* [dpdk-dev] [PATCH v1 0/2] improve DOCSIS session creation @ 2020-07-16 15:32 David Coyle 2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 1/2] crypto/qat: " David Coyle 2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: " David Coyle 0 siblings, 2 replies; 6+ messages in thread From: David Coyle @ 2020-07-16 15:32 UTC (permalink / raw) To: akhil.goyal, declan.doherty, pablo.de.lara.guarch, fiona.trahe Cc: dev, brendan.ryan, mairtin.oloingsigh, David Coyle These patches improve the DOCSIS session creating in the QAT and AESNI-MB PMDs David Coyle (2): crypto/qat: improve DOCSIS session creation crypto/aesni_mb: improve DOCSIS session creation .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 11 ++++--- drivers/crypto/qat/qat_sym_session.c | 32 +++++++++---------- 2 files changed, 21 insertions(+), 22 deletions(-) -- 2.17.1 ^ permalink raw reply [flat|nested] 6+ messages in thread
* [dpdk-dev] [PATCH v1 1/2] crypto/qat: improve DOCSIS session creation 2020-07-16 15:32 [dpdk-dev] [PATCH v1 0/2] improve DOCSIS session creation David Coyle @ 2020-07-16 15:32 ` David Coyle 2020-07-17 18:28 ` Trahe, Fiona 2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: " David Coyle 1 sibling, 1 reply; 6+ messages in thread From: David Coyle @ 2020-07-16 15:32 UTC (permalink / raw) To: akhil.goyal, declan.doherty, pablo.de.lara.guarch, fiona.trahe Cc: dev, brendan.ryan, mairtin.oloingsigh, David Coyle This patch improves the DOCSIS session creation as follows: - it validates the security action type as well as the protocol before creating a session and now does this validation before allocating the session from the mempool - it clears the entire private session struct before populating it with DOCSIS session info, in case any data was left over from the last time it was used - it simplifies the DOCSIS parameter setting, which was overly complicated Fixes: 6f0ef237404b ("crypto/qat: support DOCSIS protocol") Signed-off-by: David Coyle <david.coyle@intel.com> --- drivers/crypto/qat/qat_sym_session.c | 32 +++++++++++++--------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index 717893c78..ed4d00159 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -2162,6 +2162,9 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev, struct rte_crypto_sym_xform *xform = NULL; struct qat_sym_session *session = session_private; + /* Clear the session */ + memset(session, 0, qat_sym_session_get_private_size(dev)); + ret = qat_sec_session_check_docsis(conf); if (ret) { QAT_LOG(ERR, "Unsupported DOCSIS security configuration"); @@ -2184,23 +2187,17 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev, session->min_qat_dev_gen = QAT_GEN1; - /* Get requested QAT command id */ + /* Get requested QAT command id - should be cipher */ qat_cmd_id = qat_get_cmd_id(xform); - if (qat_cmd_id < 0 || qat_cmd_id >= ICP_QAT_FW_LA_CMD_DELIMITER) { + if (qat_cmd_id != ICP_QAT_FW_LA_CMD_CIPHER) { QAT_LOG(ERR, "Unsupported xform chain requested"); return -ENOTSUP; } session->qat_cmd = (enum icp_qat_fw_la_cmd_id)qat_cmd_id; - switch (session->qat_cmd) { - case ICP_QAT_FW_LA_CMD_CIPHER: - ret = qat_sym_session_configure_cipher(dev, xform, session); - if (ret < 0) - return ret; - break; - default: - QAT_LOG(ERR, "Unsupported Service %u", session->qat_cmd); - return -ENOTSUP; - } + + ret = qat_sym_session_configure_cipher(dev, xform, session); + if (ret < 0) + return ret; return 0; } @@ -2215,16 +2212,17 @@ qat_security_session_create(void *dev, struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; + if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL || + conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) { + QAT_LOG(ERR, "Invalid security protocol"); + return -EINVAL; + } + if (rte_mempool_get(mempool, &sess_private_data)) { QAT_LOG(ERR, "Couldn't get object from session mempool"); return -ENOMEM; } - if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) { - QAT_LOG(ERR, "Invalid security protocol"); - return -EINVAL; - } - ret = qat_sec_session_set_docsis_parameters(cdev, conf, sess_private_data); if (ret != 0) { -- 2.17.1 ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH v1 1/2] crypto/qat: improve DOCSIS session creation 2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 1/2] crypto/qat: " David Coyle @ 2020-07-17 18:28 ` Trahe, Fiona 0 siblings, 0 replies; 6+ messages in thread From: Trahe, Fiona @ 2020-07-17 18:28 UTC (permalink / raw) To: Coyle, David, akhil.goyal, Doherty, Declan, De Lara Guarch, Pablo Cc: dev, Ryan, Brendan, O'loingsigh, Mairtin > -----Original Message----- > From: Coyle, David <david.coyle@intel.com> > Sent: Thursday, July 16, 2020 4:32 PM > To: akhil.goyal@nxp.com; Doherty, Declan <declan.doherty@intel.com>; De Lara Guarch, Pablo > <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com> > Cc: dev@dpdk.org; Ryan, Brendan <brendan.ryan@intel.com>; O'loingsigh, Mairtin > <mairtin.oloingsigh@intel.com>; Coyle, David <david.coyle@intel.com> > Subject: [PATCH v1 1/2] crypto/qat: improve DOCSIS session creation > > This patch improves the DOCSIS session creation as follows: > - it validates the security action type as well as the protocol before > creating a session and now does this validation before allocating the > session from the mempool > - it clears the entire private session struct before populating it with > DOCSIS session info, in case any data was left over from the last time > it was used > - it simplifies the DOCSIS parameter setting, which was overly > complicated > > Fixes: 6f0ef237404b ("crypto/qat: support DOCSIS protocol") > > Signed-off-by: David Coyle <david.coyle@intel.com> Acked-by: Fiona Trahe <fiona.trahe@intel.com> ^ permalink raw reply [flat|nested] 6+ messages in thread
