diff mbox series

[v2] test/security: fix buffer leaks in error path

Message ID	20231031064446.150191-1-gakhil@marvell.com (mailing list archive)
State	Accepted, archived
Delegated to:	akhil goyal
Headers	From: Akhil Goyal <gakhil@marvell.com> To: <dev@dpdk.org> CC: <stephen@networkplumber.org>, <hemant.agrawal@nxp.com>, <vattunuru@marvell.com>, Akhil Goyal <gakhil@marvell.com>, <stable@dpdk.org> Subject: [PATCH v2] test/security: fix buffer leaks in error path Date: Tue, 31 Oct 2023 12:14:46 +0530 Message-ID: <20231031064446.150191-1-gakhil@marvell.com> In-Reply-To: <20230822173316.465078-1-gakhil@marvell.com> References: <20230822173316.465078-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	[v2] test/security: fix buffer leaks in error path \| [v2] test/security: fix buffer leaks in error path

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/loongarch-compilation	success	Compilation OK
ci/loongarch-unit-testing	success	Unit Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/intel-Testing	success	Testing PASS
ci/intel-Functional	success	Functional PASS
ci/iol-broadcom-Performance	success	Performance Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-broadcom-Functional	success	Functional Testing PASS
ci/github-robot: build	success	github build: passed
ci/iol-compile-amd64-testing	success	Testing PASS
ci/iol-sample-apps-testing	success	Testing PASS
ci/iol-unit-amd64-testing	success	Testing PASS
ci/iol-unit-arm64-testing	success	Testing PASS
ci/iol-compile-arm64-testing	success	Testing PASS

Commit Message

Akhil Goyal Oct. 31, 2023, 6:44 a.m. UTC

  In case of failure of a test in macsec autotest,
the buffers were not getting cleaned.
Added appropriate code to clean the buffers.

Fixes: 993ea577a006 ("test/security: add inline MACsec cases")
Cc: stable@dpdk.org

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
- Used rte_pktmbuf_free_bulk as suggested by Stephen.

 app/test/test_security_inline_macsec.c | 65 +++++++++++++++++---------
 1 file changed, 44 insertions(+), 21 deletions(-)

