* [dpdk-dev] [PATCH v1 0/2] improve DOCSIS session creation
@ 2020-07-16 15:32 David Coyle
2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 1/2] crypto/qat: " David Coyle
2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: " David Coyle
0 siblings, 2 replies; 6+ messages in thread
From: David Coyle @ 2020-07-16 15:32 UTC (permalink / raw)
To: akhil.goyal, declan.doherty, pablo.de.lara.guarch, fiona.trahe
Cc: dev, brendan.ryan, mairtin.oloingsigh, David Coyle
These patches improve the DOCSIS session creating in the QAT and
AESNI-MB PMDs
David Coyle (2):
crypto/qat: improve DOCSIS session creation
crypto/aesni_mb: improve DOCSIS session creation
.../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 11 ++++---
drivers/crypto/qat/qat_sym_session.c | 32 +++++++++----------
2 files changed, 21 insertions(+), 22 deletions(-)
--
2.17.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [dpdk-dev] [PATCH v1 1/2] crypto/qat: improve DOCSIS session creation
2020-07-16 15:32 [dpdk-dev] [PATCH v1 0/2] improve DOCSIS session creation David Coyle
@ 2020-07-16 15:32 ` David Coyle
2020-07-17 18:28 ` Trahe, Fiona
2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: " David Coyle
1 sibling, 1 reply; 6+ messages in thread
From: David Coyle @ 2020-07-16 15:32 UTC (permalink / raw)
To: akhil.goyal, declan.doherty, pablo.de.lara.guarch, fiona.trahe
Cc: dev, brendan.ryan, mairtin.oloingsigh, David Coyle
This patch improves the DOCSIS session creation as follows:
- it validates the security action type as well as the protocol before
creating a session and now does this validation before allocating the
session from the mempool
- it clears the entire private session struct before populating it with
DOCSIS session info, in case any data was left over from the last time
it was used
- it simplifies the DOCSIS parameter setting, which was overly
complicated
Fixes: 6f0ef237404b ("crypto/qat: support DOCSIS protocol")
Signed-off-by: David Coyle <david.coyle@intel.com>
---
drivers/crypto/qat/qat_sym_session.c | 32 +++++++++++++---------------
1 file changed, 15 insertions(+), 17 deletions(-)
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 717893c78..ed4d00159 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2162,6 +2162,9 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
struct rte_crypto_sym_xform *xform = NULL;
struct qat_sym_session *session = session_private;
+ /* Clear the session */
+ memset(session, 0, qat_sym_session_get_private_size(dev));
+
ret = qat_sec_session_check_docsis(conf);
if (ret) {
QAT_LOG(ERR, "Unsupported DOCSIS security configuration");
@@ -2184,23 +2187,17 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
session->min_qat_dev_gen = QAT_GEN1;
- /* Get requested QAT command id */
+ /* Get requested QAT command id - should be cipher */
qat_cmd_id = qat_get_cmd_id(xform);
- if (qat_cmd_id < 0 || qat_cmd_id >= ICP_QAT_FW_LA_CMD_DELIMITER) {
+ if (qat_cmd_id != ICP_QAT_FW_LA_CMD_CIPHER) {
QAT_LOG(ERR, "Unsupported xform chain requested");
return -ENOTSUP;
}
session->qat_cmd = (enum icp_qat_fw_la_cmd_id)qat_cmd_id;
- switch (session->qat_cmd) {
- case ICP_QAT_FW_LA_CMD_CIPHER:
- ret = qat_sym_session_configure_cipher(dev, xform, session);
- if (ret < 0)
- return ret;
- break;
- default:
- QAT_LOG(ERR, "Unsupported Service %u", session->qat_cmd);
- return -ENOTSUP;
- }
+
+ ret = qat_sym_session_configure_cipher(dev, xform, session);
+ if (ret < 0)
+ return ret;
return 0;
}
@@ -2215,16 +2212,17 @@ qat_security_session_create(void *dev,
struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
int ret;
+ if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL ||
+ conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
+ QAT_LOG(ERR, "Invalid security protocol");
+ return -EINVAL;
+ }
+
if (rte_mempool_get(mempool, &sess_private_data)) {
QAT_LOG(ERR, "Couldn't get object from session mempool");
return -ENOMEM;
}
- if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
- QAT_LOG(ERR, "Invalid security protocol");
- return -EINVAL;
- }
-
ret = qat_sec_session_set_docsis_parameters(cdev, conf,
sess_private_data);
if (ret != 0) {
--
2.17.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: improve DOCSIS session creation
2020-07-16 15:32 [dpdk-dev] [PATCH v1 0/2] improve DOCSIS session creation David Coyle
2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 1/2] crypto/qat: " David Coyle
@ 2020-07-16 15:32 ` David Coyle
2020-07-17 19:09 ` De Lara Guarch, Pablo
1 sibling, 1 reply; 6+ messages in thread
From: David Coyle @ 2020-07-16 15:32 UTC (permalink / raw)
To: akhil.goyal, declan.doherty, pablo.de.lara.guarch, fiona.trahe
Cc: dev, brendan.ryan, mairtin.oloingsigh, David Coyle
This patch improves the DOCSIS session creation as follows:
- it validates the security action type as well as the protocol before
creating a session and now does this validation before allocating the
session from the mempool
Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")
Signed-off-by: David Coyle <david.coyle@intel.com>
---
