* [dpdk-dev] Potential bug in QAT PMD code
@ 2021-02-23 0:34 Linfeng Li
2021-03-03 9:00 ` Doherty, Declan
0 siblings, 1 reply; 2+ messages in thread
From: Linfeng Li @ 2021-02-23 0:34 UTC (permalink / raw)
To: dev; +Cc: john.griffin, fiona.trahe, deepak.k.jain, Steve Rizor, Emil Meng
Hi,
We believe we found a potential bug in the QAT PMD code.
file link: https://github.com/DPDK/dpdk/blob/main/drivers/crypto/qat/qat_sym.c
The undesired behavior happens when:
* symmetric operation
* out-of-place operation
* encryption
* do cipher + do hash
* SGL enabled on either src/dst mbuf chain
* min_ofs is smaller than the length of the first segment of the src mbuf chain
behavior: In dst mbuf, payload is ciphered as expected, but mac-i remains plain text where it's expected to be ciphered as well.
potential cause:
* When min_ofs is smaller than the length of the first segment of the src mbuf chain with the foregoing scenario , auth_param->auth_off is calculated by auth_ofs-min_ofs(line 512 in qat_sym.c).
* When SGL enabled + do auth + do cipher, the remaining_off is calculated by auth_param->auth_off + auth_param->auth_len + alignment_adjustment(line 534 in qat_sym.c). so remaining_off doesn't include the offset applied on auth_param->auth_off in this scenario.
* The auth_data_end(line 546 in qat_sym.c) found doesn't seem proper since the while loop (line 540 in qat_sym.c) iterates from the very beginning of the dst mbuf.
Proposal fix:
add min_ofs in the calculation of remaining_off(line 534 in qat_sym.c)
Please let us know what your thoughts are about this issue and feel free to contact us if there are any questions.
Linfeng
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [dpdk-dev] Potential bug in QAT PMD code
2021-02-23 0:34 [dpdk-dev] Potential bug in QAT PMD code Linfeng Li
@ 2021-03-03 9:00 ` Doherty, Declan
0 siblings, 0 replies; 2+ messages in thread
From: Doherty, Declan @ 2021-03-03 9:00 UTC (permalink / raw)
To: Linfeng Li, dev
Cc: john.griffin, fiona.trahe, deepak.k.jain, Steve Rizor, Emil Meng
H
On 23/02/2021 12:34 AM, Linfeng Li wrote:
> Hi,
>
>
>
> We believe we found a potential bug in the QAT PMD code.
>
>
>
> file link: https://github.com/DPDK/dpdk/blob/main/drivers/crypto/qat/qat_sym.c
>
>
>
> The undesired behavior happens when:
> * symmetric operation
> * out-of-place operation
> * encryption
> * do cipher + do hash
> * SGL enabled on either src/dst mbuf chain
> * min_ofs is smaller than the length of the first segment of the src mbuf chain
>
>
>
> behavior: In dst mbuf, payload is ciphered as expected, but mac-i remains plain text where it's expected to be ciphered as well.
>
>
>
> potential cause:
> * When min_ofs is smaller than the length of the first segment of the src mbuf chain with the foregoing scenario , auth_param->auth_off is calculated by auth_ofs-min_ofs(line 512 in qat_sym.c).
> * When SGL enabled + do auth + do cipher, the remaining_off is calculated by auth_param->auth_off + auth_param->auth_len + alignment_adjustment(line 534 in qat_sym.c). so remaining_off doesn't include the offset applied on auth_param->auth_off in this scenario.
> * The auth_data_end(line 546 in qat_sym.c) found doesn't seem proper since the while loop (line 540 in qat_sym.c) iterates from the very beginning of the dst mbuf.
>
>
>
> Proposal fix:
>
> add min_ofs in the calculation of remaining_off(line 534 in qat_sym.c)
>
>
>
> Please let us know what your thoughts are about this issue and feel free to contact us if there are any questions.
>
> Linfeng
>
Hey Linfeng, thanks we're looking into this now, and will address in
this release cycle.
Thanks
Declan
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-03-03 9:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-23 0:34 [dpdk-dev] Potential bug in QAT PMD code Linfeng Li
2021-03-03 9:00 ` Doherty, Declan
DPDK patches and discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \
dev@dpdk.org
public-inbox-index dev
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://inbox.dpdk.org/inbox.dpdk.dev
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git