Re: [25.11 PATCH v3 0/5] Introduce DMA enqueue/dequeue operations

[Bruce Richardson]

On Sat, May 24, 2025 at 02:43:10PM +0530, pbhagavat...@marvell.com wrote:
> From: Pavan Nikhilesh 
> 
> Introduce DMA enqueue/dequeue operations to the DMA device library.
> 
> Add configuration flags to rte_dma_config instead of boolean for
> individual features.
> 
> The enqueue/dequeue operations allow applications to communicate with the
> DMA device using the rte_dma_op structure, providing a more flexible and
> efficient way to manage DMA operations.
> 

While I have no really strong objections to this addition to the dmadev
API, I'd appreciate if you could explain WHY or how this method of working
is more efficient in your usecase? When designing the dmadev APIs
originally, we looked at using both an enqueue-type API as well as the
implemented individual-op-based APIs. IIRC at that time testing showed that
using the single ops directly was faster than using the enqueue APIs, so
I'm wondering what exactly has changed, or is different about your usecase?

/Bruce

DPDK Summit CFP - September, California

[Thomas Monjalon]

Hello,

Reminder about our next DPDK Summit which will happen
in Intel headquarters at Santa Clara, California.

Dates: September 17-18, 2025.

To register: https://linuxfoundation.regfox.com/2025-bay-area-summit

To submit a talk: https://sessionize.com/dpdk-bay-area-summit-2025

You can propose a talk until June 19 (less than 4 weeks remaining).

See you there!

RE: [PATCH v1 1/4] ring: introduce extra run-time checks

[Morten Brørup]

> From: Konstantin Ananyev [mailto:konstantin.anan...@huawei.com]
> Sent: Monday, 26 May 2025 10.39
> 
> > > > > From: Konstantin Ananyev [mailto:konstantin.anan...@huawei.com]
> > > > > Sent: Wednesday, 21 May 2025 14.35
> > > > >
> > > > > > > From: Konstantin Ananyev
> [mailto:konstantin.anan...@huawei.com]
> > > > > > > Sent: Wednesday, 21 May 2025 13.14
> > > > > > >
> > > > > > > Add RTE_ASSERT() to check that different move_tail()
> flavors
> > > > > > > return meaningful  *entries value.
> > > > > > > It also helps to ensure that inside move_tail(), it uses
> > > correct
> > > > > > > head/tail values.
> > > > > > >
> > > > > > > Signed-off-by: Konstantin Ananyev
> > > 
> > > > > > > ---
> > > > > > >  lib/ring/rte_ring_c11_pvt.h  | 2 +-
> > > > > > >  lib/ring/rte_ring_elem_pvt.h | 8 ++--
> > > > > > >  lib/ring/rte_ring_hts_elem_pvt.h | 8 ++--
> > > > > > >  lib/ring/rte_ring_rts_elem_pvt.h | 8 ++--
> > > > > > >  lib/ring/soring.c| 2 ++
> > > > > > >  5 files changed, 21 insertions(+), 7 deletions(-)
> > > > > > >
> > > > > > > diff --git a/lib/ring/rte_ring_c11_pvt.h
> > > > > b/lib/ring/rte_ring_c11_pvt.h
> > > > > > > index b9388af0da..0845cd6dcf 100644
> > > > > > > --- a/lib/ring/rte_ring_c11_pvt.h
> > > > > > > +++ b/lib/ring/rte_ring_c11_pvt.h
> > > > > > > @@ -104,10 +104,10 @@ __rte_ring_headtail_move_head(struct
> > > > > > > rte_ring_headtail *d,
> > > > > > >   n = (behavior == RTE_RING_QUEUE_FIXED) ?
> > > > > > >   0 : *entries;
> > > > > > >
> > > > > > > + *new_head = *old_head + n;
> > > > > > >   if (n == 0)
> > > > > > >   return 0;
> > > > > > >
> > > > > > > - *new_head = *old_head + n;
> > > > > > >   if (is_st) {
> > > > > > >   d->head = *new_head;
> > > > > > >   success = 1;
> > > > > >
> > > > > > Is there a need to assign a value to *new_head if n==0?
> > > > >
> > > > > Not really, main reason I just moved this line up - to keep
> > > compiler
> > > > > happy.
> > > > > Otherwise it complained that *new_head might be left
> uninitialized.
> > > >
> > > > Your change might give the impression that *new_head is used by a
> > > caller. (Like I asked about.)
> > > > To please the compiler, you could mark new_head __rte_unused, or:
> > > >
> > > > -   if (n == 0)
> > > > +   if (n == 0) {
> > > > +   RTE_SET_USED(new_head);
> > > > return 0;
> > > > +   }
> 
> Actually, that wouldn't help.
> By some reason, after introducing RTE_ASSERT()  gcc13 believes that now
> cons_next can
> be used (stored) unfinalized here:
> 
> n = __rte_ring_move_cons_head(r, (int)is_sc, n, behavior,
> &cons_head, &cons_next, &entries);
> if (n == 0)
> goto end;
> 
> __rte_ring_dequeue_elems(r, cons_head, obj_table, esize, n);
> 
> __rte_ring_update_tail(&r->cons, cons_head, cons_next, is_sc,
> 0);
> 
> end:
>...
> 
> For me it is a false positive, somehow it missed that if (n==0) then
> update_table()
> wouldn't be called  at all. Full error message below.
> So making new_head always initialized, even if we are not going to use,
> seems
> like the simplest and cleanest way to fix it.

NAK.
Initializing new_head with potential garbage will prevent the compiler from 
detecting that it is being used uninitialized afterwards.

If the compiler is too stupid to understand "goto end", then please rewrite the 
affected code instead:
-   if (n == 0)
-   goto end;
+   if (n != 0) {
__rte_ring_dequeue_elems();
__rte_ring_update_tail();
-end:
+   }
...

> 
> est-pipeline_runtime.c.o -c ../app/test-pipeline/runtime.c
> In file included from ../lib/eal/include/rte_bitops.h:24,
>  from ../lib/eal/include/rte_memory.h:18,
>  from ../app/test-pipeline/runtime.c:19:
> In function '__rte_ring_update_tail',
> inlined from '__rte_ring_do_dequeue_elem' at
> ../lib/ring/rte_ring_elem_pvt.h:472:2,
> inlined from 'rte_ring_sc_dequeue_bulk_elem' at
> ../lib/ring/rte_ring_elem.h:344:9,
> inlined from 'rte_ring_sc_dequeue_bulk' at
> ../lib/ring/rte_ring.h:402:9,
> inlined from 'app_main_loop_worker' at ../app/test-
> pipeline/runtime.c:91:10:
> ../lib/eal/include/rte_stdatomic.h:139:9: error: 'cons_next' may be
> used uninitialized [-Werror=maybe-uninitialized]
>   139 | __atomic_store_n(ptr, val, memorder)
>   | ^~~~
> ../lib/ring/rte_ring_c11_pvt.h:39:9: note: in expansion of macro
> 'rte_atomic_store_explicit'
>39 | rte_atomic_store_explicit(&ht->tail, new_val,
> rte_memory_order_release);
>   | ^
> In file included from ../lib/ring/rte_ring_elem.h:20,
>  from ../lib/ring/rte_ring.h:38,
>  

RE: [EXTERNAL] [PATCH] drivers: remove __rte_used from functions for compatibility with MSVC

[Jerin Jacob]

> -Original Message- > From: Andre Muezerie  > Sent: Friday, April 4, 2025 7: 18 AM > To: Nithin Kumar Dabilpuram ; Kiran Kumar > Kokkilagadda ;



ZjQcmQRYFpfptBannerStart




  

  
	Prioritize security for external emails:
  
  
Confirm sender and content safety before clicking links or opening attachments
  





	Report Suspicious



 
  


ZjQcmQRYFpfptBannerEnd






> -Original Message-
> From: Andre Muezerie 
> Sent: Friday, April 4, 2025 7:18 AM
> To: Nithin Kumar Dabilpuram ; Kiran Kumar
> Kokkilagadda ; Sunil Kumar Kori
> ; Satha Koteswara Rao Kottidi
> ; Harman Kalra 
> Cc: dev@dpdk.org; Andre Muezerie 
> Subject: [EXTERNAL] [PATCH] drivers: remove __rte_used from functions for
> compatibility with MSVC
> 
> With gcc, the macro __rte_used translates to __attribute__((used)). MSVC has
> something to the same effect, but harder to use and with some limitations (one
> being that it cannot be used with "static"). Therefore, it makes sense to avoid
> __rte_used ZjQcmQRYFpfptBannerStart Prioritize security for external emails:
> Confirm sender and content safety before clicking links or opening attachments
>  ewt.proofpoint.com/EWT/v1/CRVmXkqW!t83ZtR_UwpW61E99mn37ThGThaB6
> gt7spCdfZvP9Yz5DLa-AKWhfbPLLmgyDnTM_FczAEE3KDso8-
> QC5MEstA0f8Xb8gLd9dJN3BVWrFMpv9DT2-yl2l$>
> Report Suspicious
> 
> ZjQcmQRYFpfptBannerEnd
> With gcc, the macro __rte_used translates to __attribute__((used)).
> MSVC has something to the same effect, but harder to use and with some
> limitations (one being that it cannot be used with "static"). Therefore, it makes
> sense to avoid __rte_used in some cases.
> 
> The functions modified in this patch don't really need to use __rte_used.
> Instead, these functions can be involved in same ifdefs used in the callers. That
> way, they are only defined when needed (when someone is actually calling the
> function). Doing so makes the code compatible with MSVC and avoids compiler
> warnings about functions being defined but not used.
> 
> Signed-off-by: Andre Muezerie 
> ---
>  drivers/net/cnxk/cn10k_rx_select.c | 6 +-
> drivers/net/cnxk/cn10k_tx_select.c | 6 --
> drivers/net/cnxk/cn20k_rx_select.c | 6 +-
> drivers/net/cnxk/cn20k_tx_select.c | 6 --
> drivers/net/cnxk/cn9k_rx_select.c  | 6 --
> drivers/net/cnxk/cn9k_tx_select.c  | 6 --
>  6 files changed, 26 insertions(+), 10 deletions(-)
> 
> diff --git a/drivers/net/cnxk/cn10k_rx_select.c
> b/drivers/net/cnxk/cn10k_rx_select.c
> index fe1f0dda73..658a434d75 100644
> --- a/drivers/net/cnxk/cn10k_rx_select.c
> +++ b/drivers/net/cnxk/cn10k_rx_select.c
> @@ -5,7 +5,9 @@
>  #include "cn10k_ethdev.h"
>  #include "cn10k_rx.h"
> 
> -static __rte_used void
> +#if defined(RTE_ARCH_ARM64)
> +#if !defined(CNXK_DIS_TMPLT_FUNC)

Please change to #if defined(RTE_ARCH_ARM64) && !defined(CNXK_DIS_TMPLT_FUNC)

[EXTERNAL] RE: [PATCH v2] cnxk: use stdatomic API

[Jerin Jacob]

> -Original Message- > From: pbhagavatula@ marvell. com  > Sent: Monday, May 12, 2025 7: 29 PM > To: Jerin Jacob ; Ankur Dwivedi > ; Anoob



ZjQcmQRYFpfptBannerStart




  

  
	Prioritize security for external emails:
  
  
Confirm sender and content safety before clicking links or opening attachments
  





	Report Suspicious



 
  


ZjQcmQRYFpfptBannerEnd






> -Original Message-
> From: pbhagavat...@marvell.com 
> Sent: Monday, May 12, 2025 7:29 PM
> To: Jerin Jacob ; Ankur Dwivedi
> ; Anoob Joseph ; Tejasree
> Kondoj ; Nithin Kumar Dabilpuram
> ; Kiran Kumar Kokkilagadda
> ; Sunil Kumar Kori ; Satha
> Koteswara Rao Kottidi ; Harman Kalra
> 
> Cc: dev@dpdk.org; Pavan Nikhilesh Bhagavatula 
> Subject: [PATCH v2] cnxk: use stdatomic API
> 
> From: Pavan Nikhilesh 
> 
> Replace GCC inbuilt atomic functions with rte_atomic_xxx API.
> 
> Signed-off-by: Pavan Nikhilesh 


Applied to dpdk-next-net-mrvl/for-main. Thanks

RE: [EXTERNAL] [PATCH] event/eth_tx: prefetch mbuf headers

[Jerin Jacob]

> -Original Message- > From: Mattias Rönnblom  > Sent: Friday, March 28, 2025 11: 14 AM > To: dev@ dpdk. org > Cc: Mattias Rönnblom ; Naga Harish K S V >



ZjQcmQRYFpfptBannerStart




  

  
	Prioritize security for external emails:
  
  
Confirm sender and content safety before clicking links or opening attachments
  





	Report Suspicious



 
  


ZjQcmQRYFpfptBannerEnd






> -Original Message-
> From: Mattias Rönnblom 
> Sent: Friday, March 28, 2025 11:14 AM
> To: dev@dpdk.org
> Cc: Mattias Rönnblom ; Naga Harish K S V
> ; Jerin Jacob ; Mattias
> Rönnblom ; Peter Nilsson
> 
> Subject: [EXTERNAL] [PATCH] event/eth_tx: prefetch mbuf headers
> 
> Prefetch mbuf headers, resulting in ~10% throughput improvement when the
> Ethernet RX and TX Adapters are hosted on the same core (likely ~2x in case a
> dedicated TX core is used). Signed-off-by: Mattias Rönnblom
>  ZjQcmQRYFpfptBannerStart Prioritize
> security for external emails:
> Confirm sender and content safety before clicking links or opening attachments
>  ewt.proofpoint.com/EWT/v1/CRVmXkqW!ts3Z1f8UAnW6tQ-
> 8GV06D3iRe_SCBEx9PYUJIyUORWurf4uKFWTOZJgdDvb8MN4r7sVskvluKWbQJA
> FSKNbZhgnYWE7w05dL0tNKMzLa4Q$>
> Report Suspicious
> 
> ZjQcmQRYFpfptBannerEnd
> Prefetch mbuf headers, resulting in ~10% throughput improvement when the
> Ethernet RX and TX Adapters are hosted on the same core (likely ~2x in case a
> dedicated TX core is used).
> 
> Signed-off-by: Mattias Rönnblom 
> Tested-by: Peter Nilsson 


@Naga Harish K S V Could you please review this patch so that I can merge it?

RE: [EXTERNAL] [PATCH v4] event/dlb2: consolidate AVX512 and SSE changes

[Jerin Jacob]

> -Original Message- > From: Tirthendu Sarkar  > Sent: Tuesday, April 8, 2025 6: 31 PM > To: dev@ dpdk. org > Cc: bruce. richardson@ intel. com; pravin. pathak@ intel. com; Tirthendu Sarkar >



ZjQcmQRYFpfptBannerStart




  

  
	Prioritize security for external emails:
  
  
Confirm sender and content safety before clicking links or opening attachments
  





	Report Suspicious



 
  


ZjQcmQRYFpfptBannerEnd






> -Original Message-
> From: Tirthendu Sarkar 
> Sent: Tuesday, April 8, 2025 6:31 PM
> To: dev@dpdk.org
> Cc: bruce.richard...@intel.com; pravin.pat...@intel.com; Tirthendu Sarkar
> 
> Subject: [EXTERNAL] [PATCH v4] event/dlb2: consolidate AVX512 and SSE
> changes
> 
> Streamline code for AVX512 and SSE by consolidating the common code and
> adding runtime check for selecting appropriate path based on CPU capability.
> Signed-off-by: Tirthendu Sarkar  --- v4: - Modify
> some AVX512 ZjQcmQRYFpfptBannerStart Prioritize security for external
> emails:
> Confirm sender and content safety before clicking links or opening attachments
>  ewt.proofpoint.com/EWT/v1/CRVmXkqW!to3Z1f8UAnVa9Q-
> c2d1a75llsiZWhaIku3wfs-4L9kE4PbZfEI7fJXP-
> MbPm2FLd5YH20gxH1eQr6I5YJrU5iLqy7Mg_SFHg_OMq_L0$>
> Report Suspicious
> 
> ZjQcmQRYFpfptBannerEnd
> Streamline code for AVX512 and SSE by consolidating the common code and
> adding runtime check for selecting appropriate path based on CPU capability.
> 
> Signed-off-by: Tirthendu Sarkar 


Please rebase to next-eventdev and send the updated patch and Keep Bruce's Ack in next version.
I will merge the next version.



[for-main]dell[dpdk-next-eventdev] $ git pw series apply 35002  
Failed to apply patch:
Applying: event/dlb2: consolidate AVX512 and SSE changes
error: sha1 information is lacking or useless (drivers/event/dlb2/dlb2_sse.c).
error: could not build fake ancestor
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
Patch failed at 0001 event/dlb2: consolidate AVX512 and SSE changes

[EXTERNAL] RE: [PATCH 1/3] eventdev: introduce event vector adapter

[Jerin Jacob]

> -Original Message- > From: pbhagavatula@ marvell. com  > Sent: Thursday, April 10, 2025 11: 31 PM > To: Jerin Jacob ; pravin. pathak@ intel. com; > hemant. agrawal@ nxp. com;



ZjQcmQRYFpfptBannerStart




  

  
	Prioritize security for external emails:
  
  
Confirm sender and content safety before clicking links or opening attachments
  





	Report Suspicious



 
  


ZjQcmQRYFpfptBannerEnd






> -Original Message-
> From: pbhagavat...@marvell.com 
> Sent: Thursday, April 10, 2025 11:31 PM
> To: Jerin Jacob ; pravin.pat...@intel.com;
> hemant.agra...@nxp.com; sachin.sax...@nxp.com;
> mattias.ronnb...@ericsson.com; lian...@liangbit.com;
> peter.mccar...@intel.com; harry.van.haa...@intel.com;
> erik.g.carri...@intel.com; abhinandan.guj...@intel.com; Amit Prakash Shukla
> ; s.v.naga.haris...@intel.com;
> anatoly.bura...@intel.com; Bruce Richardson 
> Cc: dev@dpdk.org; Pavan Nikhilesh Bhagavatula 
> Subject: [PATCH 1/3] eventdev: introduce event vector adapter
> 
> From: Pavan Nikhilesh 
> 
> The event vector adapter supports offloading creation of
> event vectors by vectorizing objects (mbufs/ptrs/u64s).
> Applications can create a vector adapter associated with
> an event queue and enqueue objects to be vectorized.
> When the vector reaches the configured size or when the timeout
> is reached, the vector adapter will enqueue the vector to the
> event queue.
> 
> Signed-off-by: Pavan Nikhilesh 

Any of the eventdev stake holder would like to review this feature?

[PATCH 5/6] crypto/cnxk: add check for max supported gather entries

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add check for max supported gather entries.

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/common/cnxk/roc_cpt_sg.h |  1 +
 drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 10 ++
 drivers/crypto/cnxk/cn10k_tls_ops.h  | 10 ++
 3 files changed, 21 insertions(+)

diff --git a/drivers/common/cnxk/roc_cpt_sg.h b/drivers/common/cnxk/roc_cpt_sg.h
index c12187144f..e7e01cd29a 100644
--- a/drivers/common/cnxk/roc_cpt_sg.h
+++ b/drivers/common/cnxk/roc_cpt_sg.h
@@ -14,6 +14,7 @@
 #define ROC_SG_ENTRY_SIZEsizeof(struct roc_sglist_comp)
 #define ROC_SG_MAX_COMP 25
 #define ROC_SG_MAX_DLEN_SIZE (ROC_SG_LIST_HDR_SIZE + (ROC_SG_MAX_COMP * 
ROC_SG_ENTRY_SIZE))
+#define ROC_SG2_MAX_PTRS 48
 
 struct roc_sglist_comp {
union {
diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h 
b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
index 2c500afbca..87442c2a1f 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
@@ -159,6 +159,11 @@ process_outb_sa(struct roc_cpt_lf *lf, struct 
rte_crypto_op *cop, struct cn10k_s
return -ENOMEM;
}
 
+   if (unlikely(m_src->nb_segs > ROC_SG2_MAX_PTRS)) {
+   plt_dp_err("Exceeds max supported components. Reduce 
segments");
+   return -1;
+   }
+
m_data = alloc_op_meta(NULL, m_info->mlen, m_info->pool, 
infl_req);
if (unlikely(m_data == NULL)) {
plt_dp_err("Error allocating meta buffer for request");
@@ -259,6 +264,11 @@ process_inb_sa(struct rte_crypto_op *cop, struct 
cn10k_sec_session *sess, struct
void *m_data;
int i;
 
+   if (unlikely(m_src->nb_segs > ROC_SG2_MAX_PTRS)) {
+   plt_dp_err("Exceeds max supported components. Reduce 
segments");
+   return -1;
+   }
+
m_data = alloc_op_meta(NULL, m_info->mlen, m_info->pool, 
infl_req);
if (unlikely(m_data == NULL)) {
plt_dp_err("Error allocating meta buffer for request");
diff --git a/drivers/crypto/cnxk/cn10k_tls_ops.h 
b/drivers/crypto/cnxk/cn10k_tls_ops.h
index c5ef3027ac..427c31425c 100644
--- a/drivers/crypto/cnxk/cn10k_tls_ops.h
+++ b/drivers/crypto/cnxk/cn10k_tls_ops.h
@@ -174,6 +174,11 @@ process_tls_write(struct roc_cpt_lf *lf, struct 
rte_crypto_op *cop, struct cn10k
return -ENOMEM;
}
 
+   if (unlikely(m_src->nb_segs > ROC_SG2_MAX_PTRS)) {
+   plt_dp_err("Exceeds max supported components. Reduce 
segments");
+   return -1;
+   }
+
m_data = alloc_op_meta(NULL, m_info->mlen, m_info->pool, 
infl_req);
if (unlikely(m_data == NULL)) {
plt_dp_err("Error allocating meta buffer for request");
@@ -305,6 +310,11 @@ process_tls_read(struct rte_crypto_op *cop, struct 
cn10k_sec_session *sess,
uint32_t g_size_bytes;
int i;
 
+   if (unlikely(m_src->nb_segs > ROC_SG2_MAX_PTRS)) {
+   plt_dp_err("Exceeds max supported components. Reduce 
segments");
+   return -1;
+   }
+
m_data = alloc_op_meta(NULL, m_info->mlen, m_info->pool, 
infl_req);
if (unlikely(m_data == NULL)) {
plt_dp_err("Error allocating meta buffer for request");
-- 
2.25.1

[PATCH 0/6] fixes and improvements to cnxk crypto PMD

[Tejasree Kondoj]

This patch adds fixes and improvements to cnxk crypto PMD.

Aakash Sasidharan (1):
  crypto/cnxk: fail Rx inject configure if not supported

Tejasree Kondoj (3):
  crypto/cnxk: add lookaside IPsec CPT LF stats
  crypto/cnxk: fix qp stats PMD API
  crypto/cnxk: enable IV from application support

Vidya Sagar Velumuri (2):
  crypto/cnxk: update the sg list population
  crypto/cnxk: add check for max supported gather entries

 drivers/common/cnxk/roc_cpt_sg.h  |  1 +
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c |  6 ++
 drivers/crypto/cnxk/cn10k_ipsec.c |  4 
 drivers/crypto/cnxk/cn10k_ipsec_la_ops.h  | 10 ++
 drivers/crypto/cnxk/cn10k_tls_ops.h   | 18 ++
 drivers/crypto/cnxk/cn9k_ipsec.c  | 19 +--
 drivers/crypto/cnxk/cn9k_ipsec_la_ops.h   |  5 +
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c |  6 ++
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c  |  3 ++-
 9 files changed, 41 insertions(+), 31 deletions(-)

-- 
2.25.1

[PATCH 6/6] crypto/cnxk: enable IV from application support

[Tejasree Kondoj]

Enabling IV from application as the default option.

Signed-off-by: Tejasree Kondoj 
---
 drivers/crypto/cnxk/cn9k_ipsec.c  | 19 +--
 drivers/crypto/cnxk/cn9k_ipsec_la_ops.h   |  5 +
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c |  6 ++
 3 files changed, 4 insertions(+), 26 deletions(-)

diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index fa00c428e6..62478d2340 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -48,11 +48,8 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
if (ret)
return ret;
 
-   sess->custom_hdr_len =
-   sizeof(struct roc_ie_on_outb_hdr) - ROC_IE_ON_MAX_IV_LEN;
+   sess->custom_hdr_len = sizeof(struct roc_ie_on_outb_hdr) - 
ROC_IE_ON_MAX_IV_LEN;
 
-#ifdef LA_IPSEC_DEBUG
-   /* Use IV from application in debug mode */
if (ipsec->options.iv_gen_disable == 1) {
sess->custom_hdr_len = sizeof(struct roc_ie_on_outb_hdr);
 
@@ -67,12 +64,6 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
sess->cipher_iv_len = crypto_xform->auth.iv.length;
}
}
-#else
-   if (ipsec->options.iv_gen_disable != 0) {
-   plt_err("Application provided IV is not supported");
-   return -ENOTSUP;
-   }
-#endif
 
ret = cnxk_on_ipsec_outb_sa_create(ipsec, crypto_xform, &sa->out_sa);
 
@@ -89,16 +80,8 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
param1.u16 = 0;
param1.s.ikev2 = 1;
 
-#ifdef LA_IPSEC_DEBUG
-   /* Use IV from application in debug mode */
if (ipsec->options.iv_gen_disable == 1)
param1.s.per_pkt_iv = ROC_IE_ON_IV_SRC_FROM_DPTR;
-#else
-   if (ipsec->options.iv_gen_disable != 0) {
-   plt_err("Application provided IV is not supported");
-   return -ENOTSUP;
-   }
-#endif
 
w4.s.param1 = param1.u16;
 
diff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h 
b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
index 3e9f1e7efb..befd5b0c05 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
@@ -159,13 +159,10 @@ process_outb_sa(struct cpt_qp_meta_info *m_info, struct 
rte_crypto_op *cop,
inst->w4.s.opcode_major |= (uint64_t)ROC_DMA_MODE_SG;
}
 
-#ifdef LA_IPSEC_DEBUG
if (sess->inst.w4 & ROC_IE_ON_PER_PKT_IV) {
-   memcpy(&hdr->iv[0],
-  rte_crypto_op_ctod_offset(cop, uint8_t *, 
sess->cipher_iv_off),
+   memcpy(&hdr->iv[0], rte_crypto_op_ctod_offset(cop, uint8_t *, 
sess->cipher_iv_off),
   sess->cipher_iv_len);
}
-#endif
 
m_src->pkt_len = pkt_len;
esn = ++sess->esn;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c 
b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index e78bc37c37..63d2eef349 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -2102,11 +2102,9 @@ cn10k_sec_ipsec_caps_update(struct 
rte_security_capability *sec_cap)
 static void
 cn9k_sec_ipsec_caps_update(struct rte_security_capability *sec_cap)
 {
-   if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
-#ifdef LA_IPSEC_DEBUG
+   if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
sec_cap->ipsec.options.iv_gen_disable = 1;
-#endif
-   }
+
sec_cap->ipsec.replay_win_sz_max = CNXK_ON_AR_WIN_SIZE_MAX;
sec_cap->ipsec.options.esn = 1;
 }
-- 
2.25.1

[PATCH 4/6] crypto/cnxk: fail Rx inject configure if not supported

[Tejasree Kondoj]

From: Aakash Sasidharan 

Rx inject is supported only with CPT05 microcode version.
sg_ver2 indicates if CPT05 is loaded. Fail the rx inject
configuration with ENOTSUP error if sg_ver2 is not supported.

Signed-off-by: Aakash Sasidharan 
---
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 851e6f0a88..947f50b4c8 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -1981,6 +1981,7 @@ cn10k_cryptodev_sec_rx_inject_configure(void *device, 
uint16_t port_id, bool ena
 {
struct rte_cryptodev *crypto_dev = device;
struct rte_eth_dev *eth_dev;
+   struct cnxk_cpt_vf *vf;
int ret;
 
if (!rte_eth_dev_is_valid_port(port_id))
@@ -1989,6 +1990,11 @@ cn10k_cryptodev_sec_rx_inject_configure(void *device, 
uint16_t port_id, bool ena
if (!(crypto_dev->feature_flags & RTE_CRYPTODEV_FF_SECURITY_RX_INJECT))
return -ENOTSUP;
 
+   /* Rx Inject is supported only with CPT05. sg_ver2 indicates that CPT05 
is loaded */
+   vf = crypto_dev->data->dev_private;
+   if (!(vf->cpt.hw_caps[CPT_ENG_TYPE_SE].sg_ver2 && 
vf->cpt.hw_caps[CPT_ENG_TYPE_IE].sg_ver2))
+   return -ENOTSUP;
+
eth_dev = &rte_eth_devices[port_id];
 
ret = strncmp(eth_dev->device->driver->name, "net_cn10k", 8);
-- 
2.25.1

[PATCH 3/6] crypto/cnxk: fix qp stats PMD API

[Tejasree Kondoj]

Fixing qp stats PMD API.

Fixes: bf52722b9377 ("crypto/cnxk: add PMD API to get queue stats")

Signed-off-by: Tejasree Kondoj 
---
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c 
b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 613ce11ec1..61f3e135aa 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -1218,7 +1218,7 @@ rte_pmd_cnxk_crypto_qp_stats_get(struct 
rte_pmd_cnxk_crypto_qptr *qptr,
 
stats->ctx_enc_pkts = plt_read64(lf->rbase + CPT_LF_CTX_ENC_PKT_CNT);
stats->ctx_enc_bytes = plt_read64(lf->rbase + CPT_LF_CTX_ENC_BYTE_CNT);
-   stats->ctx_dec_bytes = plt_read64(lf->rbase + CPT_LF_CTX_DEC_BYTE_CNT);
+   stats->ctx_dec_pkts = plt_read64(lf->rbase + CPT_LF_CTX_DEC_PKT_CNT);
stats->ctx_dec_bytes = plt_read64(lf->rbase + CPT_LF_CTX_DEC_BYTE_CNT);
 
return 0;
-- 
2.25.1

RE: [EXTERNAL] [PATCH v1 3/7] event/dlb2: return 96 single link ports for DLB2.5

[Jerin Jacob]

> -Original Message- > From: Pravin Pathak  > Sent: Friday, May 9, 2025 9: 54 AM > To: dev@ dpdk. org > Cc: Jerin Jacob ; mike. ximing. chen@ intel. com; > bruce. richardson@ intel. com;



ZjQcmQRYFpfptBannerStart




  

  
	Prioritize security for external emails:
  
  
Confirm sender and content safety before clicking links or opening attachments
  





	Report Suspicious



 
  


ZjQcmQRYFpfptBannerEnd






> -Original Message-
> From: Pravin Pathak 
> Sent: Friday, May 9, 2025 9:54 AM
> To: dev@dpdk.org
> Cc: Jerin Jacob ; mike.ximing.c...@intel.com;
> bruce.richard...@intel.com; tho...@monjalon.net;
> david.march...@redhat.com; nipun.gu...@amd.com; chen...@nvidia.com;
> tirthendu.sar...@intel.com; Pravin Pathak 
> Subject: [EXTERNAL] [PATCH v1 3/7] event/dlb2: return 96 single link ports for
> DLB2.5
> 
> DLB 2. 0 device has 64 single linked or directed ports. DLB 2. 5 device has 96
> single linked ports. This commit fixes issue of rte_event_dev_info_get returning
> 64 instead of 96 single link ports for DLB2. 5 Signed-off-by: Pravin Pathak
>  ZjQcmQRYFpfptBannerStart Prioritize security for
> external emails:
> Confirm sender and content safety before clicking links or opening attachments
>  ewt.proofpoint.com/EWT/v1/CRVmXkqW!tm3Z1f8UAnV69S-
> 8OZ3abn2jU1Fw7JxGFGe8PxaCk1tgptuJcLLTtaqClSLgCcW6cCMGxtozSljC4m3dXS
> Iq5PLlC3aNugbQj5Q$>
> Report Suspicious
> 
> ZjQcmQRYFpfptBannerEnd
> DLB 2.0 device has 64 single linked or directed ports.
> DLB 2.5 device has 96 single linked ports.
> This commit fixes issue of rte_event_dev_info_get returning 64 instead of 96


This is a fix. Please change the commit as event/dlb2: fix  and add Fixes: tag

Also, I think, 1/7, 2/7, 5/7, 6/7.

