From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6CE8D468E4 for ; Thu, 12 Jun 2025 23:08:36 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6715942DD9; Thu, 12 Jun 2025 23:08:36 +0200 (CEST) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mails.dpdk.org (Postfix) with ESMTP id 3F7FE42E37 for ; Thu, 12 Jun 2025 23:08:35 +0200 (CEST) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-45310223677so12378265e9.0 for ; Thu, 12 Jun 2025 14:08:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1749762515; x=1750367315; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=g9fdqGgSSeSPFQ2THHkbs+O94xTxzDO0VCiRS/HlL8U=; b=BZ1LiagbTYl0tj7A/GRifA2sk7bpRp3hTVE3DVSq28DzyCN6G1VpMYyw/tdvqhmZeO OmN7zc2xjB1M/gumfy/7X+YWAtaZNhHl2yseE9g6hlwqQp3J+MIKwJjfHOwSPdSBywbl iIRGxbyP8PwMvM7HUPtjtJ15/c4Q7cFU1JE2cjGgbM2NSpdJKC1xUQGqRHMA+qPOqkjA cooDRqcdgvG4Au2fpP4CLkXMI4Nl07lOmv5hi4zKGseguQ3DN8ZzLH/pDEzKQOxqKa/C MlyZErM5375Qp+wfi/mdeY8EeiuYA9w1djyqVajjiZK4FILmqxZI8AVwbucSK78QJdXS WEwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749762515; x=1750367315; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=g9fdqGgSSeSPFQ2THHkbs+O94xTxzDO0VCiRS/HlL8U=; b=ND+tG8m71r8yhFrdi9YEjbTPEg8uZb786i+7vxeghBQhCtNfgLjpc//sgamCkWD8Ny DOPuqKL5Oz5YoOYi989vrLsjtSQukdAcJtltTrIzYYzowue2T5lcFT0u13IRp3Chuyrb 6JNLGz+17ksz8gP51Q5En3zDw3zBrMhTw/ElOkQVjHTU+AyuHWUiN4uKqrKxcwMZJg8k 4158Fs5yKIllP4UX8EoCbbOAKZWuFgFBdWpaJAUII21spUmEcQzKD1VTdqAP8NuRIVqB u6dt30/R+gCQdSYASg5kvDqNDibmvZkalrofcWb8ISWv1tJl59Nqz5vl5qSmsseHDDfG wONA== X-Forwarded-Encrypted: i=1; AJvYcCWfe0a4ThbKQDgRv2Kw9zfiN+wjU7fchJVQ/aaPilMUnXwsMaGhSQ4RmbJ+ZM8bNCFesSdD0OM=@dpdk.org X-Gm-Message-State: AOJu0YycDzJBYsFEUZNEOUXlLS34MSdIZNRQCrSFXSKb+nljNJqeemC9 KKYzaEYJwfvqiINEmVelVTDYr6ESTuphHscUhPPVtbMCxnYlXzdWdrVZLBSjxYJl X-Gm-Gg: ASbGncuNAJrBWQjJUojpB2TXRYm1sJOYPOe6ZMjCTjFuO8mmi0Zj37PGf7dORQecRex OuvudzICI9eYykUPEJcKSNxnEMFjOhj6QJUpICbyDCPJApwigxMuhpDDEo6+sZuVAhNh41tQEiD zAtZH3FcF5VNkADdU4VuVsO19ln8TA/OzIfiCJZ7DRL/EjqpJobPkX+uf1+LyvKdgg+Lp5vPgUJ KxLfvY9tvkT454sOpdrnQAiQnztXHKZOInpOAm9osgpa+iP/yxuI+4jNqA41yPOu8qBTLrTFqOJ v1A8qq3TVNndG5WISOOqbVIvAHiZNgR6/shuAqwTCGp+EBd0zLibKLFa0uwITHnquGmRYFSQO79 ngQ4= X-Google-Smtp-Source: AGHT+IGX6MOQqVc5wm5Yq6W0srP3FWpBZ52X2VGBdkyx/lyRVit+iQsQ47heBfJhITFkxa2Ofn4Sbw== X-Received: by 2002:a05:600c:34d4:b0:442:ff8e:11ac with SMTP id 5b1f17b1804b1-45334acb9fdmr5710395e9.12.1749762514445; Thu, 12 Jun 2025 14:08:34 -0700 (PDT) Received: from localhost ([2a01:4b00:d036:ae00:f2df:571a:ae4c:bef2]) by smtp.gmail.com with UTF8SMTPSA id ffacd0b85a97d-3a568a73a7bsm397421f8f.36.2025.06.12.14.08.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Jun 2025 14:08:33 -0700 (PDT) From: luca.boccassi@gmail.com To: Arkadiusz Kusztal Cc: Brian Dooley , dpdk stable Subject: patch 'crypto/qat: fix out-of-place header bytes in AEAD raw API' has been queued to stable release 22.11.9 Date: Thu, 12 Jun 2025 22:06:34 +0100 Message-ID: <20250612210733.2506558-17-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250612210733.2506558-1-luca.boccassi@gmail.com> References: <20250612210733.2506558-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 22.11.9 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 06/14/25. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/bluca/dpdk-stable This queued commit can be viewed at: https://github.com/bluca/dpdk-stable/commit/ba810fcd7b21623f285ec3d519e89b8c74b8ecac Thanks. Luca Boccassi --- >From ba810fcd7b21623f285ec3d519e89b8c74b8ecac Mon Sep 17 00:00:00 2001 From: Arkadiusz Kusztal Date: Thu, 20 Mar 2025 16:57:02 +0000 Subject: [PATCH] crypto/qat: fix out-of-place header bytes in AEAD raw API [ upstream commit 06597aaac85638eaa92b66f341185cd0ba39aca6 ] This commit fixes a problem with overwriting data in the OOP header in RAW API crypto processing when using AEAD algorithms. Fixes: 85fec6fd9674 ("crypto/qat: unify raw data path functions") Signed-off-by: Arkadiusz Kusztal Acked-by: Brian Dooley --- drivers/crypto/qat/dev/qat_crypto_pmd_gens.h | 134 +++++++++++++++++++ drivers/crypto/qat/dev/qat_sym_pmd_gen1.c | 13 +- 2 files changed, 142 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h index 266ab74a01..739649e793 100644 --- a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h +++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h @@ -6,9 +6,12 @@ #define _QAT_CRYPTO_PMD_GENS_H_ #include +#include +#include #include "qat_crypto.h" #include "qat_sym_session.h" #include "qat_sym.h" +#include "icp_qat_fw_la.h" #define QAT_SYM_DP_GET_MAX_ENQ(q, c, n) \ RTE_MIN((q->max_inflights - q->enqueued + q->dequeued - c), n) @@ -127,6 +130,137 @@ qat_cipher_is_len_in_bits(struct qat_sym_session *ctx, return 0; } +static inline +uint32_t qat_reqs_mid_set(int *error, struct icp_qat_fw_la_bulk_req *const req, + struct qat_sym_op_cookie *const cookie, const void *const opaque, + const struct rte_crypto_sgl *sgl_src, const struct rte_crypto_sgl *sgl_dst, + const union rte_crypto_sym_ofs ofs) +{ + uint32_t src_tot_length = 0; /* Returned value */ + uint32_t dst_tot_length = 0; /* Used only for input validity checks */ + uint32_t src_length = 0; + uint32_t dst_length = 0; + uint64_t src_data_addr = 0; + uint64_t dst_data_addr = 0; + const struct rte_crypto_vec * const vec_src = sgl_src->vec; + const struct rte_crypto_vec * const vec_dst = sgl_dst->vec; + const uint32_t n_src = sgl_src->num; + const uint32_t n_dst = sgl_dst->num; + const uint16_t offset = RTE_MAX(ofs.ofs.cipher.head, ofs.ofs.auth.head); + const uint8_t is_flat = !(n_src > 1 || n_dst > 1); /* Flat buffer or the SGL */ + const uint8_t is_in_place = !n_dst; /* In-place or out-of-place */ + + *error = 0; + if (unlikely((n_src < 1 || n_src > QAT_SYM_SGL_MAX_NUMBER) || + n_dst > QAT_SYM_SGL_MAX_NUMBER)) { + QAT_LOG(DEBUG, + "Invalid number of sgls, source no: %u, dst no: %u, opaque: %p", + n_src, n_dst, opaque); + *error = -1; + return 0; + } + + /* --- Flat buffer --- */ + if (is_flat) { + src_data_addr = vec_src->iova; + dst_data_addr = vec_src->iova; + src_length = vec_src->len; + dst_length = vec_src->len; + + if (is_in_place) + goto done; + /* Out-of-place + * If OOP, we