From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AACE2432DA for ; Wed, 8 Nov 2023 20:27:21 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A50E4406A2; Wed, 8 Nov 2023 20:27:21 +0100 (CET) Received: from mail-lj1-f175.google.com (mail-lj1-f175.google.com [209.85.208.175]) by mails.dpdk.org (Postfix) with ESMTP id B6C3B42E43 for ; Wed, 8 Nov 2023 20:27:19 +0100 (CET) Received: by mail-lj1-f175.google.com with SMTP id 38308e7fff4ca-2c5210a1515so76241fa.0 for ; Wed, 08 Nov 2023 11:27:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699471639; x=1700076439; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=vRvCgPwiSAUPDIi3xOX0/z6pkIPcaKZEM2Nwg29h5q4=; b=IG/S1SUxSymhnPs/xJkvkwxkiiVMCBHatJxmBeVRUzZpw53iosuDn1qyBhInImLXmH o/AlyPxhvf62qduz3XYX1FIhNj3VKDF6B4rNEttYFKvf2cjzhdJOfo0z69rg0kguirlF pZGuWeufDsZAfz4lO1jwytoNAtYsVmgye4N8vJfrcibs3DTsEmkG4gTzagQxXnJUt1oY jP6KcUr2CqWQmOclCJAN6ByQJv7sFFpwpJhn2QGtLQv3Ie3zyWx32PZBhF7H3gMIelk5 FBsSNAZqxjcMjXFF5Bmb/l4RzM48hjRe5BiBKkKFvNasg3mR7xF5yFKVbWhRal8r3cOB +u+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699471639; x=1700076439; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vRvCgPwiSAUPDIi3xOX0/z6pkIPcaKZEM2Nwg29h5q4=; b=E3C/hYDXg8IetddiybGZI3Ke8Te8n7yILnZjKUr79O5f+2b9p3t6dE2jbGbvuIGm14 zijJPL6PktIYyqFD1ICbphUpBBZF4kgEcc8xqo3bu17m9EOs8mtR5b4t9OFGFBmmpLEB qSc7RWg7Ch8OKbHjXWZLykhWLFWe6qxbgX2FjJAxsvN+/zcVzMuSVHt+KGXxer2w2jJi nCELtFEpPmwtQQO5q6NyCe2UZCLkjt0135sfvINNXq82y5SiOK7T7nIZZzQ+KWpHuTgs eYzKU/zv83ESzlP2fzTSfpwjNnkwBf32SIFVY568hy1aRq5gk0JTEI1fJ5wsEDLZ00vU ZjQA== X-Gm-Message-State: AOJu0YyflGKpi8PPhN8Z2sfjJOzrJPYJbLJ2XAjKm6rizHfY/0h7uxDa DLfaQTkPzsg3B0whJs4Vw0C8uvPlu1Ug1Q== X-Google-Smtp-Source: AGHT+IFW+GGfyxoB02Awaoz2r2JAfotcwm9OcufgGOdmBB4H3sHbIArVsaJRjYc1HiCwKkgdRaJbjA== X-Received: by 2002:a2e:98c3:0:b0:2c5:3fd:c90d with SMTP id s3-20020a2e98c3000000b002c503fdc90dmr2552696ljj.7.1699471639172; Wed, 08 Nov 2023 11:27:19 -0800 (PST) Received: from localhost ([2a01:4b00:d307:1000:f1d3:eb5e:11f4:a7d9]) by smtp.gmail.com with ESMTPSA id i17-20020a05600c481100b004063d8b43e7sm19653422wmo.48.2023.11.08.11.27.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Nov 2023 11:27:18 -0800 (PST) From: luca.boccassi@gmail.com To: Nagadheeraj Rottela Cc: dpdk stable Subject: patch 'crypto/nitrox: fix panic with high number of segments' has been queued to stable release 20.11.10 Date: Wed, 8 Nov 2023 19:25:33 +0000 Message-Id: <20231108192535.922238-35-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20231108192535.922238-1-luca.boccassi@gmail.com> References: <20231018235930.3144-41-luca.boccassi@gmail.com> <20231108192535.922238-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 20.11.10 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 11/10/23. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/bluca/dpdk-stable This queued commit can be viewed at: https://github.com/bluca/dpdk-stable/commit/01ae596f4e79c506347416b1e6e38714338bda58 Thanks. Luca Boccassi --- >From 01ae596f4e79c506347416b1e6e38714338bda58 Mon Sep 17 00:00:00 2001 From: Nagadheeraj Rottela Date: Thu, 17 Aug 2023 17:15:56 +0530 Subject: [PATCH] crypto/nitrox: fix panic with high number of segments [ upstream commit 4a469e1216384d19a6dc3950686f479e30e319a9 ] When the number of segments in source or destination mbuf is higher than max supported then the application was panicked during the creation of sglist when RTE_VERIFY was called. Validate the number of mbuf segments and return an error instead of panicking. Fixes: 678f3eca1dfd ("crypto/nitrox: support cipher-only operations") Fixes: 9282bdee5cdf ("crypto/nitrox: add cipher auth chain processing") Signed-off-by: Nagadheeraj Rottela --- drivers/crypto/nitrox/nitrox_sym_reqmgr.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c index fe3ca25a0c..384d095e92 100644 --- a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c +++ b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c @@ -10,8 +10,11 @@ #include "nitrox_sym_reqmgr.h" #include "nitrox_logs.h" -#define MAX_SGBUF_CNT 16 -#define MAX_SGCOMP_CNT 5 +#define MAX_SUPPORTED_MBUF_SEGS 16 +/* IV + AAD + ORH + CC + DIGEST */ +#define ADDITIONAL_SGBUF_CNT 5 +#define MAX_SGBUF_CNT (MAX_SUPPORTED_MBUF_SEGS + ADDITIONAL_SGBUF_CNT) +#define MAX_SGCOMP_CNT (RTE_ALIGN_MUL_CEIL(MAX_SGBUF_CNT, 4) / 4) /* SLC_STORE_INFO */ #define MIN_UDD_LEN 16 /* PKT_IN_HDR + SLC_STORE_INFO */ @@ -303,7 +306,7 @@ create_sglist_from_mbuf(struct nitrox_sgtable *sgtbl, struct rte_mbuf *mbuf, datalen -= mlen; } - RTE_VERIFY(cnt <= MAX_SGBUF_CNT); + RTE_ASSERT(cnt <= MAX_SGBUF_CNT); sgtbl->map_bufs_cnt = cnt; return 0; } @@ -375,7 +378,7 @@ create_cipher_outbuf(struct nitrox_softreq *sr) sr->out.sglist[cnt].virt = &sr->resp.completion; cnt++; - RTE_VERIFY(cnt <= MAX_SGBUF_CNT); + RTE_ASSERT(cnt <= MAX_SGBUF_CNT); sr->out.map_bufs_cnt = cnt; create_sgcomp(&sr->out); @@ -600,7 +603,7 @@ create_aead_outbuf(struct nitrox_softreq *sr, struct nitrox_sglist *digest) resp.completion); sr->out.sglist[cnt].virt = &sr->resp.completion; cnt++; - RTE_VERIFY(cnt <= MAX_SGBUF_CNT); + RTE_ASSERT(cnt <= MAX_SGBUF_CNT); sr->out.map_bufs_cnt = cnt; create_sgcomp(&sr->out); @@ -774,6 +777,14 @@ nitrox_process_se_req(uint16_t qno, struct rte_crypto_op *op, { int err; + if (unlikely(op->sym->m_src->nb_segs > MAX_SUPPORTED_MBUF_SEGS || + (op->sym->m_dst && + op->sym->m_dst->nb_segs > MAX_SUPPORTED_MBUF_SEGS))) { + NITROX_LOG(ERR, "Mbuf segments not supported. " + "Max supported %d\n", MAX_SUPPORTED_MBUF_SEGS); + return -ENOTSUP; + } + softreq_init(sr, sr->iova); sr->ctx = ctx; sr->op = op; -- 2.39.2 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2023-11-08 19:23:53.626728284 +0000 +++ 0035-crypto-nitrox-fix-panic-with-high-number-of-segments.patch 2023-11-08 19:23:51.829397452 +0000 @@ -1 +1 @@ -From 4a469e1216384d19a6dc3950686f479e30e319a9 Mon Sep 17 00:00:00 2001 +From 01ae596f4e79c506347416b1e6e38714338bda58 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 4a469e1216384d19a6dc3950686f479e30e319a9 ] + @@ -13 +14,0 @@ -Cc: stable@dpdk.org @@ -21 +22 @@ -index 9edb0cc00f..d7e8ff7db4 100644 +index fe3ca25a0c..384d095e92 100644