7/7 is missing Fixes: tag

RE: [EXTERNAL] [PATCH v1 4/7] event/dlb2: support managing history list resource

[Jerin Jacob]

> -Original Message- > From: Pravin Pathak  > Sent: Friday, May 9, 2025 9: 54 AM > To: dev@ dpdk. org > Cc: Jerin Jacob ; mike. ximing. chen@ intel. com; > bruce. richardson@ intel. com;



ZjQcmQRYFpfptBannerStart




  

  
	Prioritize security for external emails:
  
  
Confirm sender and content safety before clicking links or opening attachments
  





	Report Suspicious



 
  


ZjQcmQRYFpfptBannerEnd






> -Original Message-
> From: Pravin Pathak 
> Sent: Friday, May 9, 2025 9:54 AM
> To: dev@dpdk.org
> Cc: Jerin Jacob ; mike.ximing.c...@intel.com;
> bruce.richard...@intel.com; tho...@monjalon.net;
> david.march...@redhat.com; nipun.gu...@amd.com; chen...@nvidia.com;
> tirthendu.sar...@intel.com; Pravin Pathak 
> Subject: [EXTERNAL] [PATCH v1 4/7] event/dlb2: support managing history list
> resource
> 
> Add support for setting application specified port history Set HL equal to CQ
> depth when inflight control is enabled Added command line parameters
> 'use_default_hl' (default: 1) and 'alloc_hl_entries' - When 'use_default_hl = 1' *
> Per port HL ZjQcmQRYFpfptBannerStart Prioritize security for external emails:
> Confirm sender and content safety before clicking links or opening attachments
>  ewt.proofpoint.com/EWT/v1/CRVmXkqW!tm3Z1f8UAnV69S-
> 8OZ3abn2jU1Fw7JxGFGecPxaCk1uQu97fQz1QdXWof_KxtumPzB31X_fWX1Ns4
> HIeAFdHnOYAiGPs37vC1U0$>
> Report Suspicious
> 
> ZjQcmQRYFpfptBannerEnd
> Add support for setting application specified port history Set HL equal to CQ
> depth when inflight control is enabled Added command line parameters
> 'use_default_hl' (default: 1)
>and 'alloc_hl_entries'
>  - When 'use_default_hl = 1'
>* Per port HL is set to DLB2_FIXED_CQ_HL_SIZE (32)
>* Recommended CQ depth by dlb2_eventdev_port_default_conf_get()
>  is DLB2_FIXED_CQ_HL_SIZE/2
>* command line parameter alloc_hl_entries is ignored
>  - When 'use_default_hl = 0'
>* Per LDB port HL = 2 * CQ depth
>* Recommended CQ depth by dlb2_eventdev_port_default_conf_get()
>  is DLB2_FIXED_CQ_HL_SIZE
>* User should calculate needed HL entries based on CQ depths the
>  application will use and specify it as command line parameter
>  'alloc_hl_entries'.  This will be used to allocate HL entries.
>   alloc_hl_entries = (Sum of all LDB ports CQ depths * 2)
>* If alloc_hl_entries is not specified, then
>  Total HL entries for the eventdev  = num_ldb_ports * 64
> 
> Signed-off-by: Pravin Pathak 
> Signed-off-by: Tirthendu Sarkar 
> ---
>  drivers/event/dlb2/dlb2.c  | 220 +
>  drivers/event/dlb2/dlb2_iface.c|   5 +-
>  drivers/event/dlb2/dlb2_iface.h|   4 +-
>  drivers/event/dlb2/dlb2_priv.h |  19 +-
>  drivers/event/dlb2/dlb2_user.h |  24 +++
>  drivers/event/dlb2/pf/base/dlb2_regs.h |   9 +
>  drivers/event/dlb2/pf/base/dlb2_resource.c |  74 +++
> drivers/event/dlb2/pf/base/dlb2_resource.h |  18 ++
>  drivers/event/dlb2/pf/dlb2_pf.c|  29 ++-
>  drivers/event/dlb2/rte_pmd_dlb2.c  |  23 +++
>  drivers/event/dlb2/rte_pmd_dlb2.h  |  40 
>  drivers/event/dlb2/version.map |   1 +
>  12 files changed, 422 insertions(+), 44 deletions(-)
> 
> diff --git a/drivers/event/dlb2/dlb2.c b/drivers/event/dlb2/dlb2.c index
> 24c56a7968..cd843bb9d0 100644
> --- a/drivers/event/dlb2/dlb2.c
> +++ b/drivers/event/dlb2/dlb2.c
> @@ -727,6 +727,50 @@ set_enable_cq_weight(const char *key __rte_unused,
>  	return 0;
>  }
> 
> +static int set_hl_override(const char *key __rte_unused, const char *value,
> +			   void *opaque)
> +{
> +	bool *default_hl = opaque;
> +
> +	if (value == NULL || opaque == NULL) {
> +		DLB2_LOG_ERR("NULL pointer");
> +		return -EINVAL;
> +	}
> +
> +	if ((*value == 'n') || (*value == 'N') || (*value == '0'))
> +		*default_hl = false;
> +	else
> +		*default_hl = true;
> +
> +	return 0;
> +}
> +
> +static int set_hl_entries(const char *key __rte_unused, const char *value,
> +			  void *
> +
> +	return dlb2_set_port_param(dlb2, port_id, flags, val); }
> diff --git a/drivers/event/dlb2/rte_pmd_dlb2.h
> b/drivers/event/dlb2/rte_pmd_dlb2.h
> index 207ce6a3fd..3f529860ba 100644
> --- a/drivers/event/dlb2/rte_pmd_dlb2.h
> +++ b/drivers/event/dlb2/rte_pmd_dlb2.h
> @@ -91,6 +91,46 @@ rte_pmd_dlb2_set_token_pop_mode(uint8_t dev_id,
>  uint8_t port_id,
>  enum dlb2_token_pop_mode mode);
> 
> +/** Set inflight threshold for flow migration */ #define
> +DLB2_FLOW_MIGRATION_THRESHOLD RTE_BIT64(0)
> +
> +/** Set port history list */
> +#define DLB2_SET_PORT_HL RTE_BIT64(1)
> +
> +struct dlb2_port_param {
> +	uint16_t inflight_threshold : 12;
> +	uint16_t port_hl;
> +};
> +
> +/*!
> + * @warning
> + * @b EXPERIMENTAL: this API may change, or be removed, without prior
> +notice
> + *
> + * Configure various port parameters.
> + * AUTO_POP. This function must be called before calling
> +rte_event

RE: [EXTERNAL] [PATCH v1 4/7] event/dlb2: support managing history list resource

[Jerin Jacob]

> -Original Message- > From: Pravin Pathak  > Sent: Friday, May 9, 2025 9: 54 AM > To: dev@ dpdk. org > Cc: Jerin Jacob ; mike. ximing. chen@ intel. com; > bruce. richardson@ intel. com;



ZjQcmQRYFpfptBannerStart




  

  
	Prioritize security for external emails:
  
  
Confirm sender and content safety before clicking links or opening attachments
  





	Report Suspicious



 
  


ZjQcmQRYFpfptBannerEnd






> -Original Message-
> From: Pravin Pathak 
> Sent: Friday, May 9, 2025 9:54 AM
> To: dev@dpdk.org
> Cc: Jerin Jacob ; mike.ximing.c...@intel.com;
> bruce.richard...@intel.com; tho...@monjalon.net;
> david.march...@redhat.com; nipun.gu...@amd.com; chen...@nvidia.com;
> tirthendu.sar...@intel.com; Pravin Pathak 
> Subject: [EXTERNAL] [PATCH v1 4/7] event/dlb2: support managing history list
> resource
> 
> Add support for setting application specified port history Set HL equal to CQ
> depth when inflight control is enabled Added command line parameters

> 
> +/** Set inflight threshold for flow migration */ #define
> +DLB2_FLOW_MIGRATION_THRESHOLD RTE_BIT64(0)

Keep DLB2_SET_PORT_ prefix as this flag is used with this API

> +
> +/** Set port history list */
> +#define DLB2_SET_PORT_HL RTE_BIT64(1)
> +
> +struct dlb2_port_param {
> +	uint16_t inflight_threshold : 12;
> +	uint16_t port_hl;
> +};

Not used this by PMD API. Move to .c or private header file.


> +/*!

Use doxygen syntax. See html generate file


> + * @warning
> + * @b EXPERIMENTAL: this API may change, or be removed, without prior
> +notice
> + *
> + * Configure various port parameters.
> + * AUTO_POP. This function must be called before calling
> +rte_event_port_setup()
> + * for the port, but after calling rte_event_dev_configure().
> + *
> + * @param dev_id
> + *The identifier of the event device.
> + * @param port_id
> + *The identifier of the event port.
> + * @param flags
> + *Bitmask of the parameters being set.
> + * @param val
> + *Structure coantaining the values of parameters being set.
> + *
> + * @return
> + * - 0: Success
> + * - EINVAL: Invalid dev_id, port_id, or mode
> + * - EINVAL: The DLB2 is not configured, is already running, or the port is
> + *   already setup
> + */
> +__rte_experimental
> +int
> +rte_pmd_dlb2_set_port_param(uint8_t dev_id,
> +			uint8_t port_id,
> +			uint64_t flags,
> +			void *val);

Is this expecting dlb2_port_param structure. If so, make rte_pmd_dlb2_port_param.
i.e prefix rte_pmd to fix name conflict as it is public API. Also
Please send separate patch to fix name space for enum dlb2_token_pop_mode and 
AUTO_POP (Change RTE_PMD_DLB2_)


>  #ifdef __cplusplus
>  }
>  #endif
> diff --git a/drivers/event/dlb2/version.map b/drivers/event/dlb2/version.map
> index c37d2302cd..be5a8f6f2b 100644
> --- a/drivers/event/dlb2/version.map
> +++ b/drivers/event/dlb2/version.map
> @@ -7,4 +7,5 @@ EXPERIMENTAL {
> 
>  	# added in 20.11
>  	rte_pmd_dlb2_set_token_pop_mode;

Add added in 25.07

> +	rte_pmd_dlb2_set_port_param;
>  };
> --
> 2.25.1

[PATCH 1/6] crypto/cnxk: update the sg list population

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

update the last seg with length before populating the scatter list

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn10k_tls_ops.h | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/cnxk/cn10k_tls_ops.h 
b/drivers/crypto/cnxk/cn10k_tls_ops.h
index e8e2547f68..c5ef3027ac 100644
--- a/drivers/crypto/cnxk/cn10k_tls_ops.h
+++ b/drivers/crypto/cnxk/cn10k_tls_ops.h
@@ -136,6 +136,8 @@ process_tls_write(struct roc_cpt_lf *lf, struct 
rte_crypto_op *cop, struct cn10k
 
g_size_bytes = ((i + 3) / 4) * sizeof(struct roc_sglist_comp);
 
+   /* Output Scatter List */
+   last_seg->data_len += sess->max_extended_len + pad_bytes;
i = 0;
scatter_comp = (struct roc_sglist_comp *)((uint8_t 
*)gather_comp + g_size_bytes);
 
@@ -156,8 +158,6 @@ process_tls_write(struct roc_cpt_lf *lf, struct 
rte_crypto_op *cop, struct cn10k
w4.s.opcode_major |= (uint64_t)ROC_DMA_MODE_SG;
w4.s.opcode_minor = pad_len;
 
-   /* Output Scatter List */
-   last_seg->data_len += sess->max_extended_len + pad_bytes;
inst->w4.u64 = w4.u64;
} else {
struct roc_sg2list_comp *scatter_comp, *gather_comp;
@@ -189,6 +189,8 @@ process_tls_write(struct roc_cpt_lf *lf, struct 
rte_crypto_op *cop, struct cn10k
cpt_inst_w5.s.gather_sz = ((i + 2) / 3);
g_size_bytes = ((i + 2) / 3) * sizeof(struct roc_sg2list_comp);
 
+   /* Output Scatter List */
+   last_seg->data_len += sess->max_extended_len + pad_bytes;
i = 0;
scatter_comp = (struct roc_sg2list_comp *)((uint8_t 
*)gather_comp + g_size_bytes);
 
@@ -209,8 +211,6 @@ process_tls_write(struct roc_cpt_lf *lf, struct 
rte_crypto_op *cop, struct cn10k
w4.s.opcode_minor = pad_len;
w4.s.param1 = w4.s.dlen;
w4.s.param2 = cop->param1.tls_record.content_type;
-   /* Output Scatter List */
-   last_seg->data_len += sess->max_extended_len + pad_bytes;
inst->w4.u64 = w4.u64;
}
 
-- 
2.25.1

[PATCH 2/6] crypto/cnxk: add lookaside IPsec CPT LF stats

[Tejasree Kondoj]

Adding global CPT LF stats for lookaside IPsec.

Signed-off-by: Tejasree Kondoj 
---
 drivers/crypto/cnxk/cn10k_ipsec.c| 4 
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 1 +
 2 files changed, 5 insertions(+)

diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c 
b/drivers/crypto/cnxk/cn10k_ipsec.c
index 33ffda0a4c..ae0482d0fe 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -117,6 +117,8 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct 
roc_cpt_lf *lf,
/* Enable mib counters */
sa_dptr->w0.s.count_mib_bytes = 1;
sa_dptr->w0.s.count_mib_pkts = 1;
+   sa_dptr->w0.s.count_glb_pkts = 1;
+   sa_dptr->w0.s.count_glb_octets = 1;
}
 
memset(out_sa, 0, sizeof(struct roc_ot_ipsec_outb_sa));
@@ -221,6 +223,8 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct 
roc_cpt_lf *lf,
/* Enable mib counters */
sa_dptr->w0.s.count_mib_bytes = 1;
sa_dptr->w0.s.count_mib_pkts = 1;
+   sa_dptr->w0.s.count_glb_pkts = 1;
+   sa_dptr->w0.s.count_glb_octets = 1;
}
 
memset(in_sa, 0, sizeof(struct roc_ot_ipsec_inb_sa));
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c 
b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index c3a0a58c8f..613ce11ec1 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -953,6 +953,7 @@ cnxk_cpt_dump_on_err(struct cnxk_cpt_qp *qp)
 
plt_print("");
roc_cpt_afs_print(qp->lf.roc_cpt);
+   roc_cpt_lfs_print(qp->lf.roc_cpt);
 }
 
 int
-- 
2.25.1

[PATCH 6/9] net/ice/base: ptp minimal refactoring

[Dhanya Pillai]

From: Oleg Akhrem 

Removed redundant code. The *clk_freq and *clk_src are not modified.

Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_ptp_hw.c | 9 +++--
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/drivers/net/intel/ice/base/ice_ptp_hw.c 
b/drivers/net/intel/ice/base/ice_ptp_hw.c
index 1e92e5ff21..7d16965674 100644
--- a/drivers/net/intel/ice/base/ice_ptp_hw.c
+++ b/drivers/net/intel/ice/base/ice_ptp_hw.c
@@ -520,9 +520,6 @@ ice_cfg_cgu_pll_e825c(struct ice_hw *hw, enum 
ice_time_ref_freq *clk_freq,
  ice_clk_src_str(dw23.field.time_ref_sel),
  ice_clk_freq_str(dw9.field.time_ref_freq_sel));
 
-   *clk_freq = (enum ice_time_ref_freq)dw9.field.time_ref_freq_sel;
-   *clk_src = (enum ice_clk_src)dw23.field.time_ref_sel;
-
return 0;
 }
 
@@ -798,11 +795,11 @@ static int ice_init_cgu_e82x(struct ice_hw *hw)
ice_warn(hw, "Failed to lock TS PLL to predefined frequency. 
Retrying with fallback frequency.\n");
 
/* Try to lock to internal 25 MHz TCXO as a fallback */
+   time_ref_freq = ICE_TIME_REF_FREQ_25_000;
+   clk_src = ICE_CLK_SRC_TCX0;
if (hw->phy_model == ICE_PHY_ETH56G)
time_ref_freq = ICE_TIME_REF_FREQ_156_250;
-   else
-   time_ref_freq = ICE_TIME_REF_FREQ_25_000;
-   clk_src = ICE_CLK_SRC_TCX0;
+
if (ice_is_e825c(hw))
err = ice_cfg_cgu_pll_e825c(hw, &time_ref_freq,
&clk_src);
-- 
2.43.0

[PATCH 7/9] net/ice/base: support for MAC rule with own filter flags

[Dhanya Pillai]

From: "Filar, Mikolaj" 

Current implementation of ice_add_mac_rule overwrites flags passed in
fltr_info member of the m_list with ICE_FLTR_TX. This implementation
allows to use own flags with a new ice_add_mac_with_fltr_flag function.
No functional change in MAC filters.

Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_switch.c | 46 ++---
 drivers/net/intel/ice/base/ice_switch.h |  1 +
 2 files changed, 43 insertions(+), 4 deletions(-)

diff --git a/drivers/net/intel/ice/base/ice_switch.c 
b/drivers/net/intel/ice/base/ice_switch.c
index 468a9f055d..777fc88d01 100644
--- a/drivers/net/intel/ice/base/ice_switch.c
+++ b/drivers/net/intel/ice/base/ice_switch.c
@@ -5112,11 +5112,12 @@ ice_aq_get_res_descs(struct ice_hw *hw, u16 num_entries,
 }
 
 /**
- * ice_add_mac_rule - Add a MAC address based filter rule
+ * ice_add_mac_rule_with_fltr_flag - Add a MAC address based filter rule
  * @hw: pointer to the hardware structure
  * @m_list: list of MAC addresses and forwarding information
  * @sw: pointer to switch info struct for which function add rule
  * @lport: logic port number on which function add rule
+ * @flag: filter flag
  *
  * IMPORTANT: When the umac_shared flag is set to false and m_list has
  * multiple unicast addresses, the function assumes that all the
@@ -5125,8 +5126,8 @@ ice_aq_get_res_descs(struct ice_hw *hw, u16 num_entries,
  * list should be taken care of in the caller of this function.
  */
 static int
-ice_add_mac_rule(struct ice_hw *hw, struct LIST_HEAD_TYPE *m_list,
-struct ice_switch_info *sw, u8 lport)
+ice_add_mac_rule_with_fltr_flag(struct ice_hw *hw, struct LIST_HEAD_TYPE 
*m_list,
+   struct ice_switch_info *sw, u8 lport, u16 flag)
 {
struct ice_sw_recipe *recp_list = &sw->recp_list[ICE_SW_LKUP_MAC];
struct ice_sw_rule_lkup_rx_tx *s_rule, *r_iter;
@@ -5148,7 +5149,7 @@ ice_add_mac_rule(struct ice_hw *hw, struct LIST_HEAD_TYPE 
*m_list,
u16 vsi_handle;
u16 hw_vsi_id;
 
-   m_list_itr->fltr_info.flag = ICE_FLTR_TX;
+   m_list_itr->fltr_info.flag = flag;
vsi_handle = m_list_itr->fltr_info.vsi_handle;
if (!ice_is_vsi_valid(hw, vsi_handle))
return ICE_ERR_PARAM;
@@ -5268,6 +5269,26 @@ ice_add_mac_rule(struct ice_hw *hw, struct 
LIST_HEAD_TYPE *m_list,
return status;
 }
 
+/**
+ * ice_add_mac_rule - Add a MAC address based filter rule
+ * @hw: pointer to the hardware structure
+ * @m_list: list of MAC addresses and forwarding information
+ * @sw: pointer to switch info struct for which function add rule
+ * @lport: logic port number on which function add rule
+ *
+ * IMPORTANT: When the umac_shared flag is set to false and m_list has
+ * multiple unicast addresses, the function assumes that all the
+ * addresses are unique in a given add_mac call. It doesn't
+ * check for duplicates in this case, removing duplicates from a given
+ * list should be taken care of in the caller of this function.
+ */
+static int
+ice_add_mac_rule(struct ice_hw *hw, struct LIST_HEAD_TYPE *m_list,
+struct ice_switch_info *sw, u8 lport)
+{
+   return ice_add_mac_rule_with_fltr_flag(hw, m_list, sw, lport, 
ICE_FLTR_TX);
+}
+
 /**
  * ice_add_mac - Add a MAC address based filter rule
  * @hw: pointer to the hardware structure
@@ -5284,6 +5305,23 @@ int ice_add_mac(struct ice_hw *hw, struct LIST_HEAD_TYPE 
*m_list)
hw->port_info->lport);
 }
 
+/**
+ * ice_add_mac_with_fltr_flag - Add a MAC address based filter rule
+ * @hw: pointer to the hardware structure
+ * @m_list: list of MAC addresses and forwarding information
+ * @flag: filter flag
+ *
+ * Function add MAC rule for logical port from HW struct
+ */
+int ice_add_mac_with_fltr_flag(struct ice_hw *hw, struct LIST_HEAD_TYPE 
*m_list, u16 flag)
+{
+   if (!m_list || !hw)
+   return ICE_ERR_PARAM;
+
+   return ice_add_mac_rule_with_fltr_flag(hw, m_list, hw->switch_info,
+   hw->port_info->lport, flag);
+}
+
 /**
  * ice_add_vlan_internal - Add one VLAN based filter rule
  * @hw: pointer to the hardware structure
diff --git a/drivers/net/intel/ice/base/ice_switch.h 
b/drivers/net/intel/ice/base/ice_switch.h
index 00bffe4e4e..8eac7739fb 100644
--- a/drivers/net/intel/ice/base/ice_switch.h
+++ b/drivers/net/intel/ice/base/ice_switch.h
@@ -548,6 +548,7 @@ ice_add_vlan(struct ice_hw *hw, struct LIST_HEAD_TYPE 
*m_list);
 int ice_remove_vlan(struct ice_hw *hw, struct LIST_HEAD_TYPE *v_list);
 void ice_rem_all_sw_rules_info(struct ice_hw *hw);
 int ice_add_mac(struct ice_hw *hw, struct LIST_HEAD_TYPE *m_lst);
+int ice_add_mac_with_fltr_flag(struct ice_hw *hw, struct LIST_HEAD_TYPE 
*m_list, u16 flag);
 int ice_remove_mac(struct ice_hw *hw, struct LIST_HEAD_TYPE *m_lst);
 int
 ice_add_eth_mac(struct ice_hw *hw, struct LIST_HEAD_TYPE *em_list);
-- 
2.43.0

[PATCH 8/9] net/ice/base: configure PHY FEC error in logs for GNRD

[Dhanya Pillai]

From: "Filar, Mikolaj" 

Configure PHY FEC error in logs for GNRD

Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_common.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/intel/ice/base/ice_common.c 
b/drivers/net/intel/ice/base/ice_common.c
index 69070b740e..9ba656d8ec 100644
--- a/drivers/net/intel/ice/base/ice_common.c
+++ b/drivers/net/intel/ice/base/ice_common.c
@@ -6554,6 +6554,8 @@ bool ice_fw_supports_fec_dis_auto(struct ice_hw *hw)
 {
if (ice_is_e830(hw))
return true;
+   if (ice_is_e825c(hw))
+   return true;
return ice_is_fw_min_ver(hw, ICE_FW_VER_BRANCH_E810,
 ICE_FW_FEC_DIS_AUTO_MAJ,
 ICE_FW_FEC_DIS_AUTO_MIN,
-- 
2.43.0

[PATCH 9/9] net/ice/base: increase reset timeout to 20 seconds

[Dhanya Pillai]

From: Janardhanan Arumugam 

Resets on E830 hardware can take longer than 5 seconds to complete due
to E830 security keys functionality. The current timeout may be too
short, leading to reset failures.

Increase the reset timeout by updating ICE_PF_RESET_WAIT_COUNT, changing
the maximum wait time from 5 seconds to 20 seconds.

This change applies to all hardware, but since the driver polls the
reset done bits every 10 milliseconds this does not affect reset time on
non-E830 devices where the reset completes quicker.

Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/intel/ice/base/ice_common.c 
b/drivers/net/intel/ice/base/ice_common.c
index 9ba656d8ec..4de9f37989 100644
--- a/drivers/net/intel/ice/base/ice_common.c
+++ b/drivers/net/intel/ice/base/ice_common.c
@@ -9,7 +9,7 @@
 #include "ice_ptp_hw.h"
 #include "ice_switch.h"
 
-#define ICE_PF_RESET_WAIT_COUNT500
+#define ICE_PF_RESET_WAIT_COUNT2000
 
 static const char * const ice_link_mode_str_low[] = {
ice_arr_elem_idx(0, "100BASE_TX"),
-- 
2.43.0

RE: [EXTERNAL] [PATCH] ethdev: remove callback checks from fast path

[Jerin Jacob]

> -Original Message- > From: skori@ marvell. com  > Sent: Tuesday, April 29, 2025 11: 42 PM > To: Thomas Monjalon ; Ferruh Yigit > ; Andrew Rybchenko



ZjQcmQRYFpfptBannerStart




  

  
	Prioritize security for external emails:
  
  
Confirm sender and content safety before clicking links or opening attachments
  





	Report Suspicious



 
  


ZjQcmQRYFpfptBannerEnd






> -Original Message-
> From: sk...@marvell.com 
> Sent: Tuesday, April 29, 2025 11:42 PM
> To: Thomas Monjalon ; Ferruh Yigit
> ; Andrew Rybchenko
> 
> Cc: dev@dpdk.org; Sunil Kumar Kori 
> Subject: [EXTERNAL] [PATCH] ethdev: remove callback checks from fast path
> 
> From: Sunil Kumar Kori  rte_eth_fp_ops contains ops for
> fast path APIs. Each API validates availability of callback and then invoke it.
> Removing these NULL checks instead using dummy callbacks. Signed-off-by:
> Sunil Kumar ZjQcmQRYFpfptBannerStart Prioritize security for external emails:
> Confirm sender and content safety before clicking links or opening attachments
>  ewt.proofpoint.com/EWT/v1/CRVmXkqW!ta3Z1f8UAnVatS-
> duf16Ds5hp4nuuus0UNv0GRLoKGk6KzbJ62cMLHhvd3kJIBAKh3RoWS1_8sxE-
> fhkSRumJQAQ4NQ$>
> Report Suspicious
> 
> ZjQcmQRYFpfptBannerEnd
> From: Sunil Kumar Kori 
> 
> rte_eth_fp_ops contains ops for fast path APIs. Each API validates availability of
> callback and then invoke it.
> 
> Removing these NULL checks instead using dummy callbacks.
> 
> Signed-off-by: Sunil Kumar Kori 


Please check the CI issues.
https://patches.dpdk.org/project/dpdk/patch/20250512150732.65743-2-sk...@marvell.com/


> ---
>  lib/ethdev/ethdev_driver.c | 47 ++
> lib/ethdev/ethdev_driver.h | 82
> ++
>  lib/ethdev/ethdev_pci.h| 19 +
>  lib/ethdev/rte_ethdev.h| 20 +-
>  4 files changed, 150 insertions(+), 18 deletions(-)
> 
> diff --git a/lib/ethdev/ethdev_driver.c b/lib/ethdev/ethdev_driver.c index
> ec0c1e1176..75073f98cf 100644
> --- a/lib/ethdev/ethdev_driver.c
> +++ b/lib/ethdev/ethdev_driver.c
> @@ -847,6 +847,53 @@ rte_eth_pkt_burst_dummy(void *queue
> __rte_unused,
>  	return 0;
>  }
> 
> +RTE_EXPORT_INTERNAL_SYMBOL(rte_eth_tx_pkt_prepare_dummy)
> +uint16_t
> +rte_eth_tx_pkt_prepare_dummy(void *queue __rte_unused,
> +		struct rte_mbuf **pkts __rte_unused,
> +		uint16_t nb_pkts)
> +{
> +	return nb_pkts;
> +}
> +
> +RTE_EXPORT_INTERNAL_SYMBOL(rte_eth_rx_queue_count_dummy)
> +uint32_t
> +rte_eth_rx_queue_count_dummy(void *queue __rte_unused) {
> +	return -ENOTSUP;
> +}
> +
> +RTE_EXPORT_INTERNAL_SYMBOL(rte_eth_tx_queue_count_dummy)
> +int
> +rte_eth_tx_queue_count_dummy(void *queue __rte_unused) {
> +	return -ENOTSUP;
> +}
> +
> +RTE_EXPORT_INTERNAL_SYMBOL(rte_eth_descriptor_status_dummy)
> +int
> +rte_eth_descriptor_status_dummy(void *queue __rte_unused,
> +		uint16_t offset __rte_unused)
> +{
> +	return -ENOTSUP;
> +}
> +
> +RTE_EXPORT_INTERNAL_SYMBOL(rte_eth_recycle_tx_mbufs_reuse_dummy)
> +uint16_t
> +rte_eth_recycle_tx_mbufs_reuse_dummy(void *queue __rte_unused,
> +		struct rte_eth_recycle_rxq_info *recycle_rxq_info
> __rte_unused) {
> +	return 0;
> +}
> +
> +RTE_EXPORT_INTERNAL_SYMBOL(rte_eth_recycle_rx_descriptors_refill_dumm
> y)
> +void
> +rte_eth_recycle_rx_descriptors_refill_dummy(void *queue __rte_unused,
> +		uint16_t nb __rte_unused)
> +{
> +
> +}
> +
>  RTE_EXPORT_INTERNAL_SYMBOL(rte_eth_representor_id_get)
>  int
>  rte_eth_representor_id_get(uint16_t port_id, diff --git
> a/lib/ethdev/ethdev_driver.h b/lib/ethdev/ethdev_driver.h index
> 2b4d2ae9c3..ec00f16ed3 100644
> --- a/lib/ethdev/ethdev_driver.h
> +++ b/lib/ethdev/ethdev_driver.h
> @@ -1874,6 +1874,88 @@ rte_eth_pkt_burst_dummy(void *queue
> __rte_unused,
>  		struct rte_mbuf **pkts __rte_unused,
>  		uint16_t nb_pkts __rte_unused);
> 
> +/**
> + * @internal
> + * Dummy DPDK callback for Tx packet prepare.
> + *
> + * @param queue
> + *  Pointer to Tx queue
> + * @param pkts
> + *  Packet array
> + * @param nb_pkts
> + *  Number of packets in packet array
> + */
> +__rte_internal
> +uint16_t
> +rte_eth_tx_pkt_prepare_dummy(void *queue __rte_unused,
> +		struct rte_mbuf **pkts __rte_unused,
> +		uint16_t nb_pkts __rte_unused);
> +
> +/**
> + * @internal
> + * Dummy DPDK callback for Rx queue count.
> + *
> + * @param queue
> + *  Pointer to Rx queue
> + */
> +__rte_internal
> +uint32_t
> +rte_eth_rx_queue_count_dummy(void *queue __rte_unused);
> +
> +/**
> + * @internal
> + * Dummy DPDK callback for Tx queue count.
> + *
> + * @param queue
> + *  Pointer to Tx queue
> + */
> +__rte_internal
> +int
> +rte_eth_tx_queue_count_dummy(void *queue __rte_unused);
> +
> +/**
> + * @internal
> + * Dummy DPDK callback for descriptor status.
> + *
> + * @param queue
> + *  Pointer to Rx/Tx queue
> + * @param offset
> + *  The offset of the descriptor starting from tail (0 is the next
> + *  packet to be received by the driver).
> + */
> +__rte_internal
> +int
> +rte_eth_de

RE: [PATCH v1 3/4] ring: fix potential sync issue between head and tail values

[Konstantin Ananyev]

Hi Wathsala,

> 
> Hi Konstanin,
> 
> In rte_ring the store-release on tail update guarantees that CAS
> won't get reordered with the store-released of the tail update.
> 
> So, the sequence of events would look like this (combined view
> of head and tail update)
> 
> Releaxed-load(new_head,  N)  > (A)
> Relaxed-CAS(d->head, new_head, old_head)   > (B)
> Store-release-store(d->tail, new_head) > (C)
> 
> If we look at address dependencies, then...
> 
> (B) depends on (A) due to new_head address dependency.
> (C) depends on (A) due to new_head address dependency.
> 
> So, dependency graph looks like this
>(A)
> /   \
>vv
>  (B) (C)
> 
> There is no implicit dependence between (B) and (C), I think
> this is the issue you are brining up.
> Even though there is no dependence between the two,
> the store-release of (C) ensures that (B) won't drop below it.
> Therefore, the above graph can be turned into an ordered
> sequence as shown below..
> 
> (A) -> (B) -> (C)

I do agree that with current implementation of __rte_ring_headtail_move_head()
in lib/ring/rte_ring_c11_pvt.h the order of these 3 operations (A->B->C) should 
be sequential.
The problem I am talking about is a different one:
thread can see 'latest' 'cons.head' value, with 'previous' value for 
'prod.tail' or visa-versa.
In other words: 'cons.head' value depends on 'prod.tail', so before making 
latest 'cons.head'
value visible to other threads, we need to ensure that latest 'prod.tail' is 
also visible. 
Let me try to explain it on the example:

Suppose at some moment we have:
prod={.head=2,.tail=1};
cons={.head=0,.tail=0};
I.e. thead #1 is in process to enqueue one more element into the ring.

   Thread #1
 Thread #2
T0:
  store(&prod.tail, 2, release);
  /*AFAIU: this is somewhat equivalent to: wmb(); prod.tail=2;
  * I.E. - it guarantees that all stores initiated before that operation will 
be visible
  * by other threads at the same moment or before new value of prod.tail wlll 
become
  * visible, but it doesn't guarantee that new prod.tail  value will be visible 
 to other
  * threads immediately.
  */ 
...
move_cons_head(...,n=2)
move_cons_head(...,n=1)
... 
 ...
T1:
  *old_head = load(&cons.head, relaxed);  
  fence(acquire);
  /*old_head == 0, no surprises */
  stail = load(&prod.tail, acquire);
  /*stail == 2, no surprises */
 *entries = (capacity + stail - *old_head);
*new_head = *old_head + n;
 /* *entries == (2 - 0) == 2; *new_head==2; all good */ 
...
T2:

*old_head = load(&cons.head, relaxed);

fence(acquire);

/*old_head == 0, no surprises */

stail = load(&prod.tail, acquire);
/* ! stail == 1  ! for Thread 2
 * Even though we do use acquire here - there was no *release* after 
store(&prod.tail).
 * So, still no guarantee that Thread 2 will see latest prod.tail value.
 */

   *entries = (capacity + stail - *old_head);

   /* *entries == (1 - 0) == 1, still ok */

   *new_head = *old_head + n;

   /* *new_head == 1 */
T3:
  success = CAS(&cons.head,
old_head /*==0/, *new_head /*==2*/,
relaxed, relaxed);
  /*success==1, cons.head==2*/
 ...   
T4:   

   success = CAS(&cons.head,

   old_head /*==0/, *new_head /*==1*/,

  relaxed, relaxed);

  /*success==0, *old_head==2*/
/* CAS() failed and provided Thread 2 with latest valued for cons.head(==2)
 *  Thread 2 repeats attempt, starts second iteration
 */

  fence(acquire);

[PATCH 0/9] Update ICE base code

[Dhanya Pillai]

Ice base code is updated to latest snapshot.

Filar, Mikolaj (2):
  net/ice/base: support for MAC rule with own filter flags
  net/ice/base: configure PHY FEC error in logs for GNRD

Janardhanan Arumugam (1):
  net/ice/base: increase reset timeout to 20 seconds

Lukasz Krakowiak (3):
  net/ice/base: integer overflow issue fix
  net/ice/base: set speculative execution barrier
  net/ice/base: typo fix in desc for dev ID 579F

Oleg Akhrem (1):
  net/ice/base: ptp minimal refactoring

Paul Greenwalt (1):
  net/ice/base: typo fix in media type check

Waldemar Dworakowski (1):
  net/ice/base: type conversion fix

 drivers/net/intel/ice/base/ice_common.c|  6 ++-
 drivers/net/intel/ice/base/ice_devids.h|  2 +-
 drivers/net/intel/ice/base/ice_flex_pipe.c |  2 +
 drivers/net/intel/ice/base/ice_osdep.h |  6 +++
 drivers/net/intel/ice/base/ice_ptp_hw.c|  9 ++---
 drivers/net/intel/ice/base/ice_sched.c | 10 +++--
 drivers/net/intel/ice/base/ice_switch.c| 46 --
 drivers/net/intel/ice/base/ice_switch.h|  1 +
 drivers/net/intel/ice/base/ice_type.h  |  2 +-
 9 files changed, 67 insertions(+), 17 deletions(-)

-- 
2.43.0

[PATCH 5/9] net/ice/base: typo fix in desc for dev ID 579F

[Dhanya Pillai]

From: Lukasz Krakowiak 

Fix typo in desc for dev ID 579F.

Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_devids.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/intel/ice/base/ice_devids.h 
b/drivers/net/intel/ice/base/ice_devids.h
index 807b5d0c29..20c6dbd4a5 100644
--- a/drivers/net/intel/ice/base/ice_devids.h
+++ b/drivers/net/intel/ice/base/ice_devids.h
@@ -90,7 +90,7 @@
 #define ICE_DEV_ID_E825C_QSFP  0x579D
 /* Intel(R) Ethernet Connection E825-C for SFP */
 #define ICE_DEV_ID_E825C_SFP   0x579E
-/* Intel(R) Ethernet Connection E825-C 1GbE */
+/* Intel(R) Ethernet Connection E825-C 10GbE */
 #define ICE_DEV_ID_E825C_SGMII 0x579F
 #define ICE_DEV_ID_C825X   0x0DCD
 #endif /* _ICE_DEVIDS_H_ */
-- 
2.43.0

[PATCH 1/9] net/ice/base: type conversion fix

[Dhanya Pillai]

From: "Dworakowski, Waldemar" 

In ice_sched_move_vsi_to_agg() int16 is used to pass 8 bit value
what causes compiler warning:
warning C4244: 'function' : conversion from 'UINT16' to 'UINT8',
possible loss of data
Changed variable type to avoid conversion

Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_sched.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/net/intel/ice/base/ice_sched.c 
b/drivers/net/intel/ice/base/ice_sched.c
index 1f520bb7c0..a8a149f541 100644
--- a/drivers/net/intel/ice/base/ice_sched.c
+++ b/drivers/net/intel/ice/base/ice_sched.c
@@ -2383,7 +2383,8 @@ ice_sched_move_vsi_to_agg(struct ice_port_info *pi, u16 
vsi_handle, u32 agg_id,
u16 num_nodes_added;
u8 aggl, vsil;
int status;
-   u16 i;
+   u16 j;
+   u8 i;
 
tc_node = ice_sched_get_tc_node(pi, tc);
if (!tc_node)
@@ -2409,9 +2410,9 @@ ice_sched_move_vsi_to_agg(struct ice_port_info *pi, u16 
vsi_handle, u32 agg_id,
num_nodes[i] = 1;
 
/* Check if the aggregator subtree has any free node to add the VSI */
-   for (i = 0; i < agg_node->num_children; i++) {
+   for (j = 0; j < agg_node->num_children; j++) {
parent = ice_sched_get_free_vsi_parent(pi->hw,
-  agg_node->children[i],
+  agg_node->children[j],
   num_nodes);
if (parent)
goto move_nodes;
-- 
2.43.0

[PATCH 2/9] net/ice/base: typo fix in media type check

[Dhanya Pillai]

From: Paul Greenwalt 

Found a typo in original implementation of ice_set_media_type,
where one of the checks for FIBER checks for C2C media type
instead of C2M. This results in failure of this check for some
AOC devices, consequently setting  the media type as AUI.
Bug was found in ethtool.

Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/intel/ice/base/ice_common.c 
b/drivers/net/intel/ice/base/ice_common.c
index fce9b070cf..69070b740e 100644
--- a/drivers/net/intel/ice/base/ice_common.c
+++ b/drivers/net/intel/ice/base/ice_common.c
@@ -452,7 +452,7 @@ static void ice_set_media_type(struct ice_port_info *pi)
 ((phy_type_low & ICE_MEDIA_OPT_PHY_TYPE_LOW_M ||
   phy_type_high & ICE_MEDIA_OPT_PHY_TYPE_HIGH_M) &&
  (phy_type_low & ICE_MEDIA_C2M_PHY_TYPE_LOW_M ||
-  phy_type_high & ICE_MEDIA_C2C_PHY_TYPE_HIGH_M)))
+  phy_type_high & ICE_MEDIA_C2M_PHY_TYPE_HIGH_M)))
*media_type = ICE_MEDIA_FIBER;
/* else if PHY types are only DA, or DA and C2C, then media type DA */
else if (ice_phy_maps_to_media(phy_type_low, phy_type_high,
-- 
2.43.0

[PATCH 4/9] net/ice/base: set speculative execution barrier

[Dhanya Pillai]

From: Lukasz Krakowiak 

Fix Coverity issues related to SPECULATIVE_EXECUTION_DATA_LEAK.
This changes set speculative execution barrier to functions:

* ice_sched_add_vsi_child_nodes,
* ice_sched_add_vsi_support_nodes,
* ice_sched_move_vsi_to_agg,
* ice_prof_has_mask_idx,
* ice_alloc_prof_mask.

Also, Added memfence definations.

Coverity issue: 1207094, 1207095, 1207096, 1207099, 1207104
Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_flex_pipe.c | 2 ++
 drivers/net/intel/ice/base/ice_osdep.h | 6 ++
 drivers/net/intel/ice/base/ice_sched.c | 3 +++
 3 files changed, 11 insertions(+)

diff --git a/drivers/net/intel/ice/base/ice_flex_pipe.c 
b/drivers/net/intel/ice/base/ice_flex_pipe.c
index 6dd5588f85..dc8c92e203 100644
--- a/drivers/net/intel/ice/base/ice_flex_pipe.c
+++ b/drivers/net/intel/ice/base/ice_flex_pipe.c
@@ -1280,6 +1280,7 @@ ice_prof_has_mask_idx(struct ice_hw *hw, enum ice_block 
blk, u8 prof, u16 idx,
if (hw->blk[blk].masks.masks[i].in_use &&
hw->blk[blk].masks.masks[i].idx == idx) {
found = true;
+   ice_memfence_read();
if (hw->blk[blk].masks.masks[i].mask == mask)
match = true;
break;
@@ -1648,6 +1649,7 @@ ice_alloc_prof_mask(struct ice_hw *hw, enum ice_block 
blk, u16 idx, u16 mask,
/* if mask is in use and it exactly duplicates the
 * desired mask and index, then in can be reused
 */
+   ice_memfence_read();
if (hw->blk[blk].masks.masks[i].mask == mask &&
hw->blk[blk].masks.masks[i].idx == idx) {
found_copy = true;
diff --git a/drivers/net/intel/ice/base/ice_osdep.h 
b/drivers/net/intel/ice/base/ice_osdep.h
index ad6cde9896..7588ad3dbc 100644
--- a/drivers/net/intel/ice/base/ice_osdep.h
+++ b/drivers/net/intel/ice/base/ice_osdep.h
@@ -203,6 +203,12 @@ struct __rte_packed_begin ice_virt_mem {
 #define ice_memset(a, b, c, d) memset((a), (b), (c))
 #define ice_memcpy(a, b, c, d) rte_memcpy((a), (b), (c))
 
+/* Memory fence barrier */
+#define ice_memfence_read()
+#define ice_memfence_read_write()
+#define ice_memfence_write()
+
+
 /* SW spinlock */
 struct ice_lock {
rte_spinlock_t spinlock;
diff --git a/drivers/net/intel/ice/base/ice_sched.c 
b/drivers/net/intel/ice/base/ice_sched.c
index a8a149f541..be9393a7d6 100644
--- a/drivers/net/intel/ice/base/ice_sched.c
+++ b/drivers/net/intel/ice/base/ice_sched.c
@@ -1748,6 +1748,7 @@ ice_sched_add_vsi_child_nodes(struct ice_port_info *pi, 
u16 vsi_handle,
node = node->sibling;
}
} else {
+   ice_memfence_read();
parent = parent->children[0];
}
}
@@ -1840,6 +1841,7 @@ ice_sched_add_vsi_support_nodes(struct ice_port_info *pi, 
u16 vsi_handle,
/* The newly added node can be a new parent for the next
 * layer nodes
 */
+   ice_memfence_read();
if (num_added)
parent = ice_sched_find_node_by_teid(tc_node,
 first_node_teid);
@@ -2431,6 +2433,7 @@ ice_sched_move_vsi_to_agg(struct ice_port_info *pi, u16 
vsi_handle, u32 agg_id,
/* The newly added node can be a new parent for the next
 * layer nodes
 */
+   ice_memfence_read();
if (num_nodes_added)
parent = ice_sched_find_node_by_teid(tc_node,
 first_node_teid);
-- 
2.43.0

[PATCH 3/9] net/ice/base: integer overflow issue fix

[Dhanya Pillai]

From: Lukasz Krakowiak 

Fix Coverity issue related to INTEGER_OVERFLOW.

Coverity issue: 1207097
Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_type.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/intel/ice/base/ice_type.h 
b/drivers/net/intel/ice/base/ice_type.h
index 297a5ea890..757b1d7658 100644
--- a/drivers/net/intel/ice/base/ice_type.h
+++ b/drivers/net/intel/ice/base/ice_type.h
@@ -25,7 +25,7 @@
  */
 static inline bool ice_is_pow2(u64 val)
 {
-   return (val && !(val & (val - 1)));
+   return val != 0 && (val & (val -1)) == 0;
 }
 
 /**
-- 
2.43.0

Re: [PATCH v3 0/7] net/ena: release 2.13.0

[Stephen Hemminger]

On Mon, 26 May 2025 14:13:27 +
"Brandes, Shai"  wrote:

> Hi Stephen, and apologies for the multiple patchsets.
> 
> We had a bug in our CI that prevented failed runs from showing up correctly 
> in the report, this has just been identified and fixed.
> While rechecking, we discovered that one of the patches in the latest v3 
> patchset is currently failing to compile. The problematic line was replaced 
> in a later patch within the same set, so when applied as a whole, the series 
> passed in our directed tests.
> 
> Problematic patch: [v3,4/7] net/ena: support fragment bypass mode 
> https://patches.dpdk.org/project/dpdk/patch/20250522132614.3379-5-shaib...@amazon.com
> Failure on the entire patchset is now visible under 
> https://patches.dpdk.org/project/dpdk/patch/20250522133029.3575-1-shaib...@amazon.com/
>  
> 
> Since we aim for each patch to compile independently, we'll need to abandon 
> this patchset.
> Could you please advise whether you'd prefer to abandon it yourself, since 
> it's already marked as *Awaiting Upstream* and it appear on the remote 
> "for-main" branch, or should we just change the state to *Superseded*?
> Thanks again for your time and help!
> 
> Shai

No worries, was relatively easy to update to the correct version.
Yeah, mark the latest correct version as Awaiting Upstream, and other should be 
Superseded.

Re: [PATCH v2 1/2] app/testpmd: harmonize case in help strings

[Stephen Hemminger]

On Fri, 23 May 2025 11:36:04 +0100
Anatoly Burakov  wrote:

> Most testpmd help strings are lower case. Amend those that aren't.
> 
> Signed-off-by: Anatoly Burakov 

Why does DPDK not follow the convention used for years by the Unix
man pages and commands? The Unix command description style is to use
upper case for items in command that are variables.

.help_str = "port PORT_ID enable|disable COUNTER_NAME",

These strings should match what is in the documentation for examples.

$ ls --help
Usage: ls [OPTION]... [FILE]...
...
  -F, --classify[=WHEN]  append indicator (one of */=>@|) to entries WHEN
  --file-typelikewise, except do not append '*'
  --format=WORD  across,horizontal (-x), commas (-m), long (-l),
 single-column (-1), verbose (-l), vertical (-C)

RE: [PATCH v3 0/7] net/ena: release 2.13.0

[Brandes, Shai]

Hi Stephen, and apologies for the multiple patchsets.

We had a bug in our CI that prevented failed runs from showing up correctly in 
the report, this has just been identified and fixed.
While rechecking, we discovered that one of the patches in the latest v3 
patchset is currently failing to compile. The problematic line was replaced in 
a later patch within the same set, so when applied as a whole, the series 
passed in our directed tests.

Problematic patch: [v3,4/7] net/ena: support fragment bypass mode 
https://patches.dpdk.org/project/dpdk/patch/20250522132614.3379-5-shaib...@amazon.com
Failure on the entire patchset is now visible under 
https://patches.dpdk.org/project/dpdk/patch/20250522133029.3575-1-shaib...@amazon.com/
 

Since we aim for each patch to compile independently, we'll need to abandon 
this patchset.
Could you please advise whether you'd prefer to abandon it yourself, since it's 
already marked as *Awaiting Upstream* and it appear on the remote "for-main" 
branch, or should we just change the state to *Superseded*?
Thanks again for your time and help!

Shai

> -Original Message-
> From: Brandes, Shai 
> Sent: Thursday, May 22, 2025 4:26 PM
> To: step...@networkplumber.org
> Cc: dev@dpdk.org; Brandes, Shai 
> Subject: [PATCH v3 0/7] net/ena: release 2.13.0
> 
> This patchset includes an upgrade of the ENA HAL, introduces a new feature,
> and addresses three bug fixes.
> 
> Thank you in advance to the net maintainers and community members for
> your time and effort reviewing the code.
> 
> Best regards,
> Shai Brandes
> AWS Elastic Network Adapter team
> 
> ---
> v2:
> Removed patch "net/ena: fix virtual address calc for unaligned BARs"
> which contained a problematic casting when compiling with 32-bit system
> 
> v3:
> no change, there was some technical issue when sending the emails where
> part of the patches apeared on different series.
> 
> Shai Brandes (7):
>   net/ena/base: avoid recalculating desc per entry
>   net/ena/base: coding style changes
>   net/ena: separate doorbell logic for Rx and Tx
>   net/ena: support fragment bypass mode
>   net/ena: fix unhandled interrupt config failure
>   net/ena: fix aenq timeout with low poll interval
>   net/ena: upgrade driver version to 2.13.0
> 
>  doc/guides/nics/ena.rst   | 13 ++-
>  doc/guides/rel_notes/release_25_07.rst|  9 ++
>  drivers/net/ena/base/ena_com.c| 39 +++-
>  drivers/net/ena/base/ena_com.h|  8 ++
>  .../net/ena/base/ena_defs/ena_admin_defs.h| 15 +++
>  drivers/net/ena/base/ena_eth_com.c|  6 +-
>  drivers/net/ena/base/ena_eth_com.h| 15 ++-
>  drivers/net/ena/ena_ethdev.c  | 98 +++
>  drivers/net/ena/ena_ethdev.h  |  5 +-
>  9 files changed, 177 insertions(+), 31 deletions(-)
> 
> --
> 2.17.1

[PATCH v2 01/40] crypto/cnxk: update the sg list population

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

update the last seg with length before populating the scatter list

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn10k_tls_ops.h | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/cnxk/cn10k_tls_ops.h 
b/drivers/crypto/cnxk/cn10k_tls_ops.h
index e8e2547f68..c5ef3027ac 100644
--- a/drivers/crypto/cnxk/cn10k_tls_ops.h
+++ b/drivers/crypto/cnxk/cn10k_tls_ops.h
@@ -136,6 +136,8 @@ process_tls_write(struct roc_cpt_lf *lf, struct 
rte_crypto_op *cop, struct cn10k
 
g_size_bytes = ((i + 3) / 4) * sizeof(struct roc_sglist_comp);
 
+   /* Output Scatter List */
+   last_seg->data_len += sess->max_extended_len + pad_bytes;
i = 0;
scatter_comp = (struct roc_sglist_comp *)((uint8_t 
*)gather_comp + g_size_bytes);
 
@@ -156,8 +158,6 @@ process_tls_write(struct roc_cpt_lf *lf, struct 
rte_crypto_op *cop, struct cn10k
w4.s.opcode_major |= (uint64_t)ROC_DMA_MODE_SG;
w4.s.opcode_minor = pad_len;
 
-   /* Output Scatter List */
-   last_seg->data_len += sess->max_extended_len + pad_bytes;
inst->w4.u64 = w4.u64;
} else {
struct roc_sg2list_comp *scatter_comp, *gather_comp;
@@ -189,6 +189,8 @@ process_tls_write(struct roc_cpt_lf *lf, struct 
rte_crypto_op *cop, struct cn10k
cpt_inst_w5.s.gather_sz = ((i + 2) / 3);
g_size_bytes = ((i + 2) / 3) * sizeof(struct roc_sg2list_comp);
 
+   /* Output Scatter List */
+   last_seg->data_len += sess->max_extended_len + pad_bytes;
i = 0;
scatter_comp = (struct roc_sg2list_comp *)((uint8_t 
*)gather_comp + g_size_bytes);
 
@@ -209,8 +211,6 @@ process_tls_write(struct roc_cpt_lf *lf, struct 
rte_crypto_op *cop, struct cn10k
w4.s.opcode_minor = pad_len;
w4.s.param1 = w4.s.dlen;
w4.s.param2 = cop->param1.tls_record.content_type;
-   /* Output Scatter List */
-   last_seg->data_len += sess->max_extended_len + pad_bytes;
inst->w4.u64 = w4.u64;
}
 
-- 
2.25.1

[PATCH v2 03/40] crypto/cnxk: fix qp stats PMD API

[Tejasree Kondoj]

Fixing qp stats PMD API.

Fixes: bf52722b9377 ("crypto/cnxk: add PMD API to get queue stats")

Signed-off-by: Tejasree Kondoj 
---
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c 
b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 613ce11ec1..61f3e135aa 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -1218,7 +1218,7 @@ rte_pmd_cnxk_crypto_qp_stats_get(struct 
rte_pmd_cnxk_crypto_qptr *qptr,
 
stats->ctx_enc_pkts = plt_read64(lf->rbase + CPT_LF_CTX_ENC_PKT_CNT);
stats->ctx_enc_bytes = plt_read64(lf->rbase + CPT_LF_CTX_ENC_BYTE_CNT);
-   stats->ctx_dec_bytes = plt_read64(lf->rbase + CPT_LF_CTX_DEC_BYTE_CNT);
+   stats->ctx_dec_pkts = plt_read64(lf->rbase + CPT_LF_CTX_DEC_PKT_CNT);
stats->ctx_dec_bytes = plt_read64(lf->rbase + CPT_LF_CTX_DEC_BYTE_CNT);
 
return 0;
-- 
2.25.1

[PATCH v2 04/40] crypto/cnxk: fail Rx inject configure if not supported

[Tejasree Kondoj]

From: Aakash Sasidharan 

Rx inject is supported only with CPT05 microcode version.
sg_ver2 indicates if CPT05 is loaded. Fail the rx inject
configuration with ENOTSUP error if sg_ver2 is not supported.

Signed-off-by: Aakash Sasidharan 
---
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 851e6f0a88..947f50b4c8 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -1981,6 +1981,7 @@ cn10k_cryptodev_sec_rx_inject_configure(void *device, 
uint16_t port_id, bool ena
 {
struct rte_cryptodev *crypto_dev = device;
struct rte_eth_dev *eth_dev;
+   struct cnxk_cpt_vf *vf;
int ret;
 
if (!rte_eth_dev_is_valid_port(port_id))
@@ -1989,6 +1990,11 @@ cn10k_cryptodev_sec_rx_inject_configure(void *device, 
uint16_t port_id, bool ena
if (!(crypto_dev->feature_flags & RTE_CRYPTODEV_FF_SECURITY_RX_INJECT))
return -ENOTSUP;
 
+   /* Rx Inject is supported only with CPT05. sg_ver2 indicates that CPT05 
is loaded */
+   vf = crypto_dev->data->dev_private;
+   if (!(vf->cpt.hw_caps[CPT_ENG_TYPE_SE].sg_ver2 && 
vf->cpt.hw_caps[CPT_ENG_TYPE_IE].sg_ver2))
+   return -ENOTSUP;
+
eth_dev = &rte_eth_devices[port_id];
 
ret = strncmp(eth_dev->device->driver->name, "net_cn10k", 8);
-- 
2.25.1

[PATCH v2 09/40] crypto/cnxk: add dev info get

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add dev info get for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_cryptodev_ops.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
index 64ab285235..ac321a2b91 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
@@ -33,8 +33,10 @@ cn20k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev 
*dev __rte_unused, vo
 static void
 cn20k_cpt_dev_info_get(struct rte_cryptodev *dev, struct rte_cryptodev_info 
*info)
 {
-   (void)dev;
-   (void)info;
+   if (info != NULL) {
+   cnxk_cpt_dev_info_get(dev, info);
+   info->driver_id = cn20k_cryptodev_driver_id;
+   }
 }
 
 static int
-- 
2.25.1

[PATCH v2 07/40] crypto/cnxk: add probe for cn20k crypto device

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add probe for cn20k crypto device

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn10k_cryptodev.c |  12 +-
 drivers/crypto/cnxk/cn20k_cryptodev.c | 152 ++
 drivers/crypto/cnxk/cn20k_cryptodev.h |  13 +++
 drivers/crypto/cnxk/meson.build   |   1 +
 4 files changed, 170 insertions(+), 8 deletions(-)
 create mode 100644 drivers/crypto/cnxk/cn20k_cryptodev.c
 create mode 100644 drivers/crypto/cnxk/cn20k_cryptodev.h

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev.c 
b/drivers/crypto/cnxk/cn10k_cryptodev.c
index 70bef13cda..598def51a5 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev.c
@@ -22,14 +22,10 @@
 uint8_t cn10k_cryptodev_driver_id;
 
 static struct rte_pci_id pci_id_cpt_table[] = {
-   {
-   RTE_PCI_DEVICE(PCI_VENDOR_ID_CAVIUM,
-  PCI_DEVID_CN10K_RVU_CPT_VF)
-   },
-   /* sentinel */
-   {
-   .device_id = 0
-   },
+   CNXK_PCI_ID(PCI_SUBSYSTEM_DEVID_CN10KA, PCI_DEVID_CN10K_RVU_CPT_VF),
+   CNXK_PCI_ID(PCI_SUBSYSTEM_DEVID_CN10KAS, PCI_DEVID_CN10K_RVU_CPT_VF),
+   CNXK_PCI_ID(PCI_SUBSYSTEM_DEVID_CN10KB, PCI_DEVID_CN10K_RVU_CPT_VF),
+   {.vendor_id = 0},
 };
 
 static int
diff --git a/drivers/crypto/cnxk/cn20k_cryptodev.c 
b/drivers/crypto/cnxk/cn20k_cryptodev.c
new file mode 100644
index 00..e52336c2b7
--- /dev/null
+++ b/drivers/crypto/cnxk/cn20k_cryptodev.c
@@ -0,0 +1,152 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2025 Marvell.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "cn20k_cryptodev.h"
+#include "cnxk_cryptodev.h"
+#include "cnxk_cryptodev_capabilities.h"
+#include "cnxk_cryptodev_ops.h"
+#include "cnxk_cryptodev_sec.h"
+
+#include "roc_api.h"
+
+uint8_t cn20k_cryptodev_driver_id;
+
+static struct rte_pci_id pci_id_cpt_table[] = {
+   CNXK_PCI_ID(PCI_SUBSYSTEM_DEVID_CN20KA, PCI_DEVID_CN20K_RVU_CPT_VF),
+   {.vendor_id = 0},
+};
+
+static int
+cn20k_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, struct 
rte_pci_device *pci_dev)
+{
+   struct rte_cryptodev_pmd_init_params init_params = {.name = "",
+   .socket_id = 
rte_socket_id(),
+   .private_data_size =
+   
sizeof(struct cnxk_cpt_vf)};
+   char name[RTE_CRYPTODEV_NAME_MAX_LEN];
+   struct rte_cryptodev *dev;
+   struct roc_cpt *roc_cpt;
+   struct cnxk_cpt_vf *vf;
+   int rc;
+
+   rc = roc_plt_init();
+   if (rc < 0) {
+   plt_err("Failed to initialize platform model");
+   return rc;
+   }
+
+   rte_pci_device_name(&pci_dev->addr, name, sizeof(name));
+
+   dev = rte_cryptodev_pmd_create(name, &pci_dev->device, &init_params);
+   if (dev == NULL) {
+   rc = -ENODEV;
+   goto exit;
+   }
+
+   /* Get private data space allocated */
+   vf = dev->data->dev_private;
+
+   roc_cpt = &vf->cpt;
+
+   if (rte_eal_process_type() == RTE_PROC_PRIMARY) {
+   roc_cpt->pci_dev = pci_dev;
+
+   rc = cnxk_cpt_parse_devargs(dev->device->devargs, vf);
+   if (rc) {
+   plt_err("Failed to parse devargs rc=%d", rc);
+   goto pmd_destroy;
+   }
+
+   rc = roc_cpt_dev_init(roc_cpt);
+   if (rc) {
+   plt_err("Failed to initialize roc cpt rc=%d", rc);
+   goto pmd_destroy;
+   }
+
+   rc = cnxk_cpt_eng_grp_add(roc_cpt);
+   if (rc) {
+   plt_err("Failed to add engine group rc=%d", rc);
+   goto dev_fini;
+   }
+
+   /* Create security context */
+   rc = cnxk_crypto_sec_ctx_create(dev);
+   if (rc)
+   goto dev_fini;
+   }
+
+   cnxk_cpt_caps_populate(vf);
+
+   dev->feature_flags = cnxk_cpt_default_ff_get();
+
+   dev->qp_depth_used = cnxk_cpt_qp_depth_used;
+
+   rte_cryptodev_pmd_probing_finish(dev);
+
+   return 0;
+
+dev_fini:
+   if (rte_eal_process_type() == RTE_PROC_PRIMARY)
+   roc_cpt_dev_fini(roc_cpt);
+pmd_destroy:
+   rte_cryptodev_pmd_destroy(dev);
+exit:
+   plt_err("Could not create device (vendor_id: 0x%x device_id: 0x%x)", 
pci_dev->id.vendor_id,
+   pci_dev->id.device_id);
+   return rc;
+}
+
+static int
+cn20k_cpt_pci_remove(struct rte_pci_device *pci_dev)
+{
+   char name[RTE_CRYPTODEV_NAME_MAX_LEN];
+   struct rte_cryptodev *dev;
+   struct cnxk_cpt_vf *vf;
+   int ret;
+
+   if (pci_dev == NULL)
+   return -EINVAL;
+
+   rte_pci_device_name(&pci_dev->addr, name, size

[PATCH v2 11/40] crypto/cnxk: add lmtst routines for cn20k

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add lmtst routines for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/common/cnxk/roc_cpt.h |  7 +--
 drivers/crypto/cnxk/cn20k_cryptodev_ops.h | 53 +++
 2 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/drivers/common/cnxk/roc_cpt.h b/drivers/common/cnxk/roc_cpt.h
index 37634793d4..02f49c06b7 100644
--- a/drivers/common/cnxk/roc_cpt.h
+++ b/drivers/common/cnxk/roc_cpt.h
@@ -64,9 +64,10 @@
 ROC_CN10K_TWO_CPT_INST_DW_M1 << (19 + 3 * 13) |
   \
 ROC_CN10K_TWO_CPT_INST_DW_M1 << (19 + 3 * 14))
 
-#define ROC_CN20K_CPT_LMT_ARG ROC_CN10K_CPT_LMT_ARG
-#define ROC_CN20K_DUAL_CPT_LMT_ARG ROC_CN10K_DUAL_CPT_LMT_ARG
-#define ROC_CN20K_CPT_INST_DW_M1   ROC_CN10K_CPT_INST_DW_M1
+#define ROC_CN20K_CPT_LMT_ARG   ROC_CN10K_CPT_LMT_ARG
+#define ROC_CN20K_DUAL_CPT_LMT_ARG   ROC_CN10K_DUAL_CPT_LMT_ARG
+#define ROC_CN20K_CPT_INST_DW_M1 ROC_CN10K_CPT_INST_DW_M1
+#define ROC_CN20K_TWO_CPT_INST_DW_M1 ROC_CN10K_TWO_CPT_INST_DW_M1
 
 /* CPT helper macros */
 #define ROC_CPT_AH_HDR_LEN 12
diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_ops.h 
b/drivers/crypto/cnxk/cn20k_cryptodev_ops.h
index d6f1592a56..3e2ad1e2df 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_ops.h
@@ -18,7 +18,60 @@
 
 #include "cnxk_cryptodev.h"
 
+#define CN20K_PKTS_PER_STEORL32
+#define CN20K_LMTLINES_PER_STEORL 16
+
 extern struct rte_cryptodev_ops cn20k_cpt_ops;
 
 void cn20k_cpt_set_enqdeq_fns(struct rte_cryptodev *dev, struct cnxk_cpt_vf 
*vf);
+
+static __rte_always_inline void __rte_hot
+cn20k_cpt_lmtst_dual_submit(uint64_t *io_addr, const uint16_t lmt_id, int *i)
+{
+   uint64_t lmt_arg;
+
+   /* Check if the total number of instructions is odd or even. */
+   const int flag_odd = *i & 0x1;
+
+   /* Reduce i by 1 when odd number of instructions.*/
+   *i -= flag_odd;
+
+   if (*i > CN20K_PKTS_PER_STEORL) {
+   lmt_arg = ROC_CN20K_DUAL_CPT_LMT_ARG | 
(CN20K_LMTLINES_PER_STEORL - 1) << 12 |
+ (uint64_t)lmt_id;
+   roc_lmt_submit_steorl(lmt_arg, *io_addr);
+   lmt_arg = ROC_CN20K_DUAL_CPT_LMT_ARG |
+ (*i / 2 - CN20K_LMTLINES_PER_STEORL - 1) << 12 |
+ (uint64_t)(lmt_id + CN20K_LMTLINES_PER_STEORL);
+   roc_lmt_submit_steorl(lmt_arg, *io_addr);
+   if (flag_odd) {
+   *io_addr = (*io_addr & ~(uint64_t)(0x7 << 4)) |
+  (ROC_CN20K_CPT_INST_DW_M1 << 4);
+   lmt_arg = (uint64_t)(lmt_id + *i / 2);
+   roc_lmt_submit_steorl(lmt_arg, *io_addr);
+   *io_addr = (*io_addr & ~(uint64_t)(0x7 << 4)) |
+  (ROC_CN20K_TWO_CPT_INST_DW_M1 << 4);
+   *i += 1;
+   }
+   } else {
+   if (*i != 0) {
+   lmt_arg =
+   ROC_CN20K_DUAL_CPT_LMT_ARG | (*i / 2 - 1) << 12 
| (uint64_t)lmt_id;
+   roc_lmt_submit_steorl(lmt_arg, *io_addr);
+   }
+
+   if (flag_odd) {
+   *io_addr = (*io_addr & ~(uint64_t)(0x7 << 4)) |
+  (ROC_CN20K_CPT_INST_DW_M1 << 4);
+   lmt_arg = (uint64_t)(lmt_id + *i / 2);
+   roc_lmt_submit_steorl(lmt_arg, *io_addr);
+   *io_addr = (*io_addr & ~(uint64_t)(0x7 << 4)) |
+  (ROC_CN20K_TWO_CPT_INST_DW_M1 << 4);
+   *i += 1;
+   }
+   }
+
+   rte_io_wmb();
+}
+
 #endif /* _CN20K_CRYPTODEV_OPS_H_ */
-- 
2.25.1

[PATCH v2 14/40] crypto/cnxk: move debug dumps to common

[Tejasree Kondoj]

Move the crypto instruction dumps to common

Signed-off-by: Vidya Sagar Velumuri 
Signed-off-by: Tejasree Kondoj 
---
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 125 +++---
 drivers/crypto/cnxk/cn20k_cryptodev_ops.c |   7 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c  | 101 +
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h  |   6 ++
 4 files changed, 126 insertions(+), 113 deletions(-)

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 947f50b4c8..9ad0629519 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -98,104 +98,6 @@ cpt_sec_ipsec_inst_fill(struct cnxk_cpt_qp *qp, struct 
rte_crypto_op *op,
return ret;
 }
 
-#ifdef CPT_INST_DEBUG_ENABLE
-static inline void
-cpt_request_data_sgv2_mode_dump(uint8_t *in_buffer, bool glist, uint16_t 
components)
-{
-   struct roc_se_buf_ptr list_ptr[ROC_MAX_SG_CNT];
-   const char *list = glist ? "glist" : "slist";
-   struct roc_sg2list_comp *sg_ptr = NULL;
-   uint16_t list_cnt = 0;
-   char suffix[64];
-   int i, j;
-
-   sg_ptr = (void *)in_buffer;
-   for (i = 0; i < components; i++) {
-   for (j = 0; j < sg_ptr->u.s.valid_segs; j++) {
-   list_ptr[i * 3 + j].size = sg_ptr->u.s.len[j];
-   list_ptr[i * 3 + j].vaddr = (void *)sg_ptr->ptr[j];
-   list_ptr[i * 3 + j].vaddr = list_ptr[i * 3 + j].vaddr;
-   list_cnt++;
-   }
-   sg_ptr++;
-   }
-
-   printf("Current %s: %u\n", list, list_cnt);
-
-   for (i = 0; i < list_cnt; i++) {
-   snprintf(suffix, sizeof(suffix), "%s[%d]: vaddr 0x%" PRIx64 ", 
vaddr %p len %u",
-list, i, (uint64_t)list_ptr[i].vaddr, 
list_ptr[i].vaddr, list_ptr[i].size);
-   rte_hexdump(stdout, suffix, list_ptr[i].vaddr, 
list_ptr[i].size);
-   }
-}
-
-static inline void
-cpt_request_data_sg_mode_dump(uint8_t *in_buffer, bool glist)
-{
-   struct roc_se_buf_ptr list_ptr[ROC_MAX_SG_CNT];
-   const char *list = glist ? "glist" : "slist";
-   struct roc_sglist_comp *sg_ptr = NULL;
-   uint16_t list_cnt, components;
-   char suffix[64];
-   int i;
-
-   sg_ptr = (void *)(in_buffer + 8);
-   list_cnt = rte_be_to_cpu_16uint16_t *)in_buffer)[2]));
-   if (!glist) {
-   components = list_cnt / 4;
-   if (list_cnt % 4)
-   components++;
-   sg_ptr += components;
-   list_cnt = rte_be_to_cpu_16uint16_t *)in_buffer)[3]));
-   }
-
-   printf("Current %s: %u\n", list, list_cnt);
-   components = list_cnt / 4;
-   for (i = 0; i < components; i++) {
-   list_ptr[i * 4 + 0].size = rte_be_to_cpu_16(sg_ptr->u.s.len[0]);
-   list_ptr[i * 4 + 1].size = rte_be_to_cpu_16(sg_ptr->u.s.len[1]);
-   list_ptr[i * 4 + 2].size = rte_be_to_cpu_16(sg_ptr->u.s.len[2]);
-   list_ptr[i * 4 + 3].size = rte_be_to_cpu_16(sg_ptr->u.s.len[3]);
-   list_ptr[i * 4 + 0].vaddr = (void 
*)rte_be_to_cpu_64(sg_ptr->ptr[0]);
-   list_ptr[i * 4 + 1].vaddr = (void 
*)rte_be_to_cpu_64(sg_ptr->ptr[1]);
-   list_ptr[i * 4 + 2].vaddr = (void 
*)rte_be_to_cpu_64(sg_ptr->ptr[2]);
-   list_ptr[i * 4 + 3].vaddr = (void 
*)rte_be_to_cpu_64(sg_ptr->ptr[3]);
-   list_ptr[i * 4 + 0].vaddr = list_ptr[i * 4 + 0].vaddr;
-   list_ptr[i * 4 + 1].vaddr = list_ptr[i * 4 + 1].vaddr;
-   list_ptr[i * 4 + 2].vaddr = list_ptr[i * 4 + 2].vaddr;
-   list_ptr[i * 4 + 3].vaddr = list_ptr[i * 4 + 3].vaddr;
-   sg_ptr++;
-   }
-
-   components = list_cnt % 4;
-   switch (components) {
-   case 3:
-   list_ptr[i * 4 + 2].size = rte_be_to_cpu_16(sg_ptr->u.s.len[2]);
-   list_ptr[i * 4 + 2].vaddr = (void 
*)rte_be_to_cpu_64(sg_ptr->ptr[2]);
-   list_ptr[i * 4 + 2].vaddr = list_ptr[i * 4 + 2].vaddr;
-   /* FALLTHROUGH */
-   case 2:
-   list_ptr[i * 4 + 1].size = rte_be_to_cpu_16(sg_ptr->u.s.len[1]);
-   list_ptr[i * 4 + 1].vaddr = (void 
*)rte_be_to_cpu_64(sg_ptr->ptr[1]);
-   list_ptr[i * 4 + 1].vaddr = list_ptr[i * 4 + 1].vaddr;
-   /* FALLTHROUGH */
-   case 1:
-   list_ptr[i * 4 + 0].size = rte_be_to_cpu_16(sg_ptr->u.s.len[0]);
-   list_ptr[i * 4 + 0].vaddr = (void 
*)rte_be_to_cpu_64(sg_ptr->ptr[0]);
-   list_ptr[i * 4 + 0].vaddr = list_ptr[i * 4 + 0].vaddr;
-   break;
-   default:
-   break;
-   }
-
-   for (i = 0; i < list_cnt; i++) {
-   snprintf(suffix, sizeof(suffix), "%s[%d]: vaddr 0x%" PRIx64 ", 
vaddr %p len %u",
-list, i, (uint64_t)list_ptr[i].vaddr, 
list_ptr[

