If the packet size to be incremented after IPsec processing is less
than size of hdr (size incremented before submitting), then extend_tail
can become negative. Allow negative values for the variable.
Fixes: 67a87e89561c ("crypto/cnxk: add cn9k lookaside IPsec datapath")
Cc: march...@marvell.com
Signed-off-by: Anoob Joseph <ano...@marvell.com>
---
drivers/crypto/cnxk/cn9k_ipsec_la_ops.h | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
index 2dc8913..2b0261e 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
@@ -77,9 +77,10 @@ process_outb_sa(struct rte_crypto_op *cop, struct
cn9k_ipsec_sa *sa,
const unsigned int hdr_len = sizeof(struct roc_ie_on_outb_hdr);
struct rte_crypto_sym_op *sym_op = cop->sym;
struct rte_mbuf *m_src = sym_op->m_src;
- uint32_t dlen, rlen, extend_tail;
struct roc_ie_on_outb_sa *out_sa;
struct roc_ie_on_outb_hdr *hdr;
+ uint32_t dlen, rlen;
+ int32_t extend_tail;
out_sa = &sa->out_sa;
@@ -88,7 +89,8 @@ process_outb_sa(struct rte_crypto_op *cop, struct
cn9k_ipsec_sa *sa,
extend_tail = rlen - dlen;
if (unlikely(extend_tail > rte_pktmbuf_tailroom(m_src))) {
- plt_dp_err("Not enough tail room");
+ plt_dp_err("Not enough tail room (required: %d, available: %d",
+ extend_tail, rte_pktmbuf_tailroom(m_src));
return -ENOMEM;
}
--
2.7.4
