[dpdk-dev] Potential bug in QAT PMD code

[Linfeng Li]

Hi,



We believe we found a potential bug in the QAT PMD code.



file link: https://github.com/DPDK/dpdk/blob/main/drivers/crypto/qat/qat_sym.c



The undesired behavior happens when:
*         symmetric operation
*         out-of-place operation
*         encryption
*         do cipher + do hash
*         SGL enabled on either src/dst mbuf chain
*         min_ofs is smaller than the length of the first segment of the src mbuf chain



behavior: In dst mbuf, payload is ciphered as expected, but mac-i remains plain text where it's expected to be ciphered as well.



potential cause:
*         When min_ofs is smaller than the length of the first segment of the src mbuf chain with the foregoing scenario , auth_param->auth_off is calculated by auth_ofs-min_ofs(line 512 in qat_sym.c).
*         When SGL enabled + do auth + do cipher, the remaining_off is calculated by auth_param->auth_off + auth_param->auth_len + alignment_adjustment(line 534 in qat_sym.c). so remaining_off doesn't include the offset applied on auth_param->auth_off in this scenario.
*         The auth_data_end(line 546 in qat_sym.c) found doesn't seem proper since the while loop (line 540 in qat_sym.c) iterates from the very beginning of the dst mbuf.



Proposal fix:

add min_ofs in the calculation of remaining_off(line 534 in qat_sym.c)



Please let us know what your thoughts are about this issue and feel free to contact us if there are any questions.

Linfeng