[dpdk-dev] Potential bug in QAT PMD code

[dpdk-dev] Potential bug in QAT PMD code

[Linfeng Li]

Hi,



We believe we found a potential bug in the QAT PMD code.



file link: https://github.com/DPDK/dpdk/blob/main/drivers/crypto/qat/qat_sym.c



The undesired behavior happens when:
*         symmetric operation
*         out-of-place operation
*         encryption
*         do cipher + do hash
*         SGL enabled on either src/dst mbuf chain
*         min_ofs is smaller than the length of the first segment of the src mbuf chain



behavior: In dst mbuf, payload is ciphered as expected, but mac-i remains plain text where it's expected to be ciphered as well.



potential cause:
*         When min_ofs is smaller than the length of the first segment of the src mbuf chain with the foregoing scenario , auth_param->auth_off is calculated by auth_ofs-min_ofs(line 512 in qat_sym.c).
*         When SGL enabled + do auth + do cipher, the remaining_off is calculated by auth_param->auth_off + auth_param->auth_len + alignment_adjustment(line 534 in qat_sym.c). so remaining_off doesn't include the offset applied on auth_param->auth_off in this scenario.
*         The auth_data_end(line 546 in qat_sym.c) found doesn't seem proper since the while loop (line 540 in qat_sym.c) iterates from the very beginning of the dst mbuf.



Proposal fix:

add min_ofs in the calculation of remaining_off(line 534 in qat_sym.c)



Please let us know what your thoughts are about this issue and feel free to contact us if there are any questions.

Linfeng

Re: [dpdk-dev] Potential bug in QAT PMD code

[Doherty, Declan]

H

On 23/02/2021 12:34 AM, Linfeng Li wrote:
> Hi,
> 
> 
> 
> We believe we found a potential bug in the QAT PMD code.
> 
> 
> 
> file link: https://github.com/DPDK/dpdk/blob/main/drivers/crypto/qat/qat_sym.c
> 
> 
> 
> The undesired behavior happens when:
> *         symmetric operation
> *         out-of-place operation
> *         encryption
> *         do cipher + do hash
> *         SGL enabled on either src/dst mbuf chain
> *         min_ofs is smaller than the length of the first segment of the src mbuf chain
> 
> 
> 
> behavior: In dst mbuf, payload is ciphered as expected, but mac-i remains plain text where it's expected to be ciphered as well.
> 
> 
> 
> potential cause:
> *         When min_ofs is smaller than the length of the first segment of the src mbuf chain with the foregoing scenario , auth_param->auth_off is calculated by auth_ofs-min_ofs(line 512 in qat_sym.c).
> *         When SGL enabled + do auth + do cipher, the remaining_off is calculated by auth_param->auth_off + auth_param->auth_len + alignment_adjustment(line 534 in qat_sym.c). so remaining_off doesn't include the offset applied on auth_param->auth_off in this scenario.
> *         The auth_data_end(line 546 in qat_sym.c) found doesn't seem proper since the while loop (line 540 in qat_sym.c) iterates from the very beginning of the dst mbuf.
> 
> 
> 
> Proposal fix:
> 
> add min_ofs in the calculation of remaining_off(line 534 in qat_sym.c)
> 
> 
> 
> Please let us know what your thoughts are about this issue and feel free to contact us if there are any questions.
> 
> Linfeng
> 

Hey Linfeng, thanks we're looking into this now, and will address in 
this release cycle.

Thanks
Declan