[PATCH v1] eventdev/crypto: fix enqueueing invalid ops

[PATCH v1] eventdev/crypto: fix enqueueing invalid ops

[Ganapati Kundapura]

When tail pointer of Circ buffer rollsover as the Circ buffer becomes full,
crypto adapter is enqueueing ops beyond the size of the Circ buffer
leading to segfault due to invalid ops access.

Fixed by enqueueing ops from head pointer to (size-head) number of ops
when Circ buffer becomes full and the remaining ops will be flushed
in next iteration.

Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")

Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>

diff --git a/lib/eventdev/rte_event_crypto_adapter.c b/lib/eventdev/rte_event_crypto_adapter.c
index d46595d..9903f96 100644
--- a/lib/eventdev/rte_event_crypto_adapter.c
+++ b/lib/eventdev/rte_event_crypto_adapter.c
@@ -245,20 +245,28 @@ eca_circular_buffer_flush_to_cdev(struct crypto_ops_circular_buffer *bufp,
 	struct rte_crypto_op **ops = bufp->op_buffer;
 
 	if (*tailp > *headp)
+		/* Flush ops from head pointer to (tail - head) OPs */
 		n = *tailp - *headp;
 	else if (*tailp < *headp)
+		/* Circ buffer - Rollover.
+		 * Flush OPs from head to max size of buffer.
+		 * Rest of the OPs will be flushed in next iteration.
+		 */
 		n = bufp->size - *headp;
 	else { /* head == tail case */
 		/* when head == tail,
 		 * circ buff is either full(tail pointer roll over) or empty
 		 */
 		if (bufp->count != 0) {
-			/* circ buffer is full */
-			n = bufp->count;
+			/* Circ buffer - FULL.
+			 * Flush OPs from head to max size of buffer.
+			 * Rest of the OPS will be flushed in next iteration.
+			 */
+			n = bufp->size - *headp;
 		} else {
-			/* circ buffer is empty */
+			/* Circ buffer - Empty */
 			*nb_ops_flushed = 0;
-			return 0;  /* buffer empty */
+			return 0;
 		}
 	}
 
-- 
2.6.4

RE: [PATCH v1] eventdev/crypto: fix enqueueing invalid ops

[Gujjar, Abhinandan S]

> -----Original Message-----
> From: Kundapura, Ganapati <ganapati.kundapura@intel.com>
> Sent: Wednesday, February 28, 2024 4:09 PM
> To: dev@dpdk.org; jerinj@marvell.com; Jayatheerthan, Jay
> <jay.jayatheerthan@intel.com>
> Cc: Naga Harish K, S V <s.v.naga.harish.k@intel.com>; Gujjar, Abhinandan S
> <abhinandan.gujjar@intel.com>
> Subject: [PATCH v1] eventdev/crypto: fix enqueueing invalid ops
> 
> When tail pointer of Circ buffer rollsover as the Circ buffer becomes full, crypto
> adapter is enqueueing ops beyond the size of the Circ buffer leading to segfault
> due to invalid ops access.
> 
> Fixed by enqueueing ops from head pointer to (size-head) number of ops when
> Circ buffer becomes full and the remaining ops will be flushed in next iteration.
> 
> Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")
> 
> Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
> 
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>

> diff --git a/lib/eventdev/rte_event_crypto_adapter.c
> b/lib/eventdev/rte_event_crypto_adapter.c
> index d46595d..9903f96 100644
> --- a/lib/eventdev/rte_event_crypto_adapter.c
> +++ b/lib/eventdev/rte_event_crypto_adapter.c
> @@ -245,20 +245,28 @@ eca_circular_buffer_flush_to_cdev(struct
> crypto_ops_circular_buffer *bufp,
>  	struct rte_crypto_op **ops = bufp->op_buffer;
> 
>  	if (*tailp > *headp)
> +		/* Flush ops from head pointer to (tail - head) OPs */
>  		n = *tailp - *headp;
>  	else if (*tailp < *headp)
> +		/* Circ buffer - Rollover.
> +		 * Flush OPs from head to max size of buffer.
> +		 * Rest of the OPs will be flushed in next iteration.
> +		 */
>  		n = bufp->size - *headp;
>  	else { /* head == tail case */
>  		/* when head == tail,
>  		 * circ buff is either full(tail pointer roll over) or empty
>  		 */
>  		if (bufp->count != 0) {
> -			/* circ buffer is full */
> -			n = bufp->count;
> +			/* Circ buffer - FULL.
> +			 * Flush OPs from head to max size of buffer.
> +			 * Rest of the OPS will be flushed in next iteration.
> +			 */
> +			n = bufp->size - *headp;
>  		} else {
> -			/* circ buffer is empty */
> +			/* Circ buffer - Empty */
>  			*nb_ops_flushed = 0;
> -			return 0;  /* buffer empty */
> +			return 0;
>  		}
>  	}
> 
> --
> 2.6.4

Re: [PATCH v1] eventdev/crypto: fix enqueueing invalid ops

[Jerin Jacob]

On Wed, Feb 28, 2024 at 10:42 PM Gujjar, Abhinandan S
<abhinandan.gujjar@intel.com> wrote:
>
>
>
> > -----Original Message-----
> > From: Kundapura, Ganapati <ganapati.kundapura@intel.com>
> > Sent: Wednesday, February 28, 2024 4:09 PM
> > To: dev@dpdk.org; jerinj@marvell.com; Jayatheerthan, Jay
> > <jay.jayatheerthan@intel.com>
> > Cc: Naga Harish K, S V <s.v.naga.harish.k@intel.com>; Gujjar, Abhinandan S
> > <abhinandan.gujjar@intel.com>
> > Subject: [PATCH v1] eventdev/crypto: fix enqueueing invalid ops
> >
> > When tail pointer of Circ buffer rollsover as the Circ buffer becomes full, crypto
> > adapter is enqueueing ops beyond the size of the Circ buffer leading to segfault
> > due to invalid ops access.
> >
> > Fixed by enqueueing ops from head pointer to (size-head) number of ops when
> > Circ buffer becomes full and the remaining ops will be flushed in next iteration.
> >
> > Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")
> >
> > Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
> >
> Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>


Updated the git commit as follows and applied to
dpdk-next-net-eventdev/for-main. Thanks

    eventdev/crypto: fix enqueueing invalid ops

    When tail pointer of circular buffer rolls over as the circular buffer
    becomes full, crypto adapter is enqueueing ops beyond the size of the
    circular buffer leading to segfault due to invalid ops access.

    Fixed by enqueueing ops from head pointer to (size-head) number of ops
    when circular buffer becomes full and the remaining ops will be flushed
    in next iteration.

    Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")
    Cc: stable@dpdk.org

    Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
    Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>