From: Anoob Joseph <anoobj@marvell.com>
To: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>,
"dev@dpdk.org" <dev@dpdk.org>,
Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Cc: "akhil.goyal@nxp.com" <akhil.goyal@nxp.com>,
"Doherty, Declan" <declan.doherty@intel.com>,
"techboard@dpdk.org" <techboard@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH] security: fix crash at accessing non-implemented ops
Date: Thu, 23 Apr 2020 09:09:51 +0000 [thread overview]
Message-ID: <MN2PR18MB2877FE8FE83F3345693A7906DFD30@MN2PR18MB2877.namprd18.prod.outlook.com> (raw)
In-Reply-To: <DM6PR11MB3308D2CD239D25DBAE47045C9AD30@DM6PR11MB3308.namprd11.prod.outlook.com>
Hi Konstantin,
Please see inline.
Thanks,
Anoob
> -----Original Message-----
> From: Ananyev, Konstantin <konstantin.ananyev@intel.com>
> Sent: Thursday, April 23, 2020 1:24 PM
> To: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Doherty, Declan <declan.doherty@intel.com>;
> techboard@dpdk.org
> Subject: [EXT] RE: [dpdk-dev] [PATCH] security: fix crash at accessing non-
> implemented ops
>
> External Email
>
> ----------------------------------------------------------------------
> >
> > Hi Konstantin,
> >
> > These are data path ops and so it will be better if we can avoid such checks in
> the datapath. The same is done in ethdev also.
>
> AFAIK, get_userdata is an *optional* dev-ops function that can be used by data-
> path.
> So far there was no strict requirement for the rte_security PMDs to *always*
> implement it.
[Anoob] I don't think DPDK categorizes dev-ops as *optional* and *always*. If yes, can you point me?
My understanding is, all ops are optional. For example, I could implement a crypto PMD which is doing packet delivery only via event device (using crypto adapter). So dequeue op will not be implemented in that case and DPDK spec allows it.
> So what you guys did is a silent change of public API behaviour.
[Anoob] I believe Lukasz had submitted 3 or 4 revisions and it was all in the ML. RTE_DEBUG was suggested by Thomas I guess.
> As result ixgbe, (and probably some others rte_security PMDs) stopped working
> properly.
[Anoob] set_pkt_metadata() is the only one of interest to IXGBE. And I believe the function is implemented as well. So what exactly is the concern?
> I don't see any point in these changes, but if you'd like to do that, at least our
> usual procedure has to be followed:
> 1. Send and RFC to get an agreement with rte_security PMDs maintainers (one
> release ahead) 2. send a deprecation note (one release ahead) 3. change the
> behaviour of the public API 4. update release notes
>
> AFAIK 1), 2), 4) wasn't done.
> So I think right now we need to revert original behaviour.
>
> >
> > https://urldefense.proofpoint.com/v2/url?u=http-3A__code.dpdk.org_dpdk
> > _v20.02_source_lib_librte-5Fethdev_rte-5Fethdev.h-23L4372&d=DwIFAg&c=n
> > KjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyLWs2n6B-
> WYLn1v9SyTMrT5EQqh2TU&m=
> > 6ObfSanVVuHOsiqVlWxXsFWi-
> 2XNp76HCOX0vbUfma4&s=jDVyDDEILmgY1Yb9ZBswBVbn
> > 8FpZuQI5ukH_osmtUiI&e=
> >
> > Datapath functions in cryptodev (enqueue/dequeue) doesn't even have such
> checks.
> > https://urldefense.proofpoint.com/v2/url?u=http-3A__code.dpdk.org_dpdk
> > _v20.02_source_lib_librte-5Fcryptodev_rte-5Fcryptodev.h-23L962&d=DwIFA
> > g&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyLWs2n6B-
> WYLn1v9SyTMrT5EQqh2
> > TU&m=6ObfSanVVuHOsiqVlWxXsFWi-
> 2XNp76HCOX0vbUfma4&s=LEWQOKs0r2Im_zL95VI
> > df4kQ2Pu0iRHV9Co2J1gsNBE&e=
>
> That's a different story:
> rx_burst/tx_burst, enqueue/dequeue are mandatory dev-ops functions that have
> to be implemented by each ethdev/cryptodev API.
[Anoob] I couldn't find any reference stating that way. If you can point me, I can update that to include datapath ops required for inline protocol processing.
