From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 990EF46A63 for ; Thu, 26 Jun 2025 14:04:02 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 91F6A400D6; Thu, 26 Jun 2025 14:04:02 +0200 (CEST) Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2083.outbound.protection.outlook.com [40.107.244.83]) by mails.dpdk.org (Postfix) with ESMTP id 7A1B9400D6 for ; Thu, 26 Jun 2025 14:04:00 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jcbFivq6TPTjfc8aQ6eFlzWw5LTL4fFcTg/noMJRcY8ApnHXD7ZMFE8iHN4qmIvScYNwAQrM1/UxLLkNXWV/8FUJXJ7FKyFjN+qHNkFwqGoQF+RB8QQRuu63j2UcLFVPP1IZMmEtY9mDSl0YHerJxS9ELTsmP9cXEcHIXPnY0crZPUlfRg8LlP9WNGasn0LeKH2flhoUO7HQoMm9CfGbWnRVuzdrZ7StCBEzdM4MnrjBnBW9L2fGVAbrvRKbehPf2YEn9BYoNQhXJgWSChYmY3pJnQGM0nQCx4EzdPQAmcTwR7VGeHegSmJF/X0ec/CK9Tfje7I8o9HjvWofSviLqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=U0xR/e3+nGLhYlCHSn7VpIoGxB42zjBpyXoE3BiDgZI=; b=Wi4bujcf7CdNjM5qpoxtS+dos7DEfDFKzjKn8u+9UmykTuiNrEtIPtrtMMPfNULCoBvg69v2OKQCzrOvLTFTRnVItIMiglBVJYgI9XaEyI4tSE41V45stDaxVjKS4i9m9XxQqx4aRdKk7m2kaJaULihdiwrQ+PaB67l+ECrVnmc65Goj6OHFdAX/vqDcD/5NMmISDhAmnb+KyaL6M3SmO79IwdBJQnJo9Zpz7ojsjtYpKuBBEeXpsVtHeMLi/B0/T8rTlbycmljnO9QpI07Xwr4gEksvXoTNV1TcU36EV6wET5y1GHcb7gNu39duKx6TT+LDpAuk6MWzU2InOmqClw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=intel.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U0xR/e3+nGLhYlCHSn7VpIoGxB42zjBpyXoE3BiDgZI=; b=UD8jCu2B1WRawd7ovhTNjd5fMTgMgzfYdxxF1MGshxzpPeDfELM2EAd3MtKa4RI2RiD1wp0SH5XGm+fn8BfS4AnRpkeuzDVeDz8lZNvM4Qsd1LiF6BXHSDjNwU6cLZ02IHSxQTreWdxbH8r/OOttthaAgq5psla8O8W/SBLZlp9UO9TX8KCGhxMjQnNk8t8/vX2vtvZTeWkuS3i2ZGjsN6xyrGs180HPBJ2E96k574EJv+yWUdoEB5OuApTvsnU+wZyr5emdjaVFaSJU5kUmSP8nkku+2JIY7uyhmvK/pC7LmxxHUB74Lv5HM0BQf4S0WjQnQDpKYXCOmo2m3sf7Ig== Received: from DS7PR03CA0260.namprd03.prod.outlook.com (2603:10b6:5:3b3::25) by PH7PR12MB7843.namprd12.prod.outlook.com (2603:10b6:510:27e::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8880.17; Thu, 26 Jun 2025 12:03:56 +0000 Received: from CY4PEPF0000EE3E.namprd03.prod.outlook.com (2603:10b6:5:3b3:cafe::32) by DS7PR03CA0260.outlook.office365.com (2603:10b6:5:3b3::25) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8880.17 via Frontend Transport; Thu, 26 Jun 2025 12:03:55 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by CY4PEPF0000EE3E.mail.protection.outlook.com (10.167.242.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8880.14 via Frontend Transport; Thu, 26 Jun 2025 12:03:55 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Thu, 26 Jun 2025 05:03:45 -0700 Received: from nvidia.com (10.126.230.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14; Thu, 26 Jun 2025 05:03:43 -0700 From: Xueming Li To: Arkadiusz Kusztal CC: Xueming Li , dpdk stable Subject: patch 'crypto/qat: fix out-of-place chain/cipher/auth headers' has been queued to stable release 23.11.5 Date: Thu, 26 Jun 2025 20:00:40 +0800 Message-ID: <20250626120145.27369-21-xuemingl@nvidia.