[PATCH] crypto/cnxk: fix out of place AES GCM

Tejasree Kondoj ktejasree at marvell.com
Sun Jun 21 10:46:19 CEST 2026 

Acked-by: Tejasree Kondoj <ktejasree at marvell.com>

> -----Original Message-----
> From: Daphne Priscilla <df at marvell.com>
> Sent: Friday, June 12, 2026 11:50 AM
> To: dev at dpdk.org
> Cc: stable at dpdk.org; Akhil Goyal <gakhil at marvell.com>; Tejasree Kondoj
> <ktejasree at marvell.com>; Anoob Joseph <anoobj at marvell.com>; Daphne
> Priscilla F <df at marvell.com>
> Subject: [PATCH] crypto/cnxk: fix out of place AES GCM
> 
> For AES-GCM out of place, when AAD is present in inbuf before the data, it is
> treated as passthrough data. This results in AAD being present in outbuf
> header, but test expects outbuf header to remain zero. Passthrough data is
> now diverted to metabuf so outbuf header remains zero.
> 
> Fixes: 7c19abdd0cf1 ("common/cnxk: support 103XX CPT")
> Cc: stable at dpdk.org
> 
> Signed-off-by: Daphne Priscilla <df at marvell.com>
> ---
>  .mailmap                                 |  1 +
>  drivers/common/cnxk/roc_se.h             |  2 +-
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.c |  3 +
>  drivers/crypto/cnxk/cnxk_se.h            | 96 ++++++++++++++++++++++--
>  4 files changed, 93 insertions(+), 9 deletions(-)
> 
> diff --git a/.mailmap b/.mailmap
> index 118dfa0ff9..1191afbf0b 100644
> --- a/.mailmap
> +++ b/.mailmap
> @@ -334,6 +334,7 @@ Danny Patel <dannyp at marvell.com>  Danny Zhou
> <danny.zhou at intel.com>  Danylo Vodopianov <dvo-plv at napatech.com>
> Dapeng Yu <dapengx.yu at intel.com>
> +Daphne Priscilla <df at marvell.com>
>  Darek Stojaczyk <dariusz.stojaczyk at intel.com>  Daria Kolistratova
> <daria.kolistratova at intel.com>  Dariusz Chaberski
> <dariuszx.chaberski at intel.com> diff --git a/drivers/common/cnxk/roc_se.h
> b/drivers/common/cnxk/roc_se.h index 499e71ce85..d3ad61ca04 100644
> --- a/drivers/common/cnxk/roc_se.h
> +++ b/drivers/common/cnxk/roc_se.h
> @@ -26,7 +26,7 @@
>  #define ROC_SE_MISC_MINOR_OP_DUMMY	 0x04ULL
>  #define ROC_SE_MISC_MINOR_OP_HW_SUPPORT	 0x08ULL
> 
> -#define ROC_SE_MAX_AAD_SIZE 64
> +#define ROC_SE_MAX_AAD_SIZE 1024
>  #define ROC_SE_MAX_MAC_LEN  64
> 
>  #define ROC_SE_OFF_CTRL_LEN 8
> diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
> b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
> index 2f9eb322dc..5e59f1d7bd 100644
> --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
> +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
> @@ -82,6 +82,9 @@ cnxk_cpt_get_mlen(void)
>  			       (RTE_ALIGN_CEIL(ROC_MAX_SG_IN_OUT_CNT, 4)
> >> 2) * ROC_SG_ENTRY_SIZE),
>  			      8);
> 
> +	/* Space for discarding AAD bytes from output stream in GCM OOP */
> +	len += ROC_SE_MAX_AAD_SIZE;
> +
>  	return len;
>  }
> 
> diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
> index 8dbf3e73c7..09d9d1e0e3 100644
> --- a/drivers/crypto/cnxk/cnxk_se.h
> +++ b/drivers/crypto/cnxk/cnxk_se.h
> @@ -407,8 +407,28 @@ sg_inst_prep(struct roc_se_fc_params *params,
> struct cpt_inst_s *inst, uint64_t
>  			if (unlikely(req_flags &
> ROC_SE_SINGLE_BUF_INPLACE)) {
>  				i =
> fill_sg_comp_from_buf_min(scatter_comp, i, params->bufs, &size);
>  			} else {
> -				i = fill_sg_comp_from_iov(scatter_comp, i,
> params->dst_iov, 0,
> -							  &size, aad_buf,
> aad_offset);
> +				uint32_t dst_offset = 0;
> +
> +				if (passthrough_len) {
> +					if (unlikely(passthrough_len >
> ROC_SE_MAX_AAD_SIZE)) {
> +						plt_dp_err(
> +							"Passthrough length
> %u exceeds reserved space %u",
> +							passthrough_len,
> ROC_SE_MAX_AAD_SIZE);
> +						return -1;
> +					}
> +					uint64_t meta_passthrough =
> +						(uint64_t)params-
> >meta_buf.vaddr +
> +						params->meta_buf.size -
> ROC_SE_MAX_AAD_SIZE;
> +					i = fill_sg_comp(scatter_comp, i,
> meta_passthrough,
> +							 passthrough_len);
> +					size -= passthrough_len;
> +					dst_offset = passthrough_len;
