* [PATCH 01/11] common/dpaax: caamflib: fix PDCP-SDAP wdog DECO err
[not found] <20240703102649.3096530-1-g.singh@nxp.com>
@ 2024-07-03 10:26 ` Gagandeep Singh
2024-07-03 10:26 ` [PATCH 02/11] common/dpaax: caamflib: fix PDCP AES-AES " Gagandeep Singh
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:26 UTC (permalink / raw)
To: dev, Hemant Agrawal, Sachin Saxena, Akhil Goyal, Franck Lenormand; +Cc: stable
Adding a Jump instruction with CALM flag to ensure
previous processing has been completed.
Fixes: 3ba2e519eafa ("common/dpaax/caamflib: support PDCP-SDAP")
Cc: franck.lenormand@nxp.com
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/common/dpaax/caamflib/desc/sdap.h | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/common/dpaax/caamflib/desc/sdap.h b/drivers/common/dpaax/caamflib/desc/sdap.h
index b38c15a24f..d41bacf8f9 100644
--- a/drivers/common/dpaax/caamflib/desc/sdap.h
+++ b/drivers/common/dpaax/caamflib/desc/sdap.h
@@ -1,5 +1,5 @@
/* SPDX-License-Identifier: BSD-3-Clause
- * Copyright 2020-2022 NXP
+ * Copyright 2020-2023 NXP
*/
#ifndef __DESC_SDAP_H__
@@ -628,6 +628,10 @@ static inline int pdcp_sdap_insert_no_snoop_op(
/* Save the ICV generated */
MOVEB(p, CONTEXT1, 0, MATH3, 0, 4, WAITCOMP | IMMED);
+ /* conditional jump with calm added to ensure that the
+ * previous processing has been completed
+ */
+ JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
/* The CHA will be reused so we need to clear it */
LOAD(p, CLRW_RESET_CLS1_CHA |
CLRW_CLR_C1KEY |
@@ -718,6 +722,10 @@ static inline int pdcp_sdap_insert_no_snoop_op(
/* Save the ICV which is stalling in output FIFO to MATH3 */
MOVEB(p, OFIFO, 0, MATH3, 0, 4, IMMED);
+ /* conditional jump with calm added to ensure that the
+ * previous processing has been completed
+ */
+ JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
/* Reset class 1 CHA */
LOAD(p, CLRW_RESET_CLS1_CHA |
CLRW_CLR_C1KEY |
--
2.25.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 02/11] common/dpaax: caamflib: fix PDCP AES-AES wdog DECO err
[not found] <20240703102649.3096530-1-g.singh@nxp.com>
2024-07-03 10:26 ` [PATCH 01/11] common/dpaax: caamflib: fix PDCP-SDAP wdog DECO err Gagandeep Singh
@ 2024-07-03 10:26 ` Gagandeep Singh
2024-07-03 17:25 ` [EXTERNAL] " Akhil Goyal
2024-07-03 10:26 ` [PATCH 03/11] crypto/dpaa: fix SEC err due to an wrong desc Gagandeep Singh
2024-07-03 10:26 ` [PATCH 11/11] crypto/dpaa2_sec: fix issue of user ctxt for Event queue Gagandeep Singh
3 siblings, 1 reply; 6+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:26 UTC (permalink / raw)
To: dev, Hemant Agrawal, Sachin Saxena, Akhil Goyal, Vakul Garg
Cc: Varun Sethi, stable
From: Varun Sethi <v.sethi@nxp.com>
Adding a Jump instruction with CALM flag to ensure
previous processing has been completed.
Fixes: 8827d94398f1 ("crypto/dpaa2_sec/hw: support AES-AES 18-bit PDCP")
Cc: vakul.garg@nxp.com
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Varun Sethi <v.sethi@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index 7d16c66d79..0ed9eec816 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -1023,6 +1023,11 @@ pdcp_insert_uplane_aes_aes_op(struct program *p,
SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1 | FLUSH1);
MOVEB(p, CONTEXT1, 0, MATH3, 0, 4, WAITCOMP | IMMED);
+ /* conditional jump with calm added to ensure that the
+ * previous processing has been completed
+ */
+ JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
+
LOAD(p, CLRW_RESET_CLS1_CHA |
CLRW_CLR_C1KEY |
CLRW_CLR_C1CTX |
@@ -1070,6 +1075,11 @@ pdcp_insert_uplane_aes_aes_op(struct program *p,
MOVEB(p, OFIFO, 0, MATH3, 0, 4, IMMED);
+ /* conditional jump with calm added to ensure that the
+ * previous processing has been completed
+ */
+ JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
+
LOAD(p, CLRW_RESET_CLS1_CHA |
CLRW_CLR_C1KEY |
CLRW_CLR_C1CTX |
--
2.25.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [EXTERNAL] [PATCH 02/11] common/dpaax: caamflib: fix PDCP AES-AES wdog DECO err
2024-07-03 10:26 ` [PATCH 02/11] common/dpaax: caamflib: fix PDCP AES-AES " Gagandeep Singh
@ 2024-07-03 17:25 ` Akhil Goyal
0 siblings, 0 replies; 6+ messages in thread
From: Akhil Goyal @ 2024-07-03 17:25 UTC (permalink / raw)
To: Gagandeep Singh, dev, Hemant Agrawal, Sachin Saxena, Vakul Garg
Cc: Varun Sethi, stable
> From: Varun Sethi <v.sethi@nxp.com>
>
> Adding a Jump instruction with CALM flag to ensure
> previous processing has been completed.
