Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/113085/?format=api
http://patchwork.dpdk.org/api/patches/113085/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/patch/20220620071807.951128-4-ktejasree@marvell.com/", "project": { "id": 1, "url": "http://patchwork.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20220620071807.951128-4-ktejasree@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20220620071807.951128-4-ktejasree@marvell.com", "date": "2022-06-20T07:18:07", "name": "[3/3] crypto/cnxk: add anti-replay as per new firmware", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "0e572d759b3e61e37e016fe5d879a95f45974aa0", "submitter": { "id": 1789, "url": "http://patchwork.dpdk.org/api/people/1789/?format=api", "name": "Tejasree Kondoj", "email": "ktejasree@marvell.com" }, "delegate": { "id": 6690, "url": "http://patchwork.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patchwork.dpdk.org/project/dpdk/patch/20220620071807.951128-4-ktejasree@marvell.com/mbox/", "series": [ { "id": 23627, "url": "http://patchwork.dpdk.org/api/series/23627/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/list/?series=23627", "date": "2022-06-20T07:18:04", "name": "support new full context firmware", "version": 1, "mbox": "http://patchwork.dpdk.org/series/23627/mbox/" } ], "comments": "http://patchwork.dpdk.org/api/patches/113085/comments/", "check": "success", "checks": "http://patchwork.dpdk.org/api/patches/113085/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 23091A0545;\n\tMon, 20 Jun 2022 09:18:40 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 7FCF842820;\n\tMon, 20 Jun 2022 09:18:27 +0200 (CEST)", "from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com\n [67.231.156.173])\n by mails.dpdk.org (Postfix) with ESMTP id 080DA427F8\n for <dev@dpdk.org>; Mon, 20 Jun 2022 09:18:25 +0200 (CEST)", "from pps.filterd (m0045851.ppops.net [127.0.0.1])\n by mx0b-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id\n 25JNvSdh002439\n for <dev@dpdk.org>; Mon, 20 Jun 2022 00:18:25 -0700", "from dc5-exch02.marvell.com ([199.233.59.182])\n by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3gse7ndn4x-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)\n for <dev@dpdk.org>; Mon, 20 Jun 2022 00:18:25 -0700", "from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18;\n Mon, 20 Jun 2022 00:18:22 -0700", "from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend\n Transport; Mon, 20 Jun 2022 00:18:22 -0700", "from hyd1554.marvell.com (unknown [10.29.57.11])\n by maili.marvell.com (Postfix) with ESMTP id 7429B5B6958;\n Mon, 20 Jun 2022 00:18:19 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=CNXR9zUcvbZOpUeG1V2pg9YlwwPGXxfvDHT8utoE4gg=;\n b=SntyDYZ/ixCJOwhPGjyvJ7rzokXrgIlB7hJ1USg05CRrqhYidG3avtFySOpngvLu25rT\n DXpSWt32HiakMoe+u8cZ8TTzBYxxMLizeVWfBQPTuovR8AJOVJIEE35OXLNmQgBGzHcA\n 0CLeekl9n6Z7Dwdhk3F0zUDttx5mAzcS2fsQlugMabUrankOh9BNN/rv+DUZmja3nKIq\n tdbYfbyjVoRweHwPFyBzO2CEHt5cG64013NMBegv2iyx8W5o9nD446ux9R5VcSgMwaLm\n 2nBgyC8u5wHP5+lK6tsso6+g07kXN6ReDHPQSEgIrR6ZrQ92gwPm/SFK+RYlcDD2tlaY Qg==", "From": "Tejasree Kondoj <ktejasree@marvell.com>", "To": "Akhil Goyal <gakhil@marvell.com>", "CC": "Jerin Jacob <jerinj@marvell.com>, Anoob Joseph <anoobj@marvell.com>,\n Nithin Dabilpuram <ndabilpuram@marvell.com>, Vidya Sagar Velumuri\n <vvelumuri@marvell.com>, Archana Muniganti <marchana@marvell.com>, \"Ankur\n Dwivedi\" <adwivedi@marvell.com>, Kiran Kumar K <kirankumark@marvell.com>,\n Sunil Kumar Kori <skori@marvell.com>,\n Satha Rao <skoteshwar@marvell.com>, <dev@dpdk.org>", "Subject": "[PATCH 3/3] crypto/cnxk: add anti-replay as per new firmware", "Date": "Mon, 20 Jun 2022 12:48:07 +0530", "Message-ID": "<20220620071807.951128-4-ktejasree@marvell.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20220620071807.951128-1-ktejasree@marvell.com>", "References": "<20220620071807.951128-1-ktejasree@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-GUID": "lnmZOdA_YISe_60PW9bLorzdsIqIO0M8", "X-Proofpoint-ORIG-GUID": "lnmZOdA_YISe_60PW9bLorzdsIqIO0M8", "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.64.514\n definitions=2022-06-20_05,2022-06-17_01,2022-02-23_01", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org" }, "content": "Adding anti-replay changes as per new FP-FC microcode.\n\nSigned-off-by: Tejasree Kondoj <ktejasree@marvell.com>\n---\n drivers/common/cnxk/roc_ie_on.h | 5 +-\n drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 63 +++++++++++++----\n drivers/crypto/cnxk/cn9k_ipsec.c | 3 +\n drivers/crypto/cnxk/cn9k_ipsec_la_ops.h | 68 -------------------\n .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 1 +\n drivers/crypto/cnxk/cnxk_cryptodev_ops.h | 2 +-\n 6 files changed, 58 insertions(+), 84 deletions(-)", "diff": "diff --git a/drivers/common/cnxk/roc_ie_on.h b/drivers/common/cnxk/roc_ie_on.h\nindex 37f711c643..2d93cb609c 100644\n--- a/drivers/common/cnxk/roc_ie_on.h\n+++ b/drivers/common/cnxk/roc_ie_on.h\n@@ -18,8 +18,6 @@ enum roc_ie_on_ucc_ipsec {\n \tROC_IE_ON_UCC_SUCCESS = 0,\n \tROC_IE_ON_AUTH_UNSUPPORTED = 0xB0,\n \tROC_IE_ON_ENCRYPT_UNSUPPORTED = 0xB1,\n-\t/* Software defined completion code for anti-replay failed packets */\n-\tROC_IE_ON_SWCC_ANTI_REPLAY = 0xE7,\n };\n \n /* Helper macros */\n@@ -74,7 +72,8 @@ struct roc_ie_on_outb_hdr {\n \n struct roc_ie_on_inb_hdr {\n \tuint32_t sa_index;\n-\tuint64_t seq;\n+\tuint32_t seql;\n+\tuint32_t seqh;\n \tuint32_t pad;\n };\n \ndiff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c\nindex 8aab9c9f60..06dc18d195 100644\n--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c\n+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c\n@@ -65,8 +65,8 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,\n \telse {\n \t\tinfl_req->op_flags |= CPT_OP_FLAGS_IPSEC_DIR_INBOUND;\n \t\tprocess_inb_sa(op, sa, inst);\n-\t\tif (unlikely(sa->esn_en))\n-\t\t\tinfl_req->op_flags |= CPT_OP_FLAGS_IPSEC_INB_ESN;\n+\t\tif (unlikely(sa->replay_win_sz))\n+\t\t\tinfl_req->op_flags |= CPT_OP_FLAGS_IPSEC_INB_REPLAY;\n \t\tret = 0;\n \t}\n \n@@ -501,6 +501,45 @@ cn9k_cpt_crypto_adapter_enqueue(uintptr_t base, struct rte_crypto_op *op)\n \treturn 1;\n }\n \n+static inline int\n+ipsec_antireplay_check(struct cn9k_ipsec_sa *sa, uint32_t win_sz,\n+\t\t struct roc_ie_on_inb_hdr *data)\n+{\n+\tstruct roc_ie_on_common_sa *common_sa;\n+\tstruct roc_ie_on_inb_sa *in_sa;\n+\tstruct roc_ie_on_sa_ctl *ctl;\n+\tuint32_t seql, seqh = 0;\n+\tuint64_t seq;\n+\tuint8_t esn;\n+\tint ret;\n+\n+\tin_sa = &sa->in_sa;\n+\tcommon_sa = &in_sa->common_sa;\n+\tctl = &common_sa->ctl;\n+\n+\tesn = ctl->esn_en;\n+\tseql = rte_be_to_cpu_32(data->seql);\n+\n+\tif (!esn) {\n+\t\tseq = (uint64_t)seql;\n+\t} else {\n+\t\tseqh = rte_be_to_cpu_32(data->seqh);\n+\t\tseq = ((uint64_t)seqh << 32) | seql;\n+\t}\n+\n+\tif (unlikely(seq == 0))\n+\t\treturn IPSEC_ANTI_REPLAY_FAILED;\n+\n+\tret = cnxk_on_anti_replay_check(seq, &sa->ar, win_sz);\n+\tif (esn && !ret) {\n+\t\tcommon_sa = &sa->in_sa.common_sa;\n+\t\tif (seq > common_sa->seq_t.u64)\n+\t\t\tcommon_sa->seq_t.u64 = seq;\n+\t}\n+\n+\treturn ret;\n+}\n+\n static inline void\n cn9k_cpt_sec_post_process(struct rte_crypto_op *cop,\n \t\t\t struct cpt_inflight_req *infl_req)\n@@ -515,23 +554,23 @@ cn9k_cpt_sec_post_process(struct rte_crypto_op *cop,\n \tchar *data;\n \n \tif (infl_req->op_flags & CPT_OP_FLAGS_IPSEC_DIR_INBOUND) {\n-\t\tstruct roc_ie_on_common_sa *common_sa;\n \n \t\tdata = rte_pktmbuf_mtod(m, char *);\n-\t\tif (unlikely(infl_req->op_flags & CPT_OP_FLAGS_IPSEC_INB_ESN)) {\n-\t\t\tstruct roc_ie_on_inb_hdr *inb_hdr;\n-\t\t\tuint64_t seq;\n+\t\tif (unlikely(infl_req->op_flags &\n+\t\t\t CPT_OP_FLAGS_IPSEC_INB_REPLAY)) {\n+\t\t\tint ret;\n \n \t\t\tpriv = get_sec_session_private_data(\n \t\t\t\tsym_op->sec_session);\n \t\t\tsa = &priv->sa;\n-\t\t\tcommon_sa = &sa->in_sa.common_sa;\n \n-\t\t\tinb_hdr = (struct roc_ie_on_inb_hdr *)data;\n-\t\t\tseq = rte_be_to_cpu_64(inb_hdr->seq);\n-\n-\t\t\tif (seq > common_sa->seq_t.u64)\n-\t\t\t\tcommon_sa->seq_t.u64 = seq;\n+\t\t\tret = ipsec_antireplay_check(\n+\t\t\t\tsa, sa->replay_win_sz,\n+\t\t\t\t(struct roc_ie_on_inb_hdr *)data);\n+\t\t\tif (unlikely(ret)) {\n+\t\t\t\tcop->status = RTE_CRYPTO_OP_STATUS_ERROR;\n+\t\t\t\treturn;\n+\t\t\t}\n \t\t}\n \n \t\tip = (struct rte_ipv4_hdr *)(data + ROC_IE_ON_INB_RPTR_HDR);\ndiff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c\nindex 49a775eb7f..cb9cf174a4 100644\n--- a/drivers/crypto/cnxk/cn9k_ipsec.c\n+++ b/drivers/crypto/cnxk/cn9k_ipsec.c\n@@ -156,6 +156,9 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,\n \t\tsa->ar.wint = sa->replay_win_sz;\n \t\tsa->ar.base = sa->replay_win_sz;\n \n+\t\tsa->seq_lo = ipsec->esn.low;\n+\t\tsa->seq_hi = ipsec->esn.hi;\n+\n \t\tsa->in_sa.common_sa.seq_t.tl = sa->seq_lo;\n \t\tsa->in_sa.common_sa.seq_t.th = sa->seq_hi;\n \t}\ndiff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h\nindex 65dbb629b1..e469596756 100644\n--- a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h\n+++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h\n@@ -23,53 +23,6 @@ ipsec_po_out_rlen_get(struct cn9k_ipsec_sa *sa, uint32_t plen)\n \treturn sa->custom_hdr_len + sa->rlens.partial_len + enc_payload_len;\n }\n \n-static __rte_always_inline int\n-ipsec_antireplay_check(struct cn9k_ipsec_sa *sa, uint32_t win_sz,\n-\t\t struct rte_mbuf *m)\n-{\n-\tuint32_t esn_low = 0, esn_hi = 0, seql = 0, seqh = 0;\n-\tstruct roc_ie_on_common_sa *common_sa;\n-\tstruct roc_ie_on_inb_sa *in_sa;\n-\tstruct