Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/51419/?format=api
http://patches.dpdk.org/api/patches/51419/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/1553102679-23576-7-git-send-email-konstantin.ananyev@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1553102679-23576-7-git-send-email-konstantin.ananyev@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1553102679-23576-7-git-send-email-konstantin.ananyev@intel.com", "date": "2019-03-20T17:24:38", "name": "[v2,6/7] ipsec: reorder packet check for esp inbound", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "435663dfe1917e62e0d42a9ba480edb8f4bcc103", "submitter": { "id": 33, "url": "http://patches.dpdk.org/api/people/33/?format=api", "name": "Ananyev, Konstantin", "email": "konstantin.ananyev@intel.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/1553102679-23576-7-git-send-email-konstantin.ananyev@intel.com/mbox/", "series": [ { "id": 3834, "url": "http://patches.dpdk.org/api/series/3834/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=3834", "date": "2019-03-20T17:24:38", "name": null, "version": 2, "mbox": "http://patches.dpdk.org/series/3834/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/51419/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/51419/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id C6ED81B3A6;\n\tWed, 20 Mar 2019 18:25:13 +0100 (CET)", "from mga12.intel.com (mga12.intel.com [192.55.52.136])\n\tby dpdk.org (Postfix) with ESMTP id 47C3C1B1F9\n\tfor <dev@dpdk.org>; Wed, 20 Mar 2019 18:24:59 +0100 (CET)", "from orsmga002.jf.intel.com ([10.7.209.21])\n\tby fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t20 Mar 2019 10:24:56 -0700", "from sivswdev08.ir.intel.com (HELO localhost.localdomain)\n\t([10.237.217.47])\n\tby orsmga002.jf.intel.com with ESMTP; 20 Mar 2019 10:24:55 -0700" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.60,249,1549958400\"; d=\"scan'208\";a=\"143690001\"", "From": "Konstantin Ananyev <konstantin.ananyev@intel.com>", "To": "dev@dpdk.org", "Cc": "akhil.goyal@nxp.com, olivier.matz@6wind.com,\n\tKonstantin Ananyev <konstantin.ananyev@intel.com>", "Date": "Wed, 20 Mar 2019 17:24:38 +0000", "Message-Id": "<1553102679-23576-7-git-send-email-konstantin.ananyev@intel.com>", "X-Mailer": "git-send-email 1.7.0.7", "In-Reply-To": "<1551381661-21078-1-git-send-email-konstantin.ananyev@intel.com>", "References": "<1551381661-21078-1-git-send-email-konstantin.ananyev@intel.com>", "Subject": "[dpdk-dev] [PATCH v2 6/7] ipsec: reorder packet check for esp\n\tinbound", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Right now check for packet length and padding is done inside cop_prepare().\nIt makes sense to have all necessary checks in one place at early stage:\ninside pkt_prepare().\nThat allows to simplify (and later hopefully) optimize cop_prepare() part.\n\nSigned-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>\n---\n lib/librte_ipsec/esp_inb.c | 30 ++++++++++++++----------------\n 1 file changed, 14 insertions(+), 16 deletions(-)", "diff": "diff --git a/lib/librte_ipsec/esp_inb.c b/lib/librte_ipsec/esp_inb.c\nindex 562185ebe..d479af8ea 100644\n--- a/lib/librte_ipsec/esp_inb.c\n+++ b/lib/librte_ipsec/esp_inb.c\n@@ -26,11 +26,6 @@ inb_cop_prepare(struct rte_crypto_op *cop,\n \tstruct rte_crypto_sym_op *sop;\n \tstruct aead_gcm_iv *gcm;\n \tuint64_t *ivc, *ivp;\n-\tuint32_t clen;\n-\n-\tclen = plen - sa->ctp.cipher.length;\n-\tif ((int32_t)clen < 0 || (clen & (sa->pad_align - 1)) != 0)\n-\t\treturn -EINVAL;\n \n \t/* fill sym op fields */\n \tsop = cop->sym;\n@@ -38,7 +33,7 @@ inb_cop_prepare(struct rte_crypto_op *cop,\n \t/* AEAD (AES_GCM) case */\n \tif (sa->aad_len != 0) {\n \t\tsop->aead.data.offset = pofs + sa->ctp.cipher.offset;\n-\t\tsop->aead.data.length = clen;\n+\t\tsop->aead.data.length = plen - sa->ctp.cipher.length;\n \t\tsop->aead.digest.data = icv->va;\n \t\tsop->aead.digest.phys_addr = icv->pa;\n \t\tsop->aead.aad.data = icv->va + sa->icv_len;\n@@ -53,7 +48,7 @@ inb_cop_prepare(struct rte_crypto_op *cop,\n \t/* CRYPT+AUTH case */\n \t} else {\n \t\tsop->cipher.data.offset = pofs + sa->ctp.cipher.offset;\n-\t\tsop->cipher.data.length = clen;\n+\t\tsop->cipher.data.length = plen - sa->ctp.cipher.length;\n \t\tsop->auth.data.offset = pofs + sa->ctp.auth.offset;\n \t\tsop->auth.data.length = plen - sa->ctp.auth.length;\n \t\tsop->auth.digest.data = icv->va;\n@@ -101,7 +96,7 @@ inb_pkt_prepare(const struct rte_ipsec_sa *sa, const struct replay_sqn *rsn,\n {\n \tint32_t rc;\n \tuint64_t sqn;\n-\tuint32_t icv_ofs, plen;\n+\tuint32_t clen, icv_ofs, plen;\n \tstruct rte_mbuf *ml;\n \tstruct esp_hdr *esph;\n \n@@ -128,6 +123,11 @@ inb_pkt_prepare(const struct rte_ipsec_sa *sa, const struct replay_sqn *rsn,\n \tml = rte_pktmbuf_lastseg(mb);\n \ticv_ofs = ml->data_len - sa->icv_len + sa->sqh_len;\n \n+\t/* check that packet has a valid length */\n+\tclen = plen - sa->ctp.cipher.length;\n+\tif ((int32_t)clen < 0 || (clen & (sa->pad_align - 1)) != 0)\n+\t\treturn -EBADMSG;\n+\n \t/* we have to allocate space for AAD somewhere,\n \t * right now - just use free trailing space at the last segment.\n \t * Would probably be more convenient to reserve space for AAD\n@@ -170,21 +170,19 @@ esp_inb_pkt_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],\n \t\trc = inb_pkt_prepare(sa, rsn, mb[i], hl, &icv);\n \t\tif (rc >= 0) {\n \t\t\tlksd_none_cop_prepare(cop[k], cs, mb[i]);\n-\t\t\trc = inb_cop_prepare(cop[k], sa, mb[i], &icv, hl, rc);\n-\t\t}\n-\n-\t\tk += (rc == 0);\n-\t\tif (rc != 0) {\n+\t\t\tinb_cop_prepare(cop[k], sa, mb[i], &icv, hl, rc);\n+\t\t\tk++;\n+\t\t} else\n \t\t\tdr[i - k] = i;\n-\t\t\trte_errno = -rc;\n-\t\t}\n \t}\n \n \trsn_release(sa, rsn);\n \n \t/* copy not prepared mbufs beyond good ones */\n-\tif (k != num && k != 0)\n+\tif (k != num && k != 0) {\n \t\tmbuf_bad_move(mb, dr, num, num - k);\n+\t\trte_errno = EBADMSG;\n+\t}\n \n \treturn k;\n }\n", "prefixes": [ "v2", "6/7" ] }{ "id": 51419, "url": "