From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CECDA457A1 for ; Mon, 12 Aug 2024 14:54:09 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C1E0D4029C; Mon, 12 Aug 2024 14:54:09 +0200 (CEST) Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2047.outbound.protection.outlook.com [40.107.223.47]) by mails.dpdk.org (Postfix) with ESMTP id DFD7440654 for ; Mon, 12 Aug 2024 14:54:07 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=w1bBim0rpm91P6J2Q8nsevoWXoBAMaHouYtcYrNb8LV51og3tPC2EtvSKiQUKD+0lTw0Nph9Ks01YfC+eRuLaGNY1x0Wi0hEMn5h2jA7c03dCaA0jA+HigdtXcEQy0DX9sqa3ssbJNY8ea4bDUcy1tetiar+PwOlMule6fBa0DJUspz2vOR3zMWaPagfrC0cdqPWU2rOCzcjaFWnPQTm07PQ5Sz8bwYu/dummaJ3lI2igtyfRYm/TJjLBf6zZbE3qIEVDF7ewzxJZn037u7PwpVtBPzYOZ0tG3dBT/6pVSHBUD9NL/CEQXhKuQxRlFOMhULJmFSZ3fAMYh18R0h1Ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KyiVEcXwjucwNkkCyxq0mLEGGBvGUF4uIV1Bvu1MPIU=; b=qoxbTme394q/Z9/g0Yt5qna/84a55omELdWtQ7qp5mdsb65UqnYBanTmxitFA0S2bVNYnam/1TG8E7n/Qn1w2YIa2QF4otfy3TzDXhOxsw0IOpRJcgiQgssJ8vAE7fdben4PJObJYW0ZF+VEqZIVa5fmVDc4DIBa6U1eMq0liayW60myZ+pAXvHD7R6ty1QgSflY/LMHAtqIcDZQmB8IHhk48MYB1R3Vr2iSaH1ZnRjLBBXLT5DHSOdwrq47Uelp5Vu1Vir2VA7BW2ohsLbV8koREAEYGSOaRVxKt8p6HcgfSTZ3RMg1kjqwhbxn8conHp3khIr9rsxPfSVNF3ItDA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=nxp.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KyiVEcXwjucwNkkCyxq0mLEGGBvGUF4uIV1Bvu1MPIU=; b=qamRHHKv/bkVHCID+1lbdQydRlTus/vOCLzzpfHXI/xRw6nwOiXLF67j20AE6gsIyZIajtpJyQL8xpRnO0TBZuViTA3fXbEiNUKrrG+7ksx+9Txq9Nz1nIw30TApIGrTqJL9aXbOmzv8VUseEOwMH6OE3KROyro52JgyKgZX55nytEyoHWePhFAdqotN2Iw+NYJ0PNPeZ0tK2g9Um0kQ0BjPRPDDtuJZN2X14iT0AO4qPKRMsei5JUdvXFBf4L+/lE6VtzaEkj0zTiNB1GDwSFNAMquI4BUqn/UeCuwFCxg2aEfauREn5IeTOby1nN0aOOtoCBR/+KbbDuw+HAZWXg== Received: from SN6PR04CA0096.namprd04.prod.outlook.com (2603:10b6:805:f2::37) by PH7PR12MB8428.namprd12.prod.outlook.com (2603:10b6:510:243::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7849.20; Mon, 12 Aug 2024 12:54:04 +0000 Received: from SA2PEPF00003F63.namprd04.prod.outlook.com (2603:10b6:805:f2:cafe::c1) by SN6PR04CA0096.outlook.office365.com (2603:10b6:805:f2::37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7849.22 via Frontend Transport; Mon, 12 Aug 2024 12:54:04 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by SA2PEPF00003F63.mail.protection.outlook.com (10.167.248.38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7849.8 via Frontend Transport; Mon, 12 Aug 2024 12:54:04 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Mon, 12 Aug 2024 05:53:51 -0700 Received: from nvidia.com (10.126.231.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Mon, 12 Aug 2024 05:53:49 -0700 From: Xueming Li To: Gagandeep Singh CC: , dpdk stable Subject: patch 'crypto/dpaa_sec: fix IPsec descriptor' has been queued to stable release 23.11.2 Date: Mon, 12 Aug 2024 20:48:28 +0800 Message-ID: <20240812125035.389667-32-xuemingl@nvidia.