* [PATCH] test/security: fix buffer leaks in error path
@ 2023-08-22 17:33 Akhil Goyal
2023-08-25 11:22 ` Hemant Agrawal
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Akhil Goyal @ 2023-08-22 17:33 UTC (permalink / raw)
To: dev; +Cc: vattunuru, Akhil Goyal, stable
In case of failure of a test in macsec autotest,
the buffers were not getting cleaned.
Added appropriate code to clean the buffers.
Fixes: 993ea577a006 ("test/security: add inline MACsec cases")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
app/test/test_security_inline_macsec.c | 70 ++++++++++++++++++--------
1 file changed, 49 insertions(+), 21 deletions(-)
diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c
index 20670fe5d2..8b57bc51fb 100644
--- a/app/test/test_security_inline_macsec.c
+++ b/app/test/test_security_inline_macsec.c
@@ -837,6 +837,11 @@ test_macsec_event_callback(uint16_t port_id, enum rte_eth_event_type type,
return 0;
}
+#define FREE_PKTS(j, m) { \
+ while (j--) \
+ rte_pktmbuf_free(m[j]); \
+}
+
static int
test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs_test_opts *opts)
{
@@ -878,8 +883,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
tx_pkts_burst[j]->ol_flags |= RTE_MBUF_F_TX_MACSEC;
}
if (tx_pkts_burst[j] == NULL) {
- while (j--)
- rte_pktmbuf_free(tx_pkts_burst[j]);
+ FREE_PKTS(j, tx_pkts_burst);
ret = TEST_FAILED;
goto out;
}
@@ -891,8 +895,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
opts->ar_td[k]->secure_pkt.data,
opts->ar_td[k]->secure_pkt.len);
if (tx_pkts_burst[j] == NULL) {
- while (j--)
- rte_pktmbuf_free(tx_pkts_burst[j]);
+ FREE_PKTS(j, tx_pkts_burst);
ret = TEST_FAILED;
goto out;
}
@@ -919,8 +922,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
tx_pkts_burst[j]->ol_flags |= RTE_MBUF_F_TX_MACSEC;
}
if (tx_pkts_burst[j] == NULL) {
- while (j--)
- rte_pktmbuf_free(tx_pkts_burst[j]);
+ FREE_PKTS(j, tx_pkts_burst);
ret = TEST_FAILED;
goto out;
}
@@ -942,7 +944,9 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
id = rte_security_macsec_sa_create(ctx, &sa_conf);
if (id < 0) {
printf("MACsec SA create failed : %d.\n", id);
- return TEST_FAILED;
+ FREE_PKTS(j, tx_pkts_burst);
+ ret = TEST_FAILED;
+ goto out;
}
rx_sa_id[i][an] = (uint16_t)id;
}
@@ -951,6 +955,8 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
id = rte_security_macsec_sc_create(ctx, &sc_conf);
if (id < 0) {
printf("MACsec SC create failed : %d.\n", id);
+ FREE_PKTS(j, tx_pkts_burst);
+ ret = TEST_FAILED;
goto out;
}
rx_sc_id[i] = (uint16_t)id;
@@ -958,19 +964,26 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
/* Create Inline IPsec session. */
ret = fill_session_conf(td[i], port_id, opts, &sess_conf,
RTE_SECURITY_MACSEC_DIR_RX, rx_sc_id[i], tci_off);
- if (ret)
- return TEST_FAILED;
-
+ if (ret) {
+ FREE_PKTS(j, tx_pkts_burst);
+ ret = TEST_FAILED;
+ goto out;
+ }
rx_sess[i] = rte_security_session_create(ctx, &sess_conf,
sess_pool);
if (rx_sess[i] == NULL) {
printf("SEC Session init failed.\n");
- return TEST_FAILED;
+ FREE_PKTS(j, tx_pkts_burst);
+ ret = TEST_FAILED;
+ goto out;
}
ret = create_default_flow(td[i], port_id,
RTE_SECURITY_MACSEC_DIR_RX, rx_sess[i]);
- if (ret)
+ if (ret) {
+ FREE_PKTS(j, tx_pkts_burst);
+ ret = TEST_FAILED;
goto out;
+ }
}
if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP ||
op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) {
@@ -983,7 +996,9 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
id = rte_security_macsec_sa_create(ctx, &sa_conf);
if (id < 0) {
printf("MACsec SA create failed : %d.\n", id);
- return TEST_FAILED;
+ FREE_PKTS(j, tx_pkts_burst);
+ ret = TEST_FAILED;
+ goto out;
}
tx_sa_id[i][0] = (uint16_t)id;
