ctx *instance, +rte_security_session_stats_get(void *instance, void *sess, struct rte_security_stats *stats); @@ -1125,7 +1122,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance, */ __rte_experimental int -rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, +rte_security_macsec_sa_stats_get(void *instance, uint16_t sa_id, enum rte_security_macsec_direction dir, struct rte_security_macsec_sa_stats *stats); @@ -1145,7 +1142,7 @@ rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, */ __rte_experimental int -rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, +rte_security_macsec_sc_stats_get(void *instance, uint16_t sc_id, enum rte_security_macsec_direction dir, struct rte_security_macsec_sc_stats *stats); @@ -1296,7 +1293,7 @@ struct rte_security_capability_idx { * - Return NULL if no capabilities available. */ const struct rte_security_capability * -rte_security_capabilities_get(struct rte_security_ctx *instance); +rte_security_capabilities_get(void *instance); /** * Query if a specific capability is available on security instance @@ -1310,7 +1307,7 @@ rte_security_capabilities_get(struct rte_security_ctx *instance); * - Return NULL if the capability not matched on security instance. */ const struct rte_security_capability * -rte_security_capability_get(struct rte_security_ctx *instance, +rte_security_capability_get(void *instance, struct rte_security_capability_idx *idx); #ifdef __cplusplus diff a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h (rejected hunks) @@ -37,6 +37,30 @@ struct rte_security_session { /**< Private session material, variable size (depends on driver) */ }; +/** + * Security context for crypto/eth devices + * + * Security instance for each driver to register security operations. + * The application can get the security context from the crypto/eth device id + * using the APIs rte_cryptodev_get_sec_ctx()/rte_eth_dev_get_sec_ctx() + * This structure is used to identify the device(crypto/eth) for which the + * security operations need to be performed. + */ +struct rte_security_ctx { + void *device; + /**< Crypto/ethernet device attached */ + const struct rte_security_ops *ops; + /**< Pointer to security ops for the device */ + uint32_t flags; + /**< Flags for security context */ + uint16_t sess_cnt; + /**< Number of sessions attached to this context */ + uint16_t macsec_sc_cnt; + /**< Number of MACsec SC attached to this context */ + uint16_t macsec_sa_cnt; + /**< Number of MACsec SA attached to this context */ +}; + /** * Helper macro to get driver private data */ https://lab.dpdk.org/results/dashboard/patchsets/27726/ UNH-IOL DPDK Community Lab