patch 'crypto/nitrox: fix panic with high number of segments' has been queued to stable release 21.11.6
Kevin Traynor
ktraynor at redhat.com
Thu Nov 16 14:23:21 CET 2023
Hi,
FYI, your patch has been queued to stable release 21.11.6
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/21/23. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable
This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/cfd4195e5c768c4d30e166f6514a737e1f62fc31
Thanks.
Kevin
---
>From cfd4195e5c768c4d30e166f6514a737e1f62fc31 Mon Sep 17 00:00:00 2001
From: Nagadheeraj Rottela <rnagadheeraj at marvell.com>
Date: Thu, 17 Aug 2023 17:15:56 +0530
Subject: [PATCH] crypto/nitrox: fix panic with high number of segments
[ upstream commit 4a469e1216384d19a6dc3950686f479e30e319a9 ]
When the number of segments in source or destination mbuf is higher than
max supported then the application was panicked during the creation of
sglist when RTE_VERIFY was called. Validate the number of mbuf segments
and return an error instead of panicking.
Fixes: 678f3eca1dfd ("crypto/nitrox: support cipher-only operations")
Fixes: 9282bdee5cdf ("crypto/nitrox: add cipher auth chain processing")
Signed-off-by: Nagadheeraj Rottela <rnagadheeraj at marvell.com>
---
drivers/crypto/nitrox/nitrox_sym_reqmgr.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
index 9edb0cc00f..d7e8ff7db4 100644
--- a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
+++ b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
@@ -11,6 +11,9 @@
#include "nitrox_logs.h"
-#define MAX_SGBUF_CNT 16
-#define MAX_SGCOMP_CNT 5
+#define MAX_SUPPORTED_MBUF_SEGS 16
+/* IV + AAD + ORH + CC + DIGEST */
+#define ADDITIONAL_SGBUF_CNT 5
+#define MAX_SGBUF_CNT (MAX_SUPPORTED_MBUF_SEGS + ADDITIONAL_SGBUF_CNT)
+#define MAX_SGCOMP_CNT (RTE_ALIGN_MUL_CEIL(MAX_SGBUF_CNT, 4) / 4)
/* SLC_STORE_INFO */
#define MIN_UDD_LEN 16
@@ -304,5 +307,5 @@ create_sglist_from_mbuf(struct nitrox_sgtable *sgtbl, struct rte_mbuf *mbuf,
}
- RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+ RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
sgtbl->map_bufs_cnt = cnt;
return 0;
@@ -376,5 +379,5 @@ create_cipher_outbuf(struct nitrox_softreq *sr)
cnt++;
- RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+ RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
sr->out.map_bufs_cnt = cnt;
@@ -601,5 +604,5 @@ create_aead_outbuf(struct nitrox_softreq *sr, struct nitrox_sglist *digest)
sr->out.sglist[cnt].virt = &sr->resp.completion;
cnt++;
- RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+ RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
sr->out.map_bufs_cnt = cnt;
@@ -775,4 +778,12 @@ nitrox_process_se_req(uint16_t qno, struct rte_crypto_op *op,
int err;
+ if (unlikely(op->sym->m_src->nb_segs > MAX_SUPPORTED_MBUF_SEGS ||
+ (op->sym->m_dst &&
+ op->sym->m_dst->nb_segs > MAX_SUPPORTED_MBUF_SEGS))) {
+ NITROX_LOG(ERR, "Mbuf segments not supported. "
+ "Max supported %d\n", MAX_SUPPORTED_MBUF_SEGS);
+ return -ENOTSUP;
+ }
+
softreq_init(sr, sr->iova);
sr->ctx = ctx;
--
2.41.0
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2023-11-16 13:21:53.494171502 +0000
+++ 0039-crypto-nitrox-fix-panic-with-high-number-of-segments.patch 2023-11-16 13:21:52.495946506 +0000
@@ -1 +1 @@
-From 4a469e1216384d19a6dc3950686f479e30e319a9 Mon Sep 17 00:00:00 2001
+From cfd4195e5c768c4d30e166f6514a737e1f62fc31 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 4a469e1216384d19a6dc3950686f479e30e319a9 ]
+
@@ -13 +14,0 @@
-Cc: stable at dpdk.org
More information about the stable
mailing list