roc_ie_on_sa_ctl *ctl;\n-\tuint64_t seq_in_sa, seq = 0;\n-\tstruct rte_esp_hdr *esp;\n-\tuint8_t esn;\n-\tint ret;\n-\n-\tin_sa = &sa->in_sa;\n-\tcommon_sa = &in_sa->common_sa;\n-\tctl = &common_sa->ctl;\n-\n-\tesn = ctl->esn_en;\n-\tesn_low = rte_be_to_cpu_32(common_sa->seq_t.tl);\n-\tesn_hi = rte_be_to_cpu_32(common_sa->seq_t.th);\n-\n-\tesp = rte_pktmbuf_mtod_offset(m, void *, sizeof(struct rte_ipv4_hdr));\n-\tseql = rte_be_to_cpu_32(esp->seq);\n-\n-\tif (!esn) {\n-\t\tseq = (uint64_t)seql;\n-\t} else {\n-\t\tseqh = cnxk_on_anti_replay_get_seqh(win_sz, seql, esn_hi,\n-\t\t\t\t\t\t esn_low);\n-\t\tseq = ((uint64_t)seqh << 32) | seql;\n-\t}\n-\n-\tif (unlikely(seq == 0))\n-\t\treturn IPSEC_ANTI_REPLAY_FAILED;\n-\n-\tret = cnxk_on_anti_replay_check(seq, &sa->ar, win_sz);\n-\tif (esn && !ret) {\n-\t\tseq_in_sa = ((uint64_t)esn_hi << 32) | esn_low;\n-\t\tif (seq > seq_in_sa) {\n-\t\t\tcommon_sa->seq_t.tl = rte_cpu_to_be_32(seql);\n-\t\t\tcommon_sa->seq_t.th = rte_cpu_to_be_32(seqh);\n-\t\t}\n-\t}\n-\n-\treturn ret;\n-}\n-\n static __rte_always_inline int\n process_outb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa,\n \t\tstruct cpt_inst_s *inst)\n@@ -143,27 +96,6 @@ process_inb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa,\n {\n \tstruct rte_crypto_sym_op *sym_op = cop->sym;\n \tstruct rte_mbuf *m_src = sym_op->m_src;\n-\tint ret;\n-\n-\tif (sa->replay_win_sz) {\n-\t\tret = ipsec_antireplay_check(sa, sa->replay_win_sz, m_src);\n-\t\tif (unlikely(ret)) {\n-\t\t\t/* Use PASSTHROUGH op for failed antireplay packet */\n-\t\t\tinst->w4.u64 = 0;\n-\t\t\tinst->w4.s.opcode_major = ROC_SE_MAJOR_OP_MISC;\n-\t\t\tinst->w4.s.opcode_minor =\n-\t\t\t\tROC_SE_MISC_MINOR_OP_PASSTHROUGH;\n-\t\t\tinst->w4.s.param1 = 1;\n-\t\t\t/* Send out completion code only */\n-\t\t\tinst->w4.s.param2 =\n-\t\t\t\t(ROC_IE_ON_SWCC_ANTI_REPLAY << 8) | 0x1;\n-\t\t\tinst->w4.s.dlen = 1;\n-\t\t\tinst->dptr = rte_pktmbuf_iova(m_src);\n-\t\t\tinst->rptr = inst->dptr;\n-\t\t\tinst->w7.u64 = sa->inst.w7;\n-\t\t\treturn;\n-\t\t}\n-\t}\n \n \t/* Prepare CPT instruction */\n \tinst->w4.u64 = sa->inst.w4 | rte_pktmbuf_pkt_len(m_src);\ndiff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\nindex ba9eaf2325..705d67e91f 100644\n--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\n+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\n@@ -1269,6 +1269,7 @@ cn9k_sec_caps_update(struct rte_security_capability *sec_cap)\n #endif\n \t}\n \tsec_cap->ipsec.replay_win_sz_max = CNXK_ON_AR_WIN_SIZE_MAX;\n+\tsec_cap->ipsec.options.esn = 1;\n }\n \n void\ndiff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h\nindex 0b41d47de9..ffe4ae19aa 100644\n--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h\n+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h\n@@ -33,7 +33,7 @@ struct cpt_qp_meta_info {\n #define CPT_OP_FLAGS_METABUF\t (1 << 1)\n #define CPT_OP_FLAGS_AUTH_VERIFY (1 << 0)\n #define CPT_OP_FLAGS_IPSEC_DIR_INBOUND (1 << 2)\n-#define CPT_OP_FLAGS_IPSEC_INB_ESN (1 << 3)\n+#define CPT_OP_FLAGS_IPSEC_INB_REPLAY (1 << 3)\n \n struct cpt_inflight_req {\n \tunion cpt_res_s res;\n", "prefixes": [ "3/3" ] }{ "id": 113085, "url": "