* [dpdk-dev] [PATCH] common/cpt: add checks for offset overflow
@ 2021-05-10 9:44 Anoob Joseph
2021-05-11 13:29 ` Thomas Monjalon
0 siblings, 1 reply; 4+ messages in thread
From: Anoob Joseph @ 2021-05-10 9:44 UTC (permalink / raw)
To: Akhil Goyal
Cc: Anoob Joseph, Jerin Jacob, Ankur Dwivedi, Tejasree Kondoj, dev
Add checks to catch overflow of any offsets. Offset control word
specifies,
1. 16 bits encryption offset
2. 8 bits IV offset
3. 8 bits auth offset
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
drivers/common/cpt/cpt_ucode.h | 59 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 59 insertions(+)
diff --git a/drivers/common/cpt/cpt_ucode.h b/drivers/common/cpt/cpt_ucode.h
index 73be980..b8ccbe6 100644
--- a/drivers/common/cpt/cpt_ucode.h
+++ b/drivers/common/cpt/cpt_ucode.h
@@ -954,6 +954,16 @@ cpt_enc_hmac_prep(uint32_t flags,
req->ist.ei2 = (uint64_t)c_vaddr - 8;
}
+ if (unlikely((encr_offset >> 16) ||
+ (iv_offset >> 8) ||
+ (auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ CPT_LOG_DP_ERR("iv_offset : %d", iv_offset);
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
+
/* 16 byte aligned cpt res address */
req->completion_addr = (uint64_t *)((uint8_t *)c_vaddr);
*req->completion_addr = COMPLETION_CODE_INIT;
@@ -1116,6 +1126,16 @@ cpt_dec_hmac_prep(uint32_t flags,
dest[1] = src[1];
}
+ if (unlikely((encr_offset >> 16) ||
+ (iv_offset >> 8) ||
+ (auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ CPT_LOG_DP_ERR("iv_offset : %d", iv_offset);
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
+
*(uint64_t *)offset_vaddr =
rte_cpu_to_be_64(((uint64_t)encr_offset << 16) |
((uint64_t)iv_offset << 8) |
@@ -1144,6 +1164,16 @@ cpt_dec_hmac_prep(uint32_t flags,
dest[1] = src[1];
}
+ if (unlikely((encr_offset >> 16) ||
+ (iv_offset >> 8) ||
+ (auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ CPT_LOG_DP_ERR("iv_offset : %d", iv_offset);
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
+
*(uint64_t *)offset_vaddr =
rte_cpu_to_be_64(((uint64_t)encr_offset << 16) |
((uint64_t)iv_offset << 8) |
@@ -1401,6 +1431,14 @@ cpt_zuc_snow3g_enc_prep(uint32_t req_flags,
offset_ctrl = rte_cpu_to_be_64((uint64_t)encr_offset << 16);
}
+ if (unlikely((encr_offset >> 16) ||
+ (auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
+
/* IV */
iv_s = (flags == 0x1) ? params->auth_iv_buf :
params->iv_buf;
@@ -1809,6 +1847,12 @@ cpt_zuc_snow3g_dec_prep(uint32_t req_flags,
req->ist.ei2 = (uint64_t)c_vaddr - 8;
}
+ if (unlikely((encr_offset >> 16))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ return;
+ }
+
/* 16 byte aligned cpt res address */
req->completion_addr = (uint64_t *)((uint8_t *)c_vaddr);
*req->completion_addr = COMPLETION_CODE_INIT;
@@ -1924,11 +1968,21 @@ cpt_kasumi_enc_prep(uint32_t req_flags,
outputlen = inputlen;
/* iv offset is 0 */
*offset_vaddr = rte_cpu_to_be_64((uint64_t)encr_offset << 16);
+ if (unlikely((encr_offset >> 16))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ return;
+ }
} else {
inputlen = auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8);
outputlen = mac_len;
/* iv offset is 0 */
*offset_vaddr = rte_cpu_to_be_64((uint64_t)auth_offset);
+ if (unlikely((auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
}
i = fill_sg_comp(gather_comp, i, (uint64_t)offset_vaddr,
@@ -2120,6 +2174,11 @@ cpt_kasumi_dec_prep(uint64_t d_offs,
/* Offset control word followed by iv */
*offset_vaddr = rte_cpu_to_be_64((uint64_t)encr_offset << 16);
+ if (unlikely((encr_offset >> 16))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ return;