Comments

Hemant Agrawal Oct. 31, 2023, 1:56 p.m. UTC | #1

Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Tuesday, October 31, 2023 12:15 PM
> To: dev@dpdk.org
> Cc: stephen@networkplumber.org; Hemant Agrawal
> <hemant.agrawal@nxp.com>; vattunuru@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; stable@dpdk.org
> Subject: [PATCH v2] test/security: fix buffer leaks in error path
> Importance: High
> 
> In case of failure of a test in macsec autotest, the buffers were not getting
> cleaned.
> Added appropriate code to clean the buffers.
> 
> Fixes: 993ea577a006 ("test/security: add inline MACsec cases")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> ---
> - Used rte_pktmbuf_free_bulk as suggested by Stephen.
> 
>  app/test/test_security_inline_macsec.c | 65 +++++++++++++++++---------
>  1 file changed, 44 insertions(+), 21 deletions(-)
> 
> diff --git a/app/test/test_security_inline_macsec.c
> b/app/test/test_security_inline_macsec.c
> index 59b1b8a6a6..f11e9da8c3 100644
> --- a/app/test/test_security_inline_macsec.c
> +++ b/app/test/test_security_inline_macsec.c
> @@ -952,8 +952,7 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  			tx_pkts_burst[j]->ol_flags |=
> RTE_MBUF_F_TX_MACSEC;
>  		}
>  		if (tx_pkts_burst[j] == NULL) {
> -			while (j--)
> -				rte_pktmbuf_free(tx_pkts_burst[j]);
> +			rte_pktmbuf_free_bulk(tx_pkts_burst, j);
>  			ret = TEST_FAILED;
>  			goto out;
>  		}
> @@ -965,8 +964,7 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  					opts->ar_td[k]->secure_pkt.data,
>  					opts->ar_td[k]->secure_pkt.len);
>  				if (tx_pkts_burst[j] == NULL) {
> -					while (j--)
> -
> 	rte_pktmbuf_free(tx_pkts_burst[j]);
> +
> 	rte_pktmbuf_free_bulk(tx_pkts_burst, j);
>  					ret = TEST_FAILED;
>  					goto out;
>  				}
> @@ -993,8 +991,7 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  				tx_pkts_burst[j]->ol_flags |=
> RTE_MBUF_F_TX_MACSEC;
>  			}
>  			if (tx_pkts_burst[j] == NULL) {
> -				while (j--)
> -					rte_pktmbuf_free(tx_pkts_burst[j]);
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
>  				ret = TEST_FAILED;
>  				goto out;
>  			}
> @@ -1016,7 +1013,9 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  				id = rte_security_macsec_sa_create(ctx,
> &sa_conf);
>  				if (id < 0) {
>  					printf("MACsec SA create
> failed : %d.\n", id);
> -					return TEST_FAILED;
> +
> 	rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +					ret = TEST_FAILED;
> +					goto out;
>  				}
>  				rx_sa_id[i][an] = (uint16_t)id;
>  			}
> @@ -1025,6 +1024,8 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  			id = rte_security_macsec_sc_create(ctx, &sc_conf);
>  			if (id < 0) {
>  				printf("MACsec SC create failed : %d.\n", id);
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
>  				goto out;
>  			}
>  			rx_sc_id[i] = (uint16_t)id;
> @@ -1032,19 +1033,26 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  			/* Create Inline IPsec session. */
>  			ret = fill_session_conf(td[i], port_id, opts,
> &sess_conf,
>  					RTE_SECURITY_MACSEC_DIR_RX,
> rx_sc_id[i], tci_off);
> -			if (ret)
> -				return TEST_FAILED;
> -
> +			if (ret) {
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
> +				goto out;
> +			}
>  			rx_sess[i] = rte_security_session_create(ctx,
> &sess_conf,
>  					sess_pool);
>  			if (rx_sess[i] == NULL) {
>  				printf("SEC Session init failed.\n");
> -				return TEST_FAILED;
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
> +				goto out;
>  			}
>  			ret = create_default_flow(td[i], port_id,
>  					RTE_SECURITY_MACSEC_DIR_RX,
> rx_sess[i]);
> -			if (ret)
> +			if (ret) {
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
>  				goto out;
> +			}
>  		}
>  		if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP ||
>  				op == MCS_AUTH_ONLY || op ==
> MCS_AUTH_VERIFY) { @@ -1057,7 +1065,9 @@ test_macsec(const struct
> mcs_test_vector *td[], enum mcs_op op, const struct mcs
>  			id = rte_security_macsec_sa_create(ctx, &sa_conf);
>  			if (id < 0) {
>  				printf("MACsec SA create failed : %d.\n", id);
> -				return TEST_FAILED;
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
> +				goto out;
>  			}
>  			tx_sa_id[i][0] = (uint16_t)id;
>  			tx_sa_id[i][1] = MCS_INVALID_SA;
> @@ -1071,6 +1081,8 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  				id = rte_security_macsec_sa_create(ctx,
> &sa_conf);
>  				if (id < 0) {
>  					printf("MACsec rekey SA create
> failed : %d.\n", id);
> +
> 	rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +					ret = TEST_FAILED;
>  					goto out;
>  				}
>  				tx_sa_id[i][1] = (uint16_t)id;
> @@ -1080,6 +1092,8 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  			id = rte_security_macsec_sc_create(ctx, &sc_conf);
>  			if (id < 0) {
>  				printf("MACsec SC create failed : %d.\n", id);
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
>  				goto out;
>  			}
>  			tx_sc_id[i] = (uint16_t)id;
> @@ -1087,19 +1101,26 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  			/* Create Inline IPsec session. */
>  			ret = fill_session_conf(td[i], port_id, opts,
> &sess_conf,
>  					RTE_SECURITY_MACSEC_DIR_TX,
> tx_sc_id[i], tci_off);
> -			if (ret)
> -				return TEST_FAILED;
> -
> +			if (ret) {
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
> +				goto out;
> +			}
>  			tx_sess[i] = rte_security_session_create(ctx,
> &sess_conf,
>  					sess_pool);
>  			if (tx_sess[i] == NULL) {
>  				printf("SEC Session init failed.\n");
> -				return TEST_FAILED;
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
> +				goto out;
>  			}
>  			ret = create_default_flow(td[i], port_id,
>  					RTE_SECURITY_MACSEC_DIR_TX,
> tx_sess[i]);
> -			if (ret)
> +			if (ret) {
> +				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
> +				ret = TEST_FAILED;
>  				goto out;
> +			}
>  		}
>  	}
> 
> @@ -1116,6 +1137,7 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
> 
>  	rte_pause();
> 
> +	j = 0;
>  	/* Receive back packet on loopback interface. */
>  	do {
>  		nb_rx += rte_eth_rx_burst(port_id, 0, @@ -1129,8 +1151,7
> @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op,
> const struct mcs
>  	if (nb_rx != nb_sent) {
>  		printf("\nUnable to RX all %d packets, received(%i)",
>  				nb_sent, nb_rx);
> -		while (--nb_rx >= 0)
> -			rte_pktmbuf_free(rx_pkts_burst[nb_rx]);
> +		rte_pktmbuf_free_bulk(rx_pkts_burst, nb_rx);
>  		ret = TEST_FAILED;
>  		if (opts->check_sectag_interrupts == 1)
>  			ret = TEST_SUCCESS;
> @@ -1154,7 +1175,9 @@ test_macsec(const struct mcs_test_vector *td[],
> enum mcs_op op, const struct mcs
>  			id = rte_security_macsec_sa_create(ctx, &sa_conf);
>  			if (id < 0) {
>  				printf("MACsec SA create failed : %d.\n", id);
> -				return TEST_FAILED;
> +				rte_pktmbuf_free_bulk(rx_pkts_burst,
> nb_rx);
> +				ret = TEST_FAILED;
> +				goto out;
>  			}
>  			tx_sa_id[0][0] = (uint16_t)id;
>  			break;
> --
> 2.25.1