tx_sa_id[i][1] = MCS_INVALID_SA;
@@ -997,6 +1012,8 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
id = rte_security_macsec_sa_create(ctx, &sa_conf);
if (id < 0) {
printf("MACsec rekey SA create failed : %d.\n", id);
+ FREE_PKTS(j, tx_pkts_burst);
+ ret = TEST_FAILED;
goto out;
}
tx_sa_id[i][1] = (uint16_t)id;
@@ -1006,6 +1023,8 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
id = rte_security_macsec_sc_create(ctx, &sc_conf);
if (id < 0) {
printf("MACsec SC create failed : %d.\n", id);
+ FREE_PKTS(j, tx_pkts_burst);
+ ret = TEST_FAILED;
goto out;
}
tx_sc_id[i] = (uint16_t)id;
@@ -1013,19 +1032,26 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
/* Create Inline IPsec session. */
ret = fill_session_conf(td[i], port_id, opts, &sess_conf,
RTE_SECURITY_MACSEC_DIR_TX, tx_sc_id[i], tci_off);
- if (ret)
- return TEST_FAILED;
-
+ if (ret) {
+ FREE_PKTS(j, tx_pkts_burst);
+ ret = TEST_FAILED;
+ goto out;
+ }
tx_sess[i] = rte_security_session_create(ctx, &sess_conf,
sess_pool);
if (tx_sess[i] == NULL) {
printf("SEC Session init failed.\n");
- return TEST_FAILED;
+ FREE_PKTS(j, tx_pkts_burst);
+ ret = TEST_FAILED;
+ goto out;
}
ret = create_default_flow(td[i], port_id,
RTE_SECURITY_MACSEC_DIR_TX, tx_sess[i]);
- if (ret)
+ if (ret) {
+ FREE_PKTS(j, tx_pkts_burst);
+ ret = TEST_FAILED;
goto out;
+ }
}
}
@@ -1042,6 +1068,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
rte_pause();
+ j = 0;
/* Receive back packet on loopback interface. */
do {
nb_rx += rte_eth_rx_burst(port_id, 0,
@@ -1055,8 +1082,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
if (nb_rx != nb_sent) {
printf("\nUnable to RX all %d packets, received(%i)",
nb_sent, nb_rx);
- while (--nb_rx >= 0)
- rte_pktmbuf_free(rx_pkts_burst[nb_rx]);
+ FREE_PKTS(nb_rx, rx_pkts_burst);
ret = TEST_FAILED;
if (opts->check_sectag_interrupts == 1)
ret = TEST_SUCCESS;
@@ -1080,7 +1106,9 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
id = rte_security_macsec_sa_create(ctx, &sa_conf);
if (id < 0) {
printf("MACsec SA create failed : %d.\n", id);
- return TEST_FAILED;
+ FREE_PKTS(nb_rx, rx_pkts_burst);
+ ret = TEST_FAILED;
+ goto out;
}
tx_sa_id[0][0] = (uint16_t)id;
break;
--
2.25.1
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] test/security: fix buffer leaks in error path
2023-08-22 17:33 [PATCH] test/security: fix buffer leaks in error path Akhil Goyal
@ 2023-08-25 11:22 ` Hemant Agrawal
2023-09-19 6:33 ` [EXT] " Akhil Goyal
2023-09-19 14:58 ` Stephen Hemminger
2023-10-31 6:44 ` [PATCH v2] " Akhil Goyal
2 siblings, 1 reply; 9+ messages in thread
From: Hemant Agrawal @ 2023-08-25 11:22 UTC (permalink / raw)
To: Akhil Goyal, dev; +Cc: vattunuru, stable
On 22-Aug-23 11:03 PM, Akhil Goyal wrote:
> In case of failure of a test in macsec autotest,
> the buffers were not getting cleaned.
> Added appropriate code to clean the buffers.
>
> Fixes: 993ea577a006 ("test/security: add inline MACsec cases")
> Cc: stable@dpdk.org
>
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> ---
> app/test/test_security_inline_macsec.c | 70 ++++++++++++++++++--------
> 1 file changed, 49 insertions(+), 21 deletions(-)
>
> diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c
> index 20670fe5d2..8b57bc51fb 100644
> --- a/app/test/test_security_inline_macsec.c
> +++ b/app/test/test_security_inline_macsec.c
> @@ -837,6 +837,11 @@ test_macsec_event_callback(uint16_t port_id, enum rte_eth_event_type type,
> return 0;
> }
>
> +#define FREE_PKTS(j, m) { \
> + while (j--) \
> + rte_pktmbuf_free(m[j]); \
> +}
> +
Changes looks good. However do you want to define a static inline
function here instead of macro?