[PATCH v2 15/40] crypto/cnxk: add rte security skeletion for cn20k

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add skeletion for rte sec for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_cryptodev.c |   2 +
 drivers/crypto/cnxk/cn20k_cryptodev_sec.c | 106 ++
 drivers/crypto/cnxk/cn20k_cryptodev_sec.h |  19 
 drivers/crypto/cnxk/cn20k_ipsec.c |  68 ++
 drivers/crypto/cnxk/cn20k_ipsec.h |  41 +
 drivers/crypto/cnxk/meson.build   |   2 +
 6 files changed, 238 insertions(+)
 create mode 100644 drivers/crypto/cnxk/cn20k_cryptodev_sec.c
 create mode 100644 drivers/crypto/cnxk/cn20k_cryptodev_sec.h
 create mode 100644 drivers/crypto/cnxk/cn20k_ipsec.c
 create mode 100644 drivers/crypto/cnxk/cn20k_ipsec.h

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev.c 
b/drivers/crypto/cnxk/cn20k_cryptodev.c
index 4c70c15ca9..7b8293cc05 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev.c
@@ -12,6 +12,7 @@
 
 #include "cn20k_cryptodev.h"
 #include "cn20k_cryptodev_ops.h"
+#include "cn20k_cryptodev_sec.h"
 #include "cnxk_cryptodev.h"
 #include "cnxk_cryptodev_capabilities.h"
 #include "cnxk_cryptodev_ops.h"
@@ -93,6 +94,7 @@ cn20k_cpt_pci_probe(struct rte_pci_driver *pci_drv 
__rte_unused, struct rte_pci_
 
dev->qp_depth_used = cnxk_cpt_qp_depth_used;
cn20k_cpt_set_enqdeq_fns(dev);
+   cn20k_sec_ops_override();
 
rte_cryptodev_pmd_probing_finish(dev);
 
diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_sec.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
new file mode 100644
index 00..04c8e8f506
--- /dev/null
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
@@ -0,0 +1,106 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2025 Marvell.
+ */
+
+#include 
+
+#include "cn20k_cryptodev_ops.h"
+#include "cn20k_cryptodev_sec.h"
+#include "cnxk_cryptodev_ops.h"
+
+static int
+cn20k_sec_session_create(void *dev, struct rte_security_session_conf *conf,
+struct rte_security_session *sess)
+{
+   RTE_SET_USED(dev);
+   RTE_SET_USED(conf);
+   RTE_SET_USED(sess);
+
+   return -ENOTSUP;
+}
+
+static int
+cn20k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
+{
+   RTE_SET_USED(dev);
+   RTE_SET_USED(sec_sess);
+
+   return -EINVAL;
+}
+
+static unsigned int
+cn20k_sec_session_get_size(void *dev __rte_unused)
+{
+   return 0;
+}
+
+static int
+cn20k_sec_session_stats_get(void *dev, struct rte_security_session *sec_sess,
+   struct rte_security_stats *stats)
+{
+   RTE_SET_USED(dev);
+   RTE_SET_USED(sec_sess);
+   RTE_SET_USED(stats);
+
+   return -ENOTSUP;
+}
+
+static int
+cn20k_sec_session_update(void *dev, struct rte_security_session *sec_sess,
+struct rte_security_session_conf *conf)
+{
+   RTE_SET_USED(dev);
+   RTE_SET_USED(sec_sess);
+   RTE_SET_USED(conf);
+
+   return -ENOTSUP;
+}
+
+static int
+cn20k_cryptodev_sec_rx_inject_configure(void *device, uint16_t port_id, bool 
enable)
+{
+   RTE_SET_USED(device);
+   RTE_SET_USED(port_id);
+   RTE_SET_USED(enable);
+
+   return -ENOTSUP;
+}
+
+#if defined(RTE_ARCH_ARM64)
+static uint16_t
+cn20k_cryptodev_sec_inb_rx_inject(void *dev, struct rte_mbuf **pkts,
+ struct rte_security_session **sess, uint16_t 
nb_pkts)
+{
+   RTE_SET_USED(dev);
+   RTE_SET_USED(pkts);
+   RTE_SET_USED(sess);
+   RTE_SET_USED(nb_pkts);
+
+   return 0;
+}
+#else
+uint16_t __rte_hot
+cn20k_cryptodev_sec_inb_rx_inject(void *dev, struct rte_mbuf **pkts,
+ struct rte_security_session **sess, uint16_t 
nb_pkts)
+{
+   RTE_SET_USED(dev);
+   RTE_SET_USED(sess);
+   RTE_SET_USED(nb_pkts);
+
+   return 0;
+}
+#endif
+
+/* Update platform specific security ops */
+void
+cn20k_sec_ops_override(void)
+{
+   /* Update platform specific ops */
+   cnxk_sec_ops.session_create = cn20k_sec_session_create;
+   cnxk_sec_ops.session_destroy = cn20k_sec_session_destroy;
+   cnxk_sec_ops.session_get_size = cn20k_sec_session_get_size;
+   cnxk_sec_ops.session_stats_get = cn20k_sec_session_stats_get;
+   cnxk_sec_ops.session_update = cn20k_sec_session_update;
+   cnxk_sec_ops.inb_pkt_rx_inject = cn20k_cryptodev_sec_inb_rx_inject;
+   cnxk_sec_ops.rx_inject_configure = 
cn20k_cryptodev_sec_rx_inject_configure;
+}
diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_sec.h 
b/drivers/crypto/cnxk/cn20k_cryptodev_sec.h
new file mode 100644
index 00..5cd0e53017
--- /dev/null
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_sec.h
@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2025 Marvell.
+ */
+
+#ifndef __CN20K_CRYPTODEV_SEC_H__
+#define __CN20K_CRYPTODEV_SEC_H__
+
+#include 
+#include 
+
+#include "roc_constants.h"
+#include "roc_cpt.h"
+
+#include "cn20k_ipsec.h"
+
+#define SEC_SESS_SIZE sizeof(struct rte_sec

[PATCH v2 16/40] crypto/cnxk: add security session creation

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add rte security session creation for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_cryptodev_sec.c |  22 +-
 drivers/crypto/cnxk/cn20k_cryptodev_sec.h |  33 +++
 drivers/crypto/cnxk/cn20k_ipsec.c | 250 +-
 3 files changed, 296 insertions(+), 9 deletions(-)

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_sec.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
index 04c8e8f506..0bb4b7db63 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
@@ -12,9 +12,25 @@ static int
 cn20k_sec_session_create(void *dev, struct rte_security_session_conf *conf,
 struct rte_security_session *sess)
 {
-   RTE_SET_USED(dev);
-   RTE_SET_USED(conf);
-   RTE_SET_USED(sess);
+   struct rte_cryptodev *crypto_dev = dev;
+   struct cnxk_cpt_vf *vf;
+   struct cnxk_cpt_qp *qp;
+
+   if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
+   return -EINVAL;
+
+   qp = crypto_dev->data->queue_pairs[0];
+   if (qp == NULL) {
+   plt_err("Setup cryptodev queue pair before creating security 
session");
+   return -EPERM;
+   }
+
+   vf = crypto_dev->data->dev_private;
+
+   if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC) {
+   ((struct cn20k_sec_session *)sess)->userdata = conf->userdata;
+   return cn20k_ipsec_session_create(vf, qp, &conf->ipsec, 
conf->crypto_xform, sess);
+   }
 
return -ENOTSUP;
 }
diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_sec.h 
b/drivers/crypto/cnxk/cn20k_cryptodev_sec.h
index 5cd0e53017..4d6dcc9670 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_sec.h
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_sec.h
@@ -16,4 +16,37 @@
 #define SEC_SESS_SIZE sizeof(struct rte_security_session)
 
 void cn20k_sec_ops_override(void);
+
+struct __rte_aligned(ROC_ALIGN) cn20k_sec_session {
+   uint8_t rte_sess[SEC_SESS_SIZE];
+
+   /** PMD private space */
+   alignas(RTE_CACHE_LINE_MIN_SIZE)
+
+   /** Pre-populated CPT inst words */
+   struct cnxk_cpt_inst_tmpl inst;
+   uint16_t max_extended_len;
+   uint16_t iv_offset;
+   uint8_t proto;
+   uint8_t iv_length;
+   union {
+   uint16_t u16;
+   struct {
+   uint8_t ip_csum;
+   uint8_t is_outbound : 1;
+   } ipsec;
+   };
+   /** Queue pair */
+   struct cnxk_cpt_qp *qp;
+   /** Userdata to be set for Rx inject */
+   void *userdata;
+
+   /**
+* End of SW mutable area
+*/
+   union {
+   struct cn20k_ipsec_sa sa;
+   };
+};
+
 #endif /* __CN20K_CRYPTODEV_SEC_H__ */
diff --git a/drivers/crypto/cnxk/cn20k_ipsec.c 
b/drivers/crypto/cnxk/cn20k_ipsec.c
index da8f818d87..4fa3872ef9 100644
--- a/drivers/crypto/cnxk/cn20k_ipsec.c
+++ b/drivers/crypto/cnxk/cn20k_ipsec.c
@@ -20,19 +20,257 @@
 
 #include "roc_api.h"
 
+static int
+cn20k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
+  struct rte_security_ipsec_xform *ipsec_xfrm,
+  struct rte_crypto_sym_xform *crypto_xfrm,
+  struct cn20k_sec_session *sec_sess)
+{
+   union roc_ow_ipsec_outb_param1 param1;
+   struct roc_ow_ipsec_outb_sa *sa_dptr;
+   struct cnxk_ipsec_outb_rlens rlens;
+   struct cn20k_ipsec_sa *sa;
+   union cpt_inst_w4 inst_w4;
+   void *out_sa;
+   int ret = 0;
+
+   sa = &sec_sess->sa;
+   out_sa = &sa->out_sa;
+
+   /* Allocate memory to be used as dptr for CPT ucode WRITE_SA op */
+   sa_dptr = plt_zmalloc(sizeof(struct roc_ow_ipsec_outb_sa), 8);
+   if (sa_dptr == NULL) {
+   plt_err("Could not allocate memory for SA dptr");
+   return -ENOMEM;
+   }
+
+   /* Translate security parameters to SA */
+   ret = cnxk_ow_ipsec_outb_sa_fill(sa_dptr, ipsec_xfrm, crypto_xfrm);
+   if (ret) {
+   plt_err("Could not fill outbound session parameters");
+   goto sa_dptr_free;
+   }
+
+   RTE_SET_USED(roc_cpt);
+
+#ifdef LA_IPSEC_DEBUG
+   /* Use IV from application in debug mode */
+   if (ipsec_xfrm->options.iv_gen_disable == 1) {
+   sa_dptr->w2.s.iv_src = ROC_IE_OW_SA_IV_SRC_FROM_SA;
+   if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+   sec_sess->iv_offset = crypto_xfrm->aead.iv.offset;
+   sec_sess->iv_length = crypto_xfrm->aead.iv.length;
+   } else if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+   sec_sess->iv_offset = crypto_xfrm->cipher.iv.offset;
+   sec_sess->iv_length = crypto_xfrm->cipher.iv.length;
+   } else {
+   sec_sess->iv_offset = crypto_xfrm->auth.iv.offset;
+  

[PATCH v2 18/40] crypto/cnxk: move code to common

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Move common code between cn10k and cn20k to common

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn10k_cryptodev_sec.h | 14 --
 drivers/crypto/cnxk/cn10k_ipsec.c |  4 ++--
 drivers/crypto/cnxk/cn10k_tls.c   |  4 ++--
 drivers/crypto/cnxk/cn20k_ipsec.c |  4 ++--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h  | 17 +
 drivers/crypto/cnxk/cnxk_ipsec.h  |  1 +
 6 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h 
b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h
index 77faaa0fe6..b07fbaf5ee 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h
@@ -59,20 +59,6 @@ struct __rte_aligned(ROC_ALIGN) cn10k_sec_session {
};
 };
 
-static inline uint64_t
-cpt_inst_w7_get(struct roc_cpt *roc_cpt, void *cptr)
-{
-   union cpt_inst_w7 w7;
-
-   w7.u64 = 0;
-   w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
-   w7.s.ctx_val = 1;
-   w7.s.cptr = (uint64_t)cptr;
-   rte_mb();
-
-   return w7.u64;
-}
-
 void cn10k_sec_ops_override(void);
 
 #endif /* __CN10K_CRYPTODEV_SEC_H__ */
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c 
b/drivers/crypto/cnxk/cn10k_ipsec.c
index ae0482d0fe..5cd4f5257a 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -51,7 +51,7 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct 
roc_cpt_lf *lf,
goto sa_dptr_free;
}
 
-   sec_sess->inst.w7 = cpt_inst_w7_get(roc_cpt, out_sa);
+   sec_sess->inst.w7 = cnxk_cpt_sec_inst_w7_get(roc_cpt, out_sa);
 
 #ifdef LA_IPSEC_DEBUG
/* Use IV from application in debug mode */
@@ -183,7 +183,7 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct 
roc_cpt_lf *lf,
}
 
sec_sess->ipsec.is_outbound = 0;
-   sec_sess->inst.w7 = cpt_inst_w7_get(roc_cpt, in_sa);
+   sec_sess->inst.w7 = cnxk_cpt_sec_inst_w7_get(roc_cpt, in_sa);
 
/* Save index/SPI in cookie, specific required for Rx Inject */
sa_dptr->w1.s.cookie = 0x;
diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c
index 4bd2654499..49edac8cd6 100644
--- a/drivers/crypto/cnxk/cn10k_tls.c
+++ b/drivers/crypto/cnxk/cn10k_tls.c
@@ -690,7 +690,7 @@ cn10k_tls_read_sa_create(struct roc_cpt *roc_cpt, struct 
roc_cpt_lf *lf,
 
sec_sess->tls_opt.tls_ver = tls_ver;
sec_sess->inst.w4 = inst_w4.u64;
-   sec_sess->inst.w7 = cpt_inst_w7_get(roc_cpt, read_sa);
+   sec_sess->inst.w7 = cnxk_cpt_sec_inst_w7_get(roc_cpt, read_sa);
 
memset(read_sa, 0, sizeof(struct roc_ie_ot_tls_read_sa));
 
@@ -783,7 +783,7 @@ cn10k_tls_write_sa_create(struct roc_cpt *roc_cpt, struct 
roc_cpt_lf *lf,
ROC_IE_OT_TLS13_MAJOR_OP_RECORD_ENC | 
ROC_IE_OT_INPLACE_BIT;
}
sec_sess->inst.w4 = inst_w4.u64;
-   sec_sess->inst.w7 = cpt_inst_w7_get(roc_cpt, write_sa);
+   sec_sess->inst.w7 = cnxk_cpt_sec_inst_w7_get(roc_cpt, write_sa);
 
memset(write_sa, 0, sizeof(struct roc_ie_ot_tls_write_sa));
 
diff --git a/drivers/crypto/cnxk/cn20k_ipsec.c 
b/drivers/crypto/cnxk/cn20k_ipsec.c
index e19e080600..edb3462630 100644
--- a/drivers/crypto/cnxk/cn20k_ipsec.c
+++ b/drivers/crypto/cnxk/cn20k_ipsec.c
@@ -51,7 +51,7 @@ cn20k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct 
roc_cpt_lf *lf,
goto sa_dptr_free;
}
 
-   RTE_SET_USED(roc_cpt);
+   sec_sess->inst.w7 = cnxk_cpt_sec_inst_w7_get(roc_cpt, out_sa);
 
 #ifdef LA_IPSEC_DEBUG
/* Use IV from application in debug mode */
@@ -178,7 +178,7 @@ cn20k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct 
roc_cpt_lf *lf,
}
 
sec_sess->ipsec.is_outbound = 0;
-   RTE_SET_USED(roc_cpt);
+   sec_sess->inst.w7 = cnxk_cpt_sec_inst_w7_get(roc_cpt, in_sa);
 
/* Save index/SPI in cookie, requirement for Rx Inject */
sa_dptr->w1.s.cookie = 0x;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h 
b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index 417b869828..df8d08b7c5 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -218,4 +218,21 @@ hw_ctx_cache_enable(void)
return roc_errata_cpt_hang_on_mixed_ctx_val() || 
roc_model_is_cn10ka_b0() ||
   roc_model_is_cn10kb_a0();
 }
+
+static inline uint64_t
+cnxk_cpt_sec_inst_w7_get(struct roc_cpt *roc_cpt, void *cptr)
+{
+   union cpt_inst_w7 w7;
+
+   w7.u64 = 0;
+   if (roc_model_is_cn20k())
+   w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_SE];
+   else
+   w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
+   w7.s.ctx_val = 1;
+   w7.s.cptr = (uint64_t)cptr;
+   rte_mb();
+
+   return w7.u64;
+}
 #endif /* _CNXK_CRYPTODEV_OPS_H_ */
diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipse

[PATCH v2 19/40] crypto/cnxk: add rte sec session update

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add support for IPsec session update and IPsec stats get for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_cryptodev_sec.c | 41 +++
 drivers/crypto/cnxk/cn20k_ipsec.c | 39 +
 2 files changed, 66 insertions(+), 14 deletions(-)

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_sec.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
index 1b18398250..ba7f1baf86 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
@@ -60,16 +60,28 @@ cn20k_sec_session_destroy(void *dev, struct 
rte_security_session *sec_sess)
 static unsigned int
 cn20k_sec_session_get_size(void *dev __rte_unused)
 {
-   return 0;
+   return sizeof(struct cn20k_sec_session) - sizeof(struct 
rte_security_session);
 }
 
 static int
 cn20k_sec_session_stats_get(void *dev, struct rte_security_session *sec_sess,
struct rte_security_stats *stats)
 {
-   RTE_SET_USED(dev);
-   RTE_SET_USED(sec_sess);
-   RTE_SET_USED(stats);
+   struct cn20k_sec_session *cn20k_sec_sess;
+   struct rte_cryptodev *crypto_dev = dev;
+   struct cnxk_cpt_qp *qp;
+
+   if (unlikely(sec_sess == NULL))
+   return -EINVAL;
+
+   qp = crypto_dev->data->queue_pairs[0];
+   if (unlikely(qp == NULL))
+   return -ENOTSUP;
+
+   cn20k_sec_sess = (struct cn20k_sec_session *)sec_sess;
+
+   if (cn20k_sec_sess->proto == RTE_SECURITY_PROTOCOL_IPSEC)
+   return cn20k_ipsec_stats_get(qp, cn20k_sec_sess, stats);
 
return -ENOTSUP;
 }
@@ -78,9 +90,24 @@ static int
 cn20k_sec_session_update(void *dev, struct rte_security_session *sec_sess,
 struct rte_security_session_conf *conf)
 {
-   RTE_SET_USED(dev);
-   RTE_SET_USED(sec_sess);
-   RTE_SET_USED(conf);
+   struct cn20k_sec_session *cn20k_sec_sess;
+   struct rte_cryptodev *crypto_dev = dev;
+   struct cnxk_cpt_qp *qp;
+   struct cnxk_cpt_vf *vf;
+
+   if (sec_sess == NULL)
+   return -EINVAL;
+
+   qp = crypto_dev->data->queue_pairs[0];
+   if (qp == NULL)
+   return -EINVAL;
+
+   vf = crypto_dev->data->dev_private;
+
+   cn20k_sec_sess = (struct cn20k_sec_session *)sec_sess;
+
+   if (cn20k_sec_sess->proto == RTE_SECURITY_PROTOCOL_IPSEC)
+   return cn20k_ipsec_session_update(vf, qp, cn20k_sec_sess, conf);
 
return -ENOTSUP;
 }
diff --git a/drivers/crypto/cnxk/cn20k_ipsec.c 
b/drivers/crypto/cnxk/cn20k_ipsec.c
index edb3462630..1a65438646 100644
--- a/drivers/crypto/cnxk/cn20k_ipsec.c
+++ b/drivers/crypto/cnxk/cn20k_ipsec.c
@@ -333,9 +333,24 @@ int
 cn20k_ipsec_stats_get(struct cnxk_cpt_qp *qp, struct cn20k_sec_session *sess,
  struct rte_security_stats *stats)
 {
-   RTE_SET_USED(qp);
-   RTE_SET_USED(sess);
-   RTE_SET_USED(stats);
+   struct roc_ow_ipsec_outb_sa *out_sa;
+   struct roc_ow_ipsec_inb_sa *in_sa;
+   struct cn20k_ipsec_sa *sa;
+
+   stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC;
+   sa = &sess->sa;
+
+   if (sess->ipsec.is_outbound) {
+   out_sa = &sa->out_sa;
+   roc_cpt_lf_ctx_flush(&qp->lf, out_sa, false);
+   stats->ipsec.opackets = out_sa->ctx.mib_pkts;
+   stats->ipsec.obytes = out_sa->ctx.mib_octs;
+   } else {
+   in_sa = &sa->in_sa;
+   roc_cpt_lf_ctx_flush(&qp->lf, in_sa, false);
+   stats->ipsec.ipackets = in_sa->ctx.mib_pkts;
+   stats->ipsec.ibytes = in_sa->ctx.mib_octs;
+   }
 
return 0;
 }
@@ -344,10 +359,20 @@ int
 cn20k_ipsec_session_update(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp,
   struct cn20k_sec_session *sess, struct 
rte_security_session_conf *conf)
 {
-   RTE_SET_USED(vf);
-   RTE_SET_USED(qp);
-   RTE_SET_USED(sess);
-   RTE_SET_USED(conf);
+   struct roc_cpt *roc_cpt;
+   int ret;
+
+   if (conf->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
+   return -ENOTSUP;
+
+   ret = cnxk_ipsec_xform_verify(&conf->ipsec, conf->crypto_xform);
+   if (ret)
+   return ret;
+
+   roc_cpt = &vf->cpt;
+
+   return cn20k_ipsec_outb_sa_create(roc_cpt, &qp->lf, &conf->ipsec, 
conf->crypto_xform,
+ (struct cn20k_sec_session *)sess);
 
return 0;
 }
-- 
2.25.1

[PATCH v2 20/40] crypto/cnxk: add rte security datapath handling

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add support for enqueue and dequeue of rte security for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_cryptodev_ops.c | 108 +++-
 drivers/crypto/cnxk/cn20k_ipsec_la_ops.h  | 199 ++
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c  |   2 +
 drivers/crypto/cnxk/cnxk_ipsec.h  |   1 +
 4 files changed, 307 insertions(+), 3 deletions(-)
 create mode 100644 drivers/crypto/cnxk/cn20k_ipsec_la_ops.h

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
index 063446fecd..ac03c76f4d 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
@@ -11,6 +11,8 @@
 
 #include "cn20k_cryptodev.h"
 #include "cn20k_cryptodev_ops.h"
+#include "cn20k_cryptodev_sec.h"
+#include "cn20k_ipsec_la_ops.h"
 #include "cnxk_ae.h"
 #include "cnxk_cryptodev.h"
 #include "cnxk_cryptodev_ops.h"
@@ -60,10 +62,43 @@ cn20k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, 
struct rte_crypto_op *op)
return NULL;
 }
 
+static __rte_always_inline int __rte_hot
+cpt_sec_ipsec_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
+   struct cn20k_sec_session *sess, struct cpt_inst_s *inst,
+   struct cpt_inflight_req *infl_req)
+{
+   struct rte_crypto_sym_op *sym_op = op->sym;
+   int ret;
+
+   if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) {
+   plt_dp_err("Out of place is not supported");
+   return -ENOTSUP;
+   }
+
+   if (sess->ipsec.is_outbound)
+   ret = process_outb_sa(&qp->lf, op, sess, &qp->meta_info, 
infl_req, inst);
+   else
+   ret = process_inb_sa(op, sess, inst, &qp->meta_info, infl_req);
+
+   return ret;
+}
+
+static __rte_always_inline int __rte_hot
+cpt_sec_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, struct 
cn20k_sec_session *sess,
+ struct cpt_inst_s *inst, struct cpt_inflight_req *infl_req)
+{
+
+   if (sess->proto == RTE_SECURITY_PROTOCOL_IPSEC)
+   return cpt_sec_ipsec_inst_fill(qp, op, sess, &inst[0], 
infl_req);
+
+   return 0;
+}
+
 static inline int
 cn20k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], 
struct cpt_inst_s inst[],
struct cpt_inflight_req *infl_req)
 {
+   struct cn20k_sec_session *sec_sess;
struct rte_crypto_asym_op *asym_op;
struct rte_crypto_sym_op *sym_op;
struct cnxk_ae_sess *ae_sess;
@@ -85,7 +120,13 @@ cn20k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct 
rte_crypto_op *ops[], struct
sym_op = op->sym;
 
if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
-   if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+   if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
+   sec_sess = (struct cn20k_sec_session *)sym_op->session;
+   ret = cpt_sec_inst_fill(qp, op, sec_sess, &inst[0], 
infl_req);
+   if (unlikely(ret))
+   return 0;
+   w7 = sec_sess->inst.w7;
+   } else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
sess = (struct cnxk_se_sess *)(sym_op->session);
ret = cpt_sym_inst_fill(qp, op, sess, infl_req, 
&inst[0], true);
if (unlikely(ret))
@@ -224,6 +265,52 @@ cn20k_cpt_enqueue_burst(void *qptr, struct rte_crypto_op 
**ops, uint16_t nb_ops)
return count + i;
 }
 
+static inline void
+cn20k_cpt_ipsec_post_process(struct rte_crypto_op *cop, struct cpt_cn20k_res_s 
*res)
+{
+   struct rte_mbuf *mbuf = cop->sym->m_src;
+   const uint16_t m_len = res->rlen;
+
+   switch (res->uc_compcode) {
+   case ROC_IE_OW_UCC_SUCCESS_PKT_IP_BADCSUM:
+   mbuf->ol_flags &= ~RTE_MBUF_F_RX_IP_CKSUM_GOOD;
+   mbuf->ol_flags |= RTE_MBUF_F_RX_IP_CKSUM_BAD;
+   break;
+   case ROC_IE_OW_UCC_SUCCESS_PKT_L4_GOODCSUM:
+   mbuf->ol_flags |= RTE_MBUF_F_RX_L4_CKSUM_GOOD | 
RTE_MBUF_F_RX_IP_CKSUM_GOOD;
+   break;
+   case ROC_IE_OW_UCC_SUCCESS_PKT_L4_BADCSUM:
+   mbuf->ol_flags |= RTE_MBUF_F_RX_L4_CKSUM_BAD | 
RTE_MBUF_F_RX_IP_CKSUM_GOOD;
+   break;
+   case ROC_IE_OW_UCC_SUCCESS_PKT_IP_GOODCSUM:
+   break;
+   case ROC_IE_OW_UCC_SUCCESS_SA_SOFTEXP_FIRST:
+   case ROC_IE_OW_UCC_SUCCESS_SA_SOFTEXP_AGAIN:
+   cop->aux_flags = RTE_CRYPTO_OP_AUX_FLAGS_IPSEC_SOFT_EXPIRY;
+   break;
+   default:
+   cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+   cop->aux_flags = res->uc_compcode;
+   return;
+   }
+
+   if (mbuf->next == NULL)
+   mbuf->data_len = m_len;
+
+   mbuf->pkt_len = m_len;
+}
+
+static inline void
+cn20k_cpt_sec_post_process(struct rte_cr

[PATCH v2 22/40] crypto/cnxk: add skeleton for tls

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add skeleton for tls support for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/common/cnxk/roc_ie_ow_tls.h | 233 
 drivers/crypto/cnxk/cn20k_tls.c |  56 +++
 drivers/crypto/cnxk/cn20k_tls.h |  40 +
 drivers/crypto/cnxk/meson.build |   1 +
 4 files changed, 330 insertions(+)
 create mode 100644 drivers/common/cnxk/roc_ie_ow_tls.h
 create mode 100644 drivers/crypto/cnxk/cn20k_tls.c
 create mode 100644 drivers/crypto/cnxk/cn20k_tls.h

diff --git a/drivers/common/cnxk/roc_ie_ow_tls.h 
b/drivers/common/cnxk/roc_ie_ow_tls.h
new file mode 100644
index 00..d2338926cc
--- /dev/null
+++ b/drivers/common/cnxk/roc_ie_ow_tls.h
@@ -0,0 +1,233 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2025 Marvell.
+ */
+
+#ifndef __ROC_IE_OW_TLS_H__
+#define __ROC_IE_OW_TLS_H__
+
+#include "roc_platform.h"
+
+#define ROC_IE_OW_TLS_CTX_ILEN  1
+#define ROC_IE_OW_TLS_CTX_HDR_SIZE  1
+#define ROC_IE_OW_TLS_AR_WIN_SIZE_MAX   4096
+#define ROC_IE_OW_TLS_LOG_MIN_AR_WIN_SIZE_M1 5
+
+/* u64 array size to fit anti replay window bits */
+#define ROC_IE_OW_TLS_AR_WINBITS_SZ
\
+   (PLT_ALIGN_CEIL(ROC_IE_OW_TLS_AR_WIN_SIZE_MAX, BITS_PER_LONG_LONG) / 
BITS_PER_LONG_LONG)
+
+/* CN20K TLS opcodes */
+#define ROC_IE_OW_TLS_MAJOR_OP_RECORD_ENC   0x16UL
+#define ROC_IE_OW_TLS_MAJOR_OP_RECORD_DEC   0x17UL
+#define ROC_IE_OW_TLS13_MAJOR_OP_RECORD_ENC 0x18UL
+#define ROC_IE_OW_TLS13_MAJOR_OP_RECORD_DEC 0x19UL
+
+#define ROC_IE_OW_TLS_CTX_MAX_OPAD_IPAD_LEN 128
+#define ROC_IE_OW_TLS_CTX_MAX_KEY_IV_LEN48
+#define ROC_IE_OW_TLS_CTX_MAX_IV_LEN   16
+
+enum roc_ie_ow_tls_mac_type {
+   ROC_IE_OW_TLS_MAC_MD5 = 1,
+   ROC_IE_OW_TLS_MAC_SHA1 = 2,
+   ROC_IE_OW_TLS_MAC_SHA2_256 = 4,
+   ROC_IE_OW_TLS_MAC_SHA2_384 = 5,
+   ROC_IE_OW_TLS_MAC_SHA2_512 = 6,
+};
+
+enum roc_ie_ow_tls_cipher_type {
+   ROC_IE_OW_TLS_CIPHER_3DES = 1,
+   ROC_IE_OW_TLS_CIPHER_AES_CBC = 3,
+   ROC_IE_OW_TLS_CIPHER_AES_GCM = 7,
+   ROC_IE_OW_TLS_CIPHER_AES_CCM = 10,
+   ROC_IE_OW_TLS_CIPHER_CHACHA_POLY = 9,
+};
+
+enum roc_ie_ow_tls_ver {
+   ROC_IE_OW_TLS_VERSION_TLS_12 = 1,
+   ROC_IE_OW_TLS_VERSION_DTLS_12 = 2,
+   ROC_IE_OW_TLS_VERSION_TLS_13 = 3,
+};
+
+enum roc_ie_ow_tls_aes_key_len {
+   ROC_IE_OW_TLS_AES_KEY_LEN_128 = 1,
+   ROC_IE_OW_TLS_AES_KEY_LEN_256 = 3,
+};
+
+enum {
+   ROC_IE_OW_TLS_IV_SRC_DEFAULT = 0,
+   ROC_IE_OW_TLS_IV_SRC_FROM_SA = 1,
+};
+
+struct roc_ie_ow_tls_read_ctx_update_reg {
+   uint64_t ar_base;
+   uint64_t ar_valid_mask;
+   uint64_t hard_life;
+   uint64_t soft_life;
+   uint64_t mib_octs;
+   uint64_t mib_pkts;
+   uint64_t ar_winbits[ROC_IE_OW_TLS_AR_WINBITS_SZ];
+};
+
+struct roc_ie_ow_tls_1_3_read_ctx_update_reg {
+   uint64_t rsvd0;
+   uint64_t ar_valid_mask;
+   uint64_t hard_life;
+   uint64_t soft_life;
+   uint64_t mib_octs;
+   uint64_t mib_pkts;
+   uint64_t rsvd1;
+};
+
+union roc_ie_ow_tls_param2 {
+   uint16_t u16;
+   struct {
+   uint8_t msg_type;
+   uint8_t rsvd;
+   } s;
+};
+
+struct roc_ie_ow_tls_read_sa {
+   /* Word0 */
+   union {
+   struct {
+   uint64_t ar_win : 3;
+   uint64_t hard_life_dec : 1;
+   uint64_t soft_life_dec : 1;
+   uint64_t count_glb_octets : 1;
+   uint64_t count_glb_pkts : 1;
+   uint64_t count_mib_bytes : 1;
+
+   uint64_t count_mib_pkts : 1;
+   uint64_t hw_ctx_off : 7;
+
+   uint64_t ctx_id : 16;
+
+   uint64_t orig_pkt_fabs : 1;
+   uint64_t orig_pkt_free : 1;
+   uint64_t pkind : 6;
+
+   uint64_t rsvd0 : 1;
+   uint64_t et_ovrwr : 1;
+   uint64_t pkt_output : 2;
+   uint64_t pkt_format : 1;
+   uint64_t defrag_opt : 2;
+   uint64_t x2p_dst : 1;
+
+   uint64_t ctx_push_size : 7;
+   uint64_t rsvd1 : 1;
+
+   uint64_t ctx_hdr_size : 2;
+   uint64_t aop_valid : 1;
+   uint64_t rsvd2 : 1;
+   uint64_t ctx_size : 4;
+   } s;
+   uint64_t u64;
+   } w0;
+
+   /* Word1 */
+   uint64_t w1_rsvd3;
+
+   /* Word2 */
+   union {
+   struct {
+   uint64_t version_select : 4;
+   uint64_t aes_key_len : 2;
+   uint64_t cipher_select : 4;
+   uint64_t mac_select : 4;
+   uint64_t rsvd4 : 50;
+   } s;

[PATCH v2 25/40] crypto/cnxk: add tls session destroy

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add tls session destroy for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_cryptodev_sec.c |  3 +
 drivers/crypto/cnxk/cn20k_tls.c   | 84 ++-
 2 files changed, 85 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_sec.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
index e5158af595..ab676cc6cf 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
@@ -58,6 +58,9 @@ cn20k_sec_session_destroy(void *dev, struct 
rte_security_session *sec_sess)
if (cn20k_sec_sess->proto == RTE_SECURITY_PROTOCOL_IPSEC)
return cn20k_sec_ipsec_session_destroy(qp, cn20k_sec_sess);
 
