diff mbox series

[v1] eventdev/crypto: fix enqueueing invalid ops

Message ID	20240228103919.2018017-1-ganapati.kundapura@intel.com (mailing list archive)
State	Accepted, archived
Delegated to:	Jerin Jacob
Headers	From: Ganapati Kundapura <ganapati.kundapura@intel.com> To: dev@dpdk.org, jerinj@marvell.com, jay.jayatheerthan@intel.com Cc: s.v.naga.harish.k@intel.com, abhinandan.gujjar@intel.com Subject: [PATCH v1] eventdev/crypto: fix enqueueing invalid ops Date: Wed, 28 Feb 2024 04:39:19 -0600 Message-Id: <20240228103919.2018017-1-ganapati.kundapura@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: dev-bounces@dpdk.org
Series	[v1] eventdev/crypto: fix enqueueing invalid ops \| [v1] eventdev/crypto: fix enqueueing invalid ops

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/loongarch-compilation	success	Compilation OK
ci/loongarch-unit-testing	success	Unit Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/intel-Testing	success	Testing PASS
ci/github-robot: build	success	github build: passed
ci/intel-Functional	success	Functional PASS
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/iol-abi-testing	success	Testing PASS
ci/iol-compile-amd64-testing	success	Testing PASS
ci/iol-unit-arm64-testing	success	Testing PASS
ci/iol-compile-arm64-testing	success	Testing PASS
ci/iol-unit-amd64-testing	success	Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-sample-apps-testing	success	Testing PASS
ci/iol-broadcom-Functional	success	Functional Testing PASS
ci/iol-broadcom-Performance	success	Performance Testing PASS

Commit Message

Ganapati Kundapura Feb. 28, 2024, 10:39 a.m. UTC

  When tail pointer of Circ buffer rollsover as the Circ buffer becomes full,
crypto adapter is enqueueing ops beyond the size of the Circ buffer
leading to segfault due to invalid ops access.

Fixed by enqueueing ops from head pointer to (size-head) number of ops
when Circ buffer becomes full and the remaining ops will be flushed
in next iteration.

Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")

Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>

Comments

Gujjar, Abhinandan S Feb. 28, 2024, 5:11 p.m. UTC | #1

> -----Original Message-----
> From: Kundapura, Ganapati <ganapati.kundapura@intel.com>
> Sent: Wednesday, February 28, 2024 4:09 PM
> To: dev@dpdk.org; jerinj@marvell.com; Jayatheerthan, Jay
> <jay.jayatheerthan@intel.com>
> Cc: Naga Harish K, S V <s.v.naga.harish.k@intel.com>; Gujjar, Abhinandan S
> <abhinandan.gujjar@intel.com>
> Subject: [PATCH v1] eventdev/crypto: fix enqueueing invalid ops
> 
> When tail pointer of Circ buffer rollsover as the Circ buffer becomes full, crypto
> adapter is enqueueing ops beyond the size of the Circ buffer leading to segfault
> due to invalid ops access.
> 
> Fixed by enqueueing ops from head pointer to (size-head) number of ops when
> Circ buffer becomes full and the remaining ops will be flushed in next iteration.
> 
> Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")
> 
> Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
> 
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>

> diff --git a/lib/eventdev/rte_event_crypto_adapter.c
> b/lib/eventdev/rte_event_crypto_adapter.c
> index d46595d..9903f96 100644
> --- a/lib/eventdev/rte_event_crypto_adapter.c
> +++ b/lib/eventdev/rte_event_crypto_adapter.c
> @@ -245,20 +245,28 @@ eca_circular_buffer_flush_to_cdev(struct
> crypto_ops_circular_buffer *bufp,
>  	struct rte_crypto_op **ops = bufp->op_buffer;
> 
>  	if (*tailp > *headp)
> +		/* Flush ops from head pointer to (tail - head) OPs */
>  		n = *tailp - *headp;
>  	else if (*tailp < *headp)
> +		/* Circ buffer - Rollover.
> +		 * Flush OPs from head to max size of buffer.
> +		 * Rest of the OPs will be flushed in next iteration.
> +		 */
>  		n = bufp->size - *headp;
>  	else { /* head == tail case */
>  		/* when head == tail,
>  		 * circ buff is either full(tail pointer roll over) or empty
>  		 */
>  		if (bufp->count != 0) {
> -			/* circ buffer is full */
> -			n = bufp->count;
> +			/* Circ buffer - FULL.
> +			 * Flush OPs from head to max size of buffer.
> +			 * Rest of the OPS will be flushed in next iteration.
> +			 */
> +			n = bufp->size - *headp;
>  		} else {
> -			/* circ buffer is empty */
> +			/* Circ buffer - Empty */
>  			*nb_ops_flushed = 0;
> -			return 0;  /* buffer empty */
> +			return 0;
>  		}
>  	}
> 
> --
> 2.6.4

