From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3B00FA00C2; Thu, 23 Apr 2020 10:00:20 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 031771D15B; Thu, 23 Apr 2020 10:00:20 +0200 (CEST) Received: from mailout1.w1.samsung.com (mailout1.w1.samsung.com [210.118.77.11]) by dpdk.org (Postfix) with ESMTP id DD9B91C2EC for ; Thu, 23 Apr 2020 10:00:17 +0200 (CEST) Received: from eucas1p1.samsung.com (unknown [182.198.249.206]) by mailout1.w1.samsung.com (KnoxPortal) with ESMTP id 20200423080016euoutp01018ab272052eb9d59a1c245f2aadc756~IY-84bHAt0921509215euoutp014 for ; Thu, 23 Apr 2020 08:00:16 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 mailout1.w1.samsung.com 20200423080016euoutp01018ab272052eb9d59a1c245f2aadc756~IY-84bHAt0921509215euoutp014 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1587628816; bh=Mdw6tFYwuUhh+hMNxTqoWFrrVvebBKgqdHjcB7YWRR4=; h=Subject:To:Cc:From:Date:In-Reply-To:References:From; b=gORmsSYJnv/8J559lclFAHm8oPdt5f6q7TwP2z1fn7cI93bhy3F9lEnVeMpi6mm2Y HM5SXwV1hjjrraYg5rb0pgM1KDwdSlP29udAmW6wL27kWMTUVMNosXS8UpK6NXEIHb AMm6JOsYrPuYTmnggIgm1bDCdnmWmxuieR7AbQZ8= Received: from eusmges1new.samsung.com (unknown [203.254.199.242]) by eucas1p2.samsung.com (KnoxPortal) with ESMTP id 20200423080016eucas1p2579c3a053699d8494a362234b81fa9e8~IY-8uuujU1239312393eucas1p26; Thu, 23 Apr 2020 08:00:16 +0000 (GMT) Received: from eucas1p2.samsung.com ( [182.198.249.207]) by eusmges1new.samsung.com (EUCPMTA) with SMTP id 29.8B.61286.01B41AE5; Thu, 23 Apr 2020 09:00:16 +0100 (BST) Received: from eusmtrp1.samsung.com (unknown [182.198.249.138]) by eucas1p2.samsung.com (KnoxPortal) with ESMTPA id 20200423080016eucas1p2d7a8a15c8980eb73da3dcbb33964a9a2~IY-8fY5nL0622806228eucas1p2R; Thu, 23 Apr 2020 08:00:16 +0000 (GMT) Received: from eusmgms2.samsung.com (unknown [182.198.249.180]) by eusmtrp1.samsung.com (KnoxPortal) with ESMTP id 20200423080016eusmtrp145909e1fc4a05462425954f385796559~IY-8evvZt2577925779eusmtrp1j; Thu, 23 Apr 2020 08:00:16 +0000 (GMT) X-AuditID: cbfec7f2-f0bff7000001ef66-8f-5ea14b102117 Received: from eusmtip2.samsung.com ( [203.254.199.222]) by eusmgms2.samsung.com (EUCPMTA) with SMTP id 89.6C.07950.F0B41AE5; Thu, 23 Apr 2020 09:00:15 +0100 (BST) Received: from [106.210.88.70] (unknown [106.210.88.70]) by eusmtip2.samsung.com (KnoxPortal) with ESMTPA id 20200423080015eusmtip256a931a086aa7e6af8dc3c769f5bdf5d~IY-7_iyBB2371923719eusmtip2C; Thu, 23 Apr 2020 08:00:15 +0000 (GMT) To: Anoob Joseph , Konstantin Ananyev , "dev@dpdk.org" Cc: "akhil.goyal@nxp.com" , "declan.doherty@intel.com" From: Lukasz Wojciechowski Message-ID: <94481e37-1ab7-95f1-8c8a-cfdb281095ea@partner.samsung.com> Date: Thu, 23 Apr 2020 10:00:14 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: Content-Transfer-Encoding: 8bit Content-Language: pl X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprLKsWRmVeSWpSXmKPExsWy7djP87oC3gvjDJbPErRYf2Yeo8WyLVuZ LN48aGKxePdpO5PF+z+LWBxYPX4tWMrqsXjPSyaPyQsvMntsfLeDKYAlissmJTUnsyy1SN8u gStj1cVnLAVPJSvmvTzD3sB4WLSLkZNDQsBEYsbtHexdjFwcQgIrGCWaNvxhgnC+MErce3iY DcL5zCjxfMVZJpiWZy1voFqWM0ocPjcXynnLKLHz+TlmkCphgTCJs/NbGUFsEYFKia4LM9hB bGaBDIlpbRNZQGw2AVuJIzO/soLYvAJuEtceXQGLswioStzctBIozsEhKhArMf1aCESJoMTJ mU/ASjiBwpvObWCFGCkv0bx1NjOELSJx41ELI8g9EgLz2CUeffgBdbWLxK8l21kgbGGJV8e3 sEPYMhKnJ/ewQDRsY5S4+vsnVPd+RonrvSugqqwlDv/7zQZyEbOApsT6XfoQYUeJ1UdXgR0q IcAnceOtIMQRfBKTtk1nhgjzSnS0CUFU60k87ZnKCLP2z9onLBMYlWYheW0WkndmIXlnFsLe BYwsqxjFU0uLc9NTiw3zUsv1ihNzi0vz0vWS83M3MQITzel/xz/tYPx6KekQowAHoxIPb4Ti gjgh1sSy4srcQ4wSHMxKIrwbHs6LE+JNSaysSi3Kjy8qzUktPsQozcGiJM5rvOhlrJBAemJJ anZqakFqEUyWiYNTqoEx8P8dn5tl/5qX5983jopafuRPfE5vktibnWEHUnuamB1efVfoOpIl qNf/IWua2y/OeCbLpQmmskksxjfP/Z0RMOPy4/vd97yv/3B7e+emVqmGeqto91UZng9afkuk 57dOCg/q8N9blPqpWo7VOfVimPml2OV/V9mkeXxLkcs5edN2Zbmt+14lluKMREMt5qLiRACo cQsiMAMAAA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrHIsWRmVeSWpSXmKPExsVy+t/xe7r83gvjDD49sLFYf2Yeo8WyLVuZ LN48aGKxePdpO5PF+z+LWBxYPX4tWMrqsXjPSyaPyQsvMntsfLeDKYAlSs+mKL+0JFUhI7+4 xFYp2tDCSM/Q0kLPyMRSz9DYPNbKyFRJ384mJTUnsyy1SN8uQS9j1cVnLAVPJSvmvTzD3sB4 WLSLkZNDQsBE4lnLG/YuRi4OIYGljBJ926+wdDFyACVkJD5cEoCoEZb4c62LDaLmNaPE+lvz 2UASwgJhEmfntzKC2CIC1RItKzuYQGxmgQyJBbfPQTW8YJQ4/ewoWAObgK3EkZlfWUFsXgE3 iWuPQJZxcrAIqErc3LSSFWSxqECsRMtFTYgSQYmTM5+AlXAChTed28AKMd9MYt7mh8wQtrxE 89bZULaIxI1HLYwTGIVmIWmfhaRlFpKWWUhaFjCyrGIUSS0tzk3PLTbSK07MLS7NS9dLzs/d xAiMq23Hfm7Zwdj1LvgQowAHoxIPb4Tigjgh1sSy4srcQ4wSHMxKIrwbHs6LE+JNSaysSi3K jy8qzUktPsRoCvTbRGYp0eR8YMznlcQbmhqaW1gamhubG5tZKInzdggcjBESSE8sSc1OTS1I LYLpY+LglGpgNLXaLmt//taFN09MVlyd4ef7rNNDssa9RPzRzqK169Qear/h7zLIfpjvL2wT d/myiYcwe5KJlp7WndWxTHFes/N/PnSc0Na5QmH7xQ9CfmHr/X69VbVn2ML8afFJoSyDWS3f 7eO6LJ80bXePlVG/qqD8xP0BizLT9ARrs/2C2wUbP39qOrRViaU4I9FQi7moOBEAhNcYxcEC AAA= X-CMS-MailID: 20200423080016eucas1p2d7a8a15c8980eb73da3dcbb33964a9a2 X-Msg-Generator: CA Content-Type: text/plain; charset="utf-8" X-RootMTR: 20200423040733eucas1p15c21e263071994981cf9ebeceea505c7 X-EPHeader: CA CMS-TYPE: 201P X-CMS-RootMailID: 20200423040733eucas1p15c21e263071994981cf9ebeceea505c7 References: <20200422235158.24497-1-konstantin.ananyev@intel.com> Subject: Re: [dpdk-dev] [PATCH] security: fix crash at accessing non-implemented ops X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" W dniu 23.04.2020 o 06:07, Anoob Joseph pisze: > Hi Konstantin, > > These are data path ops and so it will be better if we can avoid such checks in the datapath. The same is done in ethdev