Stephen Hemminger Oct. 31, 2023, 3:47 p.m. UTC | #2

On Tue, 31 Oct 2023 12:14:46 +0530
Akhil Goyal <gakhil@marvell.com> wrote:

> From: Akhil Goyal <gakhil@marvell.com>
> To: <dev@dpdk.org>
> CC: <stephen@networkplumber.org>, <hemant.agrawal@nxp.com>,         <vattunuru@marvell.com>, Akhil Goyal <gakhil@marvell.com>,         <stable@dpdk.org>
> Subject: [PATCH v2] test/security: fix buffer leaks in error path
> Date: Tue, 31 Oct 2023 12:14:46 +0530
> X-Mailer: git-send-email 2.25.1
> 
> In case of failure of a test in macsec autotest,
> the buffers were not getting cleaned.
> Added appropriate code to clean the buffers.
> 
> Fixes: 993ea577a006 ("test/security: add inline MACsec cases")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>

Acked-by: Stephen Hemminger <stephen@networkplumber.org>

Akhil Goyal Oct. 31, 2023, 5:59 p.m. UTC | #3

> > Subject: [PATCH v2] test/security: fix buffer leaks in error path
> > Date: Tue, 31 Oct 2023 12:14:46 +0530
> > X-Mailer: git-send-email 2.25.1
> >
> > In case of failure of a test in macsec autotest,
> > the buffers were not getting cleaned.
> > Added appropriate code to clean the buffers.
> >
> > Fixes: 993ea577a006 ("test/security: add inline MACsec cases")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> 
> Acked-by: Stephen Hemminger <stephen@networkplumber.org>

Applied to dpdk-next-crypto
Thanks.

