[PATCH 1/2] crypto/nitrox: fix panic with higher mbuf segments

Thu, 17 Aug 2023 04:46:19 -0700 

When the number of segments in source or destination mbuf is higher than
max supported then the application was panicked during the creation of
sglist when RTE_VERIFY was called. Validate the number of mbuf segments
and return an error instead of panicking.

Fixes: 678f3eca1dfd ("crypto/nitrox: support cipher-only operations")
Fixes: 9282bdee5cdf ("crypto/nitrox: add cipher auth chain processing")
Cc: sta...@dpdk.org

Signed-off-by: Nagadheeraj Rottela <rnagadhee...@marvell.com>
---
 drivers/crypto/nitrox/nitrox_sym_reqmgr.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c 
b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
index 9edb0cc00f..d7e8ff7db4 100644
--- a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
+++ b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
@@ -10,8 +10,11 @@
 #include "nitrox_sym_reqmgr.h"
 #include "nitrox_logs.h"
 
-#define MAX_SGBUF_CNT 16
-#define MAX_SGCOMP_CNT 5
+#define MAX_SUPPORTED_MBUF_SEGS 16
+/* IV + AAD + ORH + CC + DIGEST */
+#define ADDITIONAL_SGBUF_CNT 5
+#define MAX_SGBUF_CNT (MAX_SUPPORTED_MBUF_SEGS + ADDITIONAL_SGBUF_CNT)
+#define MAX_SGCOMP_CNT (RTE_ALIGN_MUL_CEIL(MAX_SGBUF_CNT, 4) / 4)
 /* SLC_STORE_INFO */
 #define MIN_UDD_LEN 16
 /* PKT_IN_HDR + SLC_STORE_INFO */
@@ -303,7 +306,7 @@ create_sglist_from_mbuf(struct nitrox_sgtable *sgtbl, 
struct rte_mbuf *mbuf,
                datalen -= mlen;
        }
 
-       RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+       RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
        sgtbl->map_bufs_cnt = cnt;
        return 0;
 }
@@ -375,7 +378,7 @@ create_cipher_outbuf(struct nitrox_softreq *sr)
        sr->out.sglist[cnt].virt = &sr->resp.completion;
        cnt++;
 
-       RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+       RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
        sr->out.map_bufs_cnt = cnt;
 
        create_sgcomp(&sr->out);
@@ -600,7 +603,7 @@ create_aead_outbuf(struct nitrox_softreq *sr, struct 
nitrox_sglist *digest)
                                                     resp.completion);
        sr->out.sglist[cnt].virt = &sr->resp.completion;
        cnt++;
-       RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+       RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
        sr->out.map_bufs_cnt = cnt;
 
        create_sgcomp(&sr->out);
@@ -774,6 +777,14 @@ nitrox_process_se_req(uint16_t qno, struct rte_crypto_op 
*op,
 {
        int err;
 
+       if (unlikely(op->sym->m_src->nb_segs > MAX_SUPPORTED_MBUF_SEGS ||
+                    (op->sym->m_dst &&
+                     op->sym->m_dst->nb_segs > MAX_SUPPORTED_MBUF_SEGS))) {
+               NITROX_LOG(ERR, "Mbuf segments not supported. "
+                          "Max supported %d\n", MAX_SUPPORTED_MBUF_SEGS);
+               return -ENOTSUP;
+       }
+
        softreq_init(sr, sr->iova);
        sr->ctx = ctx;
        sr->op = op;
-- 
2.13.6

Reply via email to