Jerin Jacob March 1, 2024, 1:28 p.m. UTC | #2

On Wed, Feb 28, 2024 at 10:42 PM Gujjar, Abhinandan S
<abhinandan.gujjar@intel.com> wrote:
>
>
>
> > -----Original Message-----
> > From: Kundapura, Ganapati <ganapati.kundapura@intel.com>
> > Sent: Wednesday, February 28, 2024 4:09 PM
> > To: dev@dpdk.org; jerinj@marvell.com; Jayatheerthan, Jay
> > <jay.jayatheerthan@intel.com>
> > Cc: Naga Harish K, S V <s.v.naga.harish.k@intel.com>; Gujjar, Abhinandan S
> > <abhinandan.gujjar@intel.com>
> > Subject: [PATCH v1] eventdev/crypto: fix enqueueing invalid ops
> >
> > When tail pointer of Circ buffer rollsover as the Circ buffer becomes full, crypto
> > adapter is enqueueing ops beyond the size of the Circ buffer leading to segfault
> > due to invalid ops access.
> >
> > Fixed by enqueueing ops from head pointer to (size-head) number of ops when
> > Circ buffer becomes full and the remaining ops will be flushed in next iteration.
> >
> > Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")
> >
> > Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
> >
> Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>


Updated the git commit as follows and applied to
dpdk-next-net-eventdev/for-main. Thanks

    eventdev/crypto: fix enqueueing invalid ops

    When tail pointer of circular buffer rolls over as the circular buffer
    becomes full, crypto adapter is enqueueing ops beyond the size of the
    circular buffer leading to segfault due to invalid ops access.

    Fixed by enqueueing ops from head pointer to (size-head) number of ops
    when circular buffer becomes full and the remaining ops will be flushed
    in next iteration.

    Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")
    Cc: stable@dpdk.org

    Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
    Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>

diff mbox series

Patch

diff --git a/lib/eventdev/rte_event_crypto_adapter.c b/lib/eventdev/rte_event_crypto_adapter.c
index d46595d..9903f96 100644
--- a/lib/eventdev/rte_event_crypto_adapter.c
+++ b/lib/eventdev/rte_event_crypto_adapter.c
@@ -245,20 +245,28 @@  eca_circular_buffer_flush_to_cdev(struct crypto_ops_circular_buffer *bufp,
 	struct rte_crypto_op **ops = bufp->op_buffer;
 
 	if (*tailp > *headp)
+		/* Flush ops from head pointer to (tail - head) OPs */
 		n = *tailp - *headp;
 	else if (*tailp < *headp)
+		/* Circ buffer - Rollover.
+		 * Flush OPs from head to max size of buffer.
+		 * Rest of the OPs will be flushed in next iteration.
+		 */
 		n = bufp->size - *headp;
 	else { /* head == tail case */
 		/* when head == tail,
 		 * circ buff is either full(tail pointer roll over) or empty
 		 */
 		if (bufp->count != 0) {
-			/* circ buffer is full */
-			n = bufp->count;
+			/* Circ buffer - FULL.
+			 * Flush OPs from head to max size of buffer.
+			 * Rest of the OPS will be flushed in next iteration.
+			 */
+			n = bufp->size - *headp;
 		} else {
-			/* circ buffer is empty */
+			/* Circ buffer - Empty */
 			*nb_ops_flushed = 0;
-			return 0;  /* buffer empty */
+			return 0;
 		}
 	}