diff mbox series

[v1] crypto/qat: check for multi-segment buffers for DOCSIS

Message ID 20200716153331.65689-1-david.coyle@intel.com (mailing list archive)
State Accepted, archived
Delegated to: akhil goyal
Headers
Series [v1] crypto/qat: check for multi-segment buffers for DOCSIS |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK
ci/travis-robot success Travis build: passed
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-mellanox-Performance fail Performance Testing issues
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-testing success Testing PASS

Commit Message

Coyle, David July 16, 2020, 3:33 p.m. UTC 
  Multi-segment mbufs are not supported for DOCSIS security protocol.
This patch adds an explicit check for this and returns an op error if
this case is found. This limitation is also added to the QAT cryptodev
documentation.

Fixes: 6f0ef237404b ("crypto/qat: support DOCSIS protocol")

Signed-off-by: David Coyle <david.coyle@intel.com>
---
 doc/guides/cryptodevs/qat.rst |  2 ++
 drivers/crypto/qat/qat_sym.c  | 12 +++++++-----
 2 files changed, 9 insertions(+), 5 deletions(-)

Comments

Fiona Trahe July 17, 2020, 6:25 p.m. UTC | #1 
> -----Original Message-----
> From: Coyle, David <david.coyle@intel.com>
> Sent: Thursday, July 16, 2020 4:34 PM
> To: akhil.goyal@nxp.com; Doherty, Declan <declan.doherty@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>
> Cc: dev@dpdk.org; Ryan, Brendan <brendan.ryan@intel.com>; O'loingsigh, Mairtin
> <mairtin.oloingsigh@intel.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Coyle, David
> <david.coyle@intel.com>
> Subject: [PATCH v1] crypto/qat: check for multi-segment buffers for DOCSIS
> 
> Multi-segment mbufs are not supported for DOCSIS security protocol.
> This patch adds an explicit check for this and returns an op error if
> this case is found. This limitation is also added to the QAT cryptodev
> documentation.
> 
> Fixes: 6f0ef237404b ("crypto/qat: support DOCSIS protocol")
> 
> Signed-off-by: David Coyle <david.coyle@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Akhil Goyal July 18, 2020, 9:29 p.m. UTC | #2 
> > Multi-segment mbufs are not supported for DOCSIS security protocol.
> > This patch adds an explicit check for this and returns an op error if
> > this case is found. This limitation is also added to the QAT cryptodev
> > documentation.
> >
> > Fixes: 6f0ef237404b ("crypto/qat: support DOCSIS protocol")
> >
> > Signed-off-by: David Coyle <david.coyle@intel.com>
> Acked-by: Fiona Trahe <fiona.trahe@intel.com>

Applied to dpdk-next-crypto

Thanks.
diff mbox series

Patch

diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
index 931a18f9a..b9f8c37ea 100644
--- a/doc/guides/cryptodevs/qat.rst
+++ b/doc/guides/cryptodevs/qat.rst
@@ -134,6 +134,8 @@  Limitations
   protocol.
 * ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` is not supported for combined Crypto-CRC
   DOCSIS security protocol.
+* Multi-segment buffers are not supported for combined Crypto-CRC DOCSIS
+  security protocol.
 
 Extra notes on KASUMI F9
 ~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 6d568ab8f..632313a26 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -284,13 +284,15 @@  qat_sym_build_request(void *in_op, uint8_t *out_msg,
 			/* DOCSIS processing */
 #ifdef RTE_LIBRTE_SECURITY
 			if (is_docsis_sec) {
-				/* Check for OOP */
-				if (unlikely((op->sym->m_dst != NULL) &&
+				/* Check for OOP or multi-segment buffers */
+				if (unlikely(((op->sym->m_dst != NULL) &&
 						(op->sym->m_dst !=
-						op->sym->m_src))) {
+						op->sym->m_src)) ||
+						op->sym->m_src->nb_segs > 1)) {
 					QAT_DP_LOG(ERR,
-						"OOP not supported for DOCSIS "
-						"security");
+						"OOP and/or multi-segment "
+						"buffers are not supported for "
+						"DOCSIS security");
 					op->status =
 					RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 					return -EINVAL;