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240812125035.389667-1-xuemingl@nvidia.com> References: <20240712110153.309690-23-xuemingl@nvidia.com> <20240812125035.389667-1-xuemingl@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.126.231.35] X-ClientProxiedBy: rnnvmail201.nvidia.com (10.129.68.8) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SA2PEPF00003F63:EE_|PH7PR12MB8428:EE_ X-MS-Office365-Filtering-Correlation-Id: 3cc1975f-90cc-41b7-8e68-08dcbacdd873 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|36860700013|376014|82310400026|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?WgktYro6GKC9P61hDzkPHSppmNied6UKnXi4k0rCHCASF6s6emNruilHRxX/?= =?us-ascii?Q?NNyP9ex+IvxpFB6uYMYCQ0fC87yI9BWxSQVTWryR1yNar6fNXcPbnomMAGbA?= =?us-ascii?Q?NFngb/8JtwublHX28PAFmBItkesCmR6dS5jzXURit2huyc2Cz558NRx/fq67?= =?us-ascii?Q?HRJfvLTtYwSB1A6iwrLJCsMTdc8WzfVHvEbtzSOoVnLnRTVPn8Sh8qpdf5iW?= =?us-ascii?Q?ho6Fva/ckOUkoy2OOXhJ78beyVNMwKw2EAD0i3OLK1zC/yt+Bq234fhL7rji?= =?us-ascii?Q?yKsqjF2xZl/2SmSj3n9tCUApctkcc5ZYwQ3T52R7nYCri7zRTwoZ4w9s61Vk?= =?us-ascii?Q?h09244reqIq9QdnaMGmLvn9v3JzyM+Rrf4WyAPKDTJ9XWQpwFAuOTBTaxjGR?= =?us-ascii?Q?FlOYj3cpHoNPhP8khy/dyO34+zWDFsRHaRfIZbD8faD5Skqhpqqk/Xi76yIP?= =?us-ascii?Q?2y5rMVczBhg4gFfU2SPKbnvVdhEkdHi4U+Bgrf0D4qmlJTvP0GOs+Lb3Wolo?= =?us-ascii?Q?ouguMy0qKw65LpxMQY3bk/cNDui+WHb5+ZBWtc/6G3G/1MBciIXS3gdWOHM/?= =?us-ascii?Q?S+Ovi59SBr/KY7Dkupl9BNcopeDSqsI4XnThARje9/EvT0eTFsujMImpoDyy?= =?us-ascii?Q?uLwoQtW7l5wlrURIiKy5VudMZtYmFM2fyKRYJ208W45XP81qSX0euQ4Sdnxf?= =?us-ascii?Q?ywopD8apYmCvokk6UBvIubYxKAJHMVzswoXL20Qfqi4tEKT+ilSQcyUqR6d8?= =?us-ascii?Q?bsxW131+a7C87OrxWxKuIPGwZfO4vbVfKmdaOcwm0/4H5lV2T0UxhI2vqqn/?= =?us-ascii?Q?Sm3Y8CKq+3+17UcSStnCJxV5DY42BwuNKacmNgDgHHYAGM3gXphq3mrI/uqP?= =?us-ascii?Q?F8xq/C6fiCujrZVfZ+K4EG/DxYKtvhbOm0PxvI8uw86hohdlGCCTKvleQxLc?= =?us-ascii?Q?nhEjw3jBZXK7aetgaWFb7GV4zPRO0CDot/DWnfx4c7bJ01tO4eRzfPuPfohL?= =?us-ascii?Q?Xd0Wm//twlSGhKa40HnvKSQai8wFVtd+Pc9nBMsBDDNbZo1znxIELBNJIbvm?= =?us-ascii?Q?dkM71xvg6gRoJUHk8dUqRChO+aLcY5pqIDkcPxxU+n5rJ6TdXFmL/nptDpO/?= =?us-ascii?Q?VLAXIZ/4M1hUXSYHKjJqmMUsZHvzU7+f3ouUwr9FLu3WWMS9yynRlSrr9Vs3?= =?us-ascii?Q?bxw1SjWXNe11Bqj02zeuctqgk7RiMkPzk1ewWT745ae7x7TTlWK8r3dokNU/?= =?us-ascii?Q?nin7z7PlrDG+YZo+YeQicZSvuKha7M6hEWj1t8E2dVQwVjLHQw+REPVU4Cc1?= =?us-ascii?Q?i76AUPGnqT8pKAjrSqWJrIcugJZFVv1BgDR1uk16PunF3k9cuzBICEVZV2pl?= =?us-ascii?Q?C9J9oqlvQJQZPutvy0LFwKCsNNtIM7nEdHlA0fMYe5amUv3jaFIrI4IhQtkv?= =?us-ascii?Q?WiCRTOE64gurtKIH+/Fp+A8UtOzCBvlR?= X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE; SFS:(13230040)(36860700013)(376014)(82310400026)(1800799024); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Aug 2024 12:54:04.1031 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3cc1975f-90cc-41b7-8e68-08dcbacdd873 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: SA2PEPF00003F63.