> static int
> test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs_test_opts *opts)
> {
> @@ -878,8 +883,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
> tx_pkts_burst[j]->ol_flags |= RTE_MBUF_F_TX_MACSEC;
> }
> if (tx_pkts_burst[j] == NULL) {
> - while (j--)
> - rte_pktmbuf_free(tx_pkts_burst[j]);
> + FREE_PKTS(j, tx_pkts_burst);
> ret = TEST_FAILED;
> goto out;
> }
> @@ -891,8 +895,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
> opts->ar_td[k]->secure_pkt.data,
> opts->ar_td[k]->secure_pkt.len);
> if (tx_pkts_burst[j] == NULL) {
> - while (j--)
> - rte_pktmbuf_free(tx_pkts_burst[j]);
> + FREE_PKTS(j, tx_pkts_burst);
> ret = TEST_FAILED;
> goto out;
> }
> @@ -919,8 +922,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
> tx_pkts_burst[j]->ol_flags |= RTE_MBUF_F_TX_MACSEC;
> }
> if (tx_pkts_burst[j] == NULL) {
> - while (j--)
> - rte_pktmbuf_free(tx_pkts_burst[j]);
> + FREE_PKTS(j, tx_pkts_burst);
> ret = TEST_FAILED;
> goto out;
> }
> @@ -942,7 +944,9 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
> id = rte_security_macsec_sa_create(ctx, &sa_conf);
> if (id < 0) {
> printf("MACsec SA create failed : %d.\n", id);
> - return TEST_FAILED;
> + FREE_PKTS(j, tx_pkts_burst);
> + ret = TEST_FAILED;
> + goto out;
> }
> rx_sa_id[i][an] = (uint16_t)id;
> }
> @@ -951,6 +955,8 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
> id = rte_security_macsec_sc_create(ctx, &sc_conf);
> if (id < 0) {
> printf("MACsec SC create failed : %d.\n", id);
> + FREE_PKTS(j, tx_pkts_burst);
> + ret = TEST_FAILED;
> goto out;
> }
> rx_sc_id[i] = (uint16_t)id;
> @@ -958,19 +964,26 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
> /* Create Inline IPsec session. */
> ret = fill_session_conf(td[i], port_id, opts, &sess_conf,
> RTE_SECURITY_MACSEC_DIR_RX, rx_sc_id[i], tci_off);
> - if (ret)
> - return TEST_FAILED;
> -
> + if (ret) {
> + FREE_PKTS(j, tx_pkts_burst);
> + ret = TEST_FAILED;
> + goto out;
> + }
> rx_sess[i] = rte_security_session_create(ctx, &sess_conf,
> sess_pool);
> if (rx_sess[i] == NULL) {
> printf("SEC Session init failed.\n");
> - return TEST_FAILED;
> + FREE_PKTS(j, tx_pkts_burst);
> + ret = TEST_FAILED;
> + goto out;
> }
> ret = create_default_flow(td[i], port_id,
> RTE_SECURITY_MACSEC_DIR_RX, rx_sess[i]);
> - if (ret)
> + if (ret) {
> + FREE_PKTS(j, tx_pkts_burst);
> + ret = TEST_FAILED;
> goto out;
> + }
> }
> if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP ||
> op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) {
> @@ -983,7 +996,9 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
> id = rte_security_macsec_sa_create(ctx, &sa_conf);
> if (id < 0) {
> printf("MACsec SA create failed : %d.\n", id);
> - return TEST_FAILED;
> + FREE_PKTS(j, tx_pkts_burst);
> + ret = TEST_FAILED;
> + goto out;
> }
> tx_sa_id[i][0] = (uint16_t)id;
> tx_sa_id[i][1] = MCS_INVALID_SA;
> @@ -997,6 +1012,8 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
> id = rte_security_macsec_sa_create(ctx, &sa_conf);
> if (id < 0) {
> printf("MACsec rekey SA create failed : %d.\n", id);
> + FREE_PKTS(j, tx_pkts_burst);
> + ret = TEST_FAILED;
> goto out;
> }
> tx_sa_id[i][1] = (uint16_t)id;
> @@ -1006,6 +1023,8 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
> id = rte_security_macsec_sc_create(ctx, &sc_conf);
> if (id < 0) {
> printf("MACsec SC create failed : %d.\n", id);
> + FREE_PKTS(j, tx_pkts_burst);
> + ret = TEST_FAILED;
