[v1,2/2] crypto/aesni_mb: improve security instance setup
diff mbox series

Message ID 20200716153600.66071-3-david.coyle@intel.com
State Changes Requested
Delegated to: akhil goyal
Headers show
Series
  • improve security instance setup
Related show

Checks

Context Check Description
ci/travis-robot success Travis build: passed
ci/Intel-compilation success Compilation OK
ci/checkpatch success coding style OK

Commit Message

David Coyle July 16, 2020, 3:36 p.m. UTC
This patch makes some minor improvements to the security instance setup
for the AESNI-MB PMD. All of this setup code is now in one '#ifdef
AESNI_MB_DOCSIS_SEC_ENABLED' block. Enabling the
RTE_CRYPTODEV_FF_SECURITY feature for the device is also moved to this
block.

Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")

Signed-off-by: David Coyle <david.coyle@intel.com>
---
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

Comments

De Lara Guarch, Pablo July 17, 2020, 7:29 p.m. UTC | #1
Hi David,

> -----Original Message-----
> From: Coyle, David <david.coyle@intel.com>
> Sent: Thursday, July 16, 2020 4:36 PM
> To: akhil.goyal@nxp.com; Doherty, Declan <declan.doherty@intel.com>; De
> Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>
> Cc: dev@dpdk.org; Ryan, Brendan <brendan.ryan@intel.com>; O'loingsigh,
> Mairtin <mairtin.oloingsigh@intel.com>; Coyle, David <david.coyle@intel.com>
> Subject: [PATCH v1 2/2] crypto/aesni_mb: improve security instance setup
> 
> This patch makes some minor improvements to the security instance setup for
> the AESNI-MB PMD. All of this setup code is now in one '#ifdef
> AESNI_MB_DOCSIS_SEC_ENABLED' block. Enabling the
> RTE_CRYPTODEV_FF_SECURITY feature for the device is also moved to this
> block.
> 
> Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")
> 
> Signed-off-by: David Coyle <david.coyle@intel.com>
> ---
>  drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 13 ++++---------
>  1 file changed, 4 insertions(+), 9 deletions(-)
> 
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> index b54c57f86..171d914a3 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> @@ -1881,9 +1881,6 @@ cryptodev_aesni_mb_create(const char *name,
>  	struct aesni_mb_private *internals;
>  	enum aesni_mb_vector_mode vector_mode;
>  	MB_MGR *mb_mgr;
> -#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
> -	struct rte_security_ctx *security_instance;
> -#endif
> 
>  	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
>  	if (dev == NULL) {
> @@ -1912,13 +1909,10 @@ cryptodev_aesni_mb_create(const char *name,
>  			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
>  			RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
>  			RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO |
> -			RTE_CRYPTODEV_FF_SYM_SESSIONLESS
> -#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
> -			| RTE_CRYPTODEV_FF_SECURITY
> -#endif
> -			;
> +			RTE_CRYPTODEV_FF_SYM_SESSIONLESS;
> 
>  #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
> +	struct rte_security_ctx *security_instance;
>  	security_instance = rte_malloc("aesni_mb_sec",
>  				sizeof(struct rte_security_ctx),
>  				RTE_CACHE_LINE_SIZE);

I see that there could be a potential memory leak here.
Assuming this malloc works, if alloc_init_mb_mgr() fails, this memory will not be freed.
So I suggest two options:
1 - Free security_instance if alloc_init_mb_mgr() fails
2 - Move this piece of code after alloc_init_mb_mgr and free mb_mgr if this malloc fails.

Thanks,
Pablo
David Coyle July 20, 2020, 12:38 p.m. UTC | #2
Hi Pablo

> -----Original Message-----
> From: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Sent: Friday, July 17, 2020 8:29 PM
> >
> >  #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
> > +	struct rte_security_ctx *security_instance;
> >  	security_instance = rte_malloc("aesni_mb_sec",
> >  				sizeof(struct rte_security_ctx),
> >  				RTE_CACHE_LINE_SIZE);
> 
> I see that there could be a potential memory leak here.
> Assuming this malloc works, if alloc_init_mb_mgr() fails, this memory will not
> be freed.
> So I suggest two options:
> 1 - Free security_instance if alloc_init_mb_mgr() fails
> 2 - Move this piece of code after alloc_init_mb_mgr and free mb_mgr if this
> malloc fails.

[DC] Good catch, disappointed I didn't spot that myself :(
This is fixed in v2 coming very shortly - used option 1 above
>

Patch
diff mbox series

diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index b54c57f86..171d914a3 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -1881,9 +1881,6 @@  cryptodev_aesni_mb_create(const char *name,
 	struct aesni_mb_private *internals;
 	enum aesni_mb_vector_mode vector_mode;
 	MB_MGR *mb_mgr;
-#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
-	struct rte_security_ctx *security_instance;
-#endif
 
 	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
 	if (dev == NULL) {
@@ -1912,13 +1909,10 @@  cryptodev_aesni_mb_create(const char *name,
 			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
 			RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
 			RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO |
-			RTE_CRYPTODEV_FF_SYM_SESSIONLESS
-#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
-			| RTE_CRYPTODEV_FF_SECURITY
-#endif
-			;
+			RTE_CRYPTODEV_FF_SYM_SESSIONLESS;
 
 #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
+	struct rte_security_ctx *security_instance;
 	security_instance = rte_malloc("aesni_mb_sec",
 				sizeof(struct rte_security_ctx),
 				RTE_CACHE_LINE_SIZE);
@@ -1932,6 +1926,7 @@  cryptodev_aesni_mb_create(const char *name,
 	security_instance->ops = rte_aesni_mb_pmd_sec_ops;
 	security_instance->sess_cnt = 0;
 	dev->security_ctx = security_instance;
+	dev->feature_flags |= RTE_CRYPTODEV_FF_SECURITY;
 #endif
 
 	/* Check CPU for support for AES instruction set */
@@ -2011,7 +2006,7 @@  cryptodev_aesni_mb_remove(struct rte_vdev_device *vdev)
 		RTE_PER_LCORE(sync_mb_mgr) = NULL;
 	}
 
-#ifdef RTE_LIBRTE_SECURITY
+#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
 	rte_free(cryptodev->security_ctx);
 #endif