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB8428 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 23.11.2 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 08/14/24. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://git.dpdk.org/dpdk-stable/log/?h=23.11-staging This queued commit can be viewed at: https://git.dpdk.org/dpdk-stable/commit/?h=23.11-staging&id=6e2def6ca9a6b1131b9efaf5ce913e7110459883 Thanks. Xueming Li --- >From 6e2def6ca9a6b1131b9efaf5ce913e7110459883 Mon Sep 17 00:00:00 2001 From: Gagandeep Singh Date: Wed, 3 Jul 2024 15:56:41 +0530 Subject: [PATCH] crypto/dpaa_sec: fix IPsec descriptor Cc: Xueming Li [ upstream commit 046341575bd6e1210d6c12b595405ede41150da7 ] During IPsec operations, driver code pre-check whether KEYS can be inlined to limited size descriptor or not and based on that it decides to copy the complete KEY in descriptor or just give the memory pointer of KEY in descriptor. This pre-check code does not take care of padding required for security engine to make the KEYs inline which results in incorrect length descriptor for some algorithms. This patch fixes this issue by updating the pre-check code with proper padding size included for each supported algorithm. Fixes: 453b9593a3cf ("crypto/dpaax_sec: fix inline query for descriptors") Signed-off-by: Gagandeep Singh --- drivers/common/dpaax/caamflib/desc/ipsec.h | 73 ++++++++++++++++++++++ drivers/crypto/dpaa_sec/dpaa_sec.c | 4 +- 2 files changed, 75 insertions(+), 2 deletions(-) diff --git a/drivers/common/dpaax/caamflib/desc/ipsec.h b/drivers/common/dpaax/caamflib/desc/ipsec.h index 95fc3ea5ba..54fca3bc67 100644 --- a/drivers/common/dpaax/caamflib/desc/ipsec.h +++ b/drivers/common/dpaax/caamflib/desc/ipsec.h @@ -731,6 +731,79 @@ static inline void __gen_auth_key(struct program *program, authdata->key, authdata->key_type); } +/** + * rta_inline_ipsec_query() - Provide indications on which data items can be inlined + * and which shall be referenced in IPsec shared descriptor. + * @sd_base_len: Shared descriptor base length - bytes consumed by the commands, + * excluding the data items to be inlined (or corresponding + * pointer if an item is not inlined). Each cnstr_* function that + * generates descriptors should have a define mentioning + * corresponding length. + * @jd_len: Maximum length of the job descriptor(s) that will be used + * together with the shared descriptor. + * @data_len: Array of lengths of the data items trying to be inlined + * @inl_mask: 32bit mask with bit x = 1 if data item x can be inlined, 0 + * otherwise. + * @count: Number of data items (size of @data_len array); must be <= 32 + * @auth_algtype: Authentication algorithm type. + * @auth_index: Index value of data_len for authentication key length. + * -1 if authentication key length is not present in data_len. + * + * Return: 0 if data can be inlined / referenced, negative value if