> goto out;
> }
> tx_sc_id[i] = (uint16_t)id;
> @@ -1013,19 +1032,26 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
> /* Create Inline IPsec session. */
> ret = fill_session_conf(td[i], port_id, opts, &sess_conf,
> RTE_SECURITY_MACSEC_DIR_TX, tx_sc_id[i], tci_off);
> - if (ret)
> - return TEST_FAILED;
> -
> + if (ret) {
> + FREE_PKTS(j, tx_pkts_burst);
> + ret = TEST_FAILED;
> + goto out;
> + }
> tx_sess[i] = rte_security_session_create(ctx, &sess_conf,
> sess_pool);
> if (tx_sess[i] == NULL) {
> printf("SEC Session init failed.\n");
> - return TEST_FAILED;
> + FREE_PKTS(j, tx_pkts_burst);
> + ret = TEST_FAILED;
> + goto out;
> }
> ret = create_default_flow(td[i], port_id,
> RTE_SECURITY_MACSEC_DIR_TX, tx_sess[i]);
> - if (ret)
> + if (ret) {
> + FREE_PKTS(j, tx_pkts_burst);
> + ret = TEST_FAILED;
> goto out;
> + }
> }
> }
>
> @@ -1042,6 +1068,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
>
> rte_pause();
>
> + j = 0;
> /* Receive back packet on loopback interface. */
> do {
> nb_rx += rte_eth_rx_burst(port_id, 0,
> @@ -1055,8 +1082,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
> if (nb_rx != nb_sent) {
> printf("\nUnable to RX all %d packets, received(%i)",
> nb_sent, nb_rx);
> - while (--nb_rx >= 0)
> - rte_pktmbuf_free(rx_pkts_burst[nb_rx]);
> + FREE_PKTS(nb_rx, rx_pkts_burst);
> ret = TEST_FAILED;
> if (opts->check_sectag_interrupts == 1)
> ret = TEST_SUCCESS;
> @@ -1080,7 +1106,9 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
> id = rte_security_macsec_sa_create(ctx, &sa_conf);
> if (id < 0) {
> printf("MACsec SA create failed : %d.\n", id);
> - return TEST_FAILED;
> + FREE_PKTS(nb_rx, rx_pkts_burst);
> + ret = TEST_FAILED;
> + goto out;
> }
> tx_sa_id[0][0] = (uint16_t)id;
> break;
^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: [EXT] Re: [PATCH] test/security: fix buffer leaks in error path
2023-08-25 11:22 ` Hemant Agrawal
@ 2023-09-19 6:33 ` Akhil Goyal
0 siblings, 0 replies; 9+ messages in thread
From: Akhil Goyal @ 2023-09-19 6:33 UTC (permalink / raw)
To: hemant.agrawal, dev; +Cc: Vamsi Krishna Attunuru, stable
> > +#define FREE_PKTS(j, m) { \
> > + while (j--) \
> > + rte_pktmbuf_free(m[j]); \
> > +}
> > +
>
> Changes looks good. However do you want to define a static inline
> function here instead of macro?
Any specific reason for changing to inline function?
In this case macro is as good as inline function.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] test/security: fix buffer leaks in error path
2023-08-22 17:33 [PATCH] test/security: fix buffer leaks in error path Akhil Goyal
2023-08-25 11:22 ` Hemant Agrawal
@ 2023-09-19 14:58 ` Stephen Hemminger
2023-09-19 19:17 ` [EXT] " Akhil Goyal
2023-10-31 6:44 ` [PATCH v2] " Akhil Goyal
2 siblings, 1 reply; 9+ messages in thread
From: Stephen Hemminger @ 2023-09-19 14:58 UTC (permalink / raw)
To: Akhil Goyal; +Cc: dev, vattunuru, stable
On Tue, 22 Aug 2023 23:03:16 +0530
Akhil Goyal <gakhil@marvell.com> wrote:
> diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c
> index 20670fe5d2..8b57bc51fb 100644
> --- a/app/test/test_security_inline_macsec.c
> +++ b/app/test/test_security_inline_macsec.c
> @@ -837,6 +837,11 @@ test_macsec_event_callback(uint16_t port_id, enum rte_eth_event_type type,
> return 0;
> }
>
> +#define FREE_PKTS(j, m) { \
> + while (j--) \
> + rte_pktmbuf_free(m[j]); \
> +}
> +
This is just a slower version of rte_pktmbuf_free_bulk!