+   if (cn20k_sec_sess->proto == RTE_SECURITY_PROTOCOL_TLS_RECORD)
+   return cn20k_sec_tls_session_destroy(qp, cn20k_sec_sess);
+
return -EINVAL;
 }
 
diff --git a/drivers/crypto/cnxk/cn20k_tls.c b/drivers/crypto/cnxk/cn20k_tls.c
index 27d08c49fa..b6f444baf4 100644
--- a/drivers/crypto/cnxk/cn20k_tls.c
+++ b/drivers/crypto/cnxk/cn20k_tls.c
@@ -785,6 +785,36 @@ cn20k_tls_write_sa_create(struct roc_cpt *roc_cpt, struct 
roc_cpt_lf *lf,
return ret;
 }
 
+static void
+tls_write_sa_init(struct roc_ie_ow_tls_write_sa *sa)
+{
+   size_t offset;
+
+   memset(sa, 0, sizeof(struct roc_ie_ow_tls_write_sa));
+
+   offset = offsetof(struct roc_ie_ow_tls_write_sa, tls_12.w26_rsvd7);
+   sa->w0.s.hw_ctx_off = offset / ROC_CTX_UNIT_8B;
+   sa->w0.s.ctx_push_size = sa->w0.s.hw_ctx_off;
+   sa->w0.s.ctx_size = ROC_IE_OW_TLS_CTX_ILEN;
+   sa->w0.s.ctx_hdr_size = ROC_IE_OW_TLS_CTX_HDR_SIZE;
+   sa->w0.s.aop_valid = 1;
+}
+
+static void
+tls_read_sa_init(struct roc_ie_ow_tls_read_sa *sa)
+{
+   size_t offset;
+
+   memset(sa, 0, sizeof(struct roc_ie_ow_tls_read_sa));
+
+   offset = offsetof(struct roc_ie_ow_tls_read_sa, tls_12.ctx);
+   sa->w0.s.hw_ctx_off = offset / ROC_CTX_UNIT_8B;
+   sa->w0.s.ctx_push_size = sa->w0.s.hw_ctx_off;
+   sa->w0.s.ctx_size = ROC_IE_OW_TLS_CTX_ILEN;
+   sa->w0.s.ctx_hdr_size = ROC_IE_OW_TLS_CTX_HDR_SIZE;
+   sa->w0.s.aop_valid = 1;
+}
+
 int
 cn20k_tls_record_session_update(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp,
struct cn20k_sec_session *sess,
@@ -824,9 +854,59 @@ cn20k_tls_record_session_create(struct cnxk_cpt_vf *vf, 
struct cnxk_cpt_qp *qp,
 int
 cn20k_sec_tls_session_destroy(struct cnxk_cpt_qp *qp, struct cn20k_sec_session 
*sess)
 {
+   struct cn20k_tls_record *tls;
+   struct roc_cpt_lf *lf;
+   void *sa_dptr = NULL;
+   int ret = -ENOMEM;
 
-   RTE_SET_USED(qp);
-   RTE_SET_USED(sess);
+   lf = &qp->lf;
+
+   tls = &sess->tls_rec;
+
+   /* Trigger CTX flush to write dirty data back to DRAM */
+   roc_cpt_lf_ctx_flush(lf, &tls->read_sa, false);
+
+   if (sess->tls_opt.is_write) {
+   sa_dptr = plt_zmalloc(sizeof(struct roc_ie_ow_tls_write_sa), 8);
+   if (sa_dptr != NULL) {
+   tls_write_sa_init(sa_dptr);
+
+   ret = roc_cpt_ctx_write(lf, sa_dptr, &tls->write_sa,
+   sizeof(struct 
roc_ie_ow_tls_write_sa));
+   plt_free(sa_dptr);
+   }
+   if (ret) {
+   /* MC write_ctx failed. Attempt reload of CTX */
+
+   /* Wait for 1 ms so that flush is complete */
+   rte_delay_ms(1);
+
+   rte_atomic_thread_fence(rte_memory_order_seq_cst);
+
+   /* Trigger CTX reload to fetch new data from DRAM */
+   roc_cpt_lf_ctx_reload(lf, &tls->write_sa);
+   }
+   } else {
+   sa_dptr = plt_zmalloc(sizeof(struct roc_ie_ow_tls_read_sa), 8);
+   if (sa_dptr != NULL) {
+   tls_read_sa_init(sa_dptr);
+
+   ret = roc_cpt_ctx_write(lf, sa_dptr, &tls->read_sa,
+   sizeof(struct 
roc_ie_ow_tls_read_sa));
+   plt_free(sa_dptr);
+   }
+   if (ret) {
+   /* MC write_ctx failed. Attempt reload of CTX */
+
+   /* Wait for 1 ms so that flush is complete */
+   rte_delay_ms(1);
+
+   rte_atomic_thread_fence(rte_memory_order_seq_cst);
+
+   /* Trigger CTX reload to fetch new data from DRAM */
+   roc_cpt_lf_ctx_reload(lf, &tls->read_sa);
+   }
+   }
 
return 0;
 }
-- 
2.25.1

[PATCH v2 24/40] crypto/cnxk: add tls read session creation

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add session creation for tls read for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_tls.c | 329 +++-
 1 file changed, 327 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/cnxk/cn20k_tls.c b/drivers/crypto/cnxk/cn20k_tls.c
index 513e49de6b..27d08c49fa 100644
--- a/drivers/crypto/cnxk/cn20k_tls.c
+++ b/drivers/crypto/cnxk/cn20k_tls.c
@@ -461,6 +461,330 @@ cn20k_tls_read_sa_create(struct roc_cpt *roc_cpt, struct 
roc_cpt_lf *lf,
return ret;
 }
 
+static int
+tls_write_rlens_get(struct rte_security_tls_record_xform *tls_xfrm,
+   struct rte_crypto_sym_xform *crypto_xfrm)
+{
+   enum rte_crypto_cipher_algorithm c_algo = RTE_CRYPTO_CIPHER_NULL;
+   enum rte_crypto_auth_algorithm a_algo = RTE_CRYPTO_AUTH_NULL;
+   uint8_t roundup_byte, tls_hdr_len;
+   uint8_t mac_len, iv_len;
+
+   switch (tls_xfrm->ver) {
+   case RTE_SECURITY_VERSION_TLS_1_2:
+   case RTE_SECURITY_VERSION_TLS_1_3:
+   tls_hdr_len = 5;
+   break;
+   case RTE_SECURITY_VERSION_DTLS_1_2:
+   tls_hdr_len = 13;
+   break;
+   default:
+   tls_hdr_len = 0;
+   break;
+   }
+
+   /* Get Cipher and Auth algo */
+   if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+   return tls_hdr_len + ROC_CPT_AES_GCM_IV_LEN + 
ROC_CPT_AES_GCM_MAC_LEN;
+
+   if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+   c_algo = crypto_xfrm->cipher.algo;
+   if (crypto_xfrm->next)
+   a_algo = crypto_xfrm->next->auth.algo;
+   } else {
+   a_algo = crypto_xfrm->auth.algo;
+   if (crypto_xfrm->next)
+   c_algo = crypto_xfrm->next->cipher.algo;
+   }
+
+   switch (c_algo) {
+   case RTE_CRYPTO_CIPHER_NULL:
+   roundup_byte = 4;
+   iv_len = 0;
+   break;
+   case RTE_CRYPTO_CIPHER_3DES_CBC:
+   roundup_byte = ROC_CPT_DES_BLOCK_LENGTH;
+   iv_len = ROC_CPT_DES_IV_LEN;
+   break;
+   case RTE_CRYPTO_CIPHER_AES_CBC:
+   roundup_byte = ROC_CPT_AES_BLOCK_LENGTH;
+   iv_len = ROC_CPT_AES_CBC_IV_LEN;
+   break;
+   default:
+   roundup_byte = 0;
+   iv_len = 0;
+   break;
+   }
+
+   switch (a_algo) {
+   case RTE_CRYPTO_AUTH_NULL:
+   mac_len = 0;
+   break;
+   case RTE_CRYPTO_AUTH_MD5_HMAC:
+   mac_len = 16;
+   break;
+   case RTE_CRYPTO_AUTH_SHA1_HMAC:
+   mac_len = 20;
+   break;
+   case RTE_CRYPTO_AUTH_SHA256_HMAC:
+   mac_len = 32;
+   break;
+   case RTE_CRYPTO_AUTH_SHA384_HMAC:
+   mac_len = 32;
+   break;
+   default:
+   mac_len = 0;
+   break;
+   }
+
+   return tls_hdr_len + iv_len + mac_len + roundup_byte;
+}
+
+static int
+tls_write_sa_fill(struct roc_ie_ow_tls_write_sa *write_sa,
+ struct rte_security_tls_record_xform *tls_xfrm,
+ struct rte_crypto_sym_xform *crypto_xfrm)
+{
+   enum rte_security_tls_version tls_ver = tls_xfrm->ver;
+   struct rte_crypto_sym_xform *auth_xfrm, *cipher_xfrm;
+   const uint8_t *key = NULL;
+   uint8_t *cipher_key;
+   uint64_t *tmp_key;
+   int i, length = 0;
+   size_t offset;
+
+   if (tls_ver == RTE_SECURITY_VERSION_TLS_1_2) {
+   write_sa->w2.s.version_select = ROC_IE_OW_TLS_VERSION_TLS_12;
+   write_sa->tls_12.seq_num = tls_xfrm->tls_1_2.seq_no - 1;
+   } else if (tls_ver == RTE_SECURITY_VERSION_DTLS_1_2) {
+   write_sa->w2.s.version_select = ROC_IE_OW_TLS_VERSION_DTLS_12;
+   write_sa->tls_12.seq_num = ((uint64_t)tls_xfrm->dtls_1_2.epoch 
<< 48) |
+  (tls_xfrm->dtls_1_2.seq_no & 
0x);
+   write_sa->tls_12.seq_num -= 1;
+   } else if (tls_ver == RTE_SECURITY_VERSION_TLS_1_3) {
+   write_sa->w2.s.version_select = ROC_IE_OW_TLS_VERSION_TLS_13;
+   write_sa->tls_13.seq_num = tls_xfrm->tls_1_3.seq_no - 1;
+   }
+
+   cipher_key = write_sa->cipher_key;
+
+   /* Set encryption algorithm */
+   if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+   length = crypto_xfrm->aead.key.length;
+   if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
+   write_sa->w2.s.cipher_select = 
ROC_IE_OW_TLS_CIPHER_AES_GCM;
+   if (length == 16)
+   write_sa->w2.s.aes_key_len = 
ROC_IE_OW_TLS_AES_KEY_LEN_128;
+   else
+   write_sa->w2.s.aes_key_len = 
ROC_IE_OW_TLS_AES_KEY_LEN_256;
+

[PATCH v2 26/40] crypto/cnxk: add enq and dequeue support for TLS

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add enqueue and dequeue support for TLS for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_cryptodev_ops.c |  14 ++
 drivers/crypto/cnxk/cn20k_tls_ops.h   | 250 ++
 2 files changed, 264 insertions(+)
 create mode 100644 drivers/crypto/cnxk/cn20k_tls_ops.h

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
index ead5730db9..f328d810d2 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
@@ -16,6 +16,7 @@
 #include "cn20k_cryptodev_ops.h"
 #include "cn20k_cryptodev_sec.h"
 #include "cn20k_ipsec_la_ops.h"
+#include "cn20k_tls_ops.h"
 #include "cnxk_ae.h"
 #include "cnxk_cryptodev.h"
 #include "cnxk_cryptodev_ops.h"
@@ -86,6 +87,17 @@ cpt_sec_ipsec_inst_fill(struct cnxk_cpt_qp *qp, struct 
rte_crypto_op *op,
return ret;
 }
 
+static __rte_always_inline int __rte_hot
+cpt_sec_tls_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
+ struct cn20k_sec_session *sess, struct cpt_inst_s *inst,
+ struct cpt_inflight_req *infl_req)
+{
+   if (sess->tls_opt.is_write)
+   return process_tls_write(&qp->lf, op, sess, &qp->meta_info, 
infl_req, inst);
+   else
+   return process_tls_read(op, sess, &qp->meta_info, infl_req, 
inst);
+}
+
 static __rte_always_inline int __rte_hot
 cpt_sec_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, struct 
cn20k_sec_session *sess,
  struct cpt_inst_s *inst, struct cpt_inflight_req *infl_req)
@@ -93,6 +105,8 @@ cpt_sec_inst_fill(struct cnxk_cpt_qp *qp, struct 
rte_crypto_op *op, struct cn20k
 
if (sess->proto == RTE_SECURITY_PROTOCOL_IPSEC)
return cpt_sec_ipsec_inst_fill(qp, op, sess, &inst[0], 
infl_req);
+   else if (sess->proto == RTE_SECURITY_PROTOCOL_TLS_RECORD)
+   return cpt_sec_tls_inst_fill(qp, op, sess, &inst[0], infl_req);
 
return 0;
 }
diff --git a/drivers/crypto/cnxk/cn20k_tls_ops.h 
b/drivers/crypto/cnxk/cn20k_tls_ops.h
new file mode 100644
index 00..14f879f2a9
--- /dev/null
+++ b/drivers/crypto/cnxk/cn20k_tls_ops.h
@@ -0,0 +1,250 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2025 Marvell.
+ */
+
+#ifndef __CN20K_TLS_OPS_H__
+#define __CN20K_TLS_OPS_H__
+
+#include 
+#include 
+
+#include "roc_ie.h"
+
+#include "cn20k_cryptodev.h"
+#include "cn20k_cryptodev_sec.h"
+#include "cnxk_cryptodev.h"
+#include "cnxk_cryptodev_ops.h"
+#include "cnxk_sg.h"
+
+static __rte_always_inline int
+process_tls_write(struct roc_cpt_lf *lf, struct rte_crypto_op *cop, struct 
cn20k_sec_session *sess,
+ struct cpt_qp_meta_info *m_info, struct cpt_inflight_req 
*infl_req,
+ struct cpt_inst_s *inst)
+{
+   struct cn20k_tls_opt tls_opt = sess->tls_opt;
+   struct rte_crypto_sym_op *sym_op = cop->sym;
+#ifdef LA_IPSEC_DEBUG
+   struct roc_ie_ow_tls_write_sa *write_sa;
+#endif
+   struct rte_mbuf *m_src = sym_op->m_src;
+   struct rte_mbuf *m_dst = sym_op->m_dst;
+   uint32_t pad_len, pad_bytes;
+   struct rte_mbuf *last_seg;
+   union cpt_inst_w4 w4;
+   void *m_data = NULL;
+   uint8_t *in_buffer;
+
+   pad_bytes = (cop->aux_flags * 8) > 0xff ? 0xff : (cop->aux_flags * 8);
+   pad_len = (pad_bytes >> tls_opt.pad_shift) * tls_opt.enable_padding;
+
+#ifdef LA_IPSEC_DEBUG
+   write_sa = &sess->tls_rec.write_sa;
+   if (write_sa->w2.s.iv_at_cptr == ROC_IE_OW_TLS_IV_SRC_FROM_SA) {
+
+   uint8_t *iv = PLT_PTR_ADD(write_sa->cipher_key, 32);
+
+   if (write_sa->w2.s.cipher_select == 
ROC_IE_OW_TLS_CIPHER_AES_GCM) {
+   uint32_t *tmp;
+
+   /* For GCM, the IV and salt format will be like below:
+* iv[0-3]: lower bytes of IV in BE format.
+* iv[4-7]: salt / nonce.
+* iv[12-15]: upper bytes of IV in BE format.
+*/
+   memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, 
sess->iv_offset), 4);
+   tmp = (uint32_t *)iv;
+   *tmp = rte_be_to_cpu_32(*tmp);
+
+   memcpy(iv + 12,
+  rte_crypto_op_ctod_offset(cop, uint8_t *, 
sess->iv_offset + 4), 4);
+   tmp = (uint32_t *)(iv + 12);
+   *tmp = rte_be_to_cpu_32(*tmp);
+   } else if (write_sa->w2.s.cipher_select == 
ROC_IE_OW_TLS_CIPHER_AES_CBC) {
+   uint64_t *tmp;
+
+   memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, 
sess->iv_offset), 16);
+   tmp = (uint64_t *)iv;
+   *tmp = rte_be_to_cpu_64(*tmp);
+   tmp = (uint64_t *)(iv + 8);
+   *tmp = rte_be_to_cpu_64(*tmp);
+  

[PATCH v2 28/40] crypto/cnxk: add tls session update

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add support for TLS session update for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_cryptodev_sec.c |  3 +++
 drivers/crypto/cnxk/cn20k_tls.c   | 15 ++-
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_sec.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
index ab676cc6cf..ae1e31e7e1 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
@@ -116,6 +116,9 @@ cn20k_sec_session_update(void *dev, struct 
rte_security_session *sec_sess,
if (cn20k_sec_sess->proto == RTE_SECURITY_PROTOCOL_IPSEC)
return cn20k_ipsec_session_update(vf, qp, cn20k_sec_sess, conf);
 
+   if (conf->protocol == RTE_SECURITY_PROTOCOL_TLS_RECORD)
+   return cn20k_tls_record_session_update(vf, qp, cn20k_sec_sess, 
conf);
+
return -ENOTSUP;
 }
 
diff --git a/drivers/crypto/cnxk/cn20k_tls.c b/drivers/crypto/cnxk/cn20k_tls.c
index b6f444baf4..9f7acefc19 100644
--- a/drivers/crypto/cnxk/cn20k_tls.c
+++ b/drivers/crypto/cnxk/cn20k_tls.c
@@ -820,12 +820,17 @@ cn20k_tls_record_session_update(struct cnxk_cpt_vf *vf, 
struct cnxk_cpt_qp *qp,
struct cn20k_sec_session *sess,
struct rte_security_session_conf *conf)
 {
-   RTE_SET_USED(vf);
-   RTE_SET_USED(qp);
-   RTE_SET_USED(sess);
-   RTE_SET_USED(conf);
+   struct roc_cpt *roc_cpt;
+   int ret;
 
-   return 0;
+   if (conf->tls_record.type == RTE_SECURITY_TLS_SESS_TYPE_READ)
+   return -ENOTSUP;
+
+   roc_cpt = &vf->cpt;
+   ret = cn20k_tls_write_sa_create(roc_cpt, &qp->lf, &conf->tls_record, 
conf->crypto_xform,
+   (struct cn20k_sec_session *)sess);
+
+   return ret;
 }
 
 int
-- 
2.25.1

[PATCH v2 29/40] crypto/cnxk: include required headers

[Tejasree Kondoj]

Including required headers.

Signed-off-by: Tejasree Kondoj 
---
 drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h 
b/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
index 02278605a2..46861ab2cf 100644
--- a/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
+++ b/drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h
@@ -13,6 +13,9 @@
 
 #include 
 
+#include 
+#include 
+
 /* Forward declarations */
 
 /**
-- 
2.25.1

[PATCH v2 32/40] common/cnxk: fix salt handling with aes-ctr

[Tejasree Kondoj]

From: Nithinsen Kaithakadan 

This patch includes fix for setting correct salt value
for CTR algorithm.

Fixes: 78d03027f2cc ("common/cnxk: add IPsec common code")

Signed-off-by: Nithinsen Kaithakadan 
---
 drivers/common/cnxk/cnxk_security.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/common/cnxk/cnxk_security.c 
b/drivers/common/cnxk/cnxk_security.c
index ea3b87e65c..62ae7b9b2e 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -96,6 +96,9 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 
*w2, uint8_t *cipher_k
break;
case RTE_CRYPTO_CIPHER_AES_CTR:
w2->s.enc_type = ROC_IE_SA_ENC_AES_CTR;
+   memcpy(salt_key, &ipsec_xfrm->salt, 4);
+   tmp_salt = (uint32_t *)salt_key;
+   *tmp_salt = rte_be_to_cpu_32(*tmp_salt);
break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
w2->s.enc_type = ROC_IE_SA_ENC_3DES_CBC;
-- 
2.25.1

[PATCH v2 33/40] common/cnxk: set correct salt value for ctr algos

[Tejasree Kondoj]

From: Nithinsen Kaithakadan 

This patch includes fix for setting correct salt value
for CTR algorithm.

Fixes: 532963b8070 ("crypto/cnxk: move IPsec SA creation to common")

Signed-off-by: Nithinsen Kaithakadan 
---
 drivers/common/cnxk/cnxk_security.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/drivers/common/cnxk/cnxk_security.c 
b/drivers/common/cnxk/cnxk_security.c
index 62ae7b9b2e..0e6777e6ca 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -965,6 +965,8 @@ on_fill_ipsec_common_sa(struct rte_security_ipsec_xform 
*ipsec,
cipher_key_len = crypto_xform->aead.key.length;
} else {
if (cipher_xform) {
+   if (cipher_xform->cipher.algo == 
RTE_CRYPTO_CIPHER_AES_CTR)
+   memcpy(common_sa->iv.gcm.nonce, &ipsec->salt, 
4);
cipher_key = cipher_xform->cipher.key.data;
cipher_key_len = cipher_xform->cipher.key.length;
}
@@ -1285,6 +1287,9 @@ ow_ipsec_sa_common_param_fill(union roc_ow_ipsec_sa_word2 
*w2, uint8_t *cipher_k
break;
case RTE_CRYPTO_CIPHER_AES_CTR:
w2->s.enc_type = ROC_IE_SA_ENC_AES_CTR;
+   memcpy(salt_key, &ipsec_xfrm->salt, 4);
+   tmp_salt = (uint32_t *)salt_key;
+   *tmp_salt = rte_be_to_cpu_32(*tmp_salt);
break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
w2->s.enc_type = ROC_IE_SA_ENC_3DES_CBC;
-- 
2.25.1

[PATCH v2 30/40] crypto/cnxk: support raw API for cn20k

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add raw API support for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_cryptodev_ops.c | 384 +-
 1 file changed, 377 insertions(+), 7 deletions(-)

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
index cd709ac69e..eec1df2749 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
@@ -664,10 +664,352 @@ cn20k_cpt_dev_info_get(struct rte_cryptodev *dev, struct 
rte_cryptodev_info *inf
}
 }
 
+static inline int
+cn20k_cpt_raw_fill_inst(struct cnxk_iov *iov, struct cnxk_cpt_qp *qp,
+   struct cnxk_sym_dp_ctx *dp_ctx, struct cpt_inst_s 
inst[],
+   struct cpt_inflight_req *infl_req, void *opaque)
+{
+   struct cnxk_se_sess *sess;
+   int ret;
+
+   const union cpt_res_s res = {
+   .cn20k.compcode = CPT_COMP_NOT_DONE,
+   };
+
+   inst[0].w0.u64 = 0;
+   inst[0].w2.u64 = 0;
+   inst[0].w3.u64 = 0;
+
+   sess = dp_ctx->sess;
+
+   switch (sess->dp_thr_type) {
+   case CPT_DP_THREAD_TYPE_PT:
+   ret = fill_raw_passthrough_params(iov, inst);
+   break;
+   case CPT_DP_THREAD_TYPE_FC_CHAIN:
+   ret = fill_raw_fc_params(iov, sess, &qp->meta_info, infl_req, 
&inst[0], false,
+false, true);
+   break;
+   case CPT_DP_THREAD_TYPE_FC_AEAD:
+   ret = fill_raw_fc_params(iov, sess, &qp->meta_info, infl_req, 
&inst[0], false, true,
+true);
+   break;
+   case CPT_DP_THREAD_AUTH_ONLY:
+   ret = fill_raw_digest_params(iov, sess, &qp->meta_info, 
infl_req, &inst[0], true);
+   break;
+   default:
+   ret = -EINVAL;
+   }
+
+   if (unlikely(ret))
+   return 0;
+
+   inst[0].res_addr = (uint64_t)&infl_req->res;
+   rte_atomic_store_explicit(&infl_req->res.u64[0], res.u64[0], 
rte_memory_order_relaxed);
+   infl_req->opaque = opaque;
+
+   inst[0].w7.u64 = sess->cpt_inst_w7;
+
+   return 1;
+}
+
+static uint32_t
+cn20k_cpt_raw_enqueue_burst(void *qpair, uint8_t *drv_ctx, struct 
rte_crypto_sym_vec *vec,
+   union rte_crypto_sym_ofs ofs, void *user_data[], 
int *enqueue_status)
+{
+   uint16_t lmt_id, nb_allowed, nb_ops = vec->num;
+   struct cpt_inflight_req *infl_req;
+   uint64_t lmt_base, io_addr, head;
+   struct cnxk_cpt_qp *qp = qpair;
+   struct cnxk_sym_dp_ctx *dp_ctx;
+   struct pending_queue *pend_q;
+   uint32_t count = 0, index;
+   union cpt_fc_write_s fc;
+   struct cpt_inst_s *inst;
+   uint64_t *fc_addr;
+   int ret, i;
+
+   pend_q = &qp->pend_q;
+   const uint64_t pq_mask = pend_q->pq_mask;
+
+   head = pend_q->head;
+   nb_allowed = pending_queue_free_cnt(head, pend_q->tail, pq_mask);
+   nb_ops = RTE_MIN(nb_ops, nb_allowed);
+
+   if (unlikely(nb_ops == 0))
+   return 0;
+
+   lmt_base = qp->lmtline.lmt_base;
+   io_addr = qp->lmtline.io_addr;
+   fc_addr = qp->lmtline.fc_addr;
+
+   const uint32_t fc_thresh = qp->lmtline.fc_thresh;
+
+   ROC_LMT_BASE_ID_GET(lmt_base, lmt_id);
+   inst = (struct cpt_inst_s *)lmt_base;
+
+   dp_ctx = (struct cnxk_sym_dp_ctx *)drv_ctx;
+again:
+   fc.u64[0] = rte_atomic_load_explicit((RTE_ATOMIC(uint64_t) *)fc_addr, 
rte_memory_order_relaxed);
+   if (unlikely(fc.s.qsize > fc_thresh)) {
+   i = 0;
+   goto pend_q_commit;
+   }
+
+   for (i = 0; i < RTE_MIN(CN20K_CPT_PKTS_PER_LOOP, nb_ops); i++) {
+   struct cnxk_iov iov;
+
+   index = count + i;
+   infl_req = &pend_q->req_queue[head];
+   infl_req->op_flags = 0;
+
+   cnxk_raw_burst_to_iov(vec, &ofs, index, &iov);
+   ret = cn20k_cpt_raw_fill_inst(&iov, qp, dp_ctx, &inst[i], 
infl_req,
+ user_data[index]);
+   if (unlikely(ret != 1)) {
+   plt_dp_err("Could not process vec: %d", index);
+   if (i == 0 && count == 0)
+   return -1;
+   else if (i == 0)
+   goto pend_q_commit;
+   else
+   break;
+   }
+   pending_queue_advance(&head, pq_mask);
+   }
+
+   cn20k_cpt_lmtst_dual_submit(&io_addr, lmt_id, &i);
+
+   if (nb_ops - i > 0 && i == CN20K_CPT_PKTS_PER_LOOP) {
+   nb_ops -= i;
+   count += i;
+   goto again;
+   }
+
+pend_q_commit:
+   rte_atomic_thread_fence(rte_memory_order_release);
+
+   pend_q->head = head;
+   pend_q->time_out = rte_get_timer_cycles() + DEFAULT_COMMAN

[PATCH v2 34/40] crypto/cnxk: extend check for max supported gather entries

[Tejasree Kondoj]

From: Rupesh Chiluka 

Extend check for max supported gather entries in CNXK
CPT PMD.

Signed-off-by: Rupesh Chiluka 
---
 drivers/common/cnxk/roc_cpt_sg.h |  1 +
 drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 10 ++
 drivers/crypto/cnxk/cn10k_tls_ops.h  | 10 ++
 drivers/crypto/cnxk/cn20k_ipsec_la_ops.h | 10 ++
 drivers/crypto/cnxk/cn20k_tls_ops.h  | 10 ++
 drivers/crypto/cnxk/cn9k_ipsec_la_ops.h  | 10 ++
 6 files changed, 51 insertions(+)

diff --git a/drivers/common/cnxk/roc_cpt_sg.h b/drivers/common/cnxk/roc_cpt_sg.h
index e7e01cd29a..7c3caf94d7 100644
--- a/drivers/common/cnxk/roc_cpt_sg.h
+++ b/drivers/common/cnxk/roc_cpt_sg.h
@@ -15,6 +15,7 @@
 #define ROC_SG_MAX_COMP 25
 #define ROC_SG_MAX_DLEN_SIZE (ROC_SG_LIST_HDR_SIZE + (ROC_SG_MAX_COMP * 
ROC_SG_ENTRY_SIZE))
 #define ROC_SG2_MAX_PTRS 48
+#define ROC_SG1_MAX_PTRS 32
 
 struct roc_sglist_comp {
union {
diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h 
b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
index 87442c2a1f..0cc6283c7e 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
@@ -105,6 +105,11 @@ process_outb_sa(struct roc_cpt_lf *lf, struct 
rte_crypto_op *cop, struct cn10k_s
return -ENOMEM;
}
 
+   if (unlikely(m_src->nb_segs > ROC_SG1_MAX_PTRS)) {
+   plt_dp_err("Exceeds max supported components. Reduce 
segments");
+   return -1;
+   }
+
m_data = alloc_op_meta(NULL, m_info->mlen, m_info->pool, 
infl_req);
if (unlikely(m_data == NULL)) {
plt_dp_err("Error allocating meta buffer for request");
@@ -224,6 +229,11 @@ process_inb_sa(struct rte_crypto_op *cop, struct 
cn10k_sec_session *sess, struct
void *m_data;
int i;
 
+   if (unlikely(m_src->nb_segs > ROC_SG1_MAX_PTRS)) {
+   plt_dp_err("Exceeds max supported components. Reduce 
segments");
+   return -1;
+   }
+
m_data = alloc_op_meta(NULL, m_info->mlen, m_info->pool, 
infl_req);
if (unlikely(m_data == NULL)) {
plt_dp_err("Error allocating meta buffer for request");
diff --git a/drivers/crypto/cnxk/cn10k_tls_ops.h 
b/drivers/crypto/cnxk/cn10k_tls_ops.h
index 427c31425c..90600bd850 100644
--- a/drivers/crypto/cnxk/cn10k_tls_ops.h
+++ b/drivers/crypto/cnxk/cn10k_tls_ops.h
@@ -117,6 +117,11 @@ process_tls_write(struct roc_cpt_lf *lf, struct 
rte_crypto_op *cop, struct cn10k
return -ENOMEM;
}
 
+   if (unlikely(m_src->nb_segs > ROC_SG1_MAX_PTRS)) {
+   plt_dp_err("Exceeds max supported components. Reduce 
segments");
+   return -1;
+   }
+
m_data = alloc_op_meta(NULL, m_info->mlen, m_info->pool, 
infl_req);
if (unlikely(m_data == NULL)) {
plt_dp_err("Error allocating meta buffer for request");
@@ -255,6 +260,11 @@ process_tls_read(struct rte_crypto_op *cop, struct 
cn10k_sec_session *sess,
uint32_t dlen;
int i;
 
+   if (unlikely(m_src->nb_segs > ROC_SG1_MAX_PTRS)) {
+   plt_dp_err("Exceeds max supported components. Reduce 
segments");
+   return -1;
+   }
+
m_data = alloc_op_meta(NULL, m_info->mlen, m_info->pool, 
infl_req);
if (unlikely(m_data == NULL)) {
plt_dp_err("Error allocating meta buffer for request");
diff --git a/drivers/crypto/cnxk/cn20k_ipsec_la_ops.h 
b/drivers/crypto/cnxk/cn20k_ipsec_la_ops.h
index eff51bd794..505fddb517 100644
--- a/drivers/crypto/cnxk/cn20k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn20k_ipsec_la_ops.h
@@ -104,6 +104,11 @@ process_outb_sa(struct roc_cpt_lf *lf, struct 
rte_crypto_op *cop, struct cn20k_s
return -ENOMEM;
}
 
+   if (unlikely(m_src->nb_segs > ROC_SG2_MAX_PTRS)) {
+   plt_dp_err("Exceeds max supported components. Reduce 
segments");
+   return -1;
+   }
+
m_data = alloc_op_meta(NULL, m_info->mlen, m_info->pool, 
infl_req);
if (unlikely(m_data == NULL)) {
plt_dp_err("Error allocating meta buffer for request");
@@ -163,6 +168,11 @@ process_inb_sa(struct rte_crypto_op *cop, struct 
cn20k_sec_session *sess, struct
void *m_data;
int i;
 
+   if (unlikely(m_src->nb_segs > ROC_SG2_MAX_PTRS)) {
+   plt_dp_err("Exceeds max supported components. Reduce 
segments");
+   return -1;
+   }
+
m_data = alloc_op_meta(NULL, m_info->mlen, m_info->pool, 
infl_req);

[PATCH v2 37/40] crypto/cnxk: add support for sessionless asym

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add support for sessionless asymmetric operations for cnxk

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 72 ++-
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c  | 57 +-
 drivers/crypto/cnxk/cnxk_cryptodev.c  |  3 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c  |  5 +-
 4 files changed, 130 insertions(+), 7 deletions(-)

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 813a2deb66..4f7b34cc21 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -76,6 +76,55 @@ cn10k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, 
struct rte_crypto_op *op)
return NULL;
 }
 
+static inline struct cnxk_ae_sess *
+cn10k_cpt_asym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op 
*op)
+{
+   struct rte_crypto_asym_op *asym_op = op->asym;
+   struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
+   struct rte_cryptodev_asym_session *sess;
+   struct cnxk_ae_sess *priv;
+   struct cnxk_cpt_vf *vf;
+   union cpt_inst_w7 w7;
+   struct hw_ctx_s *hwc;
+
+   /* Create temporary session */
+   if (rte_mempool_get(qp->sess_mp, (void **)&sess) < 0)
+   return NULL;
+
+   priv = (struct cnxk_ae_sess *)sess;
+   if (cnxk_ae_fill_session_parameters(priv, asym_op->xform))
+   goto sess_put;
+
+   priv->lf = &qp->lf;
+
+   if (roc_errata_cpt_hang_on_mixed_ctx_val()) {
+   hwc = &priv->hw_ctx;
+   hwc->w0.s.aop_valid = 1;
+   hwc->w0.s.ctx_hdr_size = 0;
+   hwc->w0.s.ctx_size = 1;
+   hwc->w0.s.ctx_push_size = 1;
+
+   w7.s.ctx_val = 1;
+   w7.s.cptr = (uint64_t)hwc;
+   }
+
+   w7.u64 = 0;
+   w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_AE];
+
+   vf = container_of(roc_cpt, struct cnxk_cpt_vf, cpt);
+   priv->cpt_inst_w7 = w7.u64;
+   priv->cnxk_fpm_iova = vf->cnxk_fpm_iova;
+   priv->ec_grp = vf->ec_grp;
+
+   asym_op->session = sess;
+
+   return priv;
+
+sess_put:
+   rte_mempool_put(qp->sess_mp, sess);
+   return NULL;
+}
+
 static __rte_always_inline int __rte_hot
 cpt_sec_ipsec_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
struct cn10k_sec_session *sess, struct cpt_inst_s *inst,
@@ -177,7 +226,6 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct 
rte_crypto_op *ops[], struct
w7 = sess->cpt_inst_w7;
}
} else if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) {
-
if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
asym_op = op->asym;
ae_sess = (struct cnxk_ae_sess *)asym_op->session;
@@ -186,9 +234,22 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct 
rte_crypto_op *ops[], struct
return 0;
w7 = ae_sess->cpt_inst_w7;
} else {
-   plt_dp_err("Not supported Asym op without session");
-   return 0;
+   ae_sess = cn10k_cpt_asym_temp_sess_create(qp, op);
+   if (unlikely(ae_sess == NULL)) {
+   plt_dp_err("Could not create temp session");
+   return 0;
+   }
+
+   ret = cnxk_ae_enqueue(qp, op, infl_req, &inst[0], 
ae_sess);
+   if (unlikely(ret)) {
+   cnxk_ae_session_clear(NULL,
+ (struct 
rte_cryptodev_asym_session *)ae_sess);
+   rte_mempool_put(qp->sess_mp, ae_sess);
+   return 0;
+   }
+   w7 = ae_sess->cpt_inst_w7;
}
+
} else {
plt_dp_err("Unsupported op type");
return 0;
@@ -1145,6 +1206,11 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, 
struct rte_crypto_op *cop
rte_mempool_put(qp->sess_mp, cop->sym->session);
cop->sym->session = NULL;
}
+   if (cop->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) {
+   cnxk_ae_session_clear(NULL, cop->asym->session);
+   rte_mempool_put(qp->sess_mp, cop->asym->session);
+   cop->asym->session = NULL;
+   }
}
 }
 
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index fa22b5ce44..570051518c 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -67,6 +67,43 @@ cn9k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct 
rte_crypto_op *op)
return NULL;
 }
 
+static inline struct cnxk_ae_se

[PATCH v2 39/40] common/cnxk: update qsize in CPT iq enable

[Tejasree Kondoj]

From: Nithinsen Kaithakadan 

Reconfigure qsize in each CPT iq enable call.

