From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: Akhil Goyal <akhil.goyal@nxp.com>,
Anoob Joseph <anoobj@marvell.com>, "dev@dpdk.org" <dev@dpdk.org>,
Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Cc: "Doherty, Declan" <declan.doherty@intel.com>
Subject: Re: [dpdk-dev] [PATCH] security: fix crash at accessing non-implemented ops
Date: Thu, 23 Apr 2020 13:47:29 +0000 [thread overview]
Message-ID: <BYAPR11MB3301680BD49CF18C4C5C37479AD30@BYAPR11MB3301.namprd11.prod.outlook.com> (raw)
In-Reply-To: <VI1PR04MB3168B4F5173539C9DB8B7AB3E6D30@VI1PR04MB3168.eurprd04.prod.outlook.com>
Hi Akhil,
>
> Hi Anoob/Konstantin,
> > >
> > > Check that ops->get_userdata is a valid function pointer will be compiled out.
> > > So PMDs that don't implement this function will crash in
> > > rte_security_get_userdata().
> > > In our particular case - ixgbe.
> > > Same story with rte_security_set_pkt_metadata() - see the patch.
> >
> > [Anoob] But ixgbe doesn't implement inline protocol which is the primary
> > consumer of this API (rte_security_get_userdata()). So what is the trouble?
> >
> > Also, application is expected to call rte_security_set_pkt_metadata() only on
> > devices with offload flag RTE_SECURITY_TX_OLOAD_NEED_MDATA. If a PMD
> > states it needs MDATA but fails to register a function pointer for doing the same,
> > it is a control path problem. Checking for that in the datapath is an overkill.
> >
> Whatever your concern is, we can resolve it later, but for now we should have the same
> Unconditional checks that were there earlier. We need to make RC1 today/tomorrow.
> And this cannot go as an issue.
>
> These are optional APIs and every PMD may not have supported that.
>
> Konstantin,
> Please send an update to your patch reverting the original patch for these 2 functions.
> Currently it is adding 2 extra checks.
>
I am afraid we can't do just that.
As in that case /app/test/test_security.c build wih -DRE_DEBUG will start crashing.
I think we have 3 alternative how to fix it:
1. Keep all these 3 checks for debug and non-debug mode (that what my current patch does).
2. Have both: existed 1 check in non-debug mode, plus new checks in debug mode, i.e.:
rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
{
void *userdata = NULL;
+#ifdef RTE_DEBUG
+ RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, get_userdata, NULL, NULL);
+#else
RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
+#endif
....
3. Keep only 1 existed check in non-debug mode and remove cases in app/test/test_security.c
that would crash with -DRTE_DEBUG.
My preference is 1), I don't think these 2 extra checks will affect performance greatly.
Also with 1) we can make these new test-case to be executed for non-debug mode too.
2) is probably also ok - but I think RTE_DEBUG concept should be a separate patch series,
and I don't want to mix things.
What is your opinion here?
Konstantin
next prev parent reply other threads:[~2020-04-23 13:48 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-22 23:51 Konstantin Ananyev
2020-04-23 0:11 ` Ananyev, Konstantin
2020-04-23 7:58 ` Lukasz Wojciechowski
2020-04-23 4:07 ` Anoob Joseph
2020-04-23 7:54 ` Ananyev, Konstantin
2020-04-23 8:06 ` Lukasz Wojciechowski
2020-04-23 8:11 ` Ananyev, Konstantin
2020-04-23 8:22 ` Ananyev, Konstantin
2020-04-23 9:09 ` Anoob Joseph
2020-04-23 10:54 ` Ananyev, Konstantin
2020-04-23 11:23 ` Anoob Joseph
2020-04-23 12:55 ` Akhil Goyal
2020-04-23 13:30 ` Lukasz Wojciechowski
2020-04-23 13:47 ` Ananyev, Konstantin [this message]
2020-04-23 14:08 ` Akhil Goyal
2020-04-23 14:48 ` Ananyev, Konstantin
2020-04-23 8:00 ` Lukasz Wojciechowski
2020-04-23 8:28 ` Ananyev, Konstantin
2020-04-23 15:10 ` [dpdk-dev] [PATCH v2] " Konstantin Ananyev
2020-04-23 15:51 ` Akhil Goyal
2020-04-23 16:08 ` Anoob Joseph
2020-04-23 16:14 ` Akhil Goyal
2020-04-23 16:29 ` Lukasz Wojciechowski
[not found] ` <CGME20200423162615eucas1p2224e9313aa640f755cf226649d093bb9@eucas1p2.samsung.com>
2020-04-23 16:25 ` [dpdk-dev] [PATCH] test/security: enable tests for " Lukasz Wojciechowski
2020-05-09 21:47 ` Akhil Goyal
2020-05-11 10:15 ` Lukasz Wojciechowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BYAPR11MB3301680BD49CF18C4C5C37479AD30@BYAPR11MB3301.namprd11.prod.outlook.com \
--to=konstantin.ananyev@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=anoobj@marvell.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=l.wojciechow@partner.samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).