^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: [EXT] Re: [PATCH] test/security: fix buffer leaks in error path
2023-09-19 14:58 ` Stephen Hemminger
@ 2023-09-19 19:17 ` Akhil Goyal
0 siblings, 0 replies; 9+ messages in thread
From: Akhil Goyal @ 2023-09-19 19:17 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: dev, Vamsi Krishna Attunuru, stable
> On Tue, 22 Aug 2023 23:03:16 +0530
> Akhil Goyal <gakhil@marvell.com> wrote:
>
> > diff --git a/app/test/test_security_inline_macsec.c
> b/app/test/test_security_inline_macsec.c
> > index 20670fe5d2..8b57bc51fb 100644
> > --- a/app/test/test_security_inline_macsec.c
> > +++ b/app/test/test_security_inline_macsec.c
> > @@ -837,6 +837,11 @@ test_macsec_event_callback(uint16_t port_id, enum
> rte_eth_event_type type,
> > return 0;
> > }
> >
> > +#define FREE_PKTS(j, m) { \
> > + while (j--) \
> > + rte_pktmbuf_free(m[j]); \
> > +}
> > +
>
> This is just a slower version of rte_pktmbuf_free_bulk!
Ok Will fix it. Thanks Stephen for pointing this out.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v2] test/security: fix buffer leaks in error path
2023-08-22 17:33 [PATCH] test/security: fix buffer leaks in error path Akhil Goyal
2023-08-25 11:22 ` Hemant Agrawal
2023-09-19 14:58 ` Stephen Hemminger
@ 2023-10-31 6:44 ` Akhil Goyal
2023-10-31 13:56 ` Hemant Agrawal
2023-10-31 15:47 ` Stephen Hemminger
2 siblings, 2 replies; 9+ messages in thread
From: Akhil Goyal @ 2023-10-31 6:44 UTC (permalink / raw)
To: dev; +Cc: stephen, hemant.agrawal, vattunuru, Akhil Goyal, stable
In case of failure of a test in macsec autotest,
the buffers were not getting cleaned.
Added appropriate code to clean the buffers.
Fixes: 993ea577a006 ("test/security: add inline MACsec cases")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
- Used rte_pktmbuf_free_bulk as suggested by Stephen.
app/test/test_security_inline_macsec.c | 65 +++++++++++++++++---------
1 file changed, 44 insertions(+), 21 deletions(-)
diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c
index 59b1b8a6a6..f11e9da8c3 100644
--- a/app/test/test_security_inline_macsec.c
+++ b/app/test/test_security_inline_macsec.c
@@ -952,8 +952,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
tx_pkts_burst[j]->ol_flags |= RTE_MBUF_F_TX_MACSEC;
}
if (tx_pkts_burst[j] == NULL) {
- while (j--)
- rte_pktmbuf_free(tx_pkts_burst[j]);
+ rte_pktmbuf_free_bulk(tx_pkts_burst, j);
ret = TEST_FAILED;
goto out;
}
@@ -965,8 +964,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
opts->ar_td[k]->secure_pkt.data,
opts->ar_td[k]->secure_pkt.len);
if (tx_pkts_burst[j] == NULL) {
- while (j--)
- rte_pktmbuf_free(tx_pkts_burst[j]);
+ rte_pktmbuf_free_bulk(tx_pkts_burst, j);
ret = TEST_FAILED;
goto out;
}
@@ -993,8 +991,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
tx_pkts_burst[j]->ol_flags |= RTE_MBUF_F_TX_MACSEC;
}
if (tx_pkts_burst[j] == NULL) {
- while (j--)
- rte_pktmbuf_free(tx_pkts_burst[j]);
+ rte_pktmbuf_free_bulk(tx_pkts_burst, j);
ret = TEST_FAILED;
goto out;
}
@@ -1016,7 +1013,9 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
id = rte_security_macsec_sa_create(ctx, &sa_conf);
if (id < 0) {
printf("MACsec SA create failed : %d.\n", id);
- return TEST_FAILED;
+ rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+ ret = TEST_FAILED;
+ goto out;
}
rx_sa_id[i][an] = (uint16_t)id;
}
@@ -1025,6 +1024,8 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
id = rte_security_macsec_sc_create(ctx, &sc_conf);
if (id < 0) {
printf("MACsec SC create failed : %d.\n", id);
+ rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+ ret = TEST_FAILED;
goto out;
}
rx_sc_id[i] = (uint16_t)id;
@@ -1032,19 +1033,26 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
/* Create Inline IPsec session. */
ret = fill_session_conf(td[i], port_id, opts, &sess_conf,
RTE_SECURITY_MACSEC_DIR_RX, rx_sc_id[i], tci_off);
- if (ret)
- return TEST_FAILED;
-
+ if (ret) {
+ rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+ ret = TEST_FAILED;
+ goto out;
+ }
rx_sess[i] = rte_security_session_create(ctx, &sess_conf,
sess_pool);
if (rx_sess[i] == NULL) {
printf("SEC Session init failed.\n");
- return TEST_FAILED;
+ rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+ ret = TEST_FAILED;
+ goto out;
}
ret = create_default_flow(td[i], port_id,
RTE_SECURITY_MACSEC_DIR_RX, rx_sess[i]);
- if (ret)
+ if (ret) {
+ rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+ ret = TEST_FAILED;
goto out;
+ }
}
if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP ||
op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) {
@@ -1057,7 +1065,9 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
id = rte_security_macsec_sa_create(ctx, &sa_conf);
if (id < 0) {
printf("MACsec SA create failed : %d.\n", id);
- return TEST_FAILED;
+ rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+ ret = TEST_FAILED;
+ goto out;
}
tx_sa_id[i][0] = (uint16_t)id;
tx_sa_id[i][1] = MCS_INVALID_SA;
@@ -1071,6 +1081,8 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
id = rte_security_macsec_sa_create(ctx, &sa_conf);
if (id < 0) {
printf("MACsec rekey SA create failed : %d.\n", id);
+ rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+ ret = TEST_FAILED;
goto out;
}
tx_sa_id[i][1] = (uint16_t)id;
@@ -1080,6 +1092,8 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
id = rte_security_macsec_sc_create(ctx, &sc_conf);
if (id < 0) {
printf("MACsec SC create failed : %d.\n", id);
+ rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+ ret = TEST_FAILED;
goto out;
}
tx_sc_id[i] = (uint16_t)id;
@@ -1087,19 +1101,26 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
/* Create Inline IPsec session. */
ret = fill_session_conf(td[i], port_id, opts, &sess_conf,
RTE_SECURITY_MACSEC_DIR_TX, tx_sc_id[i], tci_off);
- if (ret)
- return TEST_FAILED;
-
+ if (ret) {
+ rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+ ret = TEST_FAILED;
+ goto out;
+ }
tx_sess[i] = rte_security_session_create(ctx, &sess_conf,
sess_pool);
if (tx_sess[i] == NULL) {
printf("SEC Session init failed.\n");
- return TEST_FAILED;
+ rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+ ret = TEST_FAILED;
+ goto out;
}
ret = create_default_flow(td[i], port_id,
RTE_SECURITY_MACSEC_DIR_TX, tx_sess[i]);
- if (ret)
+ if (ret) {
+ rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+ ret = TEST_FAILED;
goto out;
+ }
}
}
@@ -1116,6 +1137,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
rte_pause();
+ j = 0;
/* Receive back packet on loopback interface. */
do {
nb_rx += rte_eth_rx_burst(port_id, 0,
@@ -1129,8 +1151,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
if (nb_rx != nb_sent) {
printf("\nUnable to RX all %d packets, received(%i)",
nb_sent, nb_rx);
- while (--nb_rx >= 0)
- rte_pktmbuf_free(rx_pkts_burst[nb_rx]);
+ rte_pktmbuf_free_bulk(rx_pkts_burst, nb_rx);
ret = TEST_FAILED;
if (opts->check_sectag_interrupts == 1)
ret = TEST_SUCCESS;
@@ -1154,7 +1175,9 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
id = rte_security_macsec_sa_create(ctx, &sa_conf);
if (id < 0) {
printf("MACsec SA create failed : %d.\n", id);
- return TEST_FAILED;
+ rte_pktmbuf_free_bulk(rx_pkts_burst, nb_rx);
+ ret = TEST_FAILED;
+ goto out;
}
tx_sa_id[0][0] = (uint16_t)id;
break;
--
2.25.1
^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: [PATCH v2] test/security: fix buffer leaks in error path
2023-10-31 6:44 ` [PATCH v2] " Akhil Goyal
@ 2023-10-31 13:56 ` Hemant Agrawal
2023-10-31 15:47 ` Stephen Hemminger
1 sibling, 0 replies; 9+ messages in thread
From: Hemant Agrawal @ 2023-10-31 13:56 UTC (permalink / raw)
To: Akhil Goyal, dev; +Cc: stephen, vattunuru, stable
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Tuesday, October 31, 2023 12:15 PM
> To: dev@dpdk.org
> Cc: stephen@networkplumber.org; Hemant Agrawal
> <hemant.agrawal@nxp.com>; vattunuru@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; stable@dpdk.org
> Subject: [PATCH v2] test/security: fix buffer leaks in error path
> Importance: High
>
> In case of failure of a test in macsec autotest, the buffers were not getting
> cleaned.
> Added appropriate code to clean the buffers.
>
> Fixes: 993ea577a006 ("test/security: add inline MACsec cases")
> Cc: stable@dpdk.org
>
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> ---
> - Used rte_pktmbuf_free_bulk as suggested by Stephen.