* [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: improve DOCSIS session creation 2020-07-16 15:32 [dpdk-dev] [PATCH v1 0/2] improve DOCSIS session creation David Coyle 2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 1/2] crypto/qat: " David Coyle @ 2020-07-16 15:32 ` David Coyle 2020-07-17 19:09 ` De Lara Guarch, Pablo 1 sibling, 1 reply; 6+ messages in thread From: David Coyle @ 2020-07-16 15:32 UTC (permalink / raw) To: akhil.goyal, declan.doherty, pablo.de.lara.guarch, fiona.trahe Cc: dev, brendan.ryan, mairtin.oloingsigh, David Coyle This patch improves the DOCSIS session creation as follows: - it validates the security action type as well as the protocol before creating a session and now does this validation before allocating the session from the mempool Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol") Signed-off-by: David Coyle <david.coyle@intel.com> --- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index ed93daec7..2362f0c3c 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -875,16 +875,17 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf, struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; + if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL || + conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) { + AESNI_MB_LOG(ERR, "Invalid security protocol"); + return -EINVAL; + } + if (rte_mempool_get(mempool, &sess_private_data)) { AESNI_MB_LOG(ERR, "Couldn't get object from session mempool"); return -ENOMEM; } - if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) { - AESNI_MB_LOG(ERR, "Invalid security protocol"); - return -EINVAL; - } - ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf, sess_private_data); -- 2.17.1 ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: improve DOCSIS session creation 2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: " David Coyle @ 2020-07-17 19:09 ` De Lara Guarch, Pablo 2020-07-18 21:24 ` Akhil Goyal 0 siblings, 1 reply; 6+ messages in thread From: De Lara Guarch, Pablo @ 2020-07-17 19:09 UTC (permalink / raw) To: Coyle, David, akhil.goyal, Doherty, Declan, Trahe, Fiona Cc: dev, Ryan, Brendan, O'loingsigh, Mairtin Hi David, > -----Original Message----- > From: Coyle, David <david.coyle@intel.com> > Sent: Thursday, July 16, 2020 4:32 PM > To: akhil.goyal@nxp.com; Doherty, Declan <declan.doherty@intel.com>; De > Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona > <fiona.trahe@intel.com> > Cc: dev@dpdk.org; Ryan, Brendan <brendan.ryan@intel.com>; O'loingsigh, > Mairtin <mairtin.oloingsigh@intel.com>; Coyle, David <david.coyle@intel.com> > Subject: [PATCH v1 2/2] crypto/aesni_mb: improve DOCSIS session creation > > This patch improves the DOCSIS session creation as follows: > - it validates the security action type as well as the protocol before > creating a session and now does this validation before allocating the > session from the mempool > > Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol") > > Signed-off-by: David Coyle <david.coyle@intel.com> Nice, this is actually fixing a potential memory leak, so you could mention this in the commit message/title. Apart from this: Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: improve DOCSIS session creation 2020-07-17 19:09 ` De Lara Guarch, Pablo @ 2020-07-18 21:24 ` Akhil Goyal 0 siblings, 0 replies; 6+ messages in thread From: Akhil Goyal @ 2020-07-18 21:24 UTC (permalink / raw) To: De Lara Guarch, Pablo, Coyle, David, Doherty, Declan, Trahe, Fiona Cc: dev, Ryan, Brendan, O'loingsigh, Mairtin > > This patch improves the DOCSIS session creation as follows: > > - it validates the security action type as well as the protocol before > > creating a session and now does this validation before allocating the > > session from the mempool > > > > Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol") > > > > Signed-off-by: David Coyle <david.coyle@intel.com> > > Nice, this is actually fixing a potential memory leak, so you could mention this in > the commit message/title. > > Apart from this: > > Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Series applied to dpdk-next-crypto Title updated as " crypto/aesni_mb: fix memory leak in DOCSIS session" Thanks. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-07-18 21:24 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-07-16 15:32 [dpdk-dev] [PATCH v1 0/2] improve DOCSIS session creation David Coyle 2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 1/2] crypto/qat: " David Coyle 2020-07-17 18:28 ` Trahe, Fiona 2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: " David Coyle 2020-07-17 19:09 ` De Lara Guarch, Pablo 2020-07-18 21:24 ` Akhil Goyal
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).