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index ed93daec7..2362f0c3c 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -875,16 +875,17 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
int ret;
+ if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL ||
+ conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
+ AESNI_MB_LOG(ERR, "Invalid security protocol");
+ return -EINVAL;
+ }
+
if (rte_mempool_get(mempool, &sess_private_data)) {
AESNI_MB_LOG(ERR, "Couldn't get object from session mempool");
return -ENOMEM;
}
- if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
- AESNI_MB_LOG(ERR, "Invalid security protocol");
- return -EINVAL;
- }
-
ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
sess_private_data);
--
2.17.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH v1 1/2] crypto/qat: improve DOCSIS session creation
2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 1/2] crypto/qat: " David Coyle
@ 2020-07-17 18:28 ` Trahe, Fiona
0 siblings, 0 replies; 6+ messages in thread
From: Trahe, Fiona @ 2020-07-17 18:28 UTC (permalink / raw)
To: Coyle, David, akhil.goyal, Doherty, Declan, De Lara Guarch, Pablo
Cc: dev, Ryan, Brendan, O'loingsigh, Mairtin
> -----Original Message-----
> From: Coyle, David <david.coyle@intel.com>
> Sent: Thursday, July 16, 2020 4:32 PM
> To: akhil.goyal@nxp.com; Doherty, Declan <declan.doherty@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> Cc: dev@dpdk.org; Ryan, Brendan <brendan.ryan@intel.com>; O'loingsigh, Mairtin
> <mairtin.oloingsigh@intel.com>; Coyle, David <david.coyle@intel.com>
> Subject: [PATCH v1 1/2] crypto/qat: improve DOCSIS session creation
>
> This patch improves the DOCSIS session creation as follows:
> - it validates the security action type as well as the protocol before
> creating a session and now does this validation before allocating the
> session from the mempool
> - it clears the entire private session struct before populating it with
> DOCSIS session info, in case any data was left over from the last time
> it was used
> - it simplifies the DOCSIS parameter setting, which was overly
> complicated
>
> Fixes: 6f0ef237404b ("crypto/qat: support DOCSIS protocol")
>
> Signed-off-by: David Coyle <david.coyle@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: improve DOCSIS session creation
2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: " David Coyle
@ 2020-07-17 19:09 ` De Lara Guarch, Pablo
2020-07-18 21:24 ` Akhil Goyal
0 siblings, 1 reply; 6+ messages in thread
From: De Lara Guarch, Pablo @ 2020-07-17 19:09 UTC (permalink / raw)
To: Coyle, David, akhil.goyal, Doherty, Declan, Trahe, Fiona
Cc: dev, Ryan, Brendan, O'loingsigh, Mairtin
Hi David,
> -----Original Message-----
> From: Coyle, David <david.coyle@intel.com>
> Sent: Thursday, July 16, 2020 4:32 PM
> To: akhil.goyal@nxp.com; Doherty, Declan <declan.doherty@intel.com>; De
> Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>
> Cc: dev@dpdk.org; Ryan, Brendan <brendan.ryan@intel.com>; O'loingsigh,
> Mairtin <mairtin.oloingsigh@intel.com>; Coyle, David <david.coyle@intel.com>
> Subject: [PATCH v1 2/2] crypto/aesni_mb: improve DOCSIS session creation
>
> This patch improves the DOCSIS session creation as follows:
> - it validates the security action type as well as the protocol before
> creating a session and now does this validation before allocating the
> session from the mempool
>
> Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")
>
> Signed-off-by: David Coyle <david.coyle@intel.com>
Nice, this is actually fixing a potential memory leak, so you could mention this in the commit message/title.
Apart from this:
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: improve DOCSIS session creation
2020-07-17 19:09 ` De Lara Guarch, Pablo
@ 2020-07-18 21:24 ` Akhil Goyal
0 siblings, 0 replies; 6+ messages in thread
From: Akhil Goyal @ 2020-07-18 21:24 UTC (permalink / raw)
To: De Lara Guarch, Pablo, Coyle, David, Doherty, Declan, Trahe, Fiona
Cc: dev, Ryan, Brendan, O'loingsigh, Mairtin
> > This patch improves the DOCSIS session creation as follows:
> > - it validates the security action type as well as the protocol before
> > creating a session and now does this validation before allocating the
> > session from the mempool
> >
> > Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")
> >
> > Signed-off-by: David Coyle <david.coyle@intel.com>
>
> Nice, this is actually fixing a potential memory leak, so you could mention this in
> the commit message/title.
>
> Apart from this:
>
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Series applied to dpdk-next-crypto
Title updated as " crypto/aesni_mb: fix memory leak in DOCSIS session"
Thanks.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-07-18 21:24 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-16 15:32 [dpdk-dev] [PATCH v1 0/2] improve DOCSIS session creation David Coyle
2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 1/2] crypto/qat: " David Coyle
2020-07-17 18:28 ` Trahe, Fiona
2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: " David Coyle
2020-07-17 19:09 ` De Lara Guarch, Pablo
2020-07-18 21:24 ` Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).