also. > > https://protect2.fireeye.com/url?k=d44931cf-89d2cdac-d448ba80-0cc47a31cdbc-8281a62b4c91d848&q=1&u=http%3A%2F%2Fcode.dpdk.org%2Fdpdk%2Fv20.02%2Fsource%2Flib%2Flibrte_ethdev%2Frte_ethdev.h%23L4372 > > Datapath functions in cryptodev (enqueue/dequeue) doesn't even have such checks. > https://protect2.fireeye.com/url?k=51324200-0ca9be63-5133c94f-0cc47a31cdbc-11f88758fc12c996&q=1&u=http%3A%2F%2Fcode.dpdk.org%2Fdpdk%2Fv20.02%2Fsource%2Flib%2Flibrte_cryptodev%2Frte_cryptodev.h%23L962 > > > Thanks, > Anoob Hi Konstantine, It's my fault. Sorry. These checks need to be disabled in non-debug code, so they should be wrapped in a macro. It's just not the valid macro. The discussion about rte_debug mode is ongoing (https://patchwork.dpdk.org/patch/68815/) and currently the v2 version of patches is prepared to gather maintainers opinion. After the rte_debug is introduced the proper macro to use will be RTE_DEBUG_SECURITY. Until then, the RTE_DEBUG macro can stay as like Anoob mentioned the checks will have impact on dataplane performance. If you want to enable this code, please use CFLAGS="-DRTE_DEBUG" > >> -----Original Message----- >> From: dev On Behalf Of Konstantin Ananyev >> Sent: Thursday, April 23, 2020 5:22 AM >> To: dev@dpdk.org >> Cc: akhil.goyal@nxp.com; declan.doherty@intel.com; Konstantin Ananyev >> >> Subject: [dpdk-dev] [PATCH] security: fix crash at accessing non-implemented >> ops >> >> Valid checks for optional function pointers inside dev-ops were disabled by >> undefined macro. >> >> Fixes: b6ee98547847 ("security: fix verification of parameters") >> >> Signed-off-by: Konstantin Ananyev >> --- >> lib/librte_security/rte_security.c | 4 ---- >> 1 file changed, 4 deletions(-) >> >> diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c >> index d475b0977..b65430ce2 100644 >> --- a/lib/librte_security/rte_security.c >> +++ b/lib/librte_security/rte_security.c >> @@ -107,11 +107,9 @@ rte_security_set_pkt_metadata(struct rte_security_ctx >> *instance, >> struct rte_security_session *sess, >> struct rte_mbuf *m, void *params) { -#ifdef >> RTE_DEBUG >> RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, set_pkt_metadata, - >> EINVAL, >> -ENOTSUP); >> RTE_PTR_OR_ERR_RET(sess, -EINVAL); >> -#endif >> return instance->ops->set_pkt_metadata(instance->device, >> sess, m, params); >> } >> @@ -121,9 +119,7 @@ rte_security_get_userdata(struct rte_security_ctx >> *instance, uint64_t md) { >> void *userdata = NULL; >> >> -#ifdef RTE_DEBUG >> RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, get_userdata, NULL, >> NULL); -#endif >> if (instance->ops->get_userdata(instance->device, md, &userdata)) >> return NULL; >> >> -- >> 2.17.1 > -- Lukasz Wojciechowski Principal Software Engineer Samsung R&D Institute Poland Samsung Electronics Office +48 22 377 88 25 l.wojciechow@partner.samsung.com