need to keep in mind that offset needs to + * start where the aead starts + */ + dst_length = vec_dst->len; + /* Integer promotion here, but it does not bother this time */ + if (unlikely(offset > src_length || offset > dst_length)) { + QAT_LOG(DEBUG, + "Invalid size of the vector parameters, source length: %u, dst length: %u, opaque: %p", + src_length, dst_length, opaque); + *error = -1; + return 0; + } + src_data_addr += offset; + dst_data_addr = vec_dst->iova + offset; + src_length -= offset; + dst_length -= offset; + src_tot_length = src_length; + dst_tot_length = dst_length; + goto check; + } + + /* --- Scatter-gather list --- */ + struct qat_sgl * const qat_sgl_src = (struct qat_sgl *)&cookie->qat_sgl_src; + uint16_t i; + + ICP_QAT_FW_COMN_PTR_TYPE_SET(req->comn_hdr.comn_req_flags, + QAT_COMN_PTR_TYPE_SGL); + qat_sgl_src->num_bufs = n_src; + src_data_addr = cookie->qat_sgl_src_phys_addr; + /* Fill all the source buffers but the first one */ + for (i = 1; i < n_src; i++) { + qat_sgl_src->buffers[i].len = (vec_src + i)->len; + qat_sgl_src->buffers[i].addr = (vec_src + i)->iova; + src_tot_length += qat_sgl_src->buffers[i].len; + } + + if (is_in_place) { + /* SGL source first entry, no OOP */ + qat_sgl_src->buffers[0].len = vec_src->len; + qat_sgl_src->buffers[0].addr = vec_src->iova; + dst_data_addr = src_data_addr; + goto done; + } + /* Out-of-place */ + struct qat_sgl * const qat_sgl_dst = + (struct qat_sgl *)&cookie->qat_sgl_dst; + /* + * Offset reaching outside of the first buffer is not supported (RAW api). + * Integer promotion here, but it does not bother this time + */ + if (unlikely(offset > vec_src->len || offset > vec_dst->len)) { + QAT_LOG(DEBUG, + "Invalid size of the vector parameters, source length: %u, dst length: %u, opaque: %p", + vec_src->len, vec_dst->len, opaque); + *error = -1; + return 0; + } + /* SGL source first entry, adjusted to OOP offsets */ + qat_sgl_src->buffers[0].addr = vec_src->iova + offset; + qat_sgl_src->buffers[0].len = vec_src->len - offset; + /* SGL destination first entry, adjusted to OOP offsets */ + qat_sgl_dst->buffers[0].addr = vec_dst->iova + offset; + qat_sgl_dst->buffers[0].len = vec_dst->len - offset; + /* Fill the remaining destination buffers */ + for (i = 1; i < n_dst; i++) { + qat_sgl_dst->buffers[i].len = (vec_dst + i)->len; + qat_sgl_dst->buffers[i].addr = (vec_dst + i)->iova; + dst_tot_length += qat_sgl_dst->buffers[i].len; + } + dst_tot_length += qat_sgl_dst->buffers[0].len; + qat_sgl_dst->num_bufs = n_dst; + dst_data_addr = cookie->qat_sgl_dst_phys_addr; + +check: /* If error, return directly. If success, jump to one of these labels */ + if (src_tot_length != dst_tot_length) { + QAT_LOG(DEBUG, + "Source length is not equal to the destination length %u, dst no: %u, opaque: %p", + src_tot_length, dst_tot_length, opaque); + *error = -1; + return 0; + } +done: + req->comn_mid.opaque_data = (uintptr_t)opaque; + req->comn_mid.src_data_addr = src_data_addr; + req->comn_mid.dest_data_addr = dst_data_addr; + req->comn_mid.src_length = src_length; + req->comn_mid.dst_length = dst_length; + + return src_tot_length; +} + static __rte_always_inline int32_t qat_sym_build_req_set_data(struct icp_qat_fw_la_bulk_req *req, void *opaque, struct qat_sym_op_cookie *cookie, diff --git a/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c b/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c index 888dea4ad9..d4eabc009a 100644 --- a/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c +++ b/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c @@ -915,16 +915,19 @@ qat_sym_dp_enqueue_aead_jobs_gen1(void *qp_data, uint8_t *drv_ctx, for (i = 0; i < n; i++) { struct qat_sym_op_cookie *cookie = qp->op_cookies[tail >> tx_queue->trailz]; + int error = 0; req = (struct icp_qat_fw_la_bulk_req *)( (uint8_t *)tx_queue->base_addr + tail); rte_mov128((uint8_t *)req, (const uint8_t *)&(ctx->fw_req)); if (vec->dest_sgl) { - data_len = qat_sym_build_req_set_data(req, - user_data[i], cookie, - vec->src_sgl[i].vec, vec->src_sgl[i].num, - vec->dest_sgl[i].vec, vec->dest_sgl[i].num); + data_len = qat_reqs_mid_set(&error, req, cookie, user_data[i], + &vec->src_sgl[i], &vec->dest_sgl[i], ofs); + /* In oop there is no offset, src/dst addresses are moved + * to avoid overwriting the dst header + */ + ofs.ofs.cipher.head = 0; } else { data_len = qat_sym_build_req_set_data(req, user_data[i], cookie, @@ -932,7 +935,7 @@ qat_sym_dp_enqueue_aead_jobs_gen1(void *qp_data, uint8_t *drv_ctx, vec->src_sgl[i].num, NULL, 0); } - if (unlikely(data_len < 0)) + if (unlikely(data_len < 0) || error) break; enqueue_one_aead_job_gen1(ctx, req, &vec->iv[i], -- 2.47.2 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2025-06-12 22:06:24.525349590 +0100 +++ 0017-crypto-qat-fix-out-of-place-header-bytes-in-AEAD-raw.patch 2025-06-12 22:06:23.806043286 +0100 @@ -1 +1 @@ -From 06597aaac85638eaa92b66f341185cd0ba39aca6 Mon Sep 17 00:00:00 2001 +From ba810fcd7b21623f285ec3d519e89b8c74b8ecac Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 06597aaac85638eaa92b66f341185cd0ba39aca6 ] + @@ -10 +11,0 @@ -Cc: stable@dpdk.org @@ -20 +21 @@ -index 35c1888082..c447f2cb45 100644 +index 266ab74a01..739649e793 100644 @@ -34,3 +35,3 @@ - #define AES_OR_3DES_MISALIGNED (ctx->qat_mode == ICP_QAT_HW_CIPHER_CBC_MODE && \ - ((((ctx->qat_cipher_alg == ICP_QAT_HW_CIPHER_ALGO_AES128) || \ -@@ -146,6 +149,137 @@ qat_cipher_is_len_in_bits(struct qat_sym_session *ctx, + #define QAT_SYM_DP_GET_MAX_ENQ(q, c, n) \ + RTE_MIN((q->max_inflights - q->enqueued + q->dequeued - c), n) +@@ -127,6 +130,137 @@ qat_cipher_is_len_in_bits(struct qat_sym_session *ctx, @@ -175 +176 @@ -index 24e51a9318..3976d03179 100644 +index 888dea4ad9..d4eabc009a 100644 @@ -178 +179 @@ -@@ -942,16 +942,19 @@ qat_sym_dp_enqueue_aead_jobs_gen1(void *qp_data, uint8_t *drv_ctx, +@@ -915,16 +915,19 @@ qat_sym_dp_enqueue_aead_jobs_gen1(void *qp_data, uint8_t *drv_ctx, @@ -202 +203 @@ -@@ -959,7 +962,7 @@ qat_sym_dp_enqueue_aead_jobs_gen1(void *qp_data, uint8_t *drv_ctx, +@@ -932,7 +935,7 @@ qat_sym_dp_enqueue_aead_jobs_gen1(void *qp_data, uint8_t *drv_ctx,