Fixes: 3bf87839559 ("common/cnxk: move instruction queue enable to ROC")

Signed-off-by: Nithinsen Kaithakadan 
---
 drivers/common/cnxk/roc_cpt.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/drivers/common/cnxk/roc_cpt.c b/drivers/common/cnxk/roc_cpt.c
index b4bf0ccd64..d1ba2b8858 100644
--- a/drivers/common/cnxk/roc_cpt.c
+++ b/drivers/common/cnxk/roc_cpt.c
@@ -1125,9 +1125,14 @@ roc_cpt_iq_disable(struct roc_cpt_lf *lf)
 void
 roc_cpt_iq_enable(struct roc_cpt_lf *lf)
 {
+   union cpt_lf_q_size lf_q_size;
union cpt_lf_inprog lf_inprog;
union cpt_lf_ctl lf_ctl;
 
+   /* Reconfigure the QSIZE register to ensure NQ_PTR and DQ_PTR are reset 
*/
+   lf_q_size.u = plt_read64(lf->rbase + CPT_LF_Q_SIZE);
+   plt_write64(lf_q_size.u, lf->rbase + CPT_LF_Q_SIZE);
+
/* Disable command queue */
roc_cpt_iq_disable(lf);
 
-- 
2.25.1

[PATCH v2 35/40] crypto/cnxk: add struct variable for custom metadata

[Tejasree Kondoj]

Adding struct variable for passing custom metadata
to microcode.

Signed-off-by: Tejasree Kondoj 
---
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h | 4 
 1 file changed, 4 insertions(+)

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h 
b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index df8d08b7c5..17d39aa34f 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -30,6 +30,8 @@
 /* Default command timeout in seconds */
 #define DEFAULT_COMMAND_TIMEOUT 4
 
+#define META_LEN 64
+
 #define MOD_INC(i, l) ((i) == (l - 1) ? (i) = 0 : (i)++)
 
 #define CN10K_CPT_PKTS_PER_LOOP 64
@@ -58,6 +60,7 @@ struct __rte_aligned(ROC_ALIGN) cpt_inflight_req {
struct rte_event_vector *vec;
};
void *mdata;
+   uint8_t meta[META_LEN];
uint8_t op_flags;
 #ifdef CPT_INST_DEBUG_ENABLE
uint8_t scatter_sz;
@@ -70,6 +73,7 @@ struct __rte_aligned(ROC_ALIGN) cpt_inflight_req {
 };
 
 PLT_STATIC_ASSERT(sizeof(struct cpt_inflight_req) == ROC_CACHE_LINE_SZ);
+PLT_STATIC_ASSERT(offsetof(struct cpt_inflight_req, meta) == 32);
 
 struct pending_queue {
/** Array of pending requests */
-- 
2.25.1

[PATCH v2 38/40] doc: update CN20K CPT documentation

[Tejasree Kondoj]

Updating documentation for CN20K CPT support.

Signed-off-by: Tejasree Kondoj 
---
 doc/guides/cryptodevs/cnxk.rst   |  26 +-
 doc/guides/cryptodevs/features/cn20k.ini | 113 +++
 2 files changed, 134 insertions(+), 5 deletions(-)
 create mode 100644 doc/guides/cryptodevs/features/cn20k.ini

diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index ac843ddc53..1799161fdf 100644
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -9,8 +9,8 @@ cryptographic operations to cryptographic accelerator units on 
the
 **Marvell OCTEON cnxk** SoC family.
 
 The cnxk crypto PMD code is organized into different sets of files.
-The file names starting with cn9k and cn10k provides support for CN9XX
-and CN10XX respectively. The common code between the SoCs is present
+The file names starting with cn9k, cn10k and cn20k provides support for CN9XX,
+CN10XX and CN20XX respectively. The common code between the SoCs is present
 in file names starting with cnxk.
 
 More information about OCTEON cnxk SoCs may be obtained from 
``_
@@ -20,6 +20,7 @@ Supported OCTEON cnxk SoCs
 
 - CN9XX
 - CN10XX
+- CN20XX
 
 Features
 
@@ -144,7 +145,7 @@ Bind the CPT VF device to the vfio_pci driver:
 
   Refer to :ref:`linux_gsg_hugepages` for more details.
 
-``CN10K Initialization``
+``CN10K/CN20K Initialization``
 
 List the CPT PF devices available on cn10k platform:
 
@@ -232,6 +233,13 @@ running the test application:
 ./dpdk-test
 RTE>>cryptodev_cn10k_autotest
 
+``CN20K``
+
+.. code-block:: console
+
+./dpdk-test
+RTE>>cryptodev_cn20k_autotest
+
 The asymmetric crypto operations on OCTEON cnxk crypto PMD may be verified by
 running the test application:
 
@@ -249,6 +257,13 @@ running the test application:
 ./dpdk-test
 RTE>>cryptodev_cn10k_asym_autotest
 
+``CN20K``
+
+.. code-block:: console
+
+./dpdk-test
+RTE>>cryptodev_cn20k_asym_autotest
+
 Lookaside IPsec Support
 ---
 
@@ -265,6 +280,7 @@ Supported OCTEON cnxk SoCs
 
 - CN9XX
 - CN10XX
+- CN20XX
 
 CN9XX Features supported
 
@@ -301,8 +317,8 @@ Auth algorithms
 * AES-XCBC-96
 * AES-GMAC
 
-CN10XX Features supported
-~
+CN10XX/CN20XX Features supported
+
 
 * IPv4
 * ESP
diff --git a/doc/guides/cryptodevs/features/cn20k.ini 
b/doc/guides/cryptodevs/features/cn20k.ini
new file mode 100644
index 00..76553d190e
--- /dev/null
+++ b/doc/guides/cryptodevs/features/cn20k.ini
@@ -0,0 +1,113 @@
+;
+; Supported features of the 'cn20k' crypto driver.
+;
+; Refer to default.ini for the full list of available PMD features.
+;
+[Features]
+Symmetric crypto   = Y
+Asymmetric crypto  = Y
+Sym operation chaining = Y
+HW Accelerated = Y
+Protocol offload   = Y
+In Place SGL   = Y
+OOP SGL In LB  Out = Y
+OOP SGL In SGL Out = Y
+OOP LB  In LB  Out = Y
+Symmetric sessionless  = Y
+RSA PRIV OP KEY EXP= Y
+RSA PRIV OP KEY QT = Y
+Digest encrypted   = Y
+Sym raw data path API  = Y
+Inner checksum = Y
+Rx inject  = Y
+
+;
+; Supported crypto algorithms of 'cn20k' crypto driver.
+;
+[Cipher]
+NULL   = Y
+3DES CBC   = Y
+3DES ECB   = Y
+AES CBC (128)  = Y
+AES CBC (192)  = Y
+AES CBC (256)  = Y
+AES CTR (128)  = Y
+AES CTR (192)  = Y
+AES CTR (256)  = Y
+AES XTS (128)  = Y
+AES XTS (256)  = Y
+DES CBC= Y
+KASUMI F8  = Y
+SNOW3G UEA2= Y
+ZUC EEA3   = Y
+SM4 ECB= Y
+SM4 CBC= Y
+SM4 CTR= Y
+SM4 CFB= Y
+SM4 OFB= Y
+
+;
+; Supported authentication algorithms of 'cn20k' crypto driver.
+;
+[Auth]
+NULL= Y
+AES GMAC= Y
+KASUMI F9   = Y
+MD5 = Y
+MD5 HMAC= Y
+SHA1= Y
+SHA1 HMAC   = Y
+SHA224  = Y
+SHA224 HMAC = Y
+SHA256  = Y
+SHA256 HMAC = Y
+SHA384  = Y
+SHA384 HMAC = Y
+SHA512  = Y
+SHA512 HMAC = Y
+SNOW3G UIA2 = Y
+ZUC EIA3= Y
+AES CMAC (128)  = Y
+AES CMAC (192)  = Y
+AES CMAC (256)  = Y
+SHA3_224= Y
+SHA3_224 HMAC   = Y
+SHA3_256= Y
+SHA3_256 HMAC   = Y
+SHA3_384= Y
+SHA3_384 HMAC   = Y
+SHA3_512= Y
+SHA3_512 HMAC   = Y
+SHAKE_128   = Y
+SHAKE_256   = Y
+SM3 = Y
+
+;
+; Supported AEAD algorithms of 'cn20k' crypto driver.
+;
+[AEAD]
+AES GCM (128) = Y
+AES GCM (192) = Y
+AES GCM (256) = Y
+AES CCM (128) = Y
+AES CCM (192) = Y
+AES CCM (256) = Y
+CHACHA20-POLY1305 = Y
+
+;
+; Supported Asymmetric algorithms of the 'cn20k' crypto driver.
+;
+[Asymmetric]
+RSA = Y
+Modular Exponentiation  = Y
+ECDH= Y
+ECDSA   = Y
+ECPM= Y
+SM2 = Y
+EdDSA   = Y
+
+;
+; Supported Operating systems of the 'cn20k' crypto driver.
+;

[PATCH v2 40/40] crypto/cnxk: copy 8B iv into sess in aes ctr

[Tejasree Kondoj]

From: Nithinsen Kaithakadan 

Copy 8 bytes of the IV into the iv field within the
session for the AES CTR algorithm.

Signed-off-by: Nithinsen Kaithakadan 
---
 drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 7 ---
 drivers/crypto/cnxk/cn20k_ipsec_la_ops.h | 7 ---
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h 
b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
index 0cc6283c7e..b9122a509a 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
@@ -32,7 +32,7 @@ ipsec_po_sa_iv_set(struct cn10k_sec_session *sess, struct 
rte_crypto_op *cop)
 }
 
 static inline void
-ipsec_po_sa_aes_gcm_iv_set(struct cn10k_sec_session *sess, struct 
rte_crypto_op *cop)
+ipsec_po_sa_aes_8b_iv_set(struct cn10k_sec_session *sess, struct rte_crypto_op 
*cop)
 {
uint8_t *iv = &sess->sa.out_sa.iv.s.iv_dbg1[0];
uint32_t *tmp_iv;
@@ -63,8 +63,9 @@ process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op 
*cop, struct cn10k_s
if (sess->sa.out_sa.w2.s.iv_src == ROC_IE_OT_SA_IV_SRC_FROM_SA) {
if (sess->sa.out_sa.w2.s.enc_type == ROC_IE_SA_ENC_AES_GCM ||
sess->sa.out_sa.w2.s.enc_type == ROC_IE_SA_ENC_AES_CCM ||
-   sess->sa.out_sa.w2.s.auth_type == ROC_IE_SA_AUTH_AES_GMAC)
-   ipsec_po_sa_aes_gcm_iv_set(sess, cop);
+   sess->sa.out_sa.w2.s.auth_type == ROC_IE_SA_AUTH_AES_GMAC ||
+   sess->sa.out_sa.w2.s.enc_type == ROC_IE_SA_ENC_AES_CTR)
+   ipsec_po_sa_aes_8b_iv_set(sess, cop);
else
ipsec_po_sa_iv_set(sess, cop);
}
diff --git a/drivers/crypto/cnxk/cn20k_ipsec_la_ops.h 
b/drivers/crypto/cnxk/cn20k_ipsec_la_ops.h
index 505fddb517..2f860c1855 100644
--- a/drivers/crypto/cnxk/cn20k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn20k_ipsec_la_ops.h
@@ -31,7 +31,7 @@ ipsec_po_sa_iv_set(struct cn20k_sec_session *sess, struct 
rte_crypto_op *cop)
 }
 
 static inline void
-ipsec_po_sa_aes_gcm_iv_set(struct cn20k_sec_session *sess, struct 
rte_crypto_op *cop)
+ipsec_po_sa_aes_8b_iv_set(struct cn20k_sec_session *sess, struct rte_crypto_op 
*cop)
 {
uint8_t *iv = &sess->sa.out_sa.iv.s.iv_dbg1[0];
uint32_t *tmp_iv;
@@ -62,8 +62,9 @@ process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op 
*cop, struct cn20k_s
if (sess->sa.out_sa.w2.s.iv_src == ROC_IE_OW_SA_IV_SRC_FROM_SA) {
if (sess->sa.out_sa.w2.s.enc_type == ROC_IE_SA_ENC_AES_GCM ||
sess->sa.out_sa.w2.s.enc_type == ROC_IE_SA_ENC_AES_CCM ||
-   sess->sa.out_sa.w2.s.auth_type == ROC_IE_SA_AUTH_AES_GMAC)
-   ipsec_po_sa_aes_gcm_iv_set(sess, cop);
+   sess->sa.out_sa.w2.s.auth_type == ROC_IE_SA_AUTH_AES_GMAC ||
+   sess->sa.out_sa.w2.s.enc_type == ROC_IE_SA_ENC_AES_CTR)
+   ipsec_po_sa_aes_8b_iv_set(sess, cop);
else
ipsec_po_sa_iv_set(sess, cop);
}
-- 
2.25.1

[PATCH v2 00/40] fixes and new features to cnxk crypto PMD

[Tejasree Kondoj]

Adding CN20K PMD support and improvements to cnxk crypto PMD.

v2:
* Fixed ubuntu-22.04-clang-stdatomic build failure
* Corrected spelling mistakes

Aakash Sasidharan (1):
  crypto/cnxk: fail Rx inject configure if not supported

Nithinsen Kaithakadan (4):
  common/cnxk: fix salt handling with aes-ctr
  common/cnxk: set correct salt value for ctr algos
  common/cnxk: update qsize in CPT iq enable
  crypto/cnxk: copy 8B iv into sess in aes ctr

Rupesh Chiluka (2):
  crypto/cnxk: extend check for max supported gather entries
  crypto/cnxk: add asym sessionless handling

Tejasree Kondoj (8):
  crypto/cnxk: add lookaside IPsec CPT LF stats
  crypto/cnxk: fix qp stats PMD API
  crypto/cnxk: enable IV from application support
  crypto/cnxk: move debug dumps to common
  crypto/cnxk: add Rx inject in security lookaside
  crypto/cnxk: include required headers
  crypto/cnxk: add struct variable for custom metadata
  doc: update CN20K CPT documentation

Vidya Sagar Velumuri (25):
  crypto/cnxk: update the sg list population
  crypto/cnxk: add check for max supported gather entries
  crypto/cnxk: add probe for cn20k crypto device
  crypto/cnxk: add ops skeleton for cn20k
  crypto/cnxk: add dev info get
  crypto/cnxk: add skeletion for enq deq functions
  crypto/cnxk: add lmtst routines for cn20k
  crypto/cnxk: add enqueue function support
  crypto/cnxk: add cryptodev dequeue support for cn20k
  crypto/cnxk: add rte security skeletion for cn20k
  crypto/cnxk: add security session creation
  crypto/cnxk: add security session destroy
  crypto/cnxk: move code to common
  crypto/cnxk: add rte sec session update
  crypto/cnxk: add rte security datapath handling
  crypto/cnxk: add skeleton for tls
  crypto/cnxk: add tls write session creation
  crypto/cnxk: add tls read session creation
  crypto/cnxk: add tls session destroy
  crypto/cnxk: add enq and dequeue support for TLS
  crypto/cnxk: tls post process
  crypto/cnxk: add tls session update
  crypto/cnxk: support raw API for cn20k
  crypto/cnxk: add model check for cn20k
  crypto/cnxk: add support for sessionless asym

 doc/guides/cryptodevs/cnxk.rst|   26 +-
 doc/guides/cryptodevs/features/cn20k.ini  |  113 ++
 drivers/common/cnxk/cnxk_security.c   |8 +
 drivers/common/cnxk/roc_cpt.c |5 +
 drivers/common/cnxk/roc_cpt.h |7 +-
 drivers/common/cnxk/roc_cpt_sg.h  |2 +
 drivers/common/cnxk/roc_ie_ow_tls.h   |  233 +++
 drivers/crypto/cnxk/cn10k_cryptodev.c |   12 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c |  222 ++-
 drivers/crypto/cnxk/cn10k_cryptodev_sec.h |   14 -
 drivers/crypto/cnxk/cn10k_ipsec.c |8 +-
 drivers/crypto/cnxk/cn10k_ipsec_la_ops.h  |   27 +-
 drivers/crypto/cnxk/cn10k_tls.c   |4 +-
 drivers/crypto/cnxk/cn10k_tls_ops.h   |   28 +-
 drivers/crypto/cnxk/cn20k_cryptodev.c |  158 ++
 drivers/crypto/cnxk/cn20k_cryptodev.h |   13 +
 drivers/crypto/cnxk/cn20k_cryptodev_ops.c | 1272 +
 drivers/crypto/cnxk/cn20k_cryptodev_ops.h |   85 ++
 drivers/crypto/cnxk/cn20k_cryptodev_sec.c |  137 ++
 drivers/crypto/cnxk/cn20k_cryptodev_sec.h |   64 +
 drivers/crypto/cnxk/cn20k_ipsec.c |  378 +
 drivers/crypto/cnxk/cn20k_ipsec.h |   41 +
 drivers/crypto/cnxk/cn20k_ipsec_la_ops.h  |  210 +++
 drivers/crypto/cnxk/cn20k_tls.c   |  917 
 drivers/crypto/cnxk/cn20k_tls.h   |   40 +
 drivers/crypto/cnxk/cn20k_tls_ops.h   |  260 
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c  |   77 +-
 drivers/crypto/cnxk/cn9k_ipsec.c  |   19 +-
 drivers/crypto/cnxk/cn9k_ipsec_la_ops.h   |   15 +-
 drivers/crypto/cnxk/cnxk_cryptodev.c  |   17 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c |   16 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c  |  127 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h  |   38 +-
 drivers/crypto/cnxk/cnxk_ipsec.h  |2 +
 drivers/crypto/cnxk/meson.build   |5 +
 drivers/crypto/cnxk/rte_pmd_cnxk_crypto.h |3 +
 36 files changed, 4393 insertions(+), 210 deletions(-)
 create mode 100644 doc/guides/cryptodevs/features/cn20k.ini
 create mode 100644 drivers/common/cnxk/roc_ie_ow_tls.h
 create mode 100644 drivers/crypto/cnxk/cn20k_cryptodev.c
 create mode 100644 drivers/crypto/cnxk/cn20k_cryptodev.h
 create mode 100644 drivers/crypto/cnxk/cn20k_cryptodev_ops.c
 create mode 100644 drivers/crypto/cnxk/cn20k_cryptodev_ops.h
 create mode 100644 drivers/crypto/cnxk/cn20k_cryptodev_sec.c
 create mode 100644 drivers/crypto/cnxk/cn20k_cryptodev_sec.h
 create mode 100644 drivers/crypto/cnxk/cn20k_ipsec.c
 create mode 100644 drivers/crypto/cnxk/cn20k_ipsec.h
 create mode 100644 drivers/crypto/cnxk/cn20k_ipsec_la_ops.h
 create mode 100644 drivers/crypto/cnxk/cn20k_tls.c
 create mode 100644 drivers/crypto/cnxk/cn20k_tls.h
 create mode 100644 drive

[PATCH v2 13/40] crypto/cnxk: add cryptodev dequeue support for cn20k

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add dequeue support in cryptodev for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_cryptodev_ops.c | 141 +-
 1 file changed, 137 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
index fe9f91a780..4235c3f2c2 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
@@ -223,14 +223,147 @@ cn20k_cpt_enqueue_burst(void *qptr, struct rte_crypto_op 
**ops, uint16_t nb_ops)
return count + i;
 }
 
+static inline void
+cn20k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op 
*cop,
+  struct cpt_inflight_req *infl_req, struct 
cpt_cn20k_res_s *res)
+{
+   const uint8_t uc_compcode = res->uc_compcode;
+   const uint8_t compcode = res->compcode;
+
+   cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+
+   if (cop->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC &&
+   cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+   struct cnxk_ae_sess *sess;
+
+   sess = (struct cnxk_ae_sess *)cop->asym->session;
+   if (sess->xfrm_type == RTE_CRYPTO_ASYM_XFORM_ECDH &&
+   cop->asym->ecdh.ke_type == 
RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY) {
+   if (likely(compcode == CPT_COMP_GOOD)) {
+   if (uc_compcode == 
ROC_AE_ERR_ECC_POINT_NOT_ON_CURVE) {
+   cop->status = 
RTE_CRYPTO_OP_STATUS_ERROR;
+   return;
+   } else if (uc_compcode == ROC_AE_ERR_ECC_PAI) {
+   cop->status = 
RTE_CRYPTO_OP_STATUS_SUCCESS;
+   return;
+   }
+   }
+   }
+   }
+
+   if (likely(compcode == CPT_COMP_GOOD)) {
+#ifdef CPT_INST_DEBUG_ENABLE
+   cpt_request_data_sgv2_mode_dump(infl_req->rptr, 0, 
infl_req->scatter_sz);
+#endif
+
+   if (unlikely(uc_compcode)) {
+   if (uc_compcode == ROC_SE_ERR_GC_ICV_MISCOMPARE)
+   cop->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
+   else
+   cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+
+   plt_dp_info("Request failed with microcode error");
+   plt_dp_info("MC completion code 0x%x", 
res->uc_compcode);
+   cop->aux_flags = uc_compcode;
+   goto temp_sess_free;
+   }
+
+   if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
+   /* Verify authentication data if required */
+   if (unlikely(infl_req->op_flags & 
CPT_OP_FLAGS_AUTH_VERIFY)) {
+   uintptr_t *rsp = infl_req->mdata;
+
+   compl_auth_verify(cop, (uint8_t *)rsp[0], 
rsp[1]);
+   }
+   } else if (cop->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) {
+   struct rte_crypto_asym_op *op = cop->asym;
+   uintptr_t *mdata = infl_req->mdata;
+   struct cnxk_ae_sess *sess = (struct cnxk_ae_sess 
*)op->session;
+
+   cnxk_ae_post_process(cop, sess, (uint8_t *)mdata[0]);
+   }
+   } else {
+   cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+   plt_dp_info("HW completion code 0x%x", res->compcode);
+
+   switch (compcode) {
+   case CPT_COMP_INSTERR:
+   plt_dp_err("Request failed with instruction error");
+   break;
+   case CPT_COMP_FAULT:
+   plt_dp_err("Request failed with DMA fault");
+   break;
+   case CPT_COMP_HWERR:
+   plt_dp_err("Request failed with hardware error");
+   break;
+   default:
+   plt_dp_err("Request failed with unknown completion 
code");
+   }
+   }
+
+temp_sess_free:
+   if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
+   if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
+   sym_session_clear(cop->sym->session, true);
+   rte_mempool_put(qp->sess_mp, cop->sym->session);
+   cop->sym->session = NULL;
+   }
+   }
+}
+
 static uint16_t
 cn20k_cpt_dequeue_burst(void *qptr, struct rte_crypto_op **ops, uint16_t 
nb_ops)
 {
-   (void)qptr;
-   (void)ops;
-   (void)nb_ops;
+   struct cpt_inflight_req *infl_req;
+   struct cnxk_cpt_qp *qp = qptr;
+   struct pending_queue *pend_q;
+   uint64_t infl_cnt, pq_tail;
+   struct rte_crypto_op *cop;
+   union cpt_res_s res;
+

[PATCH v2 10/40] crypto/cnxk: add skeletion for enq deq functions

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add skeletion for cn20k enq deq functions

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_cryptodev.c |  1 +
 drivers/crypto/cnxk/cn20k_cryptodev_ops.c | 29 +++
 drivers/crypto/cnxk/cn20k_cryptodev_ops.h |  1 +
 3 files changed, 31 insertions(+)

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev.c 
b/drivers/crypto/cnxk/cn20k_cryptodev.c
index 980ea7df97..0845c1e20d 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev.c
@@ -92,6 +92,7 @@ cn20k_cpt_pci_probe(struct rte_pci_driver *pci_drv 
__rte_unused, struct rte_pci_
dev->feature_flags = cnxk_cpt_default_ff_get();
 
dev->qp_depth_used = cnxk_cpt_qp_depth_used;
+   cn20k_cpt_set_enqdeq_fns(dev, vf);
 
rte_cryptodev_pmd_probing_finish(dev);
 
diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
index ac321a2b91..e3bea9aaf6 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
@@ -30,6 +30,35 @@ cn20k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev 
*dev __rte_unused, vo
return 0;
 }
 
+static uint16_t
+cn20k_cpt_enqueue_burst(void *qptr, struct rte_crypto_op **ops, uint16_t 
nb_ops)
+{
+   (void)qptr;
+   (void)ops;
+   (void)nb_ops;
+
+   return 0;
+}
+
+static uint16_t
+cn20k_cpt_dequeue_burst(void *qptr, struct rte_crypto_op **ops, uint16_t 
nb_ops)
+{
+   (void)qptr;
+   (void)ops;
+   (void)nb_ops;
+
+   return 0;
+}
+
+void
+cn20k_cpt_set_enqdeq_fns(struct rte_cryptodev *dev, struct cnxk_cpt_vf *vf)
+{
+   dev->enqueue_burst = cn20k_cpt_enqueue_burst;
+   dev->dequeue_burst = cn20k_cpt_dequeue_burst;
+
+   rte_mb();
+}
+
 static void
 cn20k_cpt_dev_info_get(struct rte_cryptodev *dev, struct rte_cryptodev_info 
*info)
 {
diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_ops.h 
b/drivers/crypto/cnxk/cn20k_cryptodev_ops.h
index d7c3aed22b..d6f1592a56 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_ops.h
@@ -20,4 +20,5 @@
 
 extern struct rte_cryptodev_ops cn20k_cpt_ops;
 
+void cn20k_cpt_set_enqdeq_fns(struct rte_cryptodev *dev, struct cnxk_cpt_vf 
*vf);
 #endif /* _CN20K_CRYPTODEV_OPS_H_ */
-- 
2.25.1

[PATCH v2 02/40] crypto/cnxk: add lookaside IPsec CPT LF stats

[Tejasree Kondoj]

Adding global CPT LF stats for lookaside IPsec.

Signed-off-by: Tejasree Kondoj 
---
 drivers/crypto/cnxk/cn10k_ipsec.c| 4 
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 1 +
 2 files changed, 5 insertions(+)

diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c 
b/drivers/crypto/cnxk/cn10k_ipsec.c
index 33ffda0a4c..ae0482d0fe 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -117,6 +117,8 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct 
roc_cpt_lf *lf,
/* Enable mib counters */
sa_dptr->w0.s.count_mib_bytes = 1;
sa_dptr->w0.s.count_mib_pkts = 1;
+   sa_dptr->w0.s.count_glb_pkts = 1;
+   sa_dptr->w0.s.count_glb_octets = 1;
}
 
memset(out_sa, 0, sizeof(struct roc_ot_ipsec_outb_sa));
@@ -221,6 +223,8 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct 
roc_cpt_lf *lf,
/* Enable mib counters */
sa_dptr->w0.s.count_mib_bytes = 1;
sa_dptr->w0.s.count_mib_pkts = 1;
+   sa_dptr->w0.s.count_glb_pkts = 1;
+   sa_dptr->w0.s.count_glb_octets = 1;
}
 
memset(in_sa, 0, sizeof(struct roc_ot_ipsec_inb_sa));
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c 
b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index c3a0a58c8f..613ce11ec1 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -953,6 +953,7 @@ cnxk_cpt_dump_on_err(struct cnxk_cpt_qp *qp)
 
plt_print("");
roc_cpt_afs_print(qp->lf.roc_cpt);
+   roc_cpt_lfs_print(qp->lf.roc_cpt);
 }
 
 int
-- 
2.25.1

[PATCH v2 17/40] crypto/cnxk: add security session destroy

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add support for rte security session destroy for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_cryptodev_sec.c | 17 +++-
 drivers/crypto/cnxk/cn20k_ipsec.c | 51 ++-
 2 files changed, 64 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_sec.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
index 0bb4b7db63..1b18398250 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
@@ -38,8 +38,21 @@ cn20k_sec_session_create(void *dev, struct 
rte_security_session_conf *conf,
 static int
 cn20k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
 {
-   RTE_SET_USED(dev);
-   RTE_SET_USED(sec_sess);
+   struct cn20k_sec_session *cn20k_sec_sess;
+   struct rte_cryptodev *crypto_dev = dev;
+   struct cnxk_cpt_qp *qp;
+
+   if (unlikely(sec_sess == NULL))
+   return -EINVAL;
+
+   qp = crypto_dev->data->queue_pairs[0];
+   if (unlikely(qp == NULL))
+   return -ENOTSUP;
+
+   cn20k_sec_sess = (struct cn20k_sec_session *)sec_sess;
+
+   if (cn20k_sec_sess->proto == RTE_SECURITY_PROTOCOL_IPSEC)
+   return cn20k_sec_ipsec_session_destroy(qp, cn20k_sec_sess);
 
return -EINVAL;
 }
diff --git a/drivers/crypto/cnxk/cn20k_ipsec.c 
b/drivers/crypto/cnxk/cn20k_ipsec.c
index 4fa3872ef9..e19e080600 100644
--- a/drivers/crypto/cnxk/cn20k_ipsec.c
+++ b/drivers/crypto/cnxk/cn20k_ipsec.c
@@ -276,8 +276,55 @@ cn20k_ipsec_session_create(struct cnxk_cpt_vf *vf, struct 
cnxk_cpt_qp *qp,
 int
 cn20k_sec_ipsec_session_destroy(struct cnxk_cpt_qp *qp, struct 
cn20k_sec_session *sess)
 {
-   RTE_SET_USED(qp);
-   RTE_SET_USED(sess);
+   union roc_ow_ipsec_sa_word2 *w2;
+   struct cn20k_ipsec_sa *sa;
+   struct roc_cpt_lf *lf;
+   void *sa_dptr = NULL;
+   int ret;
+
+   lf = &qp->lf;
+
+   sa = &sess->sa;
+
+   /* Trigger CTX flush to write dirty data back to DRAM */
+   roc_cpt_lf_ctx_flush(lf, &sa->in_sa, false);
+
+   ret = -1;
+
+   if (sess->ipsec.is_outbound) {
+   sa_dptr = plt_zmalloc(sizeof(struct roc_ow_ipsec_outb_sa), 8);
+   if (sa_dptr != NULL) {
+   roc_ow_ipsec_outb_sa_init(sa_dptr);
+
+   ret = roc_cpt_ctx_write(lf, sa_dptr, &sa->out_sa,
+   sizeof(struct 
roc_ow_ipsec_outb_sa));
+   }
+   } else {
+   sa_dptr = plt_zmalloc(sizeof(struct roc_ow_ipsec_inb_sa), 8);
+   if (sa_dptr != NULL) {
+   roc_ow_ipsec_inb_sa_init(sa_dptr);
+
+   ret = roc_cpt_ctx_write(lf, sa_dptr, &sa->in_sa,
+   sizeof(struct 
roc_ow_ipsec_inb_sa));
+   }
+   }
+
+   plt_free(sa_dptr);
+
+   if (ret) {
+   /* MC write_ctx failed. Attempt reload of CTX */
+
+   /* Wait for 1 ms so that flush is complete */
+   rte_delay_ms(1);
+
+   w2 = (union roc_ow_ipsec_sa_word2 *)&sa->in_sa.w2;
+   w2->s.valid = 0;
+
+   rte_atomic_thread_fence(rte_memory_order_seq_cst);
+
+   /* Trigger CTX reload to fetch new data from DRAM */
+   roc_cpt_lf_ctx_reload(lf, &sa->in_sa);
+   }
 
return 0;
 }
-- 
2.25.1

[PATCH v2 05/40] crypto/cnxk: add check for max supported gather entries

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add check for max supported gather entries.