>
> Fixes: 8827d94398f1 ("crypto/dpaa2_sec/hw: support AES-AES 18-bit PDCP")
> Cc: vakul.garg@nxp.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> Signed-off-by: Varun Sethi <v.sethi@nxp.com>
Series applied to dpdk-next-crypto
Updated .mailmap for Varun
Updated patch titles for most of the patches. Please review.
Thanks.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 03/11] crypto/dpaa: fix SEC err due to an wrong desc
[not found] <20240703102649.3096530-1-g.singh@nxp.com>
2024-07-03 10:26 ` [PATCH 01/11] common/dpaax: caamflib: fix PDCP-SDAP wdog DECO err Gagandeep Singh
2024-07-03 10:26 ` [PATCH 02/11] common/dpaax: caamflib: fix PDCP AES-AES " Gagandeep Singh
@ 2024-07-03 10:26 ` Gagandeep Singh
2024-07-03 10:26 ` [PATCH 11/11] crypto/dpaa2_sec: fix issue of user ctxt for Event queue Gagandeep Singh
3 siblings, 0 replies; 6+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:26 UTC (permalink / raw)
To: dev, Hemant Agrawal, Sachin Saxena, Akhil Goyal; +Cc: stable
During IPsec operations, driver code pre-check
whether KEYS can be inlined to limited size descriptor
or not and based on that it decides to copy the complete
KEY in descriptor or just give the memory pointer of
KEY in descriptor.
This pre-check code does not take care of padding required
for security engine to make the KEYs inline which results
in incorrect length descriptor for some algorithms.
This patch fixes this issue by updating the pre-check code
with proper padding size included for each supported
algorithm.
Fixes: 453b9593a3cf ("crypto/dpaax_sec: fix inline query for descriptors")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/common/dpaax/caamflib/desc/ipsec.h | 73 ++++++++++++++++++++++
drivers/crypto/dpaa_sec/dpaa_sec.c | 4 +-
2 files changed, 75 insertions(+), 2 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/ipsec.h b/drivers/common/dpaax/caamflib/desc/ipsec.h
index eff26f6f8b..b902873970 100644
--- a/drivers/common/dpaax/caamflib/desc/ipsec.h
+++ b/drivers/common/dpaax/caamflib/desc/ipsec.h
@@ -728,6 +728,79 @@ static inline void __gen_auth_key(struct program *program,
authdata->key, authdata->key_type);
}
+/**
+ * rta_inline_ipsec_query() - Provide indications on which data items can be inlined
+ * and which shall be referenced in IPsec shared descriptor.
+ * @sd_base_len: Shared descriptor base length - bytes consumed by the commands,
+ * excluding the data items to be inlined (or corresponding
+ * pointer if an item is not inlined). Each cnstr_* function that
+ * generates descriptors should have a define mentioning
+ * corresponding length.
+ * @jd_len: Maximum length of the job descriptor(s) that will be used
+ * together with the shared descriptor.
+ * @data_len: Array of lengths of the data items trying to be inlined
+ * @inl_mask: 32bit mask with bit x = 1 if data item x can be inlined, 0
+ * otherwise.
+ * @count: Number of data items (size of @data_len array); must be <= 32
+ * @auth_algtype: Authentication algorithm type.
+ * @auth_index: Index value of data_len for authentication key length.
+ * -1 if authentication key length is not present in data_len.
+ *
+ * Return: 0 if data can be inlined / referenced, negative value if not. If 0,
+ * check @inl_mask for details.