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250626120145.27369-1-xuemingl@nvidia.com> References: <20250626120145.27369-1-xuemingl@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.126.230.35] X-ClientProxiedBy: rnnvmail201.nvidia.com (10.129.68.8) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE3E:EE_|PH7PR12MB7843:EE_ X-MS-Office365-Filtering-Correlation-Id: 1e101823-ba6b-4f37-0083-08ddb4a986bf X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|1800799024|82310400026|36860700013|376014|7053199007; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?5xfzyCzY3/8tMOMBbBkOqhYO5gKQQ5nzr6ei411d0p7XMjrlkxluDEdG/mmz?= =?us-ascii?Q?vEaz1ama4xsnqetf061mPywmmS8CULT2y9VDdZKKHTS6kr3IKfGF54x976Pf?= =?us-ascii?Q?rvUNsFbFi4tGt7VE2J0z96nFW74DHgdmHDpTVUSdo+AZl09dgtlkchEtJa2J?= =?us-ascii?Q?vhbwOlknc7znFeM0DUvXRcOz+/5mmiM48OEs5e/coXgZ1iK+iGgW83DwKg7N?= =?us-ascii?Q?S5ScjBtE6Z/Dl23dcPC+rSH0sv/QmcAecYXgPJ10TS2QhyEYtIAIRCYgldk9?= =?us-ascii?Q?/Lnu5A5FyYDcCEXD7SKkpNMD4vDOoNq84gh1ARnS3f3sr50FFXy4PUXpZrZZ?= =?us-ascii?Q?4EAvH2HS+9X9Qy7xKv/qgD4LmUdhUxk0+CCPLvIfGccRndkvLL6H1cix8uDI?= =?us-ascii?Q?jTzIsHf/B9y3YEIoT1p8+eZOtricFomsB1PXDs7GgE82NIqQhOMM/psOUDO5?= =?us-ascii?Q?HSU3gbh8wE+QpMuxXo5l3y9mmYABeJlBqwDuAOju4BPAw5NqWHVkse1VZKwd?= =?us-ascii?Q?IlBfcgZDyNxyJTiP7q9qXX+dW4A/V2uEJy9YWt7igBcN3/ihWFwgajJVLzuY?= =?us-ascii?Q?4efYgAG/athUmCXWfhgldFuhCJ1P/zIY2jYFcZhtNXrExblCaV1APWwZK/+c?= =?us-ascii?Q?mOLiPnh60I5yaAUyqgSzsxCNpdpZWW2MsD7i0nCP/ESaemY4uFd9OLIKmQ53?= =?us-ascii?Q?kSwA18cO6mT4hNgNVxoJ502qC0NDmKGvCsF0n2D/6Ug8FpglsXP9/jzT/2q+?= =?us-ascii?Q?lG4yG4HO+88fSBjBJZ/1bnSQ3iZYNXWCJSee6CUEXCK842dpSlbqAH/zk+n0?= =?us-ascii?Q?nZi9kf1HgamfENrsJE4PDL1HdLSx8L4Pg2GYBud6haRBxDROf2iO0m/fwALm?= =?us-ascii?Q?U1Y+eEi6gOke+9lVYy/42NOmYKMwKqqiLajcWMgcgl6NNk+wDegHXVH0CeYn?= =?us-ascii?Q?/7Fm5AXj0n5dERAFHXxjayr0QUX2k0pqSRq0UaVGrmrguHTk5M/6B2wmHebB?= =?us-ascii?Q?b8t0tSjHwSXY5CKoD3pYh1HZd9qfSvbfqABa1+IFqSYENbXS6Owmj/eEAg+7?= =?us-ascii?Q?q5YhcnGwBYYnGO+C8NmeSBX0wHk7LbkDG11aYNP/QrRnpT+uer56OhlXHA/b?= =?us-ascii?Q?CfbaXtsSYxeSweBmcentZ8T36E48qOmyWIzigmxSayQXjEuy0TV9x1nRIChi?= =?us-ascii?Q?NnKMtCpzQWnJhBamdQK2SXYjTyM1fChMwqq4FpL5Ov4wHkO+LZF6yVbV/63V?= =?us-ascii?Q?TbB1pi504e/wDweObkcz/9PUSxClwv9I0/3X40yfvWFgFlT2lvLGMy6AGGQE?= =?us-ascii?Q?SEB1hBcfXxgqx0LVMQcEtCJsFjZCInMs9xJSi7asvTnN2jyzeoo/sDp8Kxfr?= =?us-ascii?Q?UcwsMM9mUE3SBBw/0y69IvkPo1idjgl8jebxVtIVht45aQz3dqBrFuBW7wyw?= =?us-ascii?Q?wJw07kG6Tjnp7SkzTBpG8RsDDlIyt8o40AvniCoUew/DNOEW/HWylErgahvg?= =?us-ascii?Q?spAk3LwI7hx+Sd3o07RmiiJZ7Vbie95ly3lgSQ9GnHXd5yhfYYd9Cxk9LA?= =?us-ascii?Q?=3D=3D?= X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE; SFS:(13230040)(1800799024)(82310400026)(36860700013)(376014)(7053199007); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jun 2025 12:03:55.9005 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1e101823-ba6b-4f37-0083-08ddb4a986bf X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE3E.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7843 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 23.11.5 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 06/28/25. