RE: [PATCH v2] test/security: fix buffer leaks in error path

DPDK patches and discussions
 help / color / mirror / Atom feed

From: Hemant Agrawal <hemant.agrawal@nxp.com>
To: Akhil Goyal <gakhil@marvell.com>, "dev@dpdk.org" <dev@dpdk.org>
Cc: "stephen@networkplumber.org" <stephen@networkplumber.org>,
	"vattunuru@marvell.com" <vattunuru@marvell.com>,
	"stable@dpdk.org" <stable@dpdk.org>
Subject: RE: [PATCH v2] test/security: fix buffer leaks in error path
Date: Tue, 31 Oct 2023 13:56:27 +0000	[thread overview]
Message-ID: <PAXPR04MB9328F9A668FD8A23C79EB4D089A0A@PAXPR04MB9328.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <20231031064446.150191-1-gakhil@marvell.com>

Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Tuesday, October 31, 2023 12:15 PM
> To: dev@dpdk.org
> Cc: stephen@networkplumber.org; Hemant Agrawal
> <hemant.agrawal@nxp.com>; vattunuru@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; stable@dpdk.org
> Subject: [PATCH v2] test/security: fix buffer leaks in error path
> Importance: High
> 
> In case of failure of a test in macsec autotest, the buffers were not getting
> cleaned.
> Added appropriate code to clean the buffers.
> 
> Fixes: 993ea577a006 ("test/security: add inline MACsec cases")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> ---
> - Used rte_pktmbuf_free_bulk as suggested by Stephen.
> 
>  app/test/test_security_inline_macsec.c | 65 +++++++++++++++++---------
>  1 file changed, 44 insertions(+), 21 deletions(-)
> 
> diff --git a/app/test/test_security_inline_macsec.c
> b/app/test/test_security_inline_macsec.c
> index 59b1b8a6a6..f11e9da8c3 100644
> --- a/app/test/test_security_inline_macsec.c
> +++ b/app/test/test_security_inline_macsec.c
> @@ -952,8 +952,7 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  			tx_pkts_burst[j]->ol_flags |=
> RTE_MBUF_F_TX_MACSEC;
>  		}
>  		if (tx_pkts_burst[j] == NULL) {
> -			while (j--)
> -				rte_pktmbuf_free(tx_pkts_burst[j]);
> +			rte_pktmbuf_free_bulk(tx_pkts_burst, j);
>  			ret = TEST_FAILED;
>  			goto out;
>  		}
> @@ -965,8 +964,7 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  					opts->ar_td[k]->secure_pkt.data,
>  					opts->ar_td[k]->secure_pkt.len);
>  				if (tx_pkts_burst[j] == NULL) {
> -					while (j--)
> -
> 	rte_pktmbuf_free(tx_pkts_burst[j]);
> +
> 	rte_pktmbuf_free_bulk(tx_pkts_burst, j);
>  					ret = TEST_FAILED;
>  					goto out;
>  				}
> @@ -993,8 +991,7 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  				tx_pkts_burst[j]->ol_flags |=
> RTE_MBUF_F_TX_MACSEC;
>  			}
>  			if (tx_pkts_burst[j] == NULL) {
> -				while (j--)
> -					rte_pktmbuf_free(tx_pkts_burst[j]);
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
>  				ret = TEST_FAILED;
>  				goto out;
>  			}
> @@ -1016,7 +1013,9 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  				id = rte_security_macsec_sa_create(ctx,
> &sa_conf);
>  				if (id < 0) {
>  					printf("MACsec SA create
> failed : %d.\n", id);
> -					return TEST_FAILED;
> +
> 	rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +					ret = TEST_FAILED;
> +					goto out;
>  				}
>  				rx_sa_id[i][an] = (uint16_t)id;
>  			}
> @@ -1025,6 +1024,8 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  			id = rte_security_macsec_sc_create(ctx, &sc_conf);
>  			if (id < 0) {
>  				printf("MACsec SC create failed : %d.\n", id);
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
>  				goto out;
>  			}
>  			rx_sc_id[i] = (uint16_t)id;
> @@ -1032,19 +1033,26 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  			/* Create Inline IPsec session. */
>  			ret = fill_session_conf(td[i], port_id, opts,
> &sess_conf,
>  					RTE_SECURITY_MACSEC_DIR_RX,
> rx_sc_id[i], tci_off);
> -			if (ret)
> -				return TEST_FAILED;
> -
> +			if (ret) {
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
> +				goto out;
> +			}
>  			rx_sess[i] = rte_security_session_create(ctx,
> &sess_conf,
>  					sess_pool);
>  			if (rx_sess[i] == NULL) {
>  				printf("SEC Session init failed.\n");
> -				return TEST_FAILED;
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
> +				goto out;
>  			}
