patch 'crypto/nitrox: fix panic with high number of segments' has been queued to stable release 22.11.4

Xueming Li xuemingl at nvidia.com
Mon Dec 11 11:11:25 CET 2023

Previous message (by thread): patch 'doc: update kernel module entry in QAT guide' has been queued to stable release 22.11.4
Next message (by thread): patch 'net/iavf: fix Tx preparation' has been queued to stable release 22.11.4
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 22.11.4

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 12/13/23. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://git.dpdk.org/dpdk-stable/log/?h=22.11-staging

This queued commit can be viewed at:
https://git.dpdk.org/dpdk-stable/commit/?h=22.11-staging&id=c70a8fa66e97fb5c9f843228c8cb3928b637878c

Thanks.

Xueming Li <xuemingl at nvidia.com>

---
>From c70a8fa66e97fb5c9f843228c8cb3928b637878c Mon Sep 17 00:00:00 2001
From: Nagadheeraj Rottela <rnagadheeraj at marvell.com>
Date: Thu, 17 Aug 2023 17:15:56 +0530
Subject: [PATCH] crypto/nitrox: fix panic with high number of segments
Cc: Xueming Li <xuemingl at nvidia.com>

[ upstream commit 4a469e1216384d19a6dc3950686f479e30e319a9 ]

When the number of segments in source or destination mbuf is higher than
max supported then the application was panicked during the creation of
sglist when RTE_VERIFY was called. Validate the number of mbuf segments
and return an error instead of panicking.

Fixes: 678f3eca1dfd ("crypto/nitrox: support cipher-only operations")
Fixes: 9282bdee5cdf ("crypto/nitrox: add cipher auth chain processing")

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj at marvell.com>
---
 drivers/crypto/nitrox/nitrox_sym_reqmgr.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
index 9edb0cc00f..d7e8ff7db4 100644
--- a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
+++ b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
@@ -10,8 +10,11 @@
 #include "nitrox_sym_reqmgr.h"
 #include "nitrox_logs.h"
 
-#define MAX_SGBUF_CNT 16
-#define MAX_SGCOMP_CNT 5
+#define MAX_SUPPORTED_MBUF_SEGS 16
+/* IV + AAD + ORH + CC + DIGEST */
+#define ADDITIONAL_SGBUF_CNT 5
+#define MAX_SGBUF_CNT (MAX_SUPPORTED_MBUF_SEGS + ADDITIONAL_SGBUF_CNT)
+#define MAX_SGCOMP_CNT (RTE_ALIGN_MUL_CEIL(MAX_SGBUF_CNT, 4) / 4)
 /* SLC_STORE_INFO */
 #define MIN_UDD_LEN 16
 /* PKT_IN_HDR + SLC_STORE_INFO */
@@ -303,7 +306,7 @@ create_sglist_from_mbuf(struct nitrox_sgtable *sgtbl, struct rte_mbuf *mbuf,
 		datalen -= mlen;
 	}
 
-	RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+	RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
 	sgtbl->map_bufs_cnt = cnt;
 	return 0;
 }
@@ -375,7 +378,7 @@ create_cipher_outbuf(struct nitrox_softreq *sr)
 	sr->out.sglist[cnt].virt = &sr->resp.completion;
 	cnt++;
 
-	RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+	RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
 	sr->out.map_bufs_cnt = cnt;
 
 	create_sgcomp(&sr->out);
@@ -600,7 +603,7 @@ create_aead_outbuf(struct nitrox_softreq *sr, struct nitrox_sglist *digest)
 						     resp.completion);
 	sr->out.sglist[cnt].virt = &sr->resp.completion;
 	cnt++;
-	RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+	RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
 	sr->out.map_bufs_cnt = cnt;
 
 	create_sgcomp(&sr->out);
@@ -774,6 +777,14 @@ nitrox_process_se_req(uint16_t qno, struct rte_crypto_op *op,
 {
 	int err;
 
+	if (unlikely(op->sym->m_src->nb_segs > MAX_SUPPORTED_MBUF_SEGS ||
+		     (op->sym->m_dst &&
+		      op->sym->m_dst->nb_segs > MAX_SUPPORTED_MBUF_SEGS))) {
+		NITROX_LOG(ERR, "Mbuf segments not supported. "
+			   "Max supported %d\n", MAX_SUPPORTED_MBUF_SEGS);
+		return -ENOTSUP;
+	}
+
 	softreq_init(sr, sr->iova);
 	sr->ctx = ctx;
 	sr->op = op;
-- 
2.25.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2023-12-11 17:56:25.068345200 +0800
+++ 0060-crypto-nitrox-fix-panic-with-high-number-of-segments.patch	2023-12-11 17:56:23.057652300 +0800
@@ -1 +1 @@
-From 4a469e1216384d19a6dc3950686f479e30e319a9 Mon Sep 17 00:00:00 2001
+From c70a8fa66e97fb5c9f843228c8cb3928b637878c Mon Sep 17 00:00:00 2001
@@ -4,0 +5,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit 4a469e1216384d19a6dc3950686f479e30e319a9 ]
@@ -13 +15,0 @@
-Cc: stable at dpdk.org

Previous message (by thread): patch 'doc: update kernel module entry in QAT guide' has been queued to stable release 22.11.4
Next message (by thread): patch 'net/iavf: fix Tx preparation' has been queued to stable release 22.11.4
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list