From: Hemant Agrawal <hemant.agrawal@nxp.com>
To: Akhil Goyal <gakhil@marvell.com>, "dev@dpdk.org" <dev@dpdk.org>
Cc: "stephen@networkplumber.org" <stephen@networkplumber.org>,
"vattunuru@marvell.com" <vattunuru@marvell.com>,
"stable@dpdk.org" <stable@dpdk.org>
Subject: RE: [PATCH v2] test/security: fix buffer leaks in error path
Date: Tue, 31 Oct 2023 13:56:27 +0000 [thread overview]
Message-ID: <PAXPR04MB9328F9A668FD8A23C79EB4D089A0A@PAXPR04MB9328.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <20231031064446.150191-1-gakhil@marvell.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Tuesday, October 31, 2023 12:15 PM
> To: dev@dpdk.org
> Cc: stephen@networkplumber.org; Hemant Agrawal
> <hemant.agrawal@nxp.com>; vattunuru@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; stable@dpdk.org
> Subject: [PATCH v2] test/security: fix buffer leaks in error path
> Importance: High
>
> In case of failure of a test in macsec autotest, the buffers were not getting
> cleaned.
> Added appropriate code to clean the buffers.
>
> Fixes: 993ea577a006 ("test/security: add inline MACsec cases")
> Cc: stable@dpdk.org
>
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> ---
> - Used rte_pktmbuf_free_bulk as suggested by Stephen.
>
> app/test/test_security_inline_macsec.c | 65 +++++++++++++++++---------
> 1 file changed, 44 insertions(+), 21 deletions(-)
>
> diff --git a/app/test/test_security_inline_macsec.c
> b/app/test/test_security_inline_macsec.c
> index 59b1b8a6a6..f11e9da8c3 100644
> --- a/app/test/test_security_inline_macsec.c
> +++ b/app/test/test_security_inline_macsec.c
> @@ -952,8 +952,7 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> tx_pkts_burst[j]->ol_flags |=
> RTE_MBUF_F_TX_MACSEC;
> }
> if (tx_pkts_burst[j] == NULL) {
> - while (j--)
> - rte_pktmbuf_free(tx_pkts_burst[j]);
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> ret = TEST_FAILED;
> goto out;
> }
> @@ -965,8 +964,7 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> opts->ar_td[k]->secure_pkt.data,
> opts->ar_td[k]->secure_pkt.len);
> if (tx_pkts_burst[j] == NULL) {
> - while (j--)
> -
> rte_pktmbuf_free(tx_pkts_burst[j]);
> +
> rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> ret = TEST_FAILED;
> goto out;
> }
> @@ -993,8 +991,7 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> tx_pkts_burst[j]->ol_flags |=
> RTE_MBUF_F_TX_MACSEC;
> }
> if (tx_pkts_burst[j] == NULL) {
> - while (j--)
> - rte_pktmbuf_free(tx_pkts_burst[j]);
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> ret = TEST_FAILED;
> goto out;
> }
> @@ -1016,7 +1013,9 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> id = rte_security_macsec_sa_create(ctx,
> &sa_conf);
> if (id < 0) {
> printf("MACsec SA create
> failed : %d.\n", id);
> - return TEST_FAILED;
> +
> rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> + goto out;
> }
> rx_sa_id[i][an] = (uint16_t)id;
> }
> @@ -1025,6 +1024,8 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> id = rte_security_macsec_sc_create(ctx, &sc_conf);
> if (id < 0) {
> printf("MACsec SC create failed : %d.\n", id);
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> goto out;
> }
> rx_sc_id[i] = (uint16_t)id;
> @@ -1032,19 +1033,26 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> /* Create Inline IPsec session. */
> ret = fill_session_conf(td[i], port_id, opts,
> &sess_conf,
> RTE_SECURITY_MACSEC_DIR_RX,
> rx_sc_id[i], tci_off);
> - if (ret)
> - return TEST_FAILED;
> -
> + if (ret) {
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> + goto out;
> + }
> rx_sess[i] = rte_security_session_create(ctx,
> &sess_conf,
> sess_pool);
> if (rx_sess[i] == NULL) {
> printf("SEC Session init failed.\n");
> - return TEST_FAILED;
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> + goto out;
> }
> ret = create_default_flow(td[i], port_id,