>
> app/test/test_security_inline_macsec.c | 65 +++++++++++++++++---------
> 1 file changed, 44 insertions(+), 21 deletions(-)
>
> diff --git a/app/test/test_security_inline_macsec.c
> b/app/test/test_security_inline_macsec.c
> index 59b1b8a6a6..f11e9da8c3 100644
> --- a/app/test/test_security_inline_macsec.c
> +++ b/app/test/test_security_inline_macsec.c
> @@ -952,8 +952,7 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> tx_pkts_burst[j]->ol_flags |=
> RTE_MBUF_F_TX_MACSEC;
> }
> if (tx_pkts_burst[j] == NULL) {
> - while (j--)
> - rte_pktmbuf_free(tx_pkts_burst[j]);
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> ret = TEST_FAILED;
> goto out;
> }
> @@ -965,8 +964,7 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> opts->ar_td[k]->secure_pkt.data,
> opts->ar_td[k]->secure_pkt.len);
> if (tx_pkts_burst[j] == NULL) {
> - while (j--)
> -
> rte_pktmbuf_free(tx_pkts_burst[j]);
> +
> rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> ret = TEST_FAILED;
> goto out;
> }
> @@ -993,8 +991,7 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> tx_pkts_burst[j]->ol_flags |=
> RTE_MBUF_F_TX_MACSEC;
> }
> if (tx_pkts_burst[j] == NULL) {
> - while (j--)
> - rte_pktmbuf_free(tx_pkts_burst[j]);
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> ret = TEST_FAILED;
> goto out;
> }
> @@ -1016,7 +1013,9 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> id = rte_security_macsec_sa_create(ctx,
> &sa_conf);
> if (id < 0) {
> printf("MACsec SA create
> failed : %d.\n", id);
> - return TEST_FAILED;
> +
> rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> + goto out;
> }
> rx_sa_id[i][an] = (uint16_t)id;
> }
> @@ -1025,6 +1024,8 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> id = rte_security_macsec_sc_create(ctx, &sc_conf);
> if (id < 0) {
> printf("MACsec SC create failed : %d.\n", id);
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> goto out;
> }
> rx_sc_id[i] = (uint16_t)id;
> @@ -1032,19 +1033,26 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> /* Create Inline IPsec session. */
> ret = fill_session_conf(td[i], port_id, opts,
> &sess_conf,
> RTE_SECURITY_MACSEC_DIR_RX,
> rx_sc_id[i], tci_off);
> - if (ret)
> - return TEST_FAILED;
> -
> + if (ret) {
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> + goto out;
> + }
> rx_sess[i] = rte_security_session_create(ctx,
> &sess_conf,
> sess_pool);
> if (rx_sess[i] == NULL) {
> printf("SEC Session init failed.\n");
> - return TEST_FAILED;
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> + goto out;
> }
> ret = create_default_flow(td[i], port_id,
> RTE_SECURITY_MACSEC_DIR_RX,
> rx_sess[i]);
> - if (ret)
> + if (ret) {
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> goto out;
> + }
> }
> if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP ||
> op == MCS_AUTH_ONLY || op ==
> MCS_AUTH_VERIFY) { @@ -1057,7 +1065,9 @@ test_macsec(const struct
> mcs_test_vector *td[], enum mcs_op op, const struct mcs
> id = rte_security_macsec_sa_create(ctx, &sa_conf);
> if (id < 0) {
> printf("MACsec SA create failed : %d.\n", id);
> - return TEST_FAILED;
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> + goto out;
> }
> tx_sa_id[i][0] = (uint16_t)id;
> tx_sa_id[i][1] = MCS_INVALID_SA;
> @@ -1071,6 +1081,8 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> id = rte_security_macsec_sa_create(ctx,
> &sa_conf);
> if (id < 0) {
> printf("MACsec rekey SA create
> failed : %d.\n", id);
> +
> rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> goto out;
> }
> tx_sa_id[i][1] = (uint16_t)id;
> @@ -1080,6 +1092,8 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> id = rte_security_macsec_sc_create(ctx, &sc_conf);
> if (id < 0) {
> printf("MACsec SC create failed : %d.\n", id);
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> goto out;
> }
> tx_sc_id[i] = (uint16_t)id;
> @@ -1087,19 +1101,26 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> /* Create Inline IPsec session. */
> ret = fill_session_conf(td[i], port_id, opts,
> &sess_conf,
> RTE_SECURITY_MACSEC_DIR_TX,
> tx_sc_id[i], tci_off);
