[v2] examples/ipsec-secgw: fix dequeue count from cryptodev

Message ID 20240913070726.1620828-1-ktejasree@marvell.com (mailing list archive)
State New
Delegated to: akhil goyal
Headers
Series [v2] examples/ipsec-secgw: fix dequeue count from cryptodev |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/loongarch-compilation success Compilation OK
ci/loongarch-unit-testing success Unit Testing PASS
ci/Intel-compilation success Compilation OK
ci/intel-Testing success Testing PASS
ci/github-robot: build success github build: passed
ci/intel-Functional success Functional PASS
ci/iol-compile-amd64-testing success Testing PASS
ci/iol-unit-amd64-testing pending Testing pending
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-compile-arm64-testing success Testing PASS
ci/iol-marvell-Functional success Functional Testing PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-sample-apps-testing success Testing PASS

Commit Message

Tejasree Kondoj Sept. 13, 2024, 7:07 a.m. UTC
Setting dequeue packet count to max of MAX_PKT_BURST
size instead of MAX_PKTS.

Dequeue from cryptodev is called with MAX_PKTS but
routing functions allocate hop/dst_ip arrays of
size MAX_PKT_BURST. This can corrupt stack causing
stack smashing error when more than MAX_PKT_BURST
packets are returned from cryptodev.

Fixes: a2b445b810ac ("examples/ipsec-secgw: allow larger burst size for vectors")
Cc: stable@dpdk.org

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
v2: fixed checkpatch warning

 examples/ipsec-secgw/ipsec-secgw.c   | 6 ++++--
 examples/ipsec-secgw/ipsec_process.c | 3 ++-
 2 files changed, 6 insertions(+), 3 deletions(-)
  

Comments

Akhil Goyal Sept. 18, 2024, 5:44 a.m. UTC | #1
> Subject: [PATCH v2] examples/ipsec-secgw: fix dequeue count from cryptodev
> 
> Setting dequeue packet count to max of MAX_PKT_BURST
> size instead of MAX_PKTS.
> 
> Dequeue from cryptodev is called with MAX_PKTS but
> routing functions allocate hop/dst_ip arrays of
> size MAX_PKT_BURST. This can corrupt stack causing
> stack smashing error when more than MAX_PKT_BURST
> packets are returned from cryptodev.
> 
> Fixes: a2b445b810ac ("examples/ipsec-secgw: allow larger burst size for
> vectors")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
  

Patch

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index e98ad2572e..063cc8768e 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -626,12 +626,13 @@  drain_inbound_crypto_queues(const struct lcore_conf *qconf,
 	uint32_t n;
 	struct ipsec_traffic trf;
 	unsigned int lcoreid = rte_lcore_id();
+	const int nb_pkts = RTE_DIM(trf.ipsec.pkts);
 
 	if (app_sa_prm.enable == 0) {
 
 		/* dequeue packets from crypto-queue */
 		n = ipsec_inbound_cqp_dequeue(ctx, trf.ipsec.pkts,
-			RTE_DIM(trf.ipsec.pkts));
+			RTE_MIN(MAX_PKT_BURST, nb_pkts));
 
 		trf.ip4.num = 0;
 		trf.ip6.num = 0;
@@ -663,12 +664,13 @@  drain_outbound_crypto_queues(const struct lcore_conf *qconf,
 {
 	uint32_t n;
 	struct ipsec_traffic trf;
+	const int nb_pkts = RTE_DIM(trf.ipsec.pkts);
 
 	if (app_sa_prm.enable == 0) {
 
 		/* dequeue packets from crypto-queue */
 		n = ipsec_outbound_cqp_dequeue(ctx, trf.ipsec.pkts,
-			RTE_DIM(trf.ipsec.pkts));
+			RTE_MIN(MAX_PKT_BURST, nb_pkts));
 
 		trf.ip4.num = 0;
 		trf.ip6.num = 0;
diff --git a/examples/ipsec-secgw/ipsec_process.c b/examples/ipsec-secgw/ipsec_process.c
index ddbe30745b..5080e810e0 100644
--- a/examples/ipsec-secgw/ipsec_process.c
+++ b/examples/ipsec-secgw/ipsec_process.c
@@ -336,6 +336,7 @@  ipsec_cqp_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf)
 	struct rte_ipsec_session *ss;
 	struct traffic_type *out;
 	struct rte_ipsec_group *pg;
+	const int nb_cops = RTE_DIM(trf->ipsec.pkts);
 	struct rte_crypto_op *cop[RTE_DIM(trf->ipsec.pkts)];
 	struct rte_ipsec_group grp[RTE_DIM(trf->ipsec.pkts)];
 
@@ -345,7 +346,7 @@  ipsec_cqp_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf)
 	out = &trf->ipsec;
 
 	/* dequeue completed crypto-ops */
-	n = ctx_dequeue(ctx, cop, RTE_DIM(cop));
+	n = ctx_dequeue(ctx, cop, RTE_MIN(MAX_PKT_BURST, nb_cops));
 	if (n == 0)
 		return;