> RTE_SECURITY_MACSEC_DIR_RX,
> rx_sess[i]);
> - if (ret)
> + if (ret) {
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> goto out;
> + }
> }
> if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP ||
> op == MCS_AUTH_ONLY || op ==
> MCS_AUTH_VERIFY) { @@ -1057,7 +1065,9 @@ test_macsec(const struct
> mcs_test_vector *td[], enum mcs_op op, const struct mcs
> id = rte_security_macsec_sa_create(ctx, &sa_conf);
> if (id < 0) {
> printf("MACsec SA create failed : %d.\n", id);
> - return TEST_FAILED;
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> + goto out;
> }
> tx_sa_id[i][0] = (uint16_t)id;
> tx_sa_id[i][1] = MCS_INVALID_SA;
> @@ -1071,6 +1081,8 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> id = rte_security_macsec_sa_create(ctx,
> &sa_conf);
> if (id < 0) {
> printf("MACsec rekey SA create
> failed : %d.\n", id);
> +
> rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> goto out;
> }
> tx_sa_id[i][1] = (uint16_t)id;
> @@ -1080,6 +1092,8 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> id = rte_security_macsec_sc_create(ctx, &sc_conf);
> if (id < 0) {
> printf("MACsec SC create failed : %d.\n", id);
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> goto out;
> }
> tx_sc_id[i] = (uint16_t)id;
> @@ -1087,19 +1101,26 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> /* Create Inline IPsec session. */
> ret = fill_session_conf(td[i], port_id, opts,
> &sess_conf,
> RTE_SECURITY_MACSEC_DIR_TX,
> tx_sc_id[i], tci_off);
> - if (ret)
> - return TEST_FAILED;
> -
> + if (ret) {
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> + goto out;
> + }
> tx_sess[i] = rte_security_session_create(ctx,
> &sess_conf,
> sess_pool);
> if (tx_sess[i] == NULL) {
> printf("SEC Session init failed.\n");
> - return TEST_FAILED;
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> + goto out;
> }
> ret = create_default_flow(td[i], port_id,
> RTE_SECURITY_MACSEC_DIR_TX,
> tx_sess[i]);
> - if (ret)
> + if (ret) {
> + rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> + ret = TEST_FAILED;
> goto out;
> + }
> }
> }
>
> @@ -1116,6 +1137,7 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>
> rte_pause();
>
> + j = 0;
> /* Receive back packet on loopback interface. */
> do {
> nb_rx += rte_eth_rx_burst(port_id, 0, @@ -1129,8 +1151,7
> @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op,
> const struct mcs
> if (nb_rx != nb_sent) {
> printf("\nUnable to RX all %d packets, received(%i)",
> nb_sent, nb_rx);
> - while (--nb_rx >= 0)
> - rte_pktmbuf_free(rx_pkts_burst[nb_rx]);
> + rte_pktmbuf_free_bulk(rx_pkts_burst, nb_rx);
> ret = TEST_FAILED;
> if (opts->check_sectag_interrupts == 1)
> ret = TEST_SUCCESS;
> @@ -1154,7 +1175,9 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> id = rte_security_macsec_sa_create(ctx, &sa_conf);
> if (id < 0) {
> printf("MACsec SA create failed : %d.\n", id);
> - return TEST_FAILED;
> + rte_pktmbuf_free_bulk(rx_pkts_burst,
> nb_rx);
> + ret = TEST_FAILED;
> + goto out;
> }
> tx_sa_id[0][0] = (uint16_t)id;
> break;
> --
> 2.25.1
next prev parent reply other threads:[~2023-10-31 13:56 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-22 17:33 [PATCH] " Akhil Goyal
2023-08-25 11:22 ` Hemant Agrawal
2023-09-19 6:33 ` [EXT] " Akhil Goyal
2023-09-19 14:58 ` Stephen Hemminger
2023-09-19 19:17 ` [EXT] " Akhil Goyal
2023-10-31 6:44 ` [PATCH v2] " Akhil Goyal
2023-10-31 13:56 ` Hemant Agrawal [this message]
2023-10-31 15:47 ` Stephen Hemminger
2023-10-31 17:59 ` [EXT] " Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PAXPR04MB9328F9A668FD8A23C79EB4D089A0A@PAXPR04MB9328.eurprd04.prod.outlook.com \
--to=hemant.agrawal@nxp.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=stable@dpdk.org \
--cc=stephen@networkplumber.org \
--cc=vattunuru@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).