[dpdk-dev] [PATCH] security: fix crash at accessing non-implemented ops

Ananyev, Konstantin konstantin.ananyev at intel.com
Thu Apr 23 09:54:08 CEST 2020

Previous message: [dpdk-dev] [PATCH] security: fix crash at accessing non-implemented ops
Next message: [dpdk-dev] [PATCH] security: fix crash at accessing non-implemented ops
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 
> Hi Konstantin,
> 
> These are data path ops and so it will be better if we can avoid such checks in the datapath. The same is done in ethdev also.

AFAIK,  get_userdata is an *optional* dev-ops function that can be used by data-path.
So far there was no strict requirement for the rte_security PMDs to *always* implement it.
So what you guys did is a silent change of public API behaviour.
As result ixgbe, (and probably some others rte_security PMDs) stopped working properly.
I don't see any point in these changes, but if you'd like to do that, at
least our usual procedure has to be followed:
1. Send and RFC to get an agreement with rte_security PMDs maintainers (one release ahead)
2. send a deprecation note (one release ahead)
3. change the behaviour of the public API
4. update release notes 

AFAIK 1), 2), 4) wasn't done.
So I think right now we need to revert original behaviour.

> 
> http://code.dpdk.org/dpdk/v20.02/source/lib/librte_ethdev/rte_ethdev.h#L4372
> 
> Datapath functions in cryptodev (enqueue/dequeue) doesn't even have such checks.
> http://code.dpdk.org/dpdk/v20.02/source/lib/librte_cryptodev/rte_cryptodev.h#L962

That's a different story:
rx_burst/tx_burst, enqueue/dequeue are mandatory dev-ops functions that
have to be implemented by each  ethdev/cryptodev API.

> 
> 
> Thanks,
> Anoob
> 
> > -----Original Message-----
> > From: dev <dev-bounces at dpdk.org> On Behalf Of Konstantin Ananyev
> > Sent: Thursday, April 23, 2020 5:22 AM
> > To: dev at dpdk.org
> > Cc: akhil.goyal at nxp.com; declan.doherty at intel.com; Konstantin Ananyev
> > <konstantin.ananyev at intel.com>
> > Subject: [dpdk-dev] [PATCH] security: fix crash at accessing non-implemented
> > ops
> >
> > Valid checks for optional function pointers inside dev-ops were disabled by
> > undefined macro.
> >
> > Fixes: b6ee98547847 ("security: fix verification of parameters")
> >
> > Signed-off-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
> > ---
> >  lib/librte_security/rte_security.c | 4 ----
> >  1 file changed, 4 deletions(-)
> >
> > diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
> > index d475b0977..b65430ce2 100644
> > --- a/lib/librte_security/rte_security.c
> > +++ b/lib/librte_security/rte_security.c
> > @@ -107,11 +107,9 @@ rte_security_set_pkt_metadata(struct rte_security_ctx
> > *instance,
> >  			      struct rte_security_session *sess,
> >  			      struct rte_mbuf *m, void *params)  { -#ifdef
> > RTE_DEBUG
> >  	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, set_pkt_metadata, -
> > EINVAL,
> >  			-ENOTSUP);
> >  	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
> > -#endif
> >  	return instance->ops->set_pkt_metadata(instance->device,
> >  					       sess, m, params);
> >  }
> > @@ -121,9 +119,7 @@ rte_security_get_userdata(struct rte_security_ctx
> > *instance, uint64_t md)  {
> >  	void *userdata = NULL;
> >
> > -#ifdef RTE_DEBUG
> >  	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, get_userdata, NULL,
> > NULL); -#endif
> >  	if (instance->ops->get_userdata(instance->device, md, &userdata))
> >  		return NULL;
> >
> > --
> > 2.17.1

Previous message: [dpdk-dev] [PATCH] security: fix crash at accessing non-implemented ops
Next message: [dpdk-dev] [PATCH] security: fix crash at accessing non-implemented ops
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list