+ */
+static inline int
+rta_inline_ipsec_query(unsigned int sd_base_len,
+ unsigned int jd_len,
+ unsigned int *data_len,
+ uint32_t *inl_mask,
+ unsigned int count,
+ uint32_t auth_algtype,
+ int32_t auth_index)
+{
+ uint32_t dkp_protid;
+
+ switch (auth_algtype & OP_PCL_IPSEC_AUTH_MASK) {
+ case OP_PCL_IPSEC_HMAC_MD5_96:
+ case OP_PCL_IPSEC_HMAC_MD5_128:
+ dkp_protid = OP_PCLID_DKP_MD5;
+ break;
+ case OP_PCL_IPSEC_HMAC_SHA1_96:
+ case OP_PCL_IPSEC_HMAC_SHA1_160:
+ dkp_protid = OP_PCLID_DKP_SHA1;
+ break;
+ case OP_PCL_IPSEC_HMAC_SHA2_256_128:
+ dkp_protid = OP_PCLID_DKP_SHA256;
+ break;
+ case OP_PCL_IPSEC_HMAC_SHA2_384_192:
+ dkp_protid = OP_PCLID_DKP_SHA384;
+ break;
+ case OP_PCL_IPSEC_HMAC_SHA2_512_256:
+ dkp_protid = OP_PCLID_DKP_SHA512;
+ break;
+ case OP_PCL_IPSEC_HMAC_SHA2_224_96:
+ case OP_PCL_IPSEC_HMAC_SHA2_224_112:
+ case OP_PCL_IPSEC_HMAC_SHA2_224_224:
+ dkp_protid = OP_PCLID_DKP_SHA224;
+ break;
+ default:
+ return rta_inline_query(sd_base_len,
+ jd_len,
+ data_len,
+ inl_mask, count);
+ }
+
+ /* Updating the maximum supported inline key length */
+ if (auth_index != -1) {
+ if (split_key_len(dkp_protid) > data_len[auth_index])
+ data_len[auth_index] = split_key_len(dkp_protid);
+ }
+ return rta_inline_query(sd_base_len,
+ jd_len,
+ data_len,
+ inl_mask, count);
+}
+
/**
* cnstr_shdsc_ipsec_encap - IPSec ESP encapsulation protocol-level shared
* descriptor.
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 44528eaf7f..679f78c4b9 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -395,10 +395,10 @@ dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses)
cdb->sh_desc[0] = cipherdata.keylen;
cdb->sh_desc[1] = authdata.keylen;
- err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN,
+ err = rta_inline_ipsec_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN,
DESC_JOB_IO_LEN,
(unsigned int *)cdb->sh_desc,
- &cdb->sh_desc[2], 2);
+ &cdb->sh_desc[2], 2, authdata.algtype, 1);
if (err < 0) {
DPAA_SEC_ERR("Crypto: Incorrect key lengths");
--
2.25.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 11/11] crypto/dpaa2_sec: fix issue of user ctxt for Event queue
[not found] <20240703102649.3096530-1-g.singh@nxp.com>
` (2 preceding siblings ...)
2024-07-03 10:26 ` [PATCH 03/11] crypto/dpaa: fix SEC err due to an wrong desc Gagandeep Singh
@ 2024-07-03 10:26 ` Gagandeep Singh
3 siblings, 0 replies; 6+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:26 UTC (permalink / raw)
To: dev, Hemant Agrawal, Akhil Goyal, Ashish Jain; +Cc: Jun Yang, stable
From: Jun Yang <jun.yang@nxp.com>
Context configured should be aligned with context got in dq process.
Here the rx_vq is just the first element of qp which covers the issue.
Fixes: bffc7d561c81 ("crypto/dpaa2_sec: support event crypto adapter")
Cc: stable@dpdk.org
Signed-off-by: Jun Yang <jun.yang@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index eed66d721f..b35bba3bdd 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -4103,7 +4103,7 @@ dpaa2_sec_eventq_attach(const struct rte_cryptodev *dev,
cfg.dest_cfg.priority = priority;
cfg.options |= DPSECI_QUEUE_OPT_USER_CTX;
- cfg.user_ctx = (size_t)(qp);
+ cfg.user_ctx = (size_t)(&qp->rx_vq);
if (event->sched_type == RTE_SCHED_TYPE_ATOMIC) {
cfg.options |= DPSECI_QUEUE_OPT_ORDER_PRESERVATION;
cfg.order_preservation_en = 1;
--
2.25.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 03/11] crypto/dpaa: fix SEC err due to an wrong desc
[not found] <20240703101347.3091547-1-g.singh@nxp.com>
@ 2024-07-03 10:13 ` Gagandeep Singh
0 siblings, 0 replies; 6+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:13 UTC (permalink / raw)
To: hemant.agrawal; +Cc: Gagandeep Singh, stable
During IPsec operations, driver code pre-check
whether KEYS can be inlined to limited size descriptor
or not and based on that it decides to copy the complete
KEY in descriptor or just give the memory pointer of
KEY in descriptor.
This pre-check code does not take care of padding required
for security engine to make the KEYs inline which results
in incorrect length descriptor for some algorithms.
This patch fixes this issue by updating the pre-check code
with proper padding size included for each supported
algorithm.
