[v1] eventdev/crypto: fix enqueueing invalid ops
Checks
Commit Message
When tail pointer of Circ buffer rollsover as the Circ buffer becomes full,
crypto adapter is enqueueing ops beyond the size of the Circ buffer
leading to segfault due to invalid ops access.
Fixed by enqueueing ops from head pointer to (size-head) number of ops
when Circ buffer becomes full and the remaining ops will be flushed
in next iteration.
Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")
Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
Comments
> -----Original Message-----
> From: Kundapura, Ganapati <ganapati.kundapura@intel.com>
> Sent: Wednesday, February 28, 2024 4:09 PM
> To: dev@dpdk.org; jerinj@marvell.com; Jayatheerthan, Jay
> <jay.jayatheerthan@intel.com>
> Cc: Naga Harish K, S V <s.v.naga.harish.k@intel.com>; Gujjar, Abhinandan S
> <abhinandan.gujjar@intel.com>
> Subject: [PATCH v1] eventdev/crypto: fix enqueueing invalid ops
>
> When tail pointer of Circ buffer rollsover as the Circ buffer becomes full, crypto
> adapter is enqueueing ops beyond the size of the Circ buffer leading to segfault
> due to invalid ops access.
>
> Fixed by enqueueing ops from head pointer to (size-head) number of ops when
> Circ buffer becomes full and the remaining ops will be flushed in next iteration.
>
> Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")
>
> Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
> diff --git a/lib/eventdev/rte_event_crypto_adapter.c
> b/lib/eventdev/rte_event_crypto_adapter.c
> index d46595d..9903f96 100644
> --- a/lib/eventdev/rte_event_crypto_adapter.c
> +++ b/lib/eventdev/rte_event_crypto_adapter.c
> @@ -245,20 +245,28 @@ eca_circular_buffer_flush_to_cdev(struct
> crypto_ops_circular_buffer *bufp,
> struct rte_crypto_op **ops = bufp->op_buffer;
>
> if (*tailp > *headp)
> + /* Flush ops from head pointer to (tail - head) OPs */
> n = *tailp - *headp;
> else if (*tailp < *headp)
> + /* Circ buffer - Rollover.
> + * Flush OPs from head to max size of buffer.
> + * Rest of the OPs will be flushed in next iteration.
> + */
> n = bufp->size - *headp;
> else { /* head == tail case */
> /* when head == tail,
> * circ buff is either full(tail pointer roll over) or empty
> */
> if (bufp->count != 0) {
> - /* circ buffer is full */
> - n = bufp->count;
> + /* Circ buffer - FULL.
> + * Flush OPs from head to max size of buffer.
> + * Rest of the OPS will be flushed in next iteration.
> + */
> + n = bufp->size - *headp;
> } else {
> - /* circ buffer is empty */
> + /* Circ buffer - Empty */
> *nb_ops_flushed = 0;
> - return 0; /* buffer empty */
> + return 0;
> }
> }
>
> --
> 2.6.4
On Wed, Feb 28, 2024 at 10:42 PM Gujjar, Abhinandan S
<abhinandan.gujjar@intel.com> wrote:
>
>
>
> > -----Original Message-----
> > From: Kundapura, Ganapati <ganapati.kundapura@intel.com>
> > Sent: Wednesday, February 28, 2024 4:09 PM
> > To: dev@dpdk.org; jerinj@marvell.com; Jayatheerthan, Jay
> > <jay.jayatheerthan@intel.com>
> > Cc: Naga Harish K, S V <s.v.naga.harish.k@intel.com>; Gujjar, Abhinandan S
> > <abhinandan.gujjar@intel.com>
> > Subject: [PATCH v1] eventdev/crypto: fix enqueueing invalid ops
> >
> > When tail pointer of Circ buffer rollsover as the Circ buffer becomes full, crypto
> > adapter is enqueueing ops beyond the size of the Circ buffer leading to segfault
> > due to invalid ops access.
> >
> > Fixed by enqueueing ops from head pointer to (size-head) number of ops when
> > Circ buffer becomes full and the remaining ops will be flushed in next iteration.
> >
> > Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")
> >
> > Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
> >
> Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Updated the git commit as follows and applied to
dpdk-next-net-eventdev/for-main. Thanks
eventdev/crypto: fix enqueueing invalid ops
When tail pointer of circular buffer rolls over as the circular buffer
becomes full, crypto adapter is enqueueing ops beyond the size of the
circular buffer leading to segfault due to invalid ops access.
Fixed by enqueueing ops from head pointer to (size-head) number of ops
when circular buffer becomes full and the remaining ops will be flushed
in next iteration.
Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")
Cc: stable@dpdk.org
Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
@@ -245,20 +245,28 @@ eca_circular_buffer_flush_to_cdev(struct crypto_ops_circular_buffer *bufp,
struct rte_crypto_op **ops = bufp->op_buffer;
if (*tailp > *headp)
+ /* Flush ops from head pointer to (tail - head) OPs */
n = *tailp - *headp;
else if (*tailp < *headp)
+ /* Circ buffer - Rollover.
+ * Flush OPs from head to max size of buffer.
+ * Rest of the OPs will be flushed in next iteration.
+ */
n = bufp->size - *headp;
else { /* head == tail case */
/* when head == tail,
* circ buff is either full(tail pointer roll over) or empty
*/
if (bufp->count != 0) {
- /* circ buffer is full */
- n = bufp->count;
+ /* Circ buffer - FULL.
+ * Flush OPs from head to max size of buffer.
+ * Rest of the OPS will be flushed in next iteration.
+ */
+ n = bufp->size - *headp;
} else {
- /* circ buffer is empty */
+ /* Circ buffer - Empty */
*nb_ops_flushed = 0;
- return 0; /* buffer empty */
+ return 0;
}
}