[v1] eventdev/crypto: fix enqueueing invalid ops

Message ID 20240228103919.2018017-1-ganapati.kundapura@intel.com (mailing list archive)
State Accepted, archived
Delegated to: Jerin Jacob
Headers
Series [v1] eventdev/crypto: fix enqueueing invalid ops |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/loongarch-compilation success Compilation OK
ci/loongarch-unit-testing success Unit Testing PASS
ci/Intel-compilation success Compilation OK
ci/intel-Testing success Testing PASS
ci/github-robot: build success github build: passed
ci/intel-Functional success Functional PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-abi-testing success Testing PASS
ci/iol-compile-amd64-testing success Testing PASS
ci/iol-unit-arm64-testing success Testing PASS
ci/iol-compile-arm64-testing success Testing PASS
ci/iol-unit-amd64-testing success Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-sample-apps-testing success Testing PASS
ci/iol-broadcom-Functional success Functional Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS

Commit Message

Kundapura, Ganapati Feb. 28, 2024, 10:39 a.m. UTC
  When tail pointer of Circ buffer rollsover as the Circ buffer becomes full,
crypto adapter is enqueueing ops beyond the size of the Circ buffer
leading to segfault due to invalid ops access.

Fixed by enqueueing ops from head pointer to (size-head) number of ops
when Circ buffer becomes full and the remaining ops will be flushed
in next iteration.

Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")

Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
  

Comments

Gujjar, Abhinandan S Feb. 28, 2024, 5:11 p.m. UTC | #1
> -----Original Message-----
> From: Kundapura, Ganapati <ganapati.kundapura@intel.com>
> Sent: Wednesday, February 28, 2024 4:09 PM
> To: dev@dpdk.org; jerinj@marvell.com; Jayatheerthan, Jay
> <jay.jayatheerthan@intel.com>
> Cc: Naga Harish K, S V <s.v.naga.harish.k@intel.com>; Gujjar, Abhinandan S
> <abhinandan.gujjar@intel.com>
> Subject: [PATCH v1] eventdev/crypto: fix enqueueing invalid ops
> 
> When tail pointer of Circ buffer rollsover as the Circ buffer becomes full, crypto
> adapter is enqueueing ops beyond the size of the Circ buffer leading to segfault
> due to invalid ops access.
> 
> Fixed by enqueueing ops from head pointer to (size-head) number of ops when
> Circ buffer becomes full and the remaining ops will be flushed in next iteration.
> 
> Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")
> 
> Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
> 
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>

> diff --git a/lib/eventdev/rte_event_crypto_adapter.c
> b/lib/eventdev/rte_event_crypto_adapter.c
> index d46595d..9903f96 100644
> --- a/lib/eventdev/rte_event_crypto_adapter.c
> +++ b/lib/eventdev/rte_event_crypto_adapter.c
> @@ -245,20 +245,28 @@ eca_circular_buffer_flush_to_cdev(struct
> crypto_ops_circular_buffer *bufp,
>  	struct rte_crypto_op **ops = bufp->op_buffer;
> 
>  	if (*tailp > *headp)
> +		/* Flush ops from head pointer to (tail - head) OPs */
>  		n = *tailp - *headp;
>  	else if (*tailp < *headp)
> +		/* Circ buffer - Rollover.
> +		 * Flush OPs from head to max size of buffer.
> +		 * Rest of the OPs will be flushed in next iteration.
> +		 */
>  		n = bufp->size - *headp;
>  	else { /* head == tail case */
>  		/* when head == tail,
>  		 * circ buff is either full(tail pointer roll over) or empty
>  		 */
>  		if (bufp->count != 0) {
> -			/* circ buffer is full */
> -			n = bufp->count;
> +			/* Circ buffer - FULL.
> +			 * Flush OPs from head to max size of buffer.
> +			 * Rest of the OPS will be flushed in next iteration.
> +			 */
> +			n = bufp->size - *headp;
>  		} else {
> -			/* circ buffer is empty */
> +			/* Circ buffer - Empty */
>  			*nb_ops_flushed = 0;
> -			return 0;  /* buffer empty */
> +			return 0;
>  		}
>  	}
> 
> --
> 2.6.4
  
Jerin Jacob March 1, 2024, 1:28 p.m. UTC | #2
On Wed, Feb 28, 2024 at 10:42 PM Gujjar, Abhinandan S
<abhinandan.gujjar@intel.com> wrote:
>
>
>
> > -----Original Message-----
> > From: Kundapura, Ganapati <ganapati.kundapura@intel.com>
> > Sent: Wednesday, February 28, 2024 4:09 PM
> > To: dev@dpdk.org; jerinj@marvell.com; Jayatheerthan, Jay
> > <jay.jayatheerthan@intel.com>
> > Cc: Naga Harish K, S V <s.v.naga.harish.k@intel.com>; Gujjar, Abhinandan S
> > <abhinandan.gujjar@intel.com>
> > Subject: [PATCH v1] eventdev/crypto: fix enqueueing invalid ops
> >
> > When tail pointer of Circ buffer rollsover as the Circ buffer becomes full, crypto
> > adapter is enqueueing ops beyond the size of the Circ buffer leading to segfault
> > due to invalid ops access.
> >
> > Fixed by enqueueing ops from head pointer to (size-head) number of ops when
> > Circ buffer becomes full and the remaining ops will be flushed in next iteration.
> >
> > Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")
> >
> > Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
> >
> Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>


Updated the git commit as follows and applied to
dpdk-next-net-eventdev/for-main. Thanks

    eventdev/crypto: fix enqueueing invalid ops

    When tail pointer of circular buffer rolls over as the circular buffer
    becomes full, crypto adapter is enqueueing ops beyond the size of the
    circular buffer leading to segfault due to invalid ops access.

    Fixed by enqueueing ops from head pointer to (size-head) number of ops
    when circular buffer becomes full and the remaining ops will be flushed
    in next iteration.

    Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")
    Cc: stable@dpdk.org

    Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
    Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
  

Patch

diff --git a/lib/eventdev/rte_event_crypto_adapter.c b/lib/eventdev/rte_event_crypto_adapter.c
index d46595d..9903f96 100644
--- a/lib/eventdev/rte_event_crypto_adapter.c
+++ b/lib/eventdev/rte_event_crypto_adapter.c
@@ -245,20 +245,28 @@  eca_circular_buffer_flush_to_cdev(struct crypto_ops_circular_buffer *bufp,
 	struct rte_crypto_op **ops = bufp->op_buffer;
 
 	if (*tailp > *headp)
+		/* Flush ops from head pointer to (tail - head) OPs */
 		n = *tailp - *headp;
 	else if (*tailp < *headp)
+		/* Circ buffer - Rollover.
+		 * Flush OPs from head to max size of buffer.
+		 * Rest of the OPs will be flushed in next iteration.
+		 */
 		n = bufp->size - *headp;
 	else { /* head == tail case */
 		/* when head == tail,
 		 * circ buff is either full(tail pointer roll over) or empty
 		 */
 		if (bufp->count != 0) {
-			/* circ buffer is full */
-			n = bufp->count;
+			/* Circ buffer - FULL.
+			 * Flush OPs from head to max size of buffer.
+			 * Rest of the OPS will be flushed in next iteration.
+			 */
+			n = bufp->size - *headp;
 		} else {
-			/* circ buffer is empty */
+			/* Circ buffer - Empty */
 			*nb_ops_flushed = 0;
-			return 0;  /* buffer empty */
+			return 0;
 		}
 	}