> - if (ret)
> - return TEST_FAILED;
> -
> + if (ret) {
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> + goto out;
> + }
> tx_sess[i] = rte_security_session_create(ctx,
> &sess_conf,
> sess_pool);
> if (tx_sess[i] == NULL) {
> printf("SEC Session init failed.\n");
> - return TEST_FAILED;
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> + goto out;
> }
> ret = create_default_flow(td[i], port_id,
> RTE_SECURITY_MACSEC_DIR_TX,
> tx_sess[i]);
> - if (ret)
> + if (ret) {
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> goto out;
> + }
> }
> }
>
> @@ -1116,6 +1137,7 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>
> rte_pause();
>
> + j = 0;
> /* Receive back packet on loopback interface. */
> do {
> nb_rx += rte_eth_rx_burst(port_id, 0, @@ -1129,8 +1151,7
> @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op,
> const struct mcs
> if (nb_rx != nb_sent) {
> printf("\nUnable to RX all %d packets, received(%i)",
> nb_sent, nb_rx);
> - while (--nb_rx >= 0)
> - rte_pktmbuf_free(rx_pkts_burst[nb_rx]);
> + rte_pktmbuf_free_bulk(rx_pkts_burst, nb_rx);
> ret = TEST_FAILED;
> if (opts->check_sectag_interrupts == 1)
> ret = TEST_SUCCESS;
> @@ -1154,7 +1175,9 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> id = rte_security_macsec_sa_create(ctx, &sa_conf);
> if (id < 0) {
> printf("MACsec SA create failed : %d.\n", id);
> - return TEST_FAILED;
> + rte_pktmbuf_free_bulk(rx_pkts_burst,
> nb_rx);
> + ret = TEST_FAILED;
> + goto out;
> }
> tx_sa_id[0][0] = (uint16_t)id;
> break;
> --
> 2.25.1
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2] test/security: fix buffer leaks in error path
2023-10-31 6:44 ` [PATCH v2] " Akhil Goyal
2023-10-31 13:56 ` Hemant Agrawal
@ 2023-10-31 15:47 ` Stephen Hemminger
2023-10-31 17:59 ` [EXT] " Akhil Goyal
1 sibling, 1 reply; 9+ messages in thread
From: Stephen Hemminger @ 2023-10-31 15:47 UTC (permalink / raw)
To: Akhil Goyal; +Cc: dev, hemant.agrawal, vattunuru, stable
On Tue, 31 Oct 2023 12:14:46 +0530
Akhil Goyal <gakhil@marvell.com> wrote:
> From: Akhil Goyal <gakhil@marvell.com>
> To: <dev@dpdk.org>
> CC: <stephen@networkplumber.org>, <hemant.agrawal@nxp.com>, <vattunuru@marvell.com>, Akhil Goyal <gakhil@marvell.com>, <stable@dpdk.org>
> Subject: [PATCH v2] test/security: fix buffer leaks in error path
> Date: Tue, 31 Oct 2023 12:14:46 +0530
> X-Mailer: git-send-email 2.25.1
>
> In case of failure of a test in macsec autotest,
> the buffers were not getting cleaned.
> Added appropriate code to clean the buffers.
>
> Fixes: 993ea577a006 ("test/security: add inline MACsec cases")
> Cc: stable@dpdk.org
>
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: [EXT] Re: [PATCH v2] test/security: fix buffer leaks in error path
2023-10-31 15:47 ` Stephen Hemminger
@ 2023-10-31 17:59 ` Akhil Goyal
0 siblings, 0 replies; 9+ messages in thread
From: Akhil Goyal @ 2023-10-31 17:59 UTC (permalink / raw)
To: Stephen Hemminger, dev; +Cc: hemant.agrawal, Vamsi Krishna Attunuru, stable
> > Subject: [PATCH v2] test/security: fix buffer leaks in error path
> > Date: Tue, 31 Oct 2023 12:14:46 +0530
> > X-Mailer: git-send-email 2.25.1
> >
> > In case of failure of a test in macsec autotest,
> > the buffers were not getting cleaned.
> > Added appropriate code to clean the buffers.
> >
> > Fixes: 993ea577a006 ("test/security: add inline MACsec cases")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Akhil Goyal <gakhil@marvell.com>
>
> Acked-by: Stephen Hemminger <stephen@networkplumber.org>
Applied to dpdk-next-crypto
Thanks.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-10-31 17:59 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-22 17:33 [PATCH] test/security: fix buffer leaks in error path Akhil Goyal
2023-08-25 11:22 ` Hemant Agrawal
2023-09-19 6:33 ` [EXT] " Akhil Goyal
2023-09-19 14:58 ` Stephen Hemminger
2023-09-19 19:17 ` [EXT] " Akhil Goyal
2023-10-31 6:44 ` [PATCH v2] " Akhil Goyal
2023-10-31 13:56 ` Hemant Agrawal
2023-10-31 15:47 ` Stephen Hemminger
2023-10-31 17:59 ` [EXT] " Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).