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/common/cnxk/roc_cpt_sg.h |  1 +
 drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 10 ++
 drivers/crypto/cnxk/cn10k_tls_ops.h  | 10 ++
 3 files changed, 21 insertions(+)

diff --git a/drivers/common/cnxk/roc_cpt_sg.h b/drivers/common/cnxk/roc_cpt_sg.h
index c12187144f..e7e01cd29a 100644
--- a/drivers/common/cnxk/roc_cpt_sg.h
+++ b/drivers/common/cnxk/roc_cpt_sg.h
@@ -14,6 +14,7 @@
 #define ROC_SG_ENTRY_SIZEsizeof(struct roc_sglist_comp)
 #define ROC_SG_MAX_COMP 25
 #define ROC_SG_MAX_DLEN_SIZE (ROC_SG_LIST_HDR_SIZE + (ROC_SG_MAX_COMP * 
ROC_SG_ENTRY_SIZE))
+#define ROC_SG2_MAX_PTRS 48
 
 struct roc_sglist_comp {
union {
diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h 
b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
index 2c500afbca..87442c2a1f 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
@@ -159,6 +159,11 @@ process_outb_sa(struct roc_cpt_lf *lf, struct 
rte_crypto_op *cop, struct cn10k_s
return -ENOMEM;
}
 
+   if (unlikely(m_src->nb_segs > ROC_SG2_MAX_PTRS)) {
+   plt_dp_err("Exceeds max supported components. Reduce 
segments");
+   return -1;
+   }
+
m_data = alloc_op_meta(NULL, m_info->mlen, m_info->pool, 
infl_req);
if (unlikely(m_data == NULL)) {
plt_dp_err("Error allocating meta buffer for request");
@@ -259,6 +264,11 @@ process_inb_sa(struct rte_crypto_op *cop, struct 
cn10k_sec_session *sess, struct
void *m_data;
int i;
 
+   if (unlikely(m_src->nb_segs > ROC_SG2_MAX_PTRS)) {
+   plt_dp_err("Exceeds max supported components. Reduce 
segments");
+   return -1;
+   }
+
m_data = alloc_op_meta(NULL, m_info->mlen, m_info->pool, 
infl_req);
if (unlikely(m_data == NULL)) {
plt_dp_err("Error allocating meta buffer for request");
diff --git a/drivers/crypto/cnxk/cn10k_tls_ops.h 
b/drivers/crypto/cnxk/cn10k_tls_ops.h
index c5ef3027ac..427c31425c 100644
--- a/drivers/crypto/cnxk/cn10k_tls_ops.h
+++ b/drivers/crypto/cnxk/cn10k_tls_ops.h
@@ -174,6 +174,11 @@ process_tls_write(struct roc_cpt_lf *lf, struct 
rte_crypto_op *cop, struct cn10k
return -ENOMEM;
}
 
+   if (unlikely(m_src->nb_segs > ROC_SG2_MAX_PTRS)) {
+   plt_dp_err("Exceeds max supported components. Reduce 
segments");
+   return -1;
+   }
+
m_data = alloc_op_meta(NULL, m_info->mlen, m_info->pool, 
infl_req);
if (unlikely(m_data == NULL)) {
plt_dp_err("Error allocating meta buffer for request");
@@ -305,6 +310,11 @@ process_tls_read(struct rte_crypto_op *cop, struct 
cn10k_sec_session *sess,
uint32_t g_size_bytes;
int i;
 
+   if (unlikely(m_src->nb_segs > ROC_SG2_MAX_PTRS)) {
+   plt_dp_err("Exceeds max supported components. Reduce 
segments");
+   return -1;
+   }
+
m_data = alloc_op_meta(NULL, m_info->mlen, m_info->pool, 
infl_req);
if (unlikely(m_data == NULL)) {
plt_dp_err("Error allocating meta buffer for request");
-- 
2.25.1

[PATCH v2 36/40] crypto/cnxk: add asym sessionless handling

[Tejasree Kondoj]

From: Rupesh Chiluka 

Add asymmetric sessionless handling for cnxk

Signed-off-by: Rupesh Chiluka 
---
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 19 +--
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c  | 20 ++--
 2 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 9ad0629519..813a2deb66 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -417,8 +417,23 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op, 
struct cnxk_cpt_qp **qp, ui
priv = (struct cnxk_ae_sess *)op->asym->session;
*qp = priv->qp;
*w2 = priv->cpt_inst_w2;
-   } else
-   return -EINVAL;
+   } else {
+   union rte_event_crypto_metadata *ec_mdata;
+   struct rte_event *rsp_info;
+   uint8_t cdev_id;
+   uint16_t qp_id;
+
+   if (unlikely(op->private_data_offset == 0))
+   return -EINVAL;
+   ec_mdata = (union rte_event_crypto_metadata *)((uint8_t 
*)op +
+  
op->private_data_offset);
+   rsp_info = &ec_mdata->response_info;
+   cdev_id = ec_mdata->request_info.cdev_id;
+   qp_id = ec_mdata->request_info.queue_pair_id;
+   *qp = rte_cryptodevs[cdev_id].data->queue_pairs[qp_id];
+   *w2 = CNXK_CPT_INST_W2((RTE_EVENT_TYPE_CRYPTODEV << 28) 
| rsp_info->flow_id,
+  rsp_info->sched_type, 
rsp_info->queue_id, 0);
+   }
} else
return -EINVAL;
 
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index ee35ed1eba..fa22b5ce44 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -333,8 +333,24 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op,
priv = (struct cnxk_ae_sess *)op->asym->session;
*qp = priv->qp;
inst->w2.u64 = priv->cpt_inst_w2;
-   } else
-   return -EINVAL;
+   } else {
+   union rte_event_crypto_metadata *ec_mdata;
+   struct rte_event *rsp_info;
+   uint8_t cdev_id;
+   uint16_t qp_id;
+
+   if (unlikely(op->private_data_offset == 0))
+   return -EINVAL;
+   ec_mdata = (union rte_event_crypto_metadata *)((uint8_t 
*)op +
+  
op->private_data_offset);
+   rsp_info = &ec_mdata->response_info;
+   cdev_id = ec_mdata->request_info.cdev_id;
+   qp_id = ec_mdata->request_info.queue_pair_id;
+   *qp = rte_cryptodevs[cdev_id].data->queue_pairs[qp_id];
+   inst->w2.u64 = CNXK_CPT_INST_W2(
+   (RTE_EVENT_TYPE_CRYPTODEV << 28) | 
rsp_info->flow_id,
+   rsp_info->sched_type, rsp_info->queue_id, 0);
+   }
} else
return -EINVAL;
 
-- 
2.25.1

[PATCH v2 21/40] crypto/cnxk: add Rx inject in security lookaside

[Tejasree Kondoj]

Add Rx inject fastpath API for cn20k

Signed-off-by: Vidya Sagar Velumuri 
Signed-off-by: Tejasree Kondoj 
---
 drivers/crypto/cnxk/cn20k_cryptodev_ops.c | 186 ++
 drivers/crypto/cnxk/cn20k_cryptodev_ops.h |   8 +
 drivers/crypto/cnxk/cn20k_cryptodev_sec.c |  35 
 3 files changed, 194 insertions(+), 35 deletions(-)

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
index ac03c76f4d..ead5730db9 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
@@ -3,8 +3,11 @@
  */
 
 #include 
+#include 
+#include 
 #include 
 #include 
+#include 
 
 #include "roc_cpt.h"
 #include "roc_idev.h"
@@ -508,6 +511,189 @@ cn20k_sym_configure_raw_dp_ctx(struct rte_cryptodev *dev, 
uint16_t qp_id,
return 0;
 }
 
+#if defined(RTE_ARCH_ARM64)
+RTE_EXPORT_INTERNAL_SYMBOL(cn20k_cryptodev_sec_inb_rx_inject)
+uint16_t __rte_hot
+cn20k_cryptodev_sec_inb_rx_inject(void *dev, struct rte_mbuf **pkts,
+ struct rte_security_session **sess, uint16_t 
nb_pkts)
+{
+   uint64_t lmt_base, io_addr, u64_0, u64_1, l2_len, pf_func;
+   uint64x2_t inst_01, inst_23, inst_45, inst_67;
+   struct cn20k_sec_session *sec_sess;
+   struct rte_cryptodev *cdev = dev;
+   union cpt_res_s *hw_res = NULL;
+   uint16_t lmt_id, count = 0;
+   struct cpt_inst_s *inst;
+   union cpt_fc_write_s fc;
+   struct cnxk_cpt_vf *vf;
+   struct rte_mbuf *m;
+   uint64_t u64_dptr;
+   uint64_t *fc_addr;
+   int i;
+
+   vf = cdev->data->dev_private;
+
+   lmt_base = vf->rx_inj_lmtline.lmt_base;
+   io_addr = vf->rx_inj_lmtline.io_addr;
+   fc_addr = vf->rx_inj_lmtline.fc_addr;
+
+   ROC_LMT_BASE_ID_GET(lmt_base, lmt_id);
+   pf_func = vf->rx_inj_sso_pf_func;
+
+   const uint32_t fc_thresh = vf->rx_inj_lmtline.fc_thresh;
+
+again:
+   fc.u64[0] =
+   rte_atomic_load_explicit((RTE_ATOMIC(uint64_t) *)fc_addr, 
rte_memory_order_relaxed);
+   inst = (struct cpt_inst_s *)lmt_base;
+
+   i = 0;
+
+   if (unlikely(fc.s.qsize > fc_thresh))
+   goto exit;
+
+   for (; i < RTE_MIN(CN20K_CPT_PKTS_PER_LOOP, nb_pkts); i++) {
+
+   m = pkts[i];
+   sec_sess = (struct cn20k_sec_session *)sess[i];
+
+   if (unlikely(rte_pktmbuf_headroom(m) < 32)) {
+   plt_dp_err("No space for CPT res_s");
+   break;
+   }
+
+   l2_len = m->l2_len;
+
+   *rte_security_dynfield(m) = (uint64_t)sec_sess->userdata;
+
+   hw_res = rte_pktmbuf_mtod(m, void *);
+   hw_res = RTE_PTR_SUB(hw_res, 32);
+   hw_res = RTE_PTR_ALIGN_CEIL(hw_res, 16);
+
+   /* Prepare CPT instruction */
+   if (m->nb_segs > 1) {
+   struct rte_mbuf *last = rte_pktmbuf_lastseg(m);
+   uintptr_t dptr, rxphdr, wqe_hdr;
+   uint16_t i;
+
+   if ((m->nb_segs > CNXK_CPT_MAX_SG_SEGS) ||
+   (rte_pktmbuf_tailroom(m) < 
CNXK_CPT_MIN_TAILROOM_REQ))
+   goto exit;
+
+   wqe_hdr = rte_pktmbuf_mtod_offset(last, uintptr_t, 
last->data_len);
+   wqe_hdr += BIT_ULL(7);
+   wqe_hdr = (wqe_hdr - 1) & ~(BIT_ULL(7) - 1);
+
+   /* Pointer to WQE header */
+   *(uint64_t *)(m + 1) = wqe_hdr;
+
+   /* Reserve SG list after end of last mbuf data 
location. */
+   rxphdr = wqe_hdr + 8;
+   dptr = rxphdr + 7 * 8;
+
+   /* Prepare Multiseg SG list */
+   i = fill_sg2_comp_from_pkt((struct roc_sg2list_comp 
*)dptr, 0, m);
+   u64_dptr = dptr | ((uint64_t)(i) << 60);
+   } else {
+   struct roc_sg2list_comp *sg2;
+   uintptr_t dptr, wqe_hdr;
+
+   /* Reserve space for WQE, NIX_RX_PARSE_S and SG_S.
+* Populate SG_S with num segs and seg length
+*/
+   wqe_hdr = (uintptr_t)(m + 1);
+   *(uint64_t *)(m + 1) = wqe_hdr;
+
+   sg2 = (struct roc_sg2list_comp *)(wqe_hdr + 8 * 8);
+   sg2->u.s.len[0] = rte_pktmbuf_pkt_len(m);
+   sg2->u.s.valid_segs = 1;
+
+   dptr = (uint64_t)rte_pktmbuf_iova(m);
+   u64_dptr = dptr;
+   }
+
+   /* Word 0 and 1 */
+   inst_01 = vdupq_n_u64(0);
+   u64_0 = pf_func << 48 | *(vf->rx_chan_base + m->port) << 4 | 
(l2_len - 2) << 24 |
+   l2_len << 16;
+   inst_01 = vsetq_lane_u64(u64_0, inst_01, 0);
+   ins

[PATCH v2 31/40] crypto/cnxk: add model check for cn20k

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add model checks for cn20k.
Enable crypto and security capabilities for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cnxk_cryptodev.c | 14 --
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c| 10 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 16 
 3 files changed, 25 insertions(+), 15 deletions(-)

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.c 
b/drivers/crypto/cnxk/cnxk_cryptodev.c
index 1eede2e59c..96b5121097 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.c
@@ -21,10 +21,10 @@ cnxk_cpt_default_ff_get(void)
  RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT | 
RTE_CRYPTODEV_FF_SYM_SESSIONLESS |
  RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED | 
RTE_CRYPTODEV_FF_SECURITY;
 
-   if (roc_model_is_cn10k())
+   if (roc_model_is_cn10k() || roc_model_is_cn20k())
ff |= RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM | 
RTE_CRYPTODEV_FF_SYM_RAW_DP;
 
-   if (roc_model_is_cn10ka_b0() || roc_model_is_cn10kb())
+   if (roc_model_is_cn10ka_b0() || roc_model_is_cn10kb() || 
roc_model_is_cn20k())
ff |= RTE_CRYPTODEV_FF_SECURITY_RX_INJECT;
 
return ff;
@@ -41,10 +41,12 @@ cnxk_cpt_eng_grp_add(struct roc_cpt *roc_cpt)
return -ENOTSUP;
}
 
-   ret = roc_cpt_eng_grp_add(roc_cpt, CPT_ENG_TYPE_IE);
-   if (ret < 0) {
-   plt_err("Could not add CPT IE engines");
-   return -ENOTSUP;
+   if (!roc_model_is_cn20k()) {
+   ret = roc_cpt_eng_grp_add(roc_cpt, CPT_ENG_TYPE_IE);
+   if (ret < 0) {
+   plt_err("Could not add CPT IE engines");
+   return -ENOTSUP;
+   }
}
 
ret = roc_cpt_eng_grp_add(roc_cpt, CPT_ENG_TYPE_AE);
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c 
b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 63d2eef349..d2747878d3 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1976,16 +1976,16 @@ crypto_caps_populate(struct rte_cryptodev_capabilities 
cnxk_caps[],
CPT_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, kasumi);
CPT_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, des);
 
-   if (!roc_model_is_cn10k())
+   if (roc_model_is_cn9k())
cn9k_crypto_caps_add(cnxk_caps, &cur_pos);
 
-   if (roc_model_is_cn10k())
+   if (roc_model_is_cn10k() || roc_model_is_cn20k())
cn10k_crypto_caps_add(cnxk_caps, hw_caps, &cur_pos);
 
cpt_caps_add(cnxk_caps, &cur_pos, caps_null, RTE_DIM(caps_null));
cpt_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end));
 
-   if (roc_model_is_cn10k())
+   if (roc_model_is_cn10k() || roc_model_is_cn20k())
cn10k_crypto_caps_update(cnxk_caps);
 }
 
@@ -2060,7 +2060,7 @@ sec_ipsec_crypto_caps_populate(struct 
rte_cryptodev_capabilities cnxk_caps[],
SEC_IPSEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, des);
SEC_IPSEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, sha1_sha2);
 
-   if (roc_model_is_cn10k())
+   if (roc_model_is_cn10k() || roc_model_is_cn20k())
cn10k_sec_ipsec_crypto_caps_update(cnxk_caps, &cur_pos);
else
cn9k_sec_ipsec_crypto_caps_update(cnxk_caps);
@@ -2189,7 +2189,7 @@ cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf)
 
cnxk_sec_ipsec_caps_update(&vf->sec_caps[i]);
 
-   if (roc_model_is_cn10k())
+   if (roc_model_is_cn10k() || roc_model_is_cn20k())
cn10k_sec_ipsec_caps_update(&vf->sec_caps[i]);
 
if (roc_model_is_cn9k())
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c 
b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 982fbe991f..e5ca082e10 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -741,8 +741,10 @@ cnxk_cpt_inst_w7_get(struct cnxk_se_sess *sess, struct 
roc_cpt *roc_cpt)
inst_w7.s.cptr += 8;
 
/* Set the engine group */
-   if (sess->zsk_flag || sess->aes_ctr_eea2 || sess->is_sha3 || 
sess->is_sm3 ||
-   sess->passthrough || sess->is_sm4)
+   if (roc_model_is_cn20k())
+   inst_w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_SE];
+   else if (sess->zsk_flag || sess->aes_ctr_eea2 || sess->is_sha3 || 
sess->is_sm3 ||
+sess->passthrough || sess->is_sm4)
inst_w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_SE];
else
inst_w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
@@ -1043,7 +1045,7 @@ 
RTE_EXPORT_EXPERIMENTAL_SYMBOL(rte_pmd_cnxk_crypto_submit, 24.03)
 void
 rte_pmd_cnxk_crypto_submit(struct rte_pmd_cnxk_crypto_qptr *qptr, void *inst, 
uint16_t nb_inst)
 {
-   if (roc_model_is_cn10k())
+   if (roc_

[PATCH v2 08/40] crypto/cnxk: add ops skeleton for cn20k

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add ops skeletion for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_cryptodev.c |  3 +
 drivers/crypto/cnxk/cn20k_cryptodev_ops.c | 92 +++
 drivers/crypto/cnxk/cn20k_cryptodev_ops.h | 23 ++
 drivers/crypto/cnxk/meson.build   |  1 +
 4 files changed, 119 insertions(+)
 create mode 100644 drivers/crypto/cnxk/cn20k_cryptodev_ops.c
 create mode 100644 drivers/crypto/cnxk/cn20k_cryptodev_ops.h

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev.c 
b/drivers/crypto/cnxk/cn20k_cryptodev.c
index e52336c2b7..980ea7df97 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev.c
@@ -11,6 +11,7 @@
 #include 
 
 #include "cn20k_cryptodev.h"
+#include "cn20k_cryptodev_ops.h"
 #include "cnxk_cryptodev.h"
 #include "cnxk_cryptodev_capabilities.h"
 #include "cnxk_cryptodev_ops.h"
@@ -86,6 +87,8 @@ cn20k_cpt_pci_probe(struct rte_pci_driver *pci_drv 
__rte_unused, struct rte_pci_
 
cnxk_cpt_caps_populate(vf);
 
+   dev->dev_ops = &cn20k_cpt_ops;
+   dev->driver_id = cn20k_cryptodev_driver_id;
dev->feature_flags = cnxk_cpt_default_ff_get();
 
dev->qp_depth_used = cnxk_cpt_qp_depth_used;
diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
new file mode 100644
index 00..64ab285235
--- /dev/null
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
@@ -0,0 +1,92 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2025 Marvell.
+ */
+
+#include 
+#include 
+
+#include "roc_cpt.h"
+#include "roc_idev.h"
+
+#include "cn20k_cryptodev.h"
+#include "cn20k_cryptodev_ops.h"
+#include "cnxk_cryptodev.h"
+#include "cnxk_cryptodev_ops.h"
+#include "cnxk_se.h"
+
+#include "rte_pmd_cnxk_crypto.h"
+
+static int
+cn20k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused, 
void *sess,
+ enum rte_crypto_op_type op_type,
+ enum rte_crypto_op_sess_type sess_type, 
void *mdata)
+{
+   (void)dev;
+   (void)sess;
+   (void)op_type;
+   (void)sess_type;
+   (void)mdata;
+
+   return 0;
+}
+
+static void
+cn20k_cpt_dev_info_get(struct rte_cryptodev *dev, struct rte_cryptodev_info 
*info)
+{
+   (void)dev;
+   (void)info;
+}
+
+static int
+cn20k_sym_get_raw_dp_ctx_size(struct rte_cryptodev *dev __rte_unused)
+{
+   return 0;
+}
+
+static int
+cn20k_sym_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
+  struct rte_crypto_raw_dp_ctx *raw_dp_ctx,
+  enum rte_crypto_op_sess_type sess_type,
+  union rte_cryptodev_session_ctx session_ctx, 
uint8_t is_update)
+{
+   (void)dev;
+   (void)qp_id;
+   (void)raw_dp_ctx;
+   (void)sess_type;
+   (void)session_ctx;
+   (void)is_update;
+   return 0;
+}
+
+struct rte_cryptodev_ops cn20k_cpt_ops = {
+   /* Device control ops */
+   .dev_configure = cnxk_cpt_dev_config,
+   .dev_start = cnxk_cpt_dev_start,
+   .dev_stop = cnxk_cpt_dev_stop,
+   .dev_close = cnxk_cpt_dev_close,
+   .dev_infos_get = cn20k_cpt_dev_info_get,
+
+   .stats_get = NULL,
+   .stats_reset = NULL,
+   .queue_pair_setup = cnxk_cpt_queue_pair_setup,
+   .queue_pair_release = cnxk_cpt_queue_pair_release,
+   .queue_pair_reset = cnxk_cpt_queue_pair_reset,
+
+   /* Symmetric crypto ops */
+   .sym_session_get_size = cnxk_cpt_sym_session_get_size,
+   .sym_session_configure = cnxk_cpt_sym_session_configure,
+   .sym_session_clear = cnxk_cpt_sym_session_clear,
+
+   /* Asymmetric crypto ops */
+   .asym_session_get_size = cnxk_ae_session_size_get,
+   .asym_session_configure = cnxk_ae_session_cfg,
+   .asym_session_clear = cnxk_ae_session_clear,
+
+   /* Event crypto ops */
+   .session_ev_mdata_set = cn20k_cpt_crypto_adapter_ev_mdata_set,
+   .queue_pair_event_error_query = cnxk_cpt_queue_pair_event_error_query,
+
+   /* Raw data-path API related operations */
+   .sym_get_raw_dp_ctx_size = cn20k_sym_get_raw_dp_ctx_size,
+   .sym_configure_raw_dp_ctx = cn20k_sym_configure_raw_dp_ctx,
+};
diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_ops.h 
b/drivers/crypto/cnxk/cn20k_cryptodev_ops.h
new file mode 100644
index 00..d7c3aed22b
--- /dev/null
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_ops.h
@@ -0,0 +1,23 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2025 Marvell.
+ */
+
+#ifndef _CN20K_CRYPTODEV_OPS_H_
+#define _CN20K_CRYPTODEV_OPS_H_
+
+#include 
+#include 
+#include 
+#include 
+
+#if defined(__aarch64__)
+#include "roc_io.h"
+#else
+#include "roc_io_generic.h"
+#endif
+
+#include "cnxk_cryptodev.h"
+
+extern struct rte_cryptodev_ops cn20k_cpt_ops;
+
+#endif /* _CN20K_CRYPTODEV_OPS_H_ */
diff --git a/drivers/crypto/cnxk/meson.build b/drivers/crypto/cnxk/meson.build
i

[PATCH v2 06/40] crypto/cnxk: enable IV from application support

[Tejasree Kondoj]

Enabling IV from application as the default option.

Signed-off-by: Tejasree Kondoj 
---
 drivers/crypto/cnxk/cn9k_ipsec.c  | 19 +--
 drivers/crypto/cnxk/cn9k_ipsec_la_ops.h   |  5 +
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c |  6 ++
 3 files changed, 4 insertions(+), 26 deletions(-)

diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index fa00c428e6..62478d2340 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -48,11 +48,8 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
if (ret)
return ret;
 
-   sess->custom_hdr_len =
-   sizeof(struct roc_ie_on_outb_hdr) - ROC_IE_ON_MAX_IV_LEN;
+   sess->custom_hdr_len = sizeof(struct roc_ie_on_outb_hdr) - 
ROC_IE_ON_MAX_IV_LEN;
 
-#ifdef LA_IPSEC_DEBUG
-   /* Use IV from application in debug mode */
if (ipsec->options.iv_gen_disable == 1) {
sess->custom_hdr_len = sizeof(struct roc_ie_on_outb_hdr);
 
@@ -67,12 +64,6 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
sess->cipher_iv_len = crypto_xform->auth.iv.length;
}
}
-#else
-   if (ipsec->options.iv_gen_disable != 0) {
-   plt_err("Application provided IV is not supported");
-   return -ENOTSUP;
-   }
-#endif
 
ret = cnxk_on_ipsec_outb_sa_create(ipsec, crypto_xform, &sa->out_sa);
 
@@ -89,16 +80,8 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
param1.u16 = 0;
param1.s.ikev2 = 1;
 
-#ifdef LA_IPSEC_DEBUG
-   /* Use IV from application in debug mode */
if (ipsec->options.iv_gen_disable == 1)
param1.s.per_pkt_iv = ROC_IE_ON_IV_SRC_FROM_DPTR;
-#else
-   if (ipsec->options.iv_gen_disable != 0) {
-   plt_err("Application provided IV is not supported");
-   return -ENOTSUP;
-   }
-#endif
 
w4.s.param1 = param1.u16;
 
diff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h 
b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
index 3e9f1e7efb..befd5b0c05 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
@@ -159,13 +159,10 @@ process_outb_sa(struct cpt_qp_meta_info *m_info, struct 
rte_crypto_op *cop,
inst->w4.s.opcode_major |= (uint64_t)ROC_DMA_MODE_SG;
}
 
-#ifdef LA_IPSEC_DEBUG
if (sess->inst.w4 & ROC_IE_ON_PER_PKT_IV) {
-   memcpy(&hdr->iv[0],
-  rte_crypto_op_ctod_offset(cop, uint8_t *, 
sess->cipher_iv_off),
+   memcpy(&hdr->iv[0], rte_crypto_op_ctod_offset(cop, uint8_t *, 
sess->cipher_iv_off),
   sess->cipher_iv_len);
}
-#endif
 
m_src->pkt_len = pkt_len;
esn = ++sess->esn;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c 
b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index e78bc37c37..63d2eef349 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -2102,11 +2102,9 @@ cn10k_sec_ipsec_caps_update(struct 
rte_security_capability *sec_cap)
 static void
 cn9k_sec_ipsec_caps_update(struct rte_security_capability *sec_cap)
 {
-   if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
-#ifdef LA_IPSEC_DEBUG
+   if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
sec_cap->ipsec.options.iv_gen_disable = 1;
-#endif
-   }
+
sec_cap->ipsec.replay_win_sz_max = CNXK_ON_AR_WIN_SIZE_MAX;
sec_cap->ipsec.options.esn = 1;
 }
-- 
2.25.1

[PATCH v2 00/10] Update ice base code

[Dhanya Pillai]

ice base code is updated to latest snapshot.

Dhanya Pillai (1):
  net/ice/base: update version info

Filar, Mikolaj (2):
  net/ice/base: support for MAC rule with own filter flags
  net/ice/base: configure PHY FEC error in logs for GNRD

Janardhanan Arumugam (1):
  net/ice/base: increase reset timeout to 20 seconds

Lukasz Krakowiak (3):
  net/ice/base: integer overflow issue fix
  net/ice/base: set speculative execution barrier
  net/ice/base: typo fix in desc for dev ID 579F

Oleg Akhrem (1):
  net/ice/base: ptp minimal refactoring

Paul Greenwalt (1):
  net/ice/base: typo fix in media type check

Waldemar Dworakowski (1):
  net/ice/base: type conversion fix

 drivers/net/intel/ice/base/README  |  2 +-
 drivers/net/intel/ice/base/ice_common.c|  6 ++-
 drivers/net/intel/ice/base/ice_devids.h|  2 +-
 drivers/net/intel/ice/base/ice_flex_pipe.c |  2 +
 drivers/net/intel/ice/base/ice_osdep.h |  6 +++
 drivers/net/intel/ice/base/ice_ptp_hw.c|  9 ++---
 drivers/net/intel/ice/base/ice_sched.c | 10 +++--
 drivers/net/intel/ice/base/ice_switch.c| 46 --
 drivers/net/intel/ice/base/ice_switch.h|  1 +
 drivers/net/intel/ice/base/ice_type.h  |  2 +-
 10 files changed, 68 insertions(+), 18 deletions(-)

-- 
2.43.0

[PATCH v2 01/10] net/ice/base: type conversion fix

[Dhanya Pillai]

From: "Dworakowski, Waldemar" 

In ice_sched_move_vsi_to_agg() int16 is used to pass 8 bit value
what causes compiler warning:
warning C4244: 'function' : conversion from 'UINT16' to 'UINT8',
possible loss of data
Changed variable type to avoid conversion

Signed-off-by: Waldemar Dworakowski 
Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_sched.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/net/intel/ice/base/ice_sched.c 
b/drivers/net/intel/ice/base/ice_sched.c
index 1f520bb7c0..a8a149f541 100644
--- a/drivers/net/intel/ice/base/ice_sched.c
+++ b/drivers/net/intel/ice/base/ice_sched.c
@@ -2383,7 +2383,8 @@ ice_sched_move_vsi_to_agg(struct ice_port_info *pi, u16 
vsi_handle, u32 agg_id,
u16 num_nodes_added;
u8 aggl, vsil;
int status;
-   u16 i;
+   u16 j;
+   u8 i;
 
tc_node = ice_sched_get_tc_node(pi, tc);
if (!tc_node)
@@ -2409,9 +2410,9 @@ ice_sched_move_vsi_to_agg(struct ice_port_info *pi, u16 
vsi_handle, u32 agg_id,
num_nodes[i] = 1;
 
/* Check if the aggregator subtree has any free node to add the VSI */
-   for (i = 0; i < agg_node->num_children; i++) {
+   for (j = 0; j < agg_node->num_children; j++) {
parent = ice_sched_get_free_vsi_parent(pi->hw,
-  agg_node->children[i],
+  agg_node->children[j],
   num_nodes);
if (parent)
goto move_nodes;
-- 
2.43.0

[PATCH v2 02/10] net/ice/base: typo fix in media type check

[Dhanya Pillai]

From: Paul Greenwalt 

Found a typo in original implementation of ice_set_media_type,
where one of the checks for FIBER checks for C2C media type
instead of C2M. This results in failure of this check for some
AOC devices, consequently setting  the media type as AUI.
Bug was found in ethtool.

Signed-off-by: Paul Greenwalt 
Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/intel/ice/base/ice_common.c 
b/drivers/net/intel/ice/base/ice_common.c
index fce9b070cf..69070b740e 100644
--- a/drivers/net/intel/ice/base/ice_common.c
+++ b/drivers/net/intel/ice/base/ice_common.c
@@ -452,7 +452,7 @@ static void ice_set_media_type(struct ice_port_info *pi)
 ((phy_type_low & ICE_MEDIA_OPT_PHY_TYPE_LOW_M ||
   phy_type_high & ICE_MEDIA_OPT_PHY_TYPE_HIGH_M) &&
  (phy_type_low & ICE_MEDIA_C2M_PHY_TYPE_LOW_M ||
-  phy_type_high & ICE_MEDIA_C2C_PHY_TYPE_HIGH_M)))
+  phy_type_high & ICE_MEDIA_C2M_PHY_TYPE_HIGH_M)))
*media_type = ICE_MEDIA_FIBER;
/* else if PHY types are only DA, or DA and C2C, then media type DA */
else if (ice_phy_maps_to_media(phy_type_low, phy_type_high,
-- 
2.43.0

[PATCH v2 03/10] net/ice/base: integer overflow issue fix

[Dhanya Pillai]

From: Lukasz Krakowiak 

Fix Coverity issue related to INTEGER_OVERFLOW.

Coverity issue: 1207097
Signed-off-by: Lukasz Krakowiak 
Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_type.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/intel/ice/base/ice_type.h 
b/drivers/net/intel/ice/base/ice_type.h
index 297a5ea890..757b1d7658 100644
--- a/drivers/net/intel/ice/base/ice_type.h
+++ b/drivers/net/intel/ice/base/ice_type.h
@@ -25,7 +25,7 @@
  */
 static inline bool ice_is_pow2(u64 val)
 {
-   return (val && !(val & (val - 1)));
+   return val != 0 && (val & (val -1)) == 0;
 }
 
 /**
-- 
2.43.0

[PATCH v2 04/10] net/ice/base: set speculative execution barrier

[Dhanya Pillai]

From: Lukasz Krakowiak 

Fix Coverity issues related to SPECULATIVE_EXECUTION_DATA_LEAK.
This changes set speculative execution barrier to functions:

* ice_sched_add_vsi_child_nodes,
* ice_sched_add_vsi_support_nodes,
* ice_sched_move_vsi_to_agg,
* ice_prof_has_mask_idx,
* ice_alloc_prof_mask.

Also, Added memfence definations.

Coverity issue: 1207094, 1207095, 1207096, 1207099, 1207104
Signed-off-by: Lukasz Krakowiak 
Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_flex_pipe.c | 2 ++
 drivers/net/intel/ice/base/ice_osdep.h | 6 ++
 drivers/net/intel/ice/base/ice_sched.c | 3 +++
 3 files changed, 11 insertions(+)

diff --git a/drivers/net/intel/ice/base/ice_flex_pipe.c 
b/drivers/net/intel/ice/base/ice_flex_pipe.c
index 6dd5588f85..dc8c92e203 100644
--- a/drivers/net/intel/ice/base/ice_flex_pipe.c
+++ b/drivers/net/intel/ice/base/ice_flex_pipe.c
@@ -1280,6 +1280,7 @@ ice_prof_has_mask_idx(struct ice_hw *hw, enum ice_block 
blk, u8 prof, u16 idx,
if (hw->blk[blk].masks.masks[i].in_use &&
hw->blk[blk].masks.masks[i].idx == idx) {
found = true;
+   ice_memfence_read();
if (hw->blk[blk].masks.masks[i].mask == mask)
match = true;
break;
@@ -1648,6 +1649,7 @@ ice_alloc_prof_mask(struct ice_hw *hw, enum ice_block 
blk, u16 idx, u16 mask,
/* if mask is in use and it exactly duplicates the
 * desired mask and index, then in can be reused
 */
+   ice_memfence_read();
if (hw->blk[blk].masks.masks[i].mask == mask &&
hw->blk[blk].masks.masks[i].idx == idx) {
found_copy = true;
diff --git a/drivers/net/intel/ice/base/ice_osdep.h 
b/drivers/net/intel/ice/base/ice_osdep.h
index ad6cde9896..7588ad3dbc 100644
--- a/drivers/net/intel/ice/base/ice_osdep.h
+++ b/drivers/net/intel/ice/base/ice_osdep.h
@@ -203,6 +203,12 @@ struct __rte_packed_begin ice_virt_mem {
 #define ice_memset(a, b, c, d) memset((a), (b), (c))
 #define ice_memcpy(a, b, c, d) rte_memcpy((a), (b), (c))
 
+/* Memory fence barrier */
+#define ice_memfence_read()
+#define ice_memfence_read_write()
+#define ice_memfence_write()
+
+
 /* SW spinlock */
 struct ice_lock {
rte_spinlock_t spinlock;
diff --git a/drivers/net/intel/ice/base/ice_sched.c 
b/drivers/net/intel/ice/base/ice_sched.c
index a8a149f541..be9393a7d6 100644
--- a/drivers/net/intel/ice/base/ice_sched.c
+++ b/drivers/net/intel/ice/base/ice_sched.c
@@ -1748,6 +1748,7 @@ ice_sched_add_vsi_child_nodes(struct ice_port_info *pi, 
u16 vsi_handle,
node = node->sibling;
}
} else {
+   ice_memfence_read();
parent = parent->children[0];
}
}
@@ -1840,6 +1841,7 @@ ice_sched_add_vsi_support_nodes(struct ice_port_info *pi, 
u16 vsi_handle,
/* The newly added node can be a new parent for the next
 * layer nodes
 */
+   ice_memfence_read();
if (num_added)
parent = ice_sched_find_node_by_teid(tc_node,
 first_node_teid);
@@ -2431,6 +2433,7 @@ ice_sched_move_vsi_to_agg(struct ice_port_info *pi, u16 
vsi_handle, u32 agg_id,
/* The newly added node can be a new parent for the next
 * layer nodes
 */
+   ice_memfence_read();
if (num_nodes_added)
parent = ice_sched_find_node_by_teid(tc_node,
 first_node_teid);
-- 
2.43.0

[PATCH v2 06/10] net/ice/base: ptp minimal refactoring

[Dhanya Pillai]

From: Oleg Akhrem 

Removed redundant code. The *clk_freq and *clk_src are not modified.

