* [dpdk-dev] [PATCH] ipsec: packet with null encryption can cause a segfault
@ 2019-06-25 18:26 Konstantin Ananyev
2019-06-26 7:35 ` Akhil Goyal
0 siblings, 1 reply; 2+ messages in thread
From: Konstantin Ananyev @ 2019-06-25 18:26 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, Konstantin Ananyev
mbuf_get_seg_ofs() doesn't handle the case when requested offset
equals to packet length. Though it is a valid situation for
algorithms with no ICV data (IPsec with null encryption as an example).
Fixes: 12a0423236a9 ("ipsec: support multi-segment packets")
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
lib/librte_ipsec/misc.h | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/lib/librte_ipsec/misc.h b/lib/librte_ipsec/misc.h
index b0cafef4e..fe4641bfc 100644
--- a/lib/librte_ipsec/misc.h
+++ b/lib/librte_ipsec/misc.h
@@ -46,16 +46,22 @@ move_bad_mbufs(struct rte_mbuf *mb[], const uint32_t bad_idx[], uint32_t nb_mb,
static inline struct rte_mbuf *
mbuf_get_seg_ofs(struct rte_mbuf *mb, uint32_t *ofs)
{
- uint32_t k, n;
+ uint32_t k, n, plen;
struct rte_mbuf *ms;
- ms = mb;
+ plen = mb->pkt_len;
n = *ofs;
- for (k = rte_pktmbuf_data_len(ms); n >= k;
- k = rte_pktmbuf_data_len(ms)) {
- ms = ms->next;
- n -= k;
+ if (n == plen) {
+ ms = rte_pktmbuf_lastseg(mb);
+ n = n + rte_pktmbuf_data_len(ms) - plen;
+ } else {
+ ms = mb;
+ for (k = rte_pktmbuf_data_len(ms); n >= k;
+ k = rte_pktmbuf_data_len(ms)) {
+ ms = ms->next;
+ n -= k;
+ }
}
*ofs = n;
--
2.17.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [dpdk-dev] [PATCH] ipsec: packet with null encryption can cause a segfault
2019-06-25 18:26 [dpdk-dev] [PATCH] ipsec: packet with null encryption can cause a segfault Konstantin Ananyev
@ 2019-06-26 7:35 ` Akhil Goyal
0 siblings, 0 replies; 2+ messages in thread
From: Akhil Goyal @ 2019-06-26 7:35 UTC (permalink / raw)
To: Konstantin Ananyev, dev
>
> mbuf_get_seg_ofs() doesn't handle the case when requested offset
> equals to packet length. Though it is a valid situation for
> algorithms with no ICV data (IPsec with null encryption as an example).
>
> Fixes: 12a0423236a9 ("ipsec: support multi-segment packets")
>
> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> ---
Applied.
Squashed with the original commit.
Thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-06-26 7:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-25 18:26 [dpdk-dev] [PATCH] ipsec: packet with null encryption can cause a segfault Konstantin Ananyev
2019-06-26 7:35 ` Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).