[PATCH v1] eventdev/crypto: fix enqueueing invalid ops

Gujjar, Abhinandan S abhinandan.gujjar at intel.com
Wed Feb 28 18:11:51 CET 2024

Previous message (by thread): [PATCH v1] eventdev/crypto: fix enqueueing invalid ops
Next message (by thread): [PATCH v4] crypto/ipsec_mb: unified IPsec MB interface
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


> -----Original Message-----
> From: Kundapura, Ganapati <ganapati.kundapura at intel.com>
> Sent: Wednesday, February 28, 2024 4:09 PM
> To: dev at dpdk.org; jerinj at marvell.com; Jayatheerthan, Jay
> <jay.jayatheerthan at intel.com>
> Cc: Naga Harish K, S V <s.v.naga.harish.k at intel.com>; Gujjar, Abhinandan S
> <abhinandan.gujjar at intel.com>
> Subject: [PATCH v1] eventdev/crypto: fix enqueueing invalid ops
> 
> When tail pointer of Circ buffer rollsover as the Circ buffer becomes full, crypto
> adapter is enqueueing ops beyond the size of the Circ buffer leading to segfault
> due to invalid ops access.
> 
> Fixed by enqueueing ops from head pointer to (size-head) number of ops when
> Circ buffer becomes full and the remaining ops will be flushed in next iteration.
> 
> Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")
> 
> Signed-off-by: Ganapati Kundapura <ganapati.kundapura at intel.com>
> 
Acked-by: Abhinandan Gujjar <abhinandan.gujjar at intel.com>

> diff --git a/lib/eventdev/rte_event_crypto_adapter.c
> b/lib/eventdev/rte_event_crypto_adapter.c
> index d46595d..9903f96 100644
> --- a/lib/eventdev/rte_event_crypto_adapter.c
> +++ b/lib/eventdev/rte_event_crypto_adapter.c
> @@ -245,20 +245,28 @@ eca_circular_buffer_flush_to_cdev(struct
> crypto_ops_circular_buffer *bufp,
>  	struct rte_crypto_op **ops = bufp->op_buffer;
> 
>  	if (*tailp > *headp)
> +		/* Flush ops from head pointer to (tail - head) OPs */
>  		n = *tailp - *headp;
>  	else if (*tailp < *headp)
> +		/* Circ buffer - Rollover.
> +		 * Flush OPs from head to max size of buffer.
> +		 * Rest of the OPs will be flushed in next iteration.
> +		 */
>  		n = bufp->size - *headp;
>  	else { /* head == tail case */
>  		/* when head == tail,
>  		 * circ buff is either full(tail pointer roll over) or empty
>  		 */
>  		if (bufp->count != 0) {
> -			/* circ buffer is full */
> -			n = bufp->count;
> +			/* Circ buffer - FULL.
> +			 * Flush OPs from head to max size of buffer.
> +			 * Rest of the OPS will be flushed in next iteration.
> +			 */
> +			n = bufp->size - *headp;
>  		} else {
> -			/* circ buffer is empty */
> +			/* Circ buffer - Empty */
>  			*nb_ops_flushed = 0;
> -			return 0;  /* buffer empty */
> +			return 0;
>  		}
>  	}
> 
> --
> 2.6.4

Previous message (by thread): [PATCH v1] eventdev/crypto: fix enqueueing invalid ops
Next message (by thread): [PATCH v4] crypto/ipsec_mb: unified IPsec MB interface
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list