Hi Abhinandan,
> Currently, private_data_offset for the sessionless is computed
> wrongly which includes extra bytes added because of using
> sizeof(struct rte_crypto_sym_xform) * 2) instead of
> (sizeof(union rte_event_crypto_metadata)). Due to this buffer
> overflow, the corruption was leading to test application
> crash while freeing the ops mempool.
>
> Fixes: 3c2c535ecfc0 ("test: add event crypto adapter auto-test")
> Reported-by: ciara.po...@intel.com
>
> Signed-off-by: Abhinandan Gujjar <abhinandan.guj...@intel.com>
> ---
> app/test/test_event_crypto_adapter.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/app/test/test_event_crypto_adapter.c
> b/app/test/test_event_crypto_adapter.c
> index f689bc1f2..688ac0b2f 100644
> --- a/app/test/test_event_crypto_adapter.c
> +++ b/app/test/test_event_crypto_adapter.c
> @@ -229,7 +229,7 @@ test_op_forward_mode(uint8_t session_less)
> first_xform = &cipher_xform;
> sym_op->xform = first_xform;
> uint32_t len = IV_OFFSET + MAXIMUM_IV_LENGTH +
> - (sizeof(struct rte_crypto_sym_xform) * 2);
> + (sizeof(union rte_event_crypto_metadata));
> op->private_data_offset = len;
I do not understand the need for this patch.
Event metadata is copied after private data offset,
and this patch is changing the offset value.
You changed the value of len = iv_off + max_iv_len + metadata_size,
but metadata is copied after this 'len'. See this
rte_memcpy((uint8_t *)op + len, &m_data, sizeof(m_data));
I do not agree with this patch, am I missing something?
> /* Fill in private data information */
> rte_memcpy(&m_data.response_info, &response_info,
> @@ -424,7 +424,7 @@ test_op_new_mode(uint8_t session_less)
> first_xform = &cipher_xform;
> sym_op->xform = first_xform;
> uint32_t len = IV_OFFSET + MAXIMUM_IV_LENGTH +
> - (sizeof(struct rte_crypto_sym_xform) * 2);
> + (sizeof(union rte_event_crypto_metadata));
> op->private_data_offset = len;
> /* Fill in private data information */
> rte_memcpy(&m_data.response_info, &response_info,
> --
> 2.25.1