>  			ret = create_default_flow(td[i], port_id,
>  					RTE_SECURITY_MACSEC_DIR_RX,
> rx_sess[i]);
> -			if (ret)
> +			if (ret) {
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
>  				goto out;
> +			}
>  		}
>  		if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP ||
>  				op == MCS_AUTH_ONLY || op ==
> MCS_AUTH_VERIFY) { @@ -1057,7 +1065,9 @@ test_macsec(const struct
> mcs_test_vector *td[], enum mcs_op op, const struct mcs
>  			id = rte_security_macsec_sa_create(ctx, &sa_conf);
>  			if (id < 0) {
>  				printf("MACsec SA create failed : %d.\n", id);
> -				return TEST_FAILED;
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
> +				goto out;
>  			}
>  			tx_sa_id[i][0] = (uint16_t)id;
>  			tx_sa_id[i][1] = MCS_INVALID_SA;
> @@ -1071,6 +1081,8 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  				id = rte_security_macsec_sa_create(ctx,
> &sa_conf);
>  				if (id < 0) {
>  					printf("MACsec rekey SA create
> failed : %d.\n", id);
> +
> 	rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +					ret = TEST_FAILED;
>  					goto out;
>  				}
>  				tx_sa_id[i][1] = (uint16_t)id;
> @@ -1080,6 +1092,8 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  			id = rte_security_macsec_sc_create(ctx, &sc_conf);
>  			if (id < 0) {
>  				printf("MACsec SC create failed : %d.\n", id);
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
>  				goto out;
>  			}
>  			tx_sc_id[i] = (uint16_t)id;
> @@ -1087,19 +1101,26 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  			/* Create Inline IPsec session. */
>  			ret = fill_session_conf(td[i], port_id, opts,
> &sess_conf,
>  					RTE_SECURITY_MACSEC_DIR_TX,
> tx_sc_id[i], tci_off);
> -			if (ret)
> -				return TEST_FAILED;
> -
> +			if (ret) {
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
> +				goto out;
> +			}
>  			tx_sess[i] = rte_security_session_create(ctx,
> &sess_conf,
>  					sess_pool);
>  			if (tx_sess[i] == NULL) {
>  				printf("SEC Session init failed.\n");
> -				return TEST_FAILED;
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
> +				goto out;
>  			}
>  			ret = create_default_flow(td[i], port_id,
>  					RTE_SECURITY_MACSEC_DIR_TX,
> tx_sess[i]);
> -			if (ret)
> +			if (ret) {
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
>  				goto out;
> +			}
>  		}
>  	}
> 
> @@ -1116,6 +1137,7 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> 
>  	rte_pause();
> 
> +	j = 0;
>  	/* Receive back packet on loopback interface. */
>  	do {
>  		nb_rx += rte_eth_rx_burst(port_id, 0, @@ -1129,8 +1151,7
> @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op,
> const struct mcs
>  	if (nb_rx != nb_sent) {
>  		printf("\nUnable to RX all %d packets, received(%i)",
>  				nb_sent, nb_rx);
> -		while (--nb_rx >= 0)
> -			rte_pktmbuf_free(rx_pkts_burst[nb_rx]);
> +		rte_pktmbuf_free_bulk(rx_pkts_burst, nb_rx);
>  		ret = TEST_FAILED;
>  		if (opts->check_sectag_interrupts == 1)
>  			ret = TEST_SUCCESS;
> @@ -1154,7 +1175,9 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  			id = rte_security_macsec_sa_create(ctx, &sa_conf);
>  			if (id < 0) {
>  				printf("MACsec SA create failed : %d.\n", id);
> -				return TEST_FAILED;
> +				rte_pktmbuf_free_bulk(rx_pkts_burst,
> nb_rx);
> +				ret = TEST_FAILED;
> +				goto out;
>  			}
>  			tx_sa_id[0][0] = (uint16_t)id;
>  			break;
> --
> 2.25.1

next prev parent reply	other threads:[~2023-10-31 13:56 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-22 17:33 [PATCH] " Akhil Goyal
2023-08-25 11:22 ` Hemant Agrawal
2023-09-19  6:33   ` [EXT] " Akhil Goyal
2023-09-19 14:58 ` Stephen Hemminger
2023-09-19 19:17   ` [EXT] " Akhil Goyal
2023-10-31  6:44 ` [PATCH v2] " Akhil Goyal
2023-10-31 13:56   ` Hemant Agrawal [this message]
2023-10-31 15:47   ` Stephen Hemminger
2023-10-31 17:59     ` [EXT] " Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=PAXPR04MB9328F9A668FD8A23C79EB4D089A0A@PAXPR04MB9328.eurprd04.prod.outlook.com \
    --to=hemant.agrawal@nxp.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=stable@dpdk.org \
    --cc=stephen@networkplumber.org \
    --cc=vattunuru@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).