> +					aad_offset = 0;
> +				}
> +				if (size)
> +					i =
> fill_sg_comp_from_iov(scatter_comp, i, params->dst_iov,
> +								  dst_offset,
> &size, aad_buf,
> +								  aad_offset);
>  			}
>  			if (unlikely(size)) {
>  				plt_dp_err("Insufficient buffer space,"
> @@ -430,8 +450,28 @@ sg_inst_prep(struct roc_se_fc_params *params,
> struct cpt_inst_s *inst, uint64_t
>  			if (unlikely(req_flags &
> ROC_SE_SINGLE_BUF_INPLACE)) {
>  				i =
> fill_sg_comp_from_buf_min(scatter_comp, i, params->bufs, &size);
>  			} else {
> -				i = fill_sg_comp_from_iov(scatter_comp, i,
> params->dst_iov, 0,
> -							  &size, aad_buf,
> aad_offset);
> +				uint32_t dst_offset = 0;
> +
> +				if (passthrough_len) {
> +					if (unlikely(passthrough_len >
> ROC_SE_MAX_AAD_SIZE)) {
> +						plt_dp_err(
> +							"Passthrough length
> %u exceeds reserved space %u",
> +							passthrough_len,
> ROC_SE_MAX_AAD_SIZE);
> +						return -1;
> +					}
> +					uint64_t meta_passthrough =
> +						(uint64_t)params-
> >meta_buf.vaddr +
> +						params->meta_buf.size -
> ROC_SE_MAX_AAD_SIZE;
> +					i = fill_sg_comp(scatter_comp, i,
> meta_passthrough,
> +							 passthrough_len);
> +					size -= passthrough_len;
> +					dst_offset = passthrough_len;
> +					aad_offset = 0;
> +				}
> +				if (size)
> +					i =
> fill_sg_comp_from_iov(scatter_comp, i, params->dst_iov,
> +								  dst_offset,
> &size, aad_buf,
> +								  aad_offset);
>  			}
> 
>  			if (unlikely(size)) {
> @@ -606,8 +646,28 @@ sg2_inst_prep(struct roc_se_fc_params *params,
> struct cpt_inst_s *inst, uint64_t
>  				i =
> fill_sg2_comp_from_buf_min(scatter_comp, i, params->bufs,
>  							       &size);
>  			} else {
> -				i = fill_sg2_comp_from_iov(scatter_comp, i,
> params->dst_iov, 0,
> -							   &size, aad_buf,
> aad_offset);
> +				uint32_t dst_offset = 0;
> +
> +				if (passthrough_len) {
> +					if (unlikely(passthrough_len >
> ROC_SE_MAX_AAD_SIZE)) {
> +						plt_dp_err(
> +							"Passthrough length
> %u exceeds reserved space %u",
> +							passthrough_len,
> ROC_SE_MAX_AAD_SIZE);
> +						return -1;
> +					}
> +					uint64_t meta_passthrough =
> +						(uint64_t)params-
> >meta_buf.vaddr +
> +						params->meta_buf.size -
> ROC_SE_MAX_AAD_SIZE;
> +					i = fill_sg2_comp(scatter_comp, i,
> meta_passthrough,
> +							  passthrough_len);
> +					size -= passthrough_len;
> +					dst_offset = passthrough_len;
> +					aad_offset = 0;
> +				}
> +				if (size)
> +					i =
> fill_sg2_comp_from_iov(scatter_comp, i, params->dst_iov,
> +								   dst_offset,
> &size, aad_buf,
> +								   aad_offset);
>  			}
>  			if (unlikely(size)) {
>  				plt_dp_err("Insufficient buffer space,"
> @@ -632,8 +692,28 @@ sg2_inst_prep(struct roc_se_fc_params *params,
> struct cpt_inst_s *inst, uint64_t
>  				i =
> fill_sg2_comp_from_buf_min(scatter_comp, i, params->bufs,
>  							       &size);
>  			} else {
> -				i = fill_sg2_comp_from_iov(scatter_comp, i,
> params->dst_iov, 0,
> -							   &size, aad_buf,
> aad_offset);
> +				uint32_t dst_offset = 0;
> +
> +				if (passthrough_len) {
> +					if (unlikely(passthrough_len >
> ROC_SE_MAX_AAD_SIZE)) {
> +						plt_dp_err(
> +							"Passthrough length
> %u exceeds reserved space %u",
> +							passthrough_len,
> ROC_SE_MAX_AAD_SIZE);
> +						return -1;
> +					}
> +					uint64_t meta_passthrough =
> +						(uint64_t)params-
> >meta_buf.vaddr +
> +						params->meta_buf.size -
> ROC_SE_MAX_AAD_SIZE;
> +					i = fill_sg2_comp(scatter_comp, i,
> meta_passthrough,
> +							  passthrough_len);
> +					size -= passthrough_len;
> +					dst_offset = passthrough_len;
> +					aad_offset = 0;
> +				}
> +				if (size)
> +					i =
> fill_sg2_comp_from_iov(scatter_comp, i, params->dst_iov,
> +								   dst_offset,
> &size, aad_buf,
> +								   aad_offset);
>  			}
> 
>  			if (unlikely(size)) {
> --
> 2.43.0

More information about the dev mailing list