Fixes: 453b9593a3cf ("crypto/dpaax_sec: fix inline query for descriptors")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/common/dpaax/caamflib/desc/ipsec.h | 73 ++++++++++++++++++++++
drivers/crypto/dpaa_sec/dpaa_sec.c | 4 +-
2 files changed, 75 insertions(+), 2 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/ipsec.h b/drivers/common/dpaax/caamflib/desc/ipsec.h
index eff26f6f8b..b902873970 100644
--- a/drivers/common/dpaax/caamflib/desc/ipsec.h
+++ b/drivers/common/dpaax/caamflib/desc/ipsec.h
@@ -728,6 +728,79 @@ static inline void __gen_auth_key(struct program *program,
authdata->key, authdata->key_type);
}
+/**
+ * rta_inline_ipsec_query() - Provide indications on which data items can be inlined
+ * and which shall be referenced in IPsec shared descriptor.
+ * @sd_base_len: Shared descriptor base length - bytes consumed by the commands,
+ * excluding the data items to be inlined (or corresponding
+ * pointer if an item is not inlined). Each cnstr_* function that
+ * generates descriptors should have a define mentioning
+ * corresponding length.
+ * @jd_len: Maximum length of the job descriptor(s) that will be used
+ * together with the shared descriptor.
+ * @data_len: Array of lengths of the data items trying to be inlined
+ * @inl_mask: 32bit mask with bit x = 1 if data item x can be inlined, 0
+ * otherwise.
+ * @count: Number of data items (size of @data_len array); must be <= 32
+ * @auth_algtype: Authentication algorithm type.
+ * @auth_index: Index value of data_len for authentication key length.
+ * -1 if authentication key length is not present in data_len.
+ *
+ * Return: 0 if data can be inlined / referenced, negative value if not. If 0,
+ * check @inl_mask for details.
+ */
+static inline int
+rta_inline_ipsec_query(unsigned int sd_base_len,
+ unsigned int jd_len,
+ unsigned int *data_len,
+ uint32_t *inl_mask,
+ unsigned int count,
+ uint32_t auth_algtype,
+ int32_t auth_index)
+{
+ uint32_t dkp_protid;
+
+ switch (auth_algtype & OP_PCL_IPSEC_AUTH_MASK) {
+ case OP_PCL_IPSEC_HMAC_MD5_96:
+ case OP_PCL_IPSEC_HMAC_MD5_128:
+ dkp_protid = OP_PCLID_DKP_MD5;
+ break;
+ case OP_PCL_IPSEC_HMAC_SHA1_96:
+ case OP_PCL_IPSEC_HMAC_SHA1_160:
+ dkp_protid = OP_PCLID_DKP_SHA1;
+ break;
+ case OP_PCL_IPSEC_HMAC_SHA2_256_128:
+ dkp_protid = OP_PCLID_DKP_SHA256;
+ break;
+ case OP_PCL_IPSEC_HMAC_SHA2_384_192:
+ dkp_protid = OP_PCLID_DKP_SHA384;
+ break;
+ case OP_PCL_IPSEC_HMAC_SHA2_512_256:
+ dkp_protid = OP_PCLID_DKP_SHA512;
+ break;
+ case OP_PCL_IPSEC_HMAC_SHA2_224_96:
+ case OP_PCL_IPSEC_HMAC_SHA2_224_112:
+ case OP_PCL_IPSEC_HMAC_SHA2_224_224:
+ dkp_protid = OP_PCLID_DKP_SHA224;
+ break;
+ default:
+ return rta_inline_query(sd_base_len,
+ jd_len,
+ data_len,
+ inl_mask, count);
+ }
+
+ /* Updating the maximum supported inline key length */
+ if (auth_index != -1) {
+ if (split_key_len(dkp_protid) > data_len[auth_index])
+ data_len[auth_index] = split_key_len(dkp_protid);
+ }
+ return rta_inline_query(sd_base_len,
+ jd_len,
+ data_len,
+ inl_mask, count);
+}
+
/**
* cnstr_shdsc_ipsec_encap - IPSec ESP encapsulation protocol-level shared
* descriptor.
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 44528eaf7f..679f78c4b9 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -395,10 +395,10 @@ dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses)
cdb->sh_desc[0] = cipherdata.keylen;
cdb->sh_desc[1] = authdata.keylen;
- err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN,
+ err = rta_inline_ipsec_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN,
DESC_JOB_IO_LEN,
(unsigned int *)cdb->sh_desc,
- &cdb->sh_desc[2], 2);
+ &cdb->sh_desc[2], 2, authdata.algtype, 1);
if (err < 0) {
DPAA_SEC_ERR("Crypto: Incorrect key lengths");
--
2.25.1
^ permalink raw reply [flat|nested] 6+ messages in thread