+ }
i = fill_sg_comp(gather_comp, i, (uint64_t)offset_vaddr,
OFF_CTRL_LEN + iv_len);
--
2.7.4
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dpdk-dev] [PATCH] common/cpt: add checks for offset overflow
2021-05-10 9:44 [dpdk-dev] [PATCH] common/cpt: add checks for offset overflow Anoob Joseph
@ 2021-05-11 13:29 ` Thomas Monjalon
2021-05-11 13:39 ` [dpdk-dev] [EXT] " Anoob Joseph
2021-07-06 19:43 ` Akhil Goyal
0 siblings, 2 replies; 4+ messages in thread
From: Thomas Monjalon @ 2021-05-11 13:29 UTC (permalink / raw)
To: Jerin Jacob, Anoob Joseph
Cc: Akhil Goyal, dev, Ankur Dwivedi, Tejasree Kondoj, dev
10/05/2021 11:44, Anoob Joseph:
> Add checks to catch overflow of any offsets. Offset control word
> specifies,
>
> 1. 16 bits encryption offset
> 2. 8 bits IV offset
> 3. 8 bits auth offset
>
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Should it be merged in DPDK 21.05-rc3, or wait for 21.08?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dpdk-dev] [EXT] Re: [PATCH] common/cpt: add checks for offset overflow
2021-05-11 13:29 ` Thomas Monjalon
@ 2021-05-11 13:39 ` Anoob Joseph
2021-07-06 19:43 ` Akhil Goyal
1 sibling, 0 replies; 4+ messages in thread
From: Anoob Joseph @ 2021-05-11 13:39 UTC (permalink / raw)
To: Thomas Monjalon
Cc: Akhil Goyal, dev, Ankur Dwivedi, Tejasree Kondoj, dev,
Jerin Jacob Kollanukkaran
Hi Thomas,
> Should it be merged in DPDK 21.05-rc3, or wait for 21.08?
Either is fine. This patch is just adding some extra parameter checks.
Thanks,
Anoob
> -----Original Message-----
> From: Thomas Monjalon <thomas@monjalon.net>
> Sent: Tuesday, May 11, 2021 6:59 PM
> To: Jerin Jacob Kollanukkaran <jerinj@marvell.com>; Anoob Joseph
> <anoobj@marvell.com>
> Cc: Akhil Goyal <gakhil@marvell.com>; dev@dpdk.org; Ankur Dwivedi
> <adwivedi@marvell.com>; Tejasree Kondoj <ktejasree@marvell.com>;
> dev@dpdk.org
> Subject: [EXT] Re: [dpdk-dev] [PATCH] common/cpt: add checks for offset
> overflow
>
> External Email
>
> ----------------------------------------------------------------------
> 10/05/2021 11:44, Anoob Joseph:
> > Add checks to catch overflow of any offsets. Offset control word
> > specifies,
> >
> > 1. 16 bits encryption offset
> > 2. 8 bits IV offset
> > 3. 8 bits auth offset
> >
> > Signed-off-by: Anoob Joseph <anoobj@marvell.com>
>
> Should it be merged in DPDK 21.05-rc3, or wait for 21.08?
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dpdk-dev] [EXT] Re: [PATCH] common/cpt: add checks for offset overflow
2021-05-11 13:29 ` Thomas Monjalon
2021-05-11 13:39 ` [dpdk-dev] [EXT] " Anoob Joseph
@ 2021-07-06 19:43 ` Akhil Goyal
1 sibling, 0 replies; 4+ messages in thread
From: Akhil Goyal @ 2021-07-06 19:43 UTC (permalink / raw)
To: Thomas Monjalon, Jerin Jacob Kollanukkaran, Anoob Joseph
Cc: dev, Ankur Dwivedi, Tejasree Kondoj, dev
> 10/05/2021 11:44, Anoob Joseph:
> > Add checks to catch overflow of any offsets. Offset control word
> > specifies,
> >
> > 1. 16 bits encryption offset
> > 2. 8 bits IV offset
> > 3. 8 bits auth offset
> >
> > Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
>
> Should it be merged in DPDK 21.05-rc3, or wait for 21.08?
>
>
Applied to dpdk-next-crypto
Thanks
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-07-06 19:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-10 9:44 [dpdk-dev] [PATCH] common/cpt: add checks for offset overflow Anoob Joseph
2021-05-11 13:29 ` Thomas Monjalon
2021-05-11 13:39 ` [dpdk-dev] [EXT] " Anoob Joseph
2021-07-06 19:43 ` Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).