[v1] crypto/qat: check for multi-segment buffers for DOCSIS
Checks
Commit Message
Multi-segment mbufs are not supported for DOCSIS security protocol.
This patch adds an explicit check for this and returns an op error if
this case is found. This limitation is also added to the QAT cryptodev
documentation.
Fixes: 6f0ef237404b ("crypto/qat: support DOCSIS protocol")
Signed-off-by: David Coyle <david.coyle@intel.com>
---
doc/guides/cryptodevs/qat.rst | 2 ++
drivers/crypto/qat/qat_sym.c | 12 +++++++-----
2 files changed, 9 insertions(+), 5 deletions(-)
Comments
> -----Original Message-----
> From: Coyle, David <david.coyle@intel.com>
> Sent: Thursday, July 16, 2020 4:34 PM
> To: akhil.goyal@nxp.com; Doherty, Declan <declan.doherty@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>
> Cc: dev@dpdk.org; Ryan, Brendan <brendan.ryan@intel.com>; O'loingsigh, Mairtin
> <mairtin.oloingsigh@intel.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Coyle, David
> <david.coyle@intel.com>
> Subject: [PATCH v1] crypto/qat: check for multi-segment buffers for DOCSIS
>
> Multi-segment mbufs are not supported for DOCSIS security protocol.
> This patch adds an explicit check for this and returns an op error if
> this case is found. This limitation is also added to the QAT cryptodev
> documentation.
>
> Fixes: 6f0ef237404b ("crypto/qat: support DOCSIS protocol")
>
> Signed-off-by: David Coyle <david.coyle@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
> > Multi-segment mbufs are not supported for DOCSIS security protocol.
> > This patch adds an explicit check for this and returns an op error if
> > this case is found. This limitation is also added to the QAT cryptodev
> > documentation.
> >
> > Fixes: 6f0ef237404b ("crypto/qat: support DOCSIS protocol")
> >
> > Signed-off-by: David Coyle <david.coyle@intel.com>
> Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Applied to dpdk-next-crypto
Thanks.
@@ -134,6 +134,8 @@ Limitations
protocol.
* ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` is not supported for combined Crypto-CRC
DOCSIS security protocol.
+* Multi-segment buffers are not supported for combined Crypto-CRC DOCSIS
+ security protocol.
Extra notes on KASUMI F9
~~~~~~~~~~~~~~~~~~~~~~~~
@@ -284,13 +284,15 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
/* DOCSIS processing */
#ifdef RTE_LIBRTE_SECURITY
if (is_docsis_sec) {
- /* Check for OOP */
- if (unlikely((op->sym->m_dst != NULL) &&
+ /* Check for OOP or multi-segment buffers */
+ if (unlikely(((op->sym->m_dst != NULL) &&
(op->sym->m_dst !=
- op->sym->m_src))) {
+ op->sym->m_src)) ||
+ op->sym->m_src->nb_segs > 1)) {
QAT_DP_LOG(ERR,
- "OOP not supported for DOCSIS "
- "security");
+ "OOP and/or multi-segment "
+ "buffers are not supported for "
+ "DOCSIS security");
op->status =
RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
return -EINVAL;