>
> >
> >
> > Thanks,
> > Anoob
> >
> > > -----Original Message-----
> > > From: dev <dev-bounces@dpdk.org> On Behalf Of Konstantin Ananyev
> > > Sent: Thursday, April 23, 2020 5:22 AM
> > > To: dev@dpdk.org
> > > Cc: akhil.goyal@nxp.com; declan.doherty@intel.com; Konstantin
> > > Ananyev <konstantin.ananyev@intel.com>
> > > Subject: [dpdk-dev] [PATCH] security: fix crash at accessing
> > > non-implemented ops
> > >
> > > Valid checks for optional function pointers inside dev-ops were
> > > disabled by undefined macro.
> > >
> > > Fixes: b6ee98547847 ("security: fix verification of parameters")
> > >
> > > Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> > > ---
> > > lib/librte_security/rte_security.c | 4 ----
> > > 1 file changed, 4 deletions(-)
> > >
> > > diff --git a/lib/librte_security/rte_security.c
> > > b/lib/librte_security/rte_security.c
> > > index d475b0977..b65430ce2 100644
> > > --- a/lib/librte_security/rte_security.c
> > > +++ b/lib/librte_security/rte_security.c
> > > @@ -107,11 +107,9 @@ rte_security_set_pkt_metadata(struct
> > > rte_security_ctx *instance,
> > > struct rte_security_session *sess,
> > > struct rte_mbuf *m, void *params) { -#ifdef
> RTE_DEBUG
> > > RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, set_pkt_metadata, -
> > > EINVAL,
> > > -ENOTSUP);
> > > RTE_PTR_OR_ERR_RET(sess, -EINVAL); -#endif
> > > return instance->ops->set_pkt_metadata(instance->device,
> > > sess, m, params);
> > > }
> > > @@ -121,9 +119,7 @@ rte_security_get_userdata(struct
> > > rte_security_ctx *instance, uint64_t md) {
> > > void *userdata = NULL;
> > >
> > > -#ifdef RTE_DEBUG
> > > RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, get_userdata, NULL,
> > > NULL); -#endif
> > > if (instance->ops->get_userdata(instance->device, md, &userdata))
> > > return NULL;
> > >
> > > --
> > > 2.17.1
next prev parent reply other threads:[~2020-04-23 9:09 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-22 23:51 Konstantin Ananyev
2020-04-23 0:11 ` Ananyev, Konstantin
2020-04-23 7:58 ` Lukasz Wojciechowski
2020-04-23 4:07 ` Anoob Joseph
2020-04-23 7:54 ` Ananyev, Konstantin
2020-04-23 8:06 ` Lukasz Wojciechowski
2020-04-23 8:11 ` Ananyev, Konstantin
2020-04-23 8:22 ` Ananyev, Konstantin
2020-04-23 9:09 ` Anoob Joseph [this message]
2020-04-23 10:54 ` Ananyev, Konstantin
2020-04-23 11:23 ` Anoob Joseph
2020-04-23 12:55 ` Akhil Goyal
2020-04-23 13:30 ` Lukasz Wojciechowski
2020-04-23 13:47 ` Ananyev, Konstantin
2020-04-23 14:08 ` Akhil Goyal
2020-04-23 14:48 ` Ananyev, Konstantin
2020-04-23 8:00 ` Lukasz Wojciechowski
2020-04-23 8:28 ` Ananyev, Konstantin
2020-04-23 15:10 ` [dpdk-dev] [PATCH v2] " Konstantin Ananyev
2020-04-23 15:51 ` Akhil Goyal
2020-04-23 16:08 ` Anoob Joseph
2020-04-23 16:14 ` Akhil Goyal
2020-04-23 16:29 ` Lukasz Wojciechowski
[not found] ` <CGME20200423162615eucas1p2224e9313aa640f755cf226649d093bb9@eucas1p2.samsung.com>
2020-04-23 16:25 ` [dpdk-dev] [PATCH] test/security: enable tests for " Lukasz Wojciechowski
2020-05-09 21:47 ` Akhil Goyal
2020-05-11 10:15 ` Lukasz Wojciechowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MN2PR18MB2877FE8FE83F3345693A7906DFD30@MN2PR18MB2877.namprd18.prod.outlook.com \
--to=anoobj@marvell.com \
--cc=akhil.goyal@nxp.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=konstantin.ananyev@intel.com \
--cc=l.wojciechow@partner.samsung.com \
--cc=techboard@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).