[PATCH] examples/ipsec-secgw: fix dequeue count from cryptodev

DPDK patches and discussions
 help / color / mirror / Atom feed

* [PATCH] examples/ipsec-secgw: fix dequeue count from cryptodev
@ 2024-09-13  6:58 Tejasree Kondoj
  2024-09-13  7:07 ` [PATCH v2] " Tejasree Kondoj
  0 siblings, 1 reply; 3+ messages in thread
From: Tejasree Kondoj @ 2024-09-13  6:58 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Anoob Joseph, Nithin Dabilpuram, Jerin Jacob, dev, stable

Setting dequeue packet count to max of MAX_PKT_BURST
size instead of MAX_PKTS.

Dequeue from cryptodev is called with MAX_PKTS but
routing functions allocate hop/dst_ip arrays of
size MAX_PKT_BURST. This can corrupt stack causing
stack smashing error when more than MAX_PKT_BURST
packets are returned from cryptodev.

Fixes: a2b445b810ac ("examples/ipsec-secgw: allow larger burst size for vectors")
Cc: stable@dpdk.org

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Change-Id: I3ab1b6d3aef5385f214f51930bfd521e73255834
---
 examples/ipsec-secgw/ipsec-secgw.c   | 6 ++++--
 examples/ipsec-secgw/ipsec_process.c | 3 ++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index e98ad2572e..063cc8768e 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -626,12 +626,13 @@ drain_inbound_crypto_queues(const struct lcore_conf *qconf,
 	uint32_t n;
 	struct ipsec_traffic trf;
 	unsigned int lcoreid = rte_lcore_id();
+	const int nb_pkts = RTE_DIM(trf.ipsec.pkts);
 
 	if (app_sa_prm.enable == 0) {
 
 		/* dequeue packets from crypto-queue */
 		n = ipsec_inbound_cqp_dequeue(ctx, trf.ipsec.pkts,
-			RTE_DIM(trf.ipsec.pkts));
+			RTE_MIN(MAX_PKT_BURST, nb_pkts));
 
 		trf.ip4.num = 0;
 		trf.ip6.num = 0;
@@ -663,12 +664,13 @@ drain_outbound_crypto_queues(const struct lcore_conf *qconf,
 {
 	uint32_t n;
 	struct ipsec_traffic trf;
+	const int nb_pkts = RTE_DIM(trf.ipsec.pkts);
 
 	if (app_sa_prm.enable == 0) {
 
 		/* dequeue packets from crypto-queue */
 		n = ipsec_outbound_cqp_dequeue(ctx, trf.ipsec.pkts,
-			RTE_DIM(trf.ipsec.pkts));
+			RTE_MIN(MAX_PKT_BURST, nb_pkts));
 
 		trf.ip4.num = 0;
 		trf.ip6.num = 0;
diff --git a/examples/ipsec-secgw/ipsec_process.c b/examples/ipsec-secgw/ipsec_process.c
index ddbe30745b..5080e810e0 100644
--- a/examples/ipsec-secgw/ipsec_process.c
+++ b/examples/ipsec-secgw/ipsec_process.c
@@ -336,6 +336,7 @@ ipsec_cqp_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf)
 	struct rte_ipsec_session *ss;
 	struct traffic_type *out;
 	struct rte_ipsec_group *pg;
+	const int nb_cops = RTE_DIM(trf->ipsec.pkts);
 	struct rte_crypto_op *cop[RTE_DIM(trf->ipsec.pkts)];
 	struct rte_ipsec_group grp[RTE_DIM(trf->ipsec.pkts)];
 
@@ -345,7 +346,7 @@ ipsec_cqp_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf)
 	out = &trf->ipsec;
 
 	/* dequeue completed crypto-ops */
-	n = ctx_dequeue(ctx, cop, RTE_DIM(cop));
+	n = ctx_dequeue(ctx, cop, RTE_MIN(MAX_PKT_BURST, nb_cops));
 	if (n == 0)
 		return;
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH v2] examples/ipsec-secgw: fix dequeue count from cryptodev
  2024-09-13  6:58 [PATCH] examples/ipsec-secgw: fix dequeue count from cryptodev Tejasree Kondoj
@ 2024-09-13  7:07 ` Tejasree Kondoj
  2024-09-18  5:44   ` Akhil Goyal
  0 siblings, 1 reply; 3+ messages in thread
From: Tejasree Kondoj @ 2024-09-13  7:07 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Anoob Joseph, Nithin Dabilpuram, Jerin Jacob, dev, stable

Setting dequeue packet count to max of MAX_PKT_BURST
size instead of MAX_PKTS.