not. If 0, + * check @inl_mask for details. + */ +static inline int +rta_inline_ipsec_query(unsigned int sd_base_len, + unsigned int jd_len, + unsigned int *data_len, + uint32_t *inl_mask, + unsigned int count, + uint32_t auth_algtype, + int32_t auth_index) +{ + uint32_t dkp_protid; + + switch (auth_algtype & OP_PCL_IPSEC_AUTH_MASK) { + case OP_PCL_IPSEC_HMAC_MD5_96: + case OP_PCL_IPSEC_HMAC_MD5_128: + dkp_protid = OP_PCLID_DKP_MD5; + break; + case OP_PCL_IPSEC_HMAC_SHA1_96: + case OP_PCL_IPSEC_HMAC_SHA1_160: + dkp_protid = OP_PCLID_DKP_SHA1; + break; + case OP_PCL_IPSEC_HMAC_SHA2_256_128: + dkp_protid = OP_PCLID_DKP_SHA256; + break; + case OP_PCL_IPSEC_HMAC_SHA2_384_192: + dkp_protid = OP_PCLID_DKP_SHA384; + break; + case OP_PCL_IPSEC_HMAC_SHA2_512_256: + dkp_protid = OP_PCLID_DKP_SHA512; + break; + case OP_PCL_IPSEC_HMAC_SHA2_224_96: + case OP_PCL_IPSEC_HMAC_SHA2_224_112: + case OP_PCL_IPSEC_HMAC_SHA2_224_224: + dkp_protid = OP_PCLID_DKP_SHA224; + break; + default: + return rta_inline_query(sd_base_len, + jd_len, + data_len, + inl_mask, count); + } + + /* Updating the maximum supported inline key length */ + if (auth_index != -1) { + if (split_key_len(dkp_protid) > data_len[auth_index]) + data_len[auth_index] = split_key_len(dkp_protid); + } + return rta_inline_query(sd_base_len, + jd_len, + data_len, + inl_mask, count); +} + /** * cnstr_shdsc_ipsec_encap - IPSec ESP encapsulation protocol-level shared * descriptor. diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c index a301e8edb2..906ea39047 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c @@ -395,10 +395,10 @@ dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses) cdb->sh_desc[0] = cipherdata.keylen; cdb->sh_desc[1] = authdata.keylen; - err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN, + err = rta_inline_ipsec_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN, DESC_JOB_IO_LEN, (unsigned int *)cdb->sh_desc, - &cdb->sh_desc[2], 2); + &cdb->sh_desc[2], 2, authdata.algtype, 1); if (err < 0) { DPAA_SEC_ERR("Crypto: Incorrect key lengths"); -- 2.34.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2024-08-12 20:44:03.547048517 +0800 +++ 0031-crypto-dpaa_sec-fix-IPsec-descriptor.patch 2024-08-12 20:44:01.985069273 +0800 @@ -1 +1 @@ -From 046341575bd6e1210d6c12b595405ede41150da7 Mon Sep 17 00:00:00 2001 +From 6e2def6ca9a6b1131b9efaf5ce913e7110459883 Mon Sep 17 00:00:00 2001 @@ -4,0 +5,3 @@ +Cc: Xueming Li + +[ upstream commit 046341575bd6e1210d6c12b595405ede41150da7 ] @@ -20 +22,0 @@ -Cc: stable@dpdk.org @@ -29 +31 @@ -index eff26f6f8b..b902873970 100644 +index 95fc3ea5ba..54fca3bc67 100644 @@ -32 +34 @@ -@@ -728,6 +728,79 @@ static inline void __gen_auth_key(struct program *program, +@@ -731,6 +731,79 @@ static inline void __gen_auth_key(struct program *program, @@ -113 +115 @@ -index 7aa163330a..bf2a11a4d4 100644 +index a301e8edb2..906ea39047 100644