[v1,2/2] crypto/aesni_mb: improve security instance setup

  This patch makes some minor improvements to the security instance setup
for the AESNI-MB PMD. All of this setup code is now in one '#ifdef
AESNI_MB_DOCSIS_SEC_ENABLED' block. Enabling the
RTE_CRYPTODEV_FF_SECURITY feature for the device is also moved to this
block.

Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")

Signed-off-by: David Coyle <david.coyle@intel.com>
---
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)
  

Hi David,

> -----Original Message-----
> From: Coyle, David <david.coyle@intel.com>
> Sent: Thursday, July 16, 2020 4:36 PM
> To: akhil.goyal@nxp.com; Doherty, Declan <declan.doherty@intel.com>; De
> Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>
> Cc: dev@dpdk.org; Ryan, Brendan <brendan.ryan@intel.com>; O'loingsigh,
> Mairtin <mairtin.oloingsigh@intel.com>; Coyle, David <david.coyle@intel.com>
> Subject: [PATCH v1 2/2] crypto/aesni_mb: improve security instance setup
> 
> This patch makes some minor improvements to the security instance setup for
> the AESNI-MB PMD. All of this setup code is now in one '#ifdef
> AESNI_MB_DOCSIS_SEC_ENABLED' block. Enabling the
> RTE_CRYPTODEV_FF_SECURITY feature for the device is also moved to this
> block.
> 
> Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")
> 
> Signed-off-by: David Coyle <david.coyle@intel.com>
> ---
>  drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 13 ++++---------
>  1 file changed, 4 insertions(+), 9 deletions(-)
> 
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> index b54c57f86..171d914a3 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> @@ -1881,9 +1881,6 @@ cryptodev_aesni_mb_create(const char *name,
>  	struct aesni_mb_private *internals;
>  	enum aesni_mb_vector_mode vector_mode;
>  	MB_MGR *mb_mgr;
> -#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
> -	struct rte_security_ctx *security_instance;
> -#endif
> 
>  	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
>  	if (dev == NULL) {
> @@ -1912,13 +1909,10 @@ cryptodev_aesni_mb_create(const char *name,
>  			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
>  			RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
>  			RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO |
> -			RTE_CRYPTODEV_FF_SYM_SESSIONLESS
> -#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
> -			| RTE_CRYPTODEV_FF_SECURITY
> -#endif
> -			;
> +			RTE_CRYPTODEV_FF_SYM_SESSIONLESS;
> 
>  #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
> +	struct rte_security_ctx *security_instance;
>  	security_instance = rte_malloc("aesni_mb_sec",
>  				sizeof(struct rte_security_ctx),
>  				RTE_CACHE_LINE_SIZE);

I see that there could be a potential memory leak here.
Assuming this malloc works, if alloc_init_mb_mgr() fails, this memory will not be freed.
So I suggest two options:
1 - Free security_instance if alloc_init_mb_mgr() fails
2 - Move this piece of code after alloc_init_mb_mgr and free mb_mgr if this malloc fails.

Thanks,
Pablo
  

Hi Pablo

> -----Original Message-----
> From: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Sent: Friday, July 17, 2020 8:29 PM
> >
> >  #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
> > +	struct rte_security_ctx *security_instance;
> >  	security_instance = rte_malloc("aesni_mb_sec",
> >  				sizeof(struct rte_security_ctx),
> >  				RTE_CACHE_LINE_SIZE);
> 
> I see that there could be a potential memory leak here.
> Assuming this malloc works, if alloc_init_mb_mgr() fails, this memory will not
> be freed.
> So I suggest two options:
> 1 - Free security_instance if alloc_init_mb_mgr() fails
> 2 - Move this piece of code after alloc_init_mb_mgr and free mb_mgr if this
> malloc fails.

[DC] Good catch, disappointed I didn't spot that myself :(
This is fixed in v2 coming very shortly - used option 1 above
>