patch 'crypto/nitrox: fix panic with high number of segments' has been queued to stable release 20.11.10

luca.boccassi at gmail.com luca.boccassi at gmail.com
Wed Nov 8 20:25:33 CET 2023

Previous message (by thread): patch 'net/ice: fix DCF port statistics' has been queued to stable release 20.11.10
Next message (by thread): patch 'net/iavf: fix Tx preparation' has been queued to stable release 20.11.10
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 20.11.10

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/10/23. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/bluca/dpdk-stable

This queued commit can be viewed at:
https://github.com/bluca/dpdk-stable/commit/01ae596f4e79c506347416b1e6e38714338bda58

Thanks.

Luca Boccassi

---
>From 01ae596f4e79c506347416b1e6e38714338bda58 Mon Sep 17 00:00:00 2001
From: Nagadheeraj Rottela <rnagadheeraj at marvell.com>
Date: Thu, 17 Aug 2023 17:15:56 +0530
Subject: [PATCH] crypto/nitrox: fix panic with high number of segments

[ upstream commit 4a469e1216384d19a6dc3950686f479e30e319a9 ]

When the number of segments in source or destination mbuf is higher than
max supported then the application was panicked during the creation of
sglist when RTE_VERIFY was called. Validate the number of mbuf segments
and return an error instead of panicking.

Fixes: 678f3eca1dfd ("crypto/nitrox: support cipher-only operations")
Fixes: 9282bdee5cdf ("crypto/nitrox: add cipher auth chain processing")

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj at marvell.com>
---
 drivers/crypto/nitrox/nitrox_sym_reqmgr.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
index fe3ca25a0c..384d095e92 100644
--- a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
+++ b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
@@ -10,8 +10,11 @@
 #include "nitrox_sym_reqmgr.h"
 #include "nitrox_logs.h"
 
-#define MAX_SGBUF_CNT 16
-#define MAX_SGCOMP_CNT 5
+#define MAX_SUPPORTED_MBUF_SEGS 16
+/* IV + AAD + ORH + CC + DIGEST */
+#define ADDITIONAL_SGBUF_CNT 5
+#define MAX_SGBUF_CNT (MAX_SUPPORTED_MBUF_SEGS + ADDITIONAL_SGBUF_CNT)
+#define MAX_SGCOMP_CNT (RTE_ALIGN_MUL_CEIL(MAX_SGBUF_CNT, 4) / 4)
 /* SLC_STORE_INFO */
 #define MIN_UDD_LEN 16
 /* PKT_IN_HDR + SLC_STORE_INFO */
@@ -303,7 +306,7 @@ create_sglist_from_mbuf(struct nitrox_sgtable *sgtbl, struct rte_mbuf *mbuf,
 		datalen -= mlen;
 	}
 
-	RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+	RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
 	sgtbl->map_bufs_cnt = cnt;
 	return 0;
 }
@@ -375,7 +378,7 @@ create_cipher_outbuf(struct nitrox_softreq *sr)
 	sr->out.sglist[cnt].virt = &sr->resp.completion;
 	cnt++;
 
-	RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+	RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
 	sr->out.map_bufs_cnt = cnt;
 
 	create_sgcomp(&sr->out);
@@ -600,7 +603,7 @@ create_aead_outbuf(struct nitrox_softreq *sr, struct nitrox_sglist *digest)
 						     resp.completion);
 	sr->out.sglist[cnt].virt = &sr->resp.completion;
 	cnt++;
-	RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+	RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
 	sr->out.map_bufs_cnt = cnt;
 
 	create_sgcomp(&sr->out);
@@ -774,6 +777,14 @@ nitrox_process_se_req(uint16_t qno, struct rte_crypto_op *op,
 {
 	int err;
 
+	if (unlikely(op->sym->m_src->nb_segs > MAX_SUPPORTED_MBUF_SEGS ||
+		     (op->sym->m_dst &&
+		      op->sym->m_dst->nb_segs > MAX_SUPPORTED_MBUF_SEGS))) {
+		NITROX_LOG(ERR, "Mbuf segments not supported. "
+			   "Max supported %d\n", MAX_SUPPORTED_MBUF_SEGS);
+		return -ENOTSUP;
+	}
+
 	softreq_init(sr, sr->iova);
 	sr->ctx = ctx;
 	sr->op = op;
-- 
2.39.2

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2023-11-08 19:23:53.626728284 +0000
+++ 0035-crypto-nitrox-fix-panic-with-high-number-of-segments.patch	2023-11-08 19:23:51.829397452 +0000
@@ -1 +1 @@
-From 4a469e1216384d19a6dc3950686f479e30e319a9 Mon Sep 17 00:00:00 2001
+From 01ae596f4e79c506347416b1e6e38714338bda58 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 4a469e1216384d19a6dc3950686f479e30e319a9 ]
+
@@ -13 +14,0 @@
-Cc: stable at dpdk.org
@@ -21 +22 @@
-index 9edb0cc00f..d7e8ff7db4 100644
+index fe3ca25a0c..384d095e92 100644

Previous message (by thread): patch 'net/ice: fix DCF port statistics' has been queued to stable release 20.11.10
Next message (by thread): patch 'net/iavf: fix Tx preparation' has been queued to stable release 20.11.10
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list