From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 3EBAC43345
	for <public@inbox.dpdk.org>; Thu, 16 Nov 2023 14:24:57 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 3904540E5E;
	Thu, 16 Nov 2023 14:24:57 +0100 (CET)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by mails.dpdk.org (Postfix) with ESMTP id 028CB40E68
 for <stable@dpdk.org>; Thu, 16 Nov 2023 14:24:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1700141094;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=flcHX6eVeIAvgnBp6LwLIqi2vybLjFi437eMK+6kq40=;
 b=G4cfrkndLiShh99zlMzOOvdkKvIn9WTTWYHnc+DZrQQo8QDnEiikOC7juPIzZeKdtppOXz
 6P1ZkbppCOQ4gnxdzXId4ahbPLlFfgvr93bWKl7OayxfXBUDcxWz2CLlbZ+OlCbbrtB9XV
 Bc2qsxaj0ANUoY04VB/MqT+iV9ldevM=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-235-Kdei-HpUP6Sg9aHG9l5a2g-1; Thu, 16 Nov 2023 08:24:51 -0500
X-MC-Unique: Kdei-HpUP6Sg9aHG9l5a2g-1
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
 [10.11.54.6])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 334C9101A550;
 Thu, 16 Nov 2023 13:24:51 +0000 (UTC)
Received: from rh.Home (unknown [10.39.194.169])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 93A482166B27;
 Thu, 16 Nov 2023 13:24:50 +0000 (UTC)
From: Kevin Traynor <ktraynor@redhat.com>
To: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Cc: dpdk stable <stable@dpdk.org>
Subject: patch 'crypto/nitrox: fix panic with high number of segments' has
 been queued to stable release 21.11.6
Date: Thu, 16 Nov 2023 13:23:21 +0000
Message-ID: <20231116132348.557257-39-ktraynor@redhat.com>
In-Reply-To: <20231116132348.557257-1-ktraynor@redhat.com>
References: <20231116132348.557257-1-ktraynor@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.6
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"; x-default=true
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Hi,

FYI, your patch has been queued to stable release 21.11.6

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/21/23. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/cfd4195e5c768c4d30e166f6514a737e1f62fc31

Thanks.

Kevin

---
>From cfd4195e5c768c4d30e166f6514a737e1f62fc31 Mon Sep 17 00:00:00 2001
From: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Date: Thu, 17 Aug 2023 17:15:56 +0530
Subject: [PATCH] crypto/nitrox: fix panic with high number of segments

[ upstream commit 4a469e1216384d19a6dc3950686f479e30e319a9 ]

When the number of segments in source or destination mbuf is higher than
max supported then the application was panicked during the creation of
sglist when RTE_VERIFY was called. Validate the number of mbuf segments
and return an error instead of panicking.

Fixes: 678f3eca1dfd ("crypto/nitrox: support cipher-only operations")
Fixes: 9282bdee5cdf ("crypto/nitrox: add cipher auth chain processing")

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
---
 drivers/crypto/nitrox/nitrox_sym_reqmgr.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
index 9edb0cc00f..d7e8ff7db4 100644
--- a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
+++ b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
@@ -11,6 +11,9 @@
 #include "nitrox_logs.h"
 
-#define MAX_SGBUF_CNT 16
-#define MAX_SGCOMP_CNT 5
+#define MAX_SUPPORTED_MBUF_SEGS 16
+/* IV + AAD + ORH + CC + DIGEST */
+#define ADDITIONAL_SGBUF_CNT 5
+#define MAX_SGBUF_CNT (MAX_SUPPORTED_MBUF_SEGS + ADDITIONAL_SGBUF_CNT)
+#define MAX_SGCOMP_CNT (RTE_ALIGN_MUL_CEIL(MAX_SGBUF_CNT, 4) / 4)
 /* SLC_STORE_INFO */
 #define MIN_UDD_LEN 16
@@ -304,5 +307,5 @@ create_sglist_from_mbuf(struct nitrox_sgtable *sgtbl, struct rte_mbuf *mbuf,
 	}
 
-	RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+	RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
 	sgtbl->map_bufs_cnt = cnt;
 	return 0;
@@ -376,5 +379,5 @@ create_cipher_outbuf(struct nitrox_softreq *sr)
 	cnt++;
 
-	RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+	RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
 	sr->out.map_bufs_cnt = cnt;
 
@@ -601,5 +604,5 @@ create_aead_outbuf(struct nitrox_softreq *sr, struct nitrox_sglist *digest)
 	sr->out.sglist[cnt].virt = &sr->resp.completion;
 	cnt++;
-	RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+	RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
 	sr->out.map_bufs_cnt = cnt;
 
@@ -775,4 +778,12 @@ nitrox_process_se_req(uint16_t qno, struct rte_crypto_op *op,
 	int err;
 
+	if (unlikely(op->sym->m_src->nb_segs > MAX_SUPPORTED_MBUF_SEGS ||
+		     (op->sym->m_dst &&
+		      op->sym->m_dst->nb_segs > MAX_SUPPORTED_MBUF_SEGS))) {
+		NITROX_LOG(ERR, "Mbuf segments not supported. "
+			   "Max supported %d\n", MAX_SUPPORTED_MBUF_SEGS);
+		return -ENOTSUP;
+	}
+
 	softreq_init(sr, sr->iova);
 	sr->ctx = ctx;
-- 
2.41.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2023-11-16 13:21:53.494171502 +0000
+++ 0039-crypto-nitrox-fix-panic-with-high-number-of-segments.patch	2023-11-16 13:21:52.495946506 +0000
@@ -1 +1 @@
-From 4a469e1216384d19a6dc3950686f479e30e319a9 Mon Sep 17 00:00:00 2001
+From cfd4195e5c768c4d30e166f6514a737e1f62fc31 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 4a469e1216384d19a6dc3950686f479e30e319a9 ]
+
@@ -13 +14,0 @@
-Cc: stable@dpdk.org