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://git.dpdk.org/dpdk-stable/log/?h=23.11-staging This queued commit can be viewed at: https://git.dpdk.org/dpdk-stable/commit/?h=23.11-staging&id=34f3447290892361ff0cc71c3b3d407b2f0a5d1d Thanks. Xueming Li --- >From 34f3447290892361ff0cc71c3b3d407b2f0a5d1d Mon Sep 17 00:00:00 2001 From: Arkadiusz Kusztal Date: Mon, 28 Apr 2025 06:30:41 +0000 Subject: [PATCH] crypto/qat: fix out-of-place chain/cipher/auth headers Cc: Xueming Li [ upstream commit 317d05f3721c9a740614adf77aa89d00d5302cf7 ] This commit fixes a problem with overwriting data in the OOP header in RAW API crypto processing when using chain, cipher and auth algorithms. Fixes: 85fec6fd9674 ("crypto/qat: unify raw data path functions") Signed-off-by: Arkadiusz Kusztal --- drivers/crypto/qat/dev/qat_crypto_pmd_gens.h | 146 +++++++++++++++++++ drivers/crypto/qat/dev/qat_sym_pmd_gen1.c | 40 +++-- 2 files changed, 171 insertions(+), 15 deletions(-) diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h index a817c2bbb7..1c6ef0aae9 100644 --- a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h +++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h @@ -275,6 +275,152 @@ done: return src_tot_length; } +struct qat_sym_req_mid_info { + uint32_t data_len; + union rte_crypto_sym_ofs ofs; +}; + +static inline +struct qat_sym_req_mid_info qat_sym_req_mid_set( + int *error, struct icp_qat_fw_la_bulk_req *const req, + struct qat_sym_op_cookie *const cookie, const void *const opaque, + const struct rte_crypto_sgl *sgl_src, const struct rte_crypto_sgl *sgl_dst, + const union rte_crypto_sym_ofs ofs) +{ + struct qat_sym_req_mid_info info = { }; /* Returned value */ + uint32_t src_tot_length = 0; + uint32_t dst_tot_length = 0; /* Used only for input validity checks */ + uint32_t src_length = 0; + uint32_t dst_length = 0; + uint64_t src_data_addr = 0; + uint64_t dst_data_addr = 0; + union rte_crypto_sym_ofs out_ofs = ofs; + const struct rte_crypto_vec * const vec_src = sgl_src->vec; + const struct rte_crypto_vec * const vec_dst = sgl_dst->vec; + const uint32_t n_src = sgl_src->num; + const uint32_t n_dst = sgl_dst->num; + const uint16_t offset = RTE_MIN(ofs.ofs.cipher.head, ofs.ofs.auth.head); + const uint8_t is_flat = !(n_src > 1 || n_dst > 1); /* Flat buffer or the SGL */ + const uint8_t is_in_place = !n_dst; /* In-place or out-of-place */ + + *error = 0; + if (unlikely((n_src < 1 || n_src > QAT_SYM_SGL_MAX_NUMBER) || + n_dst > QAT_SYM_SGL_MAX_NUMBER)) { + QAT_LOG(DEBUG, + "Invalid number of sgls, source no: %u, dst no: %u, opaque: %p", + n_src, n_dst, opaque); + *error = -1; + return info; + } + + /* --- Flat buffer --- */ + if (is_flat) { + src_data_addr = vec_src->iova; + dst_data_addr = vec_src->iova; + src_length = vec_src->len; + dst_length = vec_src->len; + + if (is_in_place) + goto done; + /* Out-of-place + * If OOP, we need to keep in mind that offset needs to + * start where the aead starts + */ + dst_length = vec_dst->len; + /* Comparison between different types, intentional */ + if (unlikely(offset > src_length || offset > dst_length)) { + QAT_LOG(DEBUG, + "Invalid size of the vector parameters, source length: %u, dst length: %u, opaque: %p", + src_length, dst_length, opaque); + *error = -1; + return info; + } + out_ofs.ofs.cipher.head -= offset; + out_ofs.ofs.auth.head -= offset; + src_data_addr += offset; + dst_data_addr = vec_dst->iova + offset; + src_length -= offset; + dst_length -= offset; + src_tot_length = src_length; + dst_tot_length = dst_length; + goto check; + } + + /* --- Scatter-gather list --- */ + struct qat_sgl * const qat_sgl_src = (struct qat_sgl *)&cookie->qat_sgl_src; + uint16_t i; + + ICP_QAT_FW_COMN_PTR_TYPE_SET(req->comn_hdr.comn_req_flags, + QAT_COMN_PTR_TYPE_SGL); + qat_sgl_src->num_bufs = n_src; + src_data_addr = cookie->qat_sgl_src_phys_addr; + /* Fill all the source buffers but the first one */ + for (i = 1; i < n_src; i++) { + qat_sgl_src->buffers[i].len = (vec_src + i)->len; + qat_sgl_src->buffers[i].addr = (vec_src + i)->iova; + src_tot_length += qat_sgl_src->buffers[i].len; + } + + if (is_in_place) { + /* SGL source first entry, no OOP */ + qat_sgl_src->buffers[0].len = vec_src->len; + qat_sgl_src->buffers[0].addr = vec_src->iova; + dst_data_addr = src_data_addr; + goto done; + } + /* Out-of-place */ + struct qat_sgl * const qat_sgl_dst = + (struct qat_sgl *)&cookie->qat_sgl_dst; + /* + * Offset reaching outside of the first buffer is not supported (RAW api). + * Integer promotion here, but it does not bother this time + */ + if (unlikely(offset > vec_src->len || offset > vec_dst->len)) { + QAT_LOG(DEBUG, + "Invalid size of the vector parameters, source length: %u, dst length: %u, opaque: %p", + vec_src->len, vec_dst->len, opaque); + *error = -1; + return info; + } + out_ofs.ofs.cipher.head -= offset; + out_ofs.ofs.auth.head -= offset; + /* SGL source first entry, adjusted to OOP offsets */ + qat_sgl_src->buffers[0].addr = vec_src->iova + offset; + qat_sgl_src->buffers[0].len = vec_src->len - offset; + /* SGL destination first entry, adjusted to OOP offsets */ + qat_sgl_dst->buffers[0].addr = vec_dst->iova + offset; + qat_sgl_dst->buffers[0].len = vec_dst->len - offset; + /* Fill the remaining destination buffers */ + for (i = 1; i < n_dst; i++) { + qat_sgl_dst->buffers[i].len = (vec_dst + i)->len; + qat_sgl_dst->buffers[i].addr = (vec_dst + i)->iova; + dst_tot_length += qat_sgl_dst->buffers[i].len; + } + dst_tot_length += qat_sgl_dst->buffers[0].len; + qat_sgl_dst->num_bufs = n_dst; + dst_data_addr = cookie->qat_sgl_dst_phys_addr; + +check: /* If error, return directly. If success, jump to one of these labels */ + if (src_tot_length != dst_tot_length) { + QAT_LOG(DEBUG, + "Source length is not equal to the destination length %u, dst no: %u, opaque: %p", + src_tot_length, dst_tot_length, opaque); + *error = -1; + return info; + } +done: + req->comn_mid.opaque_data = (uintptr_t)opaque; + req->comn_mid.src_data_addr = src_data_addr; + req->comn_mid.dest_data_addr = dst_data_addr; + req->comn_mid.src_length = src_length; + req->comn_mid.dst_length = dst_length; + + info.data_len = src_tot_length; + info.ofs = out_ofs; + + return info; +} + static __rte_always_inline int32_t qat_sym_build_req_set_data(struct icp_qat_fw_la_bulk_req *req, void *opaque, struct qat_sym_op_cookie *cookie, diff --git a/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c b/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c index b06514cd62..1e7c35afed 100644 --- a/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c +++ b/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c @@ -544,16 +544,20 @@ qat_sym_dp_enqueue_cipher_jobs_gen1(void *qp_data, uint8_t *drv_ctx, for (i = 0; i < n; i++) { struct qat_sym_op_cookie *cookie = qp->op_cookies[tail >> tx_queue->trailz]; + struct qat_sym_req_mid_info info = { }; + union rte_crypto_sym_ofs temp_ofs = ofs; + int error = 0; + temp_ofs.ofs.auth = temp_ofs.ofs.cipher; req = (struct icp_qat_fw_la_bulk_req *)( (uint8_t *)tx_queue->base_addr + tail); rte_mov128((uint8_t *)req, (const uint8_t *)&(ctx->fw_req)); if (vec->dest_sgl) { - data_len = qat_sym_build_req_set_data(req, - user_data[i], cookie, - vec->src_sgl[i].vec, vec->src_sgl[i].num, - vec->dest_sgl[i].vec, vec->dest_sgl[i].num); + info = qat_sym_req_mid_set(&error, req, cookie, user_data[i], + &vec->src_sgl[i], &vec->dest_sgl[i], temp_ofs); + data_len = info.data_len; + ofs = info.ofs; } else { data_len = qat_sym_build_req_set_data(req, user_data[i], cookie, @@ -561,7 +565,7 @@ qat_sym_dp_enqueue_cipher_jobs_gen1(void *qp_data, uint8_t *drv_ctx, vec->src_sgl[i].num, NULL, 0); } - if (unlikely(data_len < 0)) + if (unlikely(data_len < 0 || error)) break; enqueue_one_cipher_job_gen1(ctx, req, &vec->iv[i], ofs, (uint32_t)data_len, cookie); @@ -658,16 +662,20 @@ qat_sym_dp_enqueue_auth_jobs_gen1(void *qp_data, uint8_t *drv_ctx, for (i = 0; i < n; i++) { struct qat_sym_op_cookie *cookie = qp->op_cookies[tail >> tx_queue->trailz]; + struct qat_sym_req_mid_info info = { }; + union rte_crypto_sym_ofs temp_ofs = ofs; + int error = 0; + temp_ofs.ofs.cipher = temp_ofs.ofs.auth; req = (struct icp_qat_fw_la_bulk_req *)( (uint8_t *)tx_queue->base_addr + tail); rte_mov128((uint8_t *)req, (const uint8_t *)&(ctx->fw_req)); if (vec->dest_sgl) { - data_len = qat_sym_build_req_set_data(req, - user_data[i], cookie, - vec->src_sgl[i].vec, vec->src_sgl[i].num, - vec->dest_sgl[i].vec, vec->dest_sgl[i].num); + info = qat_sym_req_mid_set(&error, req, cookie, user_data[i], + &vec->src_sgl[i], &vec->dest_sgl[i], temp_ofs); + data_len = info.data_len; + ofs = info.ofs; } else { data_len = qat_sym_build_req_set_data(req, user_data[i], cookie, @@ -675,7 +683,7 @@ qat_sym_dp_enqueue_auth_jobs_gen1(void *qp_data, uint8_t *drv_ctx, vec->src_sgl[i].num, NULL, 0); } - if (unlikely(data_len < 0)) + if (unlikely(data_len < 0 || error)) break; if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_NULL) { @@ -781,16 +789,18 @@ qat_sym_dp_enqueue_chain_jobs_gen1(void *qp_data, uint8_t *drv_ctx, for (i = 0; i < n; i++) { struct qat_sym_op_cookie *cookie = qp->op_cookies[tail >> tx_queue->trailz]; + struct qat_sym_req_mid_info info = { }; + int error = 0; req = (struct icp_qat_fw_la_bulk_req *)( (uint8_t *)tx_queue->base_addr + tail); rte_mov128((uint8_t *)req, (const uint8_t *)&(ctx->fw_req)); if (vec->dest_sgl) { - data_len = qat_sym_build_req_set_data(req, - user_data[i], cookie, - vec->src_sgl[i].vec, vec->src_sgl[i].num, - vec->dest_sgl[i].vec, vec->dest_sgl[i].num); + info = qat_sym_req_mid_set(&error, req, cookie, user_data[i], + &vec->src_sgl[i], &vec->dest_sgl[i], ofs); + data_len = info.data_len; + ofs = info.ofs; } else { data_len = qat_sym_build_req_set_data(req, user_data[i], cookie, @@ -798,7 +808,7 @@ qat_sym_dp_enqueue_chain_jobs_gen1(void *qp_data, uint8_t *drv_ctx, vec->src_sgl[i].num, NULL, 0); } - if (unlikely(data_len < 0)) + if (unlikely(data_len < 0 || error)) break; if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_NULL) { -- 2.34.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2025-06-26 19:59:18.665600991 +0800 +++ 0020-crypto-qat-fix-out-of-place-chain-cipher-auth-header.patch 2025-06-26 19:59:17.234418050 +0800 @@ -1 +1 @@ -From 317d05f3721c9a740614adf77aa89d00d5302cf7 Mon Sep 17 00:00:00 2001 +From 34f3447290892361ff0cc71c3b3d407b2f0a5d1d Mon Sep 17 00:00:00 2001 @@ -4,0 +5,3 @@ +Cc: Xueming Li + +[ upstream commit 317d05f3721c9a740614adf77aa89d00d5302cf7 ] @@ -10 +12,0 @@ -Cc: stable@dpdk.org @@ -19 +21 @@ -index c447f2cb45..846636f57d 100644 +index a817c2bbb7..1c6ef0aae9 100644 @@ -22 +24 @@ -@@ -280,6 +280,152 @@ done: +@@ -275,6 +275,152 @@ done: @@ -176 +178 @@ -index 3976d03179..561166203c 100644 +index b06514cd62..1e7c35afed 100644 @@ -179 +181 @@ -@@ -567,16 +567,20 @@ qat_sym_dp_enqueue_cipher_jobs_gen1(void *qp_data, uint8_t *drv_ctx, +@@ -544,16 +544,20 @@ qat_sym_dp_enqueue_cipher_jobs_gen1(void *qp_data, uint8_t *drv_ctx, @@ -204 +206 @@ -@@ -584,7 +588,7 @@ qat_sym_dp_enqueue_cipher_jobs_gen1(void *qp_data, uint8_t *drv_ctx, +@@ -561,7 +565,7 @@ qat_sym_dp_enqueue_cipher_jobs_gen1(void *qp_data, uint8_t *drv_ctx, @@ -211,3 +213,3 @@ - - if (ctx->is_zuc256) -@@ -688,16 +692,20 @@ qat_sym_dp_enqueue_auth_jobs_gen1(void *qp_data, uint8_t *drv_ctx, + enqueue_one_cipher_job_gen1(ctx, req, &vec->iv[i], ofs, + (uint32_t)data_len, cookie); +@@ -658,16 +662,20 @@ qat_sym_dp_enqueue_auth_jobs_gen1(void *qp_data, uint8_t *drv_ctx, @@ -238 +240 @@ -@@ -705,7 +713,7 @@ qat_sym_dp_enqueue_auth_jobs_gen1(void *qp_data, uint8_t *drv_ctx, +@@ -675,7 +683,7 @@ qat_sym_dp_enqueue_auth_jobs_gen1(void *qp_data, uint8_t *drv_ctx, @@ -246,2 +248,2 @@ - if (ctx->is_zuc256) -@@ -819,16 +827,18 @@ qat_sym_dp_enqueue_chain_jobs_gen1(void *qp_data, uint8_t *drv_ctx, + if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_NULL) { +@@ -781,16 +789,18 @@ qat_sym_dp_enqueue_chain_jobs_gen1(void *qp_data, uint8_t *drv_ctx, @@ -270 +272 @@ -@@ -836,7 +846,7 @@ qat_sym_dp_enqueue_chain_jobs_gen1(void *qp_data, uint8_t *drv_ctx, +@@ -798,7 +808,7 @@ qat_sym_dp_enqueue_chain_jobs_gen1(void *qp_data, uint8_t *drv_ctx, @@ -278 +280 @@ - if (ctx->is_zuc256) { + if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_NULL) {