Signed-off-by: Oleg Akhrem 
Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_ptp_hw.c | 9 +++--
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/drivers/net/intel/ice/base/ice_ptp_hw.c 
b/drivers/net/intel/ice/base/ice_ptp_hw.c
index 1e92e5ff21..7d16965674 100644
--- a/drivers/net/intel/ice/base/ice_ptp_hw.c
+++ b/drivers/net/intel/ice/base/ice_ptp_hw.c
@@ -520,9 +520,6 @@ ice_cfg_cgu_pll_e825c(struct ice_hw *hw, enum 
ice_time_ref_freq *clk_freq,
  ice_clk_src_str(dw23.field.time_ref_sel),
  ice_clk_freq_str(dw9.field.time_ref_freq_sel));
 
-   *clk_freq = (enum ice_time_ref_freq)dw9.field.time_ref_freq_sel;
-   *clk_src = (enum ice_clk_src)dw23.field.time_ref_sel;
-
return 0;
 }
 
@@ -798,11 +795,11 @@ static int ice_init_cgu_e82x(struct ice_hw *hw)
ice_warn(hw, "Failed to lock TS PLL to predefined frequency. 
Retrying with fallback frequency.\n");
 
/* Try to lock to internal 25 MHz TCXO as a fallback */
+   time_ref_freq = ICE_TIME_REF_FREQ_25_000;
+   clk_src = ICE_CLK_SRC_TCX0;
if (hw->phy_model == ICE_PHY_ETH56G)
time_ref_freq = ICE_TIME_REF_FREQ_156_250;
-   else
-   time_ref_freq = ICE_TIME_REF_FREQ_25_000;
-   clk_src = ICE_CLK_SRC_TCX0;
+
if (ice_is_e825c(hw))
err = ice_cfg_cgu_pll_e825c(hw, &time_ref_freq,
&clk_src);
-- 
2.43.0

[PATCH v2 09/10] net/ice/base: increase reset timeout to 20 seconds

[Dhanya Pillai]

From: Janardhanan Arumugam 

Resets on E830 hardware can take longer than 5 seconds to complete due
to E830 security keys functionality. The current timeout may be too
short, leading to reset failures.

Increase the reset timeout by updating ICE_PF_RESET_WAIT_COUNT, changing
the maximum wait time from 5 seconds to 20 seconds.

This change applies to all hardware, but since the driver polls the
reset done bits every 10 milliseconds this does not affect reset time on
non-E830 devices where the reset completes quicker.

Signed-off-by: Janardhanan Arumugam 
Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/intel/ice/base/ice_common.c 
b/drivers/net/intel/ice/base/ice_common.c
index 9ba656d8ec..4de9f37989 100644
--- a/drivers/net/intel/ice/base/ice_common.c
+++ b/drivers/net/intel/ice/base/ice_common.c
@@ -9,7 +9,7 @@
 #include "ice_ptp_hw.h"
 #include "ice_switch.h"
 
-#define ICE_PF_RESET_WAIT_COUNT500
+#define ICE_PF_RESET_WAIT_COUNT2000
 
 static const char * const ice_link_mode_str_low[] = {
ice_arr_elem_idx(0, "100BASE_TX"),
-- 
2.43.0

[PATCH v2 07/10] net/ice/base: support for MAC rule with own filter flags

[Dhanya Pillai]

From: "Filar, Mikolaj" 

Current implementation of ice_add_mac_rule overwrites flags passed in
fltr_info member of the m_list with ICE_FLTR_TX. This implementation
allows to use own flags with a new ice_add_mac_with_fltr_flag function.
No functional change in MAC filters.

Signed-off-by: Mikolaj Filar 
Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_switch.c | 46 ++---
 drivers/net/intel/ice/base/ice_switch.h |  1 +
 2 files changed, 43 insertions(+), 4 deletions(-)

diff --git a/drivers/net/intel/ice/base/ice_switch.c 
b/drivers/net/intel/ice/base/ice_switch.c
index 468a9f055d..777fc88d01 100644
--- a/drivers/net/intel/ice/base/ice_switch.c
+++ b/drivers/net/intel/ice/base/ice_switch.c
@@ -5112,11 +5112,12 @@ ice_aq_get_res_descs(struct ice_hw *hw, u16 num_entries,
 }
 
 /**
- * ice_add_mac_rule - Add a MAC address based filter rule
+ * ice_add_mac_rule_with_fltr_flag - Add a MAC address based filter rule
  * @hw: pointer to the hardware structure
  * @m_list: list of MAC addresses and forwarding information
  * @sw: pointer to switch info struct for which function add rule
  * @lport: logic port number on which function add rule
+ * @flag: filter flag
  *
  * IMPORTANT: When the umac_shared flag is set to false and m_list has
  * multiple unicast addresses, the function assumes that all the
@@ -5125,8 +5126,8 @@ ice_aq_get_res_descs(struct ice_hw *hw, u16 num_entries,
  * list should be taken care of in the caller of this function.
  */
 static int
-ice_add_mac_rule(struct ice_hw *hw, struct LIST_HEAD_TYPE *m_list,
-struct ice_switch_info *sw, u8 lport)
+ice_add_mac_rule_with_fltr_flag(struct ice_hw *hw, struct LIST_HEAD_TYPE 
*m_list,
+   struct ice_switch_info *sw, u8 lport, u16 flag)
 {
struct ice_sw_recipe *recp_list = &sw->recp_list[ICE_SW_LKUP_MAC];
struct ice_sw_rule_lkup_rx_tx *s_rule, *r_iter;
@@ -5148,7 +5149,7 @@ ice_add_mac_rule(struct ice_hw *hw, struct LIST_HEAD_TYPE 
*m_list,
u16 vsi_handle;
u16 hw_vsi_id;
 
-   m_list_itr->fltr_info.flag = ICE_FLTR_TX;
+   m_list_itr->fltr_info.flag = flag;
vsi_handle = m_list_itr->fltr_info.vsi_handle;
if (!ice_is_vsi_valid(hw, vsi_handle))
return ICE_ERR_PARAM;
@@ -5268,6 +5269,26 @@ ice_add_mac_rule(struct ice_hw *hw, struct 
LIST_HEAD_TYPE *m_list,
return status;
 }
 
+/**
+ * ice_add_mac_rule - Add a MAC address based filter rule
+ * @hw: pointer to the hardware structure
+ * @m_list: list of MAC addresses and forwarding information
+ * @sw: pointer to switch info struct for which function add rule
+ * @lport: logic port number on which function add rule
+ *
+ * IMPORTANT: When the umac_shared flag is set to false and m_list has
+ * multiple unicast addresses, the function assumes that all the
+ * addresses are unique in a given add_mac call. It doesn't
+ * check for duplicates in this case, removing duplicates from a given
+ * list should be taken care of in the caller of this function.
+ */
+static int
+ice_add_mac_rule(struct ice_hw *hw, struct LIST_HEAD_TYPE *m_list,
+struct ice_switch_info *sw, u8 lport)
+{
+   return ice_add_mac_rule_with_fltr_flag(hw, m_list, sw, lport, 
ICE_FLTR_TX);
+}
+
 /**
  * ice_add_mac - Add a MAC address based filter rule
  * @hw: pointer to the hardware structure
@@ -5284,6 +5305,23 @@ int ice_add_mac(struct ice_hw *hw, struct LIST_HEAD_TYPE 
*m_list)
hw->port_info->lport);
 }
 
+/**
+ * ice_add_mac_with_fltr_flag - Add a MAC address based filter rule
+ * @hw: pointer to the hardware structure
+ * @m_list: list of MAC addresses and forwarding information
+ * @flag: filter flag
+ *
+ * Function add MAC rule for logical port from HW struct
+ */
+int ice_add_mac_with_fltr_flag(struct ice_hw *hw, struct LIST_HEAD_TYPE 
*m_list, u16 flag)
+{
+   if (!m_list || !hw)
+   return ICE_ERR_PARAM;
+
+   return ice_add_mac_rule_with_fltr_flag(hw, m_list, hw->switch_info,
+   hw->port_info->lport, flag);
+}
+
 /**
  * ice_add_vlan_internal - Add one VLAN based filter rule
  * @hw: pointer to the hardware structure
diff --git a/drivers/net/intel/ice/base/ice_switch.h 
b/drivers/net/intel/ice/base/ice_switch.h
index 00bffe4e4e..8eac7739fb 100644
--- a/drivers/net/intel/ice/base/ice_switch.h
+++ b/drivers/net/intel/ice/base/ice_switch.h
@@ -548,6 +548,7 @@ ice_add_vlan(struct ice_hw *hw, struct LIST_HEAD_TYPE 
*m_list);
 int ice_remove_vlan(struct ice_hw *hw, struct LIST_HEAD_TYPE *v_list);
 void ice_rem_all_sw_rules_info(struct ice_hw *hw);
 int ice_add_mac(struct ice_hw *hw, struct LIST_HEAD_TYPE *m_lst);
+int ice_add_mac_with_fltr_flag(struct ice_hw *hw, struct LIST_HEAD_TYPE 
*m_list, u16 flag);
 int ice_remove_mac(struct ice_hw *hw, struct LIST_HEAD_TYPE *m_lst);
 int
 ice_add_eth_mac(struct ice_hw *hw, struct LIST_HEAD_TYPE

[PATCH v2 10/10] net/ice/base: update version info

[Dhanya Pillai]

Update the README file with the date of that latest base code snapshot.

Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/README | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/intel/ice/base/README 
b/drivers/net/intel/ice/base/README
index c32e530789..86f69d1d04 100644
--- a/drivers/net/intel/ice/base/README
+++ b/drivers/net/intel/ice/base/README
@@ -6,7 +6,7 @@ Intel® ICE driver
 ==
 
 This directory contains source code of ice base driver generated on
-2024-10-11 released by the team which develops
+2025-05-23 released by the team which develops
 basic drivers for any ice NIC. The directory of base/ contains the
 original source package.
 This driver is valid for the product(s) listed below
-- 
2.43.0

[PATCH v2 08/10] net/ice/base: configure PHY FEC error in logs for GNRD

[Dhanya Pillai]

From: "Filar, Mikolaj" 

Configure PHY FEC error in logs for GNRD

Signed-off-by: Mikolaj Filar 
Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_common.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/intel/ice/base/ice_common.c 
b/drivers/net/intel/ice/base/ice_common.c
index 69070b740e..9ba656d8ec 100644
--- a/drivers/net/intel/ice/base/ice_common.c
+++ b/drivers/net/intel/ice/base/ice_common.c
@@ -6554,6 +6554,8 @@ bool ice_fw_supports_fec_dis_auto(struct ice_hw *hw)
 {
if (ice_is_e830(hw))
return true;
+   if (ice_is_e825c(hw))
+   return true;
return ice_is_fw_min_ver(hw, ICE_FW_VER_BRANCH_E810,
 ICE_FW_FEC_DIS_AUTO_MAJ,
 ICE_FW_FEC_DIS_AUTO_MIN,
-- 
2.43.0

[PATCH v2 05/10] net/ice/base: typo fix in desc for dev ID 579F

[Dhanya Pillai]

From: Lukasz Krakowiak 

Fix typo in desc for dev ID 579F.

Signed-off-by: Lukasz Krakowiak 
Signed-off-by: Dhanya Pillai 
---
 drivers/net/intel/ice/base/ice_devids.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/intel/ice/base/ice_devids.h 
b/drivers/net/intel/ice/base/ice_devids.h
index 807b5d0c29..20c6dbd4a5 100644
--- a/drivers/net/intel/ice/base/ice_devids.h
+++ b/drivers/net/intel/ice/base/ice_devids.h
@@ -90,7 +90,7 @@
 #define ICE_DEV_ID_E825C_QSFP  0x579D
 /* Intel(R) Ethernet Connection E825-C for SFP */
 #define ICE_DEV_ID_E825C_SFP   0x579E
-/* Intel(R) Ethernet Connection E825-C 1GbE */
+/* Intel(R) Ethernet Connection E825-C 10GbE */
 #define ICE_DEV_ID_E825C_SGMII 0x579F
 #define ICE_DEV_ID_C825X   0x0DCD
 #endif /* _ICE_DEVIDS_H_ */
-- 
2.43.0

RE: [PATCH v1 1/4] ring: introduce extra run-time checks

[Konstantin Ananyev]

> > > > From: Konstantin Ananyev [mailto:konstantin.anan...@huawei.com]
> > > > Sent: Wednesday, 21 May 2025 14.35
> > > >
> > > > > > From: Konstantin Ananyev [mailto:konstantin.anan...@huawei.com]
> > > > > > Sent: Wednesday, 21 May 2025 13.14
> > > > > >
> > > > > > Add RTE_ASSERT() to check that different move_tail() flavors
> > > > > > return meaningful  *entries value.
> > > > > > It also helps to ensure that inside move_tail(), it uses
> > correct
> > > > > > head/tail values.
> > > > > >
> > > > > > Signed-off-by: Konstantin Ananyev
> > 
> > > > > > ---
> > > > > >  lib/ring/rte_ring_c11_pvt.h  | 2 +-
> > > > > >  lib/ring/rte_ring_elem_pvt.h | 8 ++--
> > > > > >  lib/ring/rte_ring_hts_elem_pvt.h | 8 ++--
> > > > > >  lib/ring/rte_ring_rts_elem_pvt.h | 8 ++--
> > > > > >  lib/ring/soring.c| 2 ++
> > > > > >  5 files changed, 21 insertions(+), 7 deletions(-)
> > > > > >
> > > > > > diff --git a/lib/ring/rte_ring_c11_pvt.h
> > > > b/lib/ring/rte_ring_c11_pvt.h
> > > > > > index b9388af0da..0845cd6dcf 100644
> > > > > > --- a/lib/ring/rte_ring_c11_pvt.h
> > > > > > +++ b/lib/ring/rte_ring_c11_pvt.h
> > > > > > @@ -104,10 +104,10 @@ __rte_ring_headtail_move_head(struct
> > > > > > rte_ring_headtail *d,
> > > > > > n = (behavior == RTE_RING_QUEUE_FIXED) ?
> > > > > > 0 : *entries;
> > > > > >
> > > > > > +   *new_head = *old_head + n;
> > > > > > if (n == 0)
> > > > > > return 0;
> > > > > >
> > > > > > -   *new_head = *old_head + n;
> > > > > > if (is_st) {
> > > > > > d->head = *new_head;
> > > > > > success = 1;
> > > > >
> > > > > Is there a need to assign a value to *new_head if n==0?
> > > >
> > > > Not really, main reason I just moved this line up - to keep
> > compiler
> > > > happy.
> > > > Otherwise it complained that *new_head might be left uninitialized.
> > >
> > > Your change might give the impression that *new_head is used by a
> > caller. (Like I asked about.)
> > > To please the compiler, you could mark new_head __rte_unused, or:
> > >
> > > - if (n == 0)
> > > + if (n == 0) {
> > > + RTE_SET_USED(new_head);
> > >   return 0;
> > > + }

Actually, that wouldn't help.
By some reason, after introducing RTE_ASSERT()  gcc13 believes that now 
cons_next can
be used (stored) unfinalized here:

n = __rte_ring_move_cons_head(r, (int)is_sc, n, behavior,
&cons_head, &cons_next, &entries);
if (n == 0)
goto end;

__rte_ring_dequeue_elems(r, cons_head, obj_table, esize, n);

__rte_ring_update_tail(&r->cons, cons_head, cons_next, is_sc, 0);

end:
   ...

For me it is a false positive, somehow it missed that if (n==0) then 
update_table()
wouldn't be called  at all. Full error message below.
So making new_head always initialized, even if we are not going to use, seems
like the simplest and cleanest way to fix it.

est-pipeline_runtime.c.o -c ../app/test-pipeline/runtime.c
In file included from ../lib/eal/include/rte_bitops.h:24,
 from ../lib/eal/include/rte_memory.h:18,
 from ../app/test-pipeline/runtime.c:19:
In function '__rte_ring_update_tail',
inlined from '__rte_ring_do_dequeue_elem' at 
../lib/ring/rte_ring_elem_pvt.h:472:2,
inlined from 'rte_ring_sc_dequeue_bulk_elem' at 
../lib/ring/rte_ring_elem.h:344:9,
inlined from 'rte_ring_sc_dequeue_bulk' at ../lib/ring/rte_ring.h:402:9,
inlined from 'app_main_loop_worker' at ../app/test-pipeline/runtime.c:91:10:
../lib/eal/include/rte_stdatomic.h:139:9: error: 'cons_next' may be used 
uninitialized [-Werror=maybe-uninitialized]
  139 | __atomic_store_n(ptr, val, memorder)
  | ^~~~
../lib/ring/rte_ring_c11_pvt.h:39:9: note: in expansion of macro 
'rte_atomic_store_explicit'
   39 | rte_atomic_store_explicit(&ht->tail, new_val, 
rte_memory_order_release);
  | ^
In file included from ../lib/ring/rte_ring_elem.h:20,
 from ../lib/ring/rte_ring.h:38,
 from ../lib/mempool/rte_mempool.h:49,
 from ../lib/mbuf/rte_mbuf.h:38,
 from ../lib/net/rte_ether.h:20,
 from ../app/test-pipeline/runtime.c:31:
../lib/ring/rte_ring_elem_pvt.h: In function 'app_main_loop_worker':
../lib/ring/rte_ring_elem_pvt.h:462:29: note: 'cons_next' was declared here
  462 | uint32_t cons_head, cons_next;
  | ^
In function '__rte_ring_update_tail',
inlined from '__rte_ring_do_enqueue_elem' at 
../lib/ring/rte_ring_elem_pvt.h:425:2,
inlined from 'rte_ring_sp_enqueue_bulk_elem' at 
../lib/ring/rte_ring_elem.h:159:9,
inlined from 'rte_ring_sp_enqueue_bulk' at ../lib/ring/rte_ring.h:267:9,
inline

[PATCH v2 27/40] crypto/cnxk: tls post process

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add tls post process

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_cryptodev_ops.c | 160 ++
 1 file changed, 160 insertions(+)

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
index f328d810d2..cd709ac69e 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
@@ -317,6 +317,164 @@ cn20k_cpt_ipsec_post_process(struct rte_crypto_op *cop, 
struct cpt_cn20k_res_s *
mbuf->pkt_len = m_len;
 }
 
+static inline void
+cn20k_cpt_tls12_trim_mac(struct rte_crypto_op *cop, struct cpt_cn20k_res_s 
*res, uint8_t mac_len)
+{
+   struct rte_mbuf *mac_prev_seg = NULL, *mac_seg = NULL, *seg;
+   uint32_t pad_len, trim_len, mac_offset, pad_offset;
+   struct rte_mbuf *mbuf = cop->sym->m_src;
+   uint16_t m_len = res->rlen;
+   uint32_t i, nb_segs = 1;
+   uint8_t pad_res = 0;
+   uint8_t pad_val;
+
+   pad_val = ((res->spi >> 16) & 0xff);
+   pad_len = pad_val + 1;
+   trim_len = pad_len + mac_len;
+   mac_offset = m_len - trim_len;
+   pad_offset = mac_offset + mac_len;
+
+   /* Handle Direct Mode */
+   if (mbuf->next == NULL) {
+   uint8_t *ptr = rte_pktmbuf_mtod_offset(mbuf, uint8_t *, 
pad_offset);
+
+   for (i = 0; i < pad_len; i++)
+   pad_res |= ptr[i] ^ pad_val;
+
+   if (pad_res) {
+   cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+   cop->aux_flags = res->uc_compcode;
+   }
+   mbuf->pkt_len = m_len - trim_len;
+   mbuf->data_len = m_len - trim_len;
+
+   return;
+   }
+
+   /* Handle SG mode */
+   seg = mbuf;
+   while (mac_offset >= seg->data_len) {
+   mac_offset -= seg->data_len;
+   mac_prev_seg = seg;
+   seg = seg->next;
+   nb_segs++;
+   }
+   mac_seg = seg;
+
+   pad_offset = mac_offset + mac_len;
+   while (pad_offset >= seg->data_len) {
+   pad_offset -= seg->data_len;
+   seg = seg->next;
+   }
+
+   while (pad_len != 0) {
+   uint8_t *ptr = rte_pktmbuf_mtod_offset(seg, uint8_t *, 
pad_offset);
+   uint8_t len = RTE_MIN(seg->data_len - pad_offset, pad_len);
+
+   for (i = 0; i < len; i++)
+   pad_res |= ptr[i] ^ pad_val;
+
+   pad_offset = 0;
+   pad_len -= len;
+   seg = seg->next;
+   }
+
+   if (pad_res) {
+   cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+   cop->aux_flags = res->uc_compcode;
+   }
+
+   mbuf->pkt_len = m_len - trim_len;
+   if (mac_offset) {
+   rte_pktmbuf_free(mac_seg->next);
+   mac_seg->next = NULL;
+   mac_seg->data_len = mac_offset;
+   mbuf->nb_segs = nb_segs;
+   } else {
+   rte_pktmbuf_free(mac_seg);
+   mac_prev_seg->next = NULL;
+   mbuf->nb_segs = nb_segs - 1;
+   }
+}
+
+/* TLS-1.3:
+ * Read from last until a non-zero value is encountered.
+ * Return the non zero value as the content type.
+ * Remove the MAC and content type and padding bytes.
+ */
+static inline void
+cn20k_cpt_tls13_trim_mac(struct rte_crypto_op *cop, struct cpt_cn20k_res_s 
*res)
+{
+   struct rte_mbuf *mbuf = cop->sym->m_src;
+   struct rte_mbuf *seg = mbuf;
+   uint16_t m_len = res->rlen;
+   uint8_t *ptr, type = 0x0;
+   int len, i, nb_segs = 1;
+
+   while (m_len && !type) {
+   len = m_len;
+   seg = mbuf;
+
+   /* get the last seg */
+   while (len > seg->data_len) {
+   len -= seg->data_len;
+   seg = seg->next;
+   nb_segs++;
+   }
+
+   /* walkthrough from last until a non zero value is found */
+   ptr = rte_pktmbuf_mtod(seg, uint8_t *);
+   i = len;
+   while (i && (ptr[--i] == 0))
+   ;
+
+   type = ptr[i];
+   m_len -= len;
+   }
+
+   if (type) {
+   cop->param1.tls_record.content_type = type;
+   mbuf->pkt_len = m_len + i;
+   mbuf->nb_segs = nb_segs;
+   seg->data_len = i;
+   rte_pktmbuf_free(seg->next);
+   seg->next = NULL;
+   } else {
+   cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+   }
+}
+
+static inline void
+cn20k_cpt_tls_post_process(struct rte_crypto_op *cop, struct cpt_cn20k_res_s 
*res,
+  struct cn20k_sec_session *sess)
+{
+   struct cn20k_tls_opt tls_opt = sess->tls_opt;
+   struct rte_mbuf *mbuf = cop->sym->m_src;
+   uint16_t m_len = res->rlen;
+
+   if (!res->uc_compcode) {
+   if (mbu

[PATCH v2 23/40] crypto/cnxk: add tls write session creation

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add support for tls read session creation for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_cryptodev_sec.c |   4 +
 drivers/crypto/cnxk/cn20k_cryptodev_sec.h |  12 +
 drivers/crypto/cnxk/cn20k_tls.c   | 463 +-
 3 files changed, 473 insertions(+), 6 deletions(-)

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_sec.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
index 7374a83795..e5158af595 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
@@ -32,6 +32,10 @@ cn20k_sec_session_create(void *dev, struct 
rte_security_session_conf *conf,
return cn20k_ipsec_session_create(vf, qp, &conf->ipsec, 
conf->crypto_xform, sess);
}
 
+   if (conf->protocol == RTE_SECURITY_PROTOCOL_TLS_RECORD)
+   return cn20k_tls_record_session_create(vf, qp, 
&conf->tls_record,
+  conf->crypto_xform, 
sess);
+
return -ENOTSUP;
 }
 
diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_sec.h 
b/drivers/crypto/cnxk/cn20k_cryptodev_sec.h
index 4d6dcc9670..42f588e4ac 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_sec.h
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_sec.h
@@ -12,9 +12,19 @@
 #include "roc_cpt.h"
 
 #include "cn20k_ipsec.h"
+#include "cn20k_tls.h"
 
 #define SEC_SESS_SIZE sizeof(struct rte_security_session)
 
+struct cn20k_tls_opt {
+   uint16_t pad_shift : 3;
+   uint16_t enable_padding : 1;
+   uint16_t tail_fetch_len : 2;
+   uint16_t tls_ver : 2;
+   uint16_t is_write : 1;
+   uint16_t mac_len : 7;
+};
+
 void cn20k_sec_ops_override(void);
 
 struct __rte_aligned(ROC_ALIGN) cn20k_sec_session {
@@ -31,6 +41,7 @@ struct __rte_aligned(ROC_ALIGN) cn20k_sec_session {
uint8_t iv_length;
union {
uint16_t u16;
+   struct cn20k_tls_opt tls_opt;
struct {
uint8_t ip_csum;
uint8_t is_outbound : 1;
@@ -46,6 +57,7 @@ struct __rte_aligned(ROC_ALIGN) cn20k_sec_session {
 */
union {
struct cn20k_ipsec_sa sa;
+   struct cn20k_tls_record tls_rec;
};
 };
 
diff --git a/drivers/crypto/cnxk/cn20k_tls.c b/drivers/crypto/cnxk/cn20k_tls.c
index cef13a68a4..513e49de6b 100644
--- a/drivers/crypto/cnxk/cn20k_tls.c
+++ b/drivers/crypto/cnxk/cn20k_tls.c
@@ -15,8 +15,452 @@
 #include "cn20k_tls.h"
 #include "cnxk_cryptodev.h"
 #include "cnxk_cryptodev_ops.h"
+#include "cnxk_ipsec.h"
 #include "cnxk_security.h"
 
+static int
+tls_xform_cipher_auth_verify(struct rte_crypto_sym_xform *cipher_xform,
+struct rte_crypto_sym_xform *auth_xform)
+{
+   enum rte_crypto_cipher_algorithm c_algo = cipher_xform->cipher.algo;
+   enum rte_crypto_auth_algorithm a_algo = auth_xform->auth.algo;
+   int ret = -ENOTSUP;
+
+   switch (c_algo) {
+   case RTE_CRYPTO_CIPHER_NULL:
+   if ((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) || (a_algo == 
RTE_CRYPTO_AUTH_SHA1_HMAC) ||
+   (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) ||
+   (a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC))
+   ret = 0;
+   break;
+   case RTE_CRYPTO_CIPHER_3DES_CBC:
+   if (a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC)
+   ret = 0;
+   break;
+   case RTE_CRYPTO_CIPHER_AES_CBC:
+   if ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) ||
+   (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) ||
+   (a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC))
+   ret = 0;
+   break;
+   default:
+   break;
+   }
+
+   return ret;
+}
+
+static int
+tls_xform_cipher_verify(struct rte_crypto_sym_xform *crypto_xform)
+{
+   enum rte_crypto_cipher_algorithm c_algo = crypto_xform->cipher.algo;
+   uint16_t keylen = crypto_xform->cipher.key.length;
+
+   if (((c_algo == RTE_CRYPTO_CIPHER_NULL) && (keylen == 0)) ||
+   ((c_algo == RTE_CRYPTO_CIPHER_3DES_CBC) && (keylen == 24)) ||
+   ((c_algo == RTE_CRYPTO_CIPHER_AES_CBC) && ((keylen == 16) || 
(keylen == 32
+   return 0;
+
+   return -EINVAL;
+}
+
+static int
+tls_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform)
+{
+   enum rte_crypto_auth_algorithm a_algo = crypto_xform->auth.algo;
+   uint16_t keylen = crypto_xform->auth.key.length;
+
+   if (((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) && (keylen == 16)) ||
+   ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) && (keylen == 20)) ||
+   ((a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) && (keylen == 32)) ||
+   ((a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC) && (keylen == 48)))
+   return 0;
+
+   return -EINVAL;
+}
+
+static int
+tls_xform_aead_verify(struct rte_security_tls_record_xform *tls_xform,
+ stru

[PATCH v2 12/40] crypto/cnxk: add enqueue function support

[Tejasree Kondoj]

From: Vidya Sagar Velumuri 

Add cryptodev enqueue function support for cn20k

Signed-off-by: Vidya Sagar Velumuri 
---
 drivers/crypto/cnxk/cn20k_cryptodev.c |   2 +-
 drivers/crypto/cnxk/cn20k_cryptodev_ops.c | 193 +-
 drivers/crypto/cnxk/cn20k_cryptodev_ops.h |   2 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h  |  11 +-
 4 files changed, 195 insertions(+), 13 deletions(-)

diff --git a/drivers/crypto/cnxk/cn20k_cryptodev.c 
b/drivers/crypto/cnxk/cn20k_cryptodev.c
index 0845c1e20d..4c70c15ca9 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev.c
@@ -92,7 +92,7 @@ cn20k_cpt_pci_probe(struct rte_pci_driver *pci_drv 
__rte_unused, struct rte_pci_
dev->feature_flags = cnxk_cpt_default_ff_get();
 
dev->qp_depth_used = cnxk_cpt_qp_depth_used;
-   cn20k_cpt_set_enqdeq_fns(dev, vf);
+   cn20k_cpt_set_enqdeq_fns(dev);
 
rte_cryptodev_pmd_probing_finish(dev);
 
diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
index e3bea9aaf6..fe9f91a780 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
@@ -10,6 +10,7 @@
 
 #include "cn20k_cryptodev.h"
 #include "cn20k_cryptodev_ops.h"
+#include "cnxk_ae.h"
 #include "cnxk_cryptodev.h"
 #include "cnxk_cryptodev_ops.h"
 #include "cnxk_se.h"
@@ -30,14 +31,196 @@ cn20k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev 
*dev __rte_unused, vo
return 0;
 }
 
+static inline struct cnxk_se_sess *
+cn20k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op 
*op)
+{
+   struct rte_crypto_sym_op *sym_op = op->sym;
+   struct rte_cryptodev_sym_session *sess;
+   struct cnxk_se_sess *priv;
+   int ret;
+
+   /* Create temporary session */
+   if (rte_mempool_get(qp->sess_mp, (void **)&sess) < 0)
+   return NULL;
+
+   ret = sym_session_configure(qp->lf.roc_cpt, sym_op->xform, sess, true);
+   if (ret) {
+   rte_mempool_put(qp->sess_mp, (void *)sess);
+   goto sess_put;
+   }
+
+   priv = (void *)sess;
+   sym_op->session = sess;
+
+   return priv;
+
+sess_put:
+   rte_mempool_put(qp->sess_mp, sess);
+   return NULL;
+}
+
+static inline int
+cn20k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], 
struct cpt_inst_s inst[],
+   struct cpt_inflight_req *infl_req)
+{
+   struct rte_crypto_asym_op *asym_op;
+   struct rte_crypto_sym_op *sym_op;
+   struct cnxk_ae_sess *ae_sess;
+   struct cnxk_se_sess *sess;
+   struct rte_crypto_op *op;
+   uint64_t w7;
+   int ret;
+
+   const union cpt_res_s res = {
+   .cn20k.compcode = CPT_COMP_NOT_DONE,
+   };
+
+   op = ops[0];
+
+   inst[0].w0.u64 = 0;
+   inst[0].w2.u64 = 0;
+   inst[0].w3.u64 = 0;
+
+   sym_op = op->sym;
+
+   if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
+   if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+   sess = (struct cnxk_se_sess *)(sym_op->session);
+   ret = cpt_sym_inst_fill(qp, op, sess, infl_req, 
&inst[0], true);
+   if (unlikely(ret))
+   return 0;
+   w7 = sess->cpt_inst_w7;
+   } else {
+   sess = cn20k_cpt_sym_temp_sess_create(qp, op);
+   if (unlikely(sess == NULL)) {
+   plt_dp_err("Could not create temp session");
+   return 0;
+   }
+
+   ret = cpt_sym_inst_fill(qp, op, sess, infl_req, 
&inst[0], true);
+   if (unlikely(ret)) {
+   sym_session_clear(op->sym->session, true);
+   rte_mempool_put(qp->sess_mp, op->sym->session);
+   return 0;
+   }
+   w7 = sess->cpt_inst_w7;
+   }
+   } else if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) {
+
+   if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+   asym_op = op->asym;
+   ae_sess = (struct cnxk_ae_sess *)asym_op->session;
+   ret = cnxk_ae_enqueue(qp, op, infl_req, &inst[0], 
ae_sess);
+   if (unlikely(ret))
+   return 0;
+   w7 = ae_sess->cpt_inst_w7;
+   } else {
+   plt_dp_err("Not supported Asym op without session");
+   return 0;
+   }
+   } else {
+   plt_dp_err("Unsupported op type");
+   return 0;
+   }
+
+   inst[0].res_addr = (uint64_t)&infl_req->res;
+   rte_atomic_store_explicit(&infl_req->res.u64[0], res.u64[0], 
rte_memory_order_relaxed);
+   infl_req->cop = op;
+
+ 

Re: [PATCH v4 1/3] net: fix GTP packet parsing

[Stephen Hemminger]

On Fri, 23 May 2025 10:55:55 +0800
Dengdui Huang  wrote:

> After parsing the GTP packet header, the next protocol type should
> be converted from RTE_GTP_TYPE_IPV4/IPV6 to RTE_ETHER_TYPE_IPV4/IPV6.
> Otherwise, the next protocol cannot be parsed.
> 
> Bugzilla ID: 1672
> Fixes: 64ed7f854cf4 ("net: add tunnel packet type parsing")
> Cc: sta...@dpdk.org
> 
> Signed-off-by: Dengdui Huang 
> Acked-by: Jie Hai 

Looks good but there are failures in CI test of hardware L4 checksum.
Please fix (or rerun the test).

Re: [PATCH v4] vhost: fix crash caused by accessing a freed vsocket

[Stephen Hemminger]

On Mon,  8 Jul 2024 12:41:03 +0800
Gongming Chen  wrote:

> diff --git a/lib/vhost/vhost_thread.c b/lib/vhost/vhost_thread.c
> new file mode 100644
> index 00..f3ff182976
> --- /dev/null
> +++ b/lib/vhost/vhost_thread.c
> @@ -0,0 +1,33 @@
> +#include 
> +
> +#include "vhost_thread.h"
> +
> +static rte_rwlock_t vhost_thread_lock = RTE_RWLOCK_INITIALIZER;
> +
> +void
> +vhost_thread_read_lock(void)
> + __rte_no_thread_safety_analysis
> +{
> + rte_rwlock_read_lock(&vhost_thread_lock);
> +}
> +
> +void
> +vhost_thread_read_unlock(void)
> + __rte_no_thread_safety_analysis
> +{
> + rte_rwlock_read_unlock(&vhost_thread_lock);
> +}
> +
> +void
> +vhost_thread_write_lock(void)
> + __rte_no_thread_safety_analysis
> +{
> + rte_rwlock_write_lock(&vhost_thread_lock);
> +}
> +
> +void
> +vhost_thread_write_unlock(void)
> + __rte_no_thread_safety_analysis
> +{
> + rte_rwlock_write_unlock(&vhost_thread_lock);
> +}

Looking at the back catalog and spotted this.

What is the reason for moving all the vhost_thread locks into a file?
Also turning off thread safety is a bad idea.
And mixing DPDK locks with pthread mutex is not wise either.

This is not going to be critical path so why not use a pthread_mutex?