[1/2] crypto/nitrox: fix panic with higher mbuf segments
Checks
Commit Message
When the number of segments in source or destination mbuf is higher than
max supported then the application was panicked during the creation of
sglist when RTE_VERIFY was called. Validate the number of mbuf segments
and return an error instead of panicking.
Fixes: 678f3eca1dfd ("crypto/nitrox: support cipher-only operations")
Fixes: 9282bdee5cdf ("crypto/nitrox: add cipher auth chain processing")
Cc: stable@dpdk.org
Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
---
drivers/crypto/nitrox/nitrox_sym_reqmgr.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
@@ -10,8 +10,11 @@
#include "nitrox_sym_reqmgr.h"
#include "nitrox_logs.h"
-#define MAX_SGBUF_CNT 16
-#define MAX_SGCOMP_CNT 5
+#define MAX_SUPPORTED_MBUF_SEGS 16
+/* IV + AAD + ORH + CC + DIGEST */
+#define ADDITIONAL_SGBUF_CNT 5
+#define MAX_SGBUF_CNT (MAX_SUPPORTED_MBUF_SEGS + ADDITIONAL_SGBUF_CNT)
+#define MAX_SGCOMP_CNT (RTE_ALIGN_MUL_CEIL(MAX_SGBUF_CNT, 4) / 4)
/* SLC_STORE_INFO */
#define MIN_UDD_LEN 16
/* PKT_IN_HDR + SLC_STORE_INFO */
@@ -303,7 +306,7 @@ create_sglist_from_mbuf(struct nitrox_sgtable *sgtbl, struct rte_mbuf *mbuf,
datalen -= mlen;
}
- RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+ RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
sgtbl->map_bufs_cnt = cnt;
return 0;
}
@@ -375,7 +378,7 @@ create_cipher_outbuf(struct nitrox_softreq *sr)
sr->out.sglist[cnt].virt = &sr->resp.completion;
cnt++;
- RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+ RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
sr->out.map_bufs_cnt = cnt;
create_sgcomp(&sr->out);
@@ -600,7 +603,7 @@ create_aead_outbuf(struct nitrox_softreq *sr, struct nitrox_sglist *digest)
resp.completion);
sr->out.sglist[cnt].virt = &sr->resp.completion;
cnt++;
- RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+ RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
sr->out.map_bufs_cnt = cnt;
create_sgcomp(&sr->out);
@@ -774,6 +777,14 @@ nitrox_process_se_req(uint16_t qno, struct rte_crypto_op *op,
{
int err;
+ if (unlikely(op->sym->m_src->nb_segs > MAX_SUPPORTED_MBUF_SEGS ||
+ (op->sym->m_dst &&
+ op->sym->m_dst->nb_segs > MAX_SUPPORTED_MBUF_SEGS))) {
+ NITROX_LOG(ERR, "Mbuf segments not supported. "
+ "Max supported %d\n", MAX_SUPPORTED_MBUF_SEGS);
+ return -ENOTSUP;
+ }
+
softreq_init(sr, sr->iova);
sr->ctx = ctx;
sr->op = op;