Dequeue from cryptodev is called with MAX_PKTS but
routing functions allocate hop/dst_ip arrays of
size MAX_PKT_BURST. This can corrupt stack causing
stack smashing error when more than MAX_PKT_BURST
packets are returned from cryptodev.

Fixes: a2b445b810ac ("examples/ipsec-secgw: allow larger burst size for vectors")
Cc: stable@dpdk.org

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
v2: fixed checkpatch warning

 examples/ipsec-secgw/ipsec-secgw.c   | 6 ++++--
 examples/ipsec-secgw/ipsec_process.c | 3 ++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index e98ad2572e..063cc8768e 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -626,12 +626,13 @@ drain_inbound_crypto_queues(const struct lcore_conf *qconf,
 	uint32_t n;
 	struct ipsec_traffic trf;
 	unsigned int lcoreid = rte_lcore_id();
+	const int nb_pkts = RTE_DIM(trf.ipsec.pkts);
 
 	if (app_sa_prm.enable == 0) {
 
 		/* dequeue packets from crypto-queue */
 		n = ipsec_inbound_cqp_dequeue(ctx, trf.ipsec.pkts,
-			RTE_DIM(trf.ipsec.pkts));
+			RTE_MIN(MAX_PKT_BURST, nb_pkts));
 
 		trf.ip4.num = 0;
 		trf.ip6.num = 0;
@@ -663,12 +664,13 @@ drain_outbound_crypto_queues(const struct lcore_conf *qconf,
 {
 	uint32_t n;
 	struct ipsec_traffic trf;
+	const int nb_pkts = RTE_DIM(trf.ipsec.pkts);
 
 	if (app_sa_prm.enable == 0) {
 
 		/* dequeue packets from crypto-queue */
 		n = ipsec_outbound_cqp_dequeue(ctx, trf.ipsec.pkts,
-			RTE_DIM(trf.ipsec.pkts));
+			RTE_MIN(MAX_PKT_BURST, nb_pkts));
 
 		trf.ip4.num = 0;
 		trf.ip6.num = 0;
diff --git a/examples/ipsec-secgw/ipsec_process.c b/examples/ipsec-secgw/ipsec_process.c
index ddbe30745b..5080e810e0 100644
--- a/examples/ipsec-secgw/ipsec_process.c
+++ b/examples/ipsec-secgw/ipsec_process.c
@@ -336,6 +336,7 @@ ipsec_cqp_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf)
 	struct rte_ipsec_session *ss;
 	struct traffic_type *out;
 	struct rte_ipsec_group *pg;
+	const int nb_cops = RTE_DIM(trf->ipsec.pkts);
 	struct rte_crypto_op *cop[RTE_DIM(trf->ipsec.pkts)];
 	struct rte_ipsec_group grp[RTE_DIM(trf->ipsec.pkts)];
 
@@ -345,7 +346,7 @@ ipsec_cqp_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf)
 	out = &trf->ipsec;
 
 	/* dequeue completed crypto-ops */
-	n = ctx_dequeue(ctx, cop, RTE_DIM(cop));
+	n = ctx_dequeue(ctx, cop, RTE_MIN(MAX_PKT_BURST, nb_cops));
 	if (n == 0)
 		return;
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* RE: [PATCH v2] examples/ipsec-secgw: fix dequeue count from cryptodev
  2024-09-13  7:07 ` [PATCH v2] " Tejasree Kondoj
@ 2024-09-18  5:44   ` Akhil Goyal
  0 siblings, 0 replies; 3+ messages in thread
From: Akhil Goyal @ 2024-09-18  5:44 UTC (permalink / raw)
  To: Tejasree Kondoj, Radu Nicolau
  Cc: Anoob Joseph, Nithin Kumar Dabilpuram, Jerin Jacob, dev, stable

> Subject: [PATCH v2] examples/ipsec-secgw: fix dequeue count from cryptodev
> 
> Setting dequeue packet count to max of MAX_PKT_BURST
> size instead of MAX_PKTS.
> 
> Dequeue from cryptodev is called with MAX_PKTS but
> routing functions allocate hop/dst_ip arrays of
> size MAX_PKT_BURST. This can corrupt stack causing
> stack smashing error when more than MAX_PKT_BURST
> packets are returned from cryptodev.
> 
> Fixes: a2b445b810ac ("examples/ipsec-secgw: allow larger burst size for
> vectors")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-09-18  5:44 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-09-13  6:58 [PATCH] examples/ipsec-secgw: fix dequeue count from cryptodev Tejasree Kondoj
2024-09-13  7:07 ` [PATCH v2] " Tejasree Kondoj
2024-09-18  5:44   ` Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).