diff mbox series

Patch

diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c
index 59b1b8a6a6..f11e9da8c3 100644
--- a/app/test/test_security_inline_macsec.c
+++ b/app/test/test_security_inline_macsec.c
@@ -952,8 +952,7 @@  test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
 			tx_pkts_burst[j]->ol_flags |= RTE_MBUF_F_TX_MACSEC;
 		}
 		if (tx_pkts_burst[j] == NULL) {
-			while (j--)
-				rte_pktmbuf_free(tx_pkts_burst[j]);
+			rte_pktmbuf_free_bulk(tx_pkts_burst, j);
 			ret = TEST_FAILED;
 			goto out;
 		}
@@ -965,8 +964,7 @@  test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
 					opts->ar_td[k]->secure_pkt.data,
 					opts->ar_td[k]->secure_pkt.len);
 				if (tx_pkts_burst[j] == NULL) {
-					while (j--)
-						rte_pktmbuf_free(tx_pkts_burst[j]);
+					rte_pktmbuf_free_bulk(tx_pkts_burst, j);
 					ret = TEST_FAILED;
 					goto out;
 				}
@@ -993,8 +991,7 @@  test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
 				tx_pkts_burst[j]->ol_flags |= RTE_MBUF_F_TX_MACSEC;
 			}
 			if (tx_pkts_burst[j] == NULL) {
-				while (j--)
-					rte_pktmbuf_free(tx_pkts_burst[j]);
+				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
 				ret = TEST_FAILED;
 				goto out;
 			}
@@ -1016,7 +1013,9 @@  test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
 				id = rte_security_macsec_sa_create(ctx, &sa_conf);
 				if (id < 0) {
 					printf("MACsec SA create failed : %d.\n", id);
-					return TEST_FAILED;
+					rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+					ret = TEST_FAILED;
+					goto out;
 				}
 				rx_sa_id[i][an] = (uint16_t)id;
 			}
@@ -1025,6 +1024,8 @@  test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
 			id = rte_security_macsec_sc_create(ctx, &sc_conf);
 			if (id < 0) {
 				printf("MACsec SC create failed : %d.\n", id);
+				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+				ret = TEST_FAILED;
 				goto out;
 			}
 			rx_sc_id[i] = (uint16_t)id;
@@ -1032,19 +1033,26 @@  test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
 			/* Create Inline IPsec session. */
 			ret = fill_session_conf(td[i], port_id, opts, &sess_conf,
 					RTE_SECURITY_MACSEC_DIR_RX, rx_sc_id[i], tci_off);
-			if (ret)
-				return TEST_FAILED;
-
+			if (ret) {
+				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+				ret = TEST_FAILED;
+				goto out;
+			}
 			rx_sess[i] = rte_security_session_create(ctx, &sess_conf,
 					sess_pool);
 			if (rx_sess[i] == NULL) {
 				printf("SEC Session init failed.\n");
-				return TEST_FAILED;
+				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+				ret = TEST_FAILED;
+				goto out;
 			}
 			ret = create_default_flow(td[i], port_id,
 					RTE_SECURITY_MACSEC_DIR_RX, rx_sess[i]);
-			if (ret)
+			if (ret) {
+				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+				ret = TEST_FAILED;
 				goto out;
+			}
 		}
 		if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP ||
 				op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) {
@@ -1057,7 +1065,9 @@  test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
 			id = rte_security_macsec_sa_create(ctx, &sa_conf);
 			if (id < 0) {
 				printf("MACsec SA create failed : %d.\n", id);
-				return TEST_FAILED;
+				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+				ret = TEST_FAILED;
+				goto out;
 			}
 			tx_sa_id[i][0] = (uint16_t)id;
 			tx_sa_id[i][1] = MCS_INVALID_SA;
@@ -1071,6 +1081,8 @@  test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
 				id = rte_security_macsec_sa_create(ctx, &sa_conf);
 				if (id < 0) {
 					printf("MACsec rekey SA create failed : %d.\n", id);
+					rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+					ret = TEST_FAILED;
 					goto out;
 				}
 				tx_sa_id[i][1] = (uint16_t)id;
@@ -1080,6 +1092,8 @@  test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
 			id = rte_security_macsec_sc_create(ctx, &sc_conf);
 			if (id < 0) {
 				printf("MACsec SC create failed : %d.\n", id);
+				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+				ret = TEST_FAILED;
 				goto out;
 			}
 			tx_sc_id[i] = (uint16_t)id;
@@ -1087,19 +1101,26 @@  test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
 			/* Create Inline IPsec session. */
 			ret = fill_session_conf(td[i], port_id, opts, &sess_conf,
 					RTE_SECURITY_MACSEC_DIR_TX, tx_sc_id[i], tci_off);
-			if (ret)
-				return TEST_FAILED;
-
+			if (ret) {
+				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+				ret = TEST_FAILED;
+				goto out;
+			}
 			tx_sess[i] = rte_security_session_create(ctx, &sess_conf,
 					sess_pool);
 			if (tx_sess[i] == NULL) {
 				printf("SEC Session init failed.\n");
-				return TEST_FAILED;
+				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+				ret = TEST_FAILED;
+				goto out;
 			}
 			ret = create_default_flow(td[i], port_id,
 					RTE_SECURITY_MACSEC_DIR_TX, tx_sess[i]);
-			if (ret)
+			if (ret) {
+				rte_pktmbuf_free_bulk(tx_pkts_burst, j);
+				ret = TEST_FAILED;
 				goto out;
+			}
 		}
 	}
 
@@ -1116,6 +1137,7 @@  test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
 
 	rte_pause();
 
+	j = 0;
 	/* Receive back packet on loopback interface. */
 	do {
 		nb_rx += rte_eth_rx_burst(port_id, 0,
@@ -1129,8 +1151,7 @@  test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
 	if (nb_rx != nb_sent) {
 		printf("\nUnable to RX all %d packets, received(%i)",
 				nb_sent, nb_rx);
-		while (--nb_rx >= 0)
-			rte_pktmbuf_free(rx_pkts_burst[nb_rx]);
+		rte_pktmbuf_free_bulk(rx_pkts_burst, nb_rx);
 		ret = TEST_FAILED;
 		if (opts->check_sectag_interrupts == 1)
 			ret = TEST_SUCCESS;
@@ -1154,7 +1175,9 @@  test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
 			id = rte_security_macsec_sa_create(ctx, &sa_conf);
 			if (id < 0) {
 				printf("MACsec SA create failed : %d.\n", id);
-				return TEST_FAILED;
+				rte_pktmbuf_free_bulk(rx_pkts_burst, nb_rx);
+				ret = TEST_FAILED;
+				goto out;
 			}
 			tx_sa_id[0][0] = (uint16_t)id;
 			break;