RE: [PATCH v1] eventdev/crypto: fix enqueueing invalid ops

Wed, 28 Feb 2024 09:12:29 -0800 


> -----Original Message-----
> From: Kundapura, Ganapati <ganapati.kundap...@intel.com>
> Sent: Wednesday, February 28, 2024 4:09 PM
> To: dev@dpdk.org; jer...@marvell.com; Jayatheerthan, Jay
> <jay.jayatheert...@intel.com>
> Cc: Naga Harish K, S V <s.v.naga.haris...@intel.com>; Gujjar, Abhinandan S
> <abhinandan.guj...@intel.com>
> Subject: [PATCH v1] eventdev/crypto: fix enqueueing invalid ops
> 
> When tail pointer of Circ buffer rollsover as the Circ buffer becomes full, 
> crypto
> adapter is enqueueing ops beyond the size of the Circ buffer leading to 
> segfault
> due to invalid ops access.
> 
> Fixed by enqueueing ops from head pointer to (size-head) number of ops when
> Circ buffer becomes full and the remaining ops will be flushed in next 
> iteration.
> 
> Fixes: 6c3c888656fc ("eventdev/crypto: fix circular buffer full case")
> 
> Signed-off-by: Ganapati Kundapura <ganapati.kundap...@intel.com>
> 
Acked-by: Abhinandan Gujjar <abhinandan.guj...@intel.com>

> diff --git a/lib/eventdev/rte_event_crypto_adapter.c
> b/lib/eventdev/rte_event_crypto_adapter.c
> index d46595d..9903f96 100644
> --- a/lib/eventdev/rte_event_crypto_adapter.c
> +++ b/lib/eventdev/rte_event_crypto_adapter.c
> @@ -245,20 +245,28 @@ eca_circular_buffer_flush_to_cdev(struct
> crypto_ops_circular_buffer *bufp,
>       struct rte_crypto_op **ops = bufp->op_buffer;
> 
>       if (*tailp > *headp)
> +             /* Flush ops from head pointer to (tail - head) OPs */
>               n = *tailp - *headp;
>       else if (*tailp < *headp)
> +             /* Circ buffer - Rollover.
> +              * Flush OPs from head to max size of buffer.
> +              * Rest of the OPs will be flushed in next iteration.
> +              */
>               n = bufp->size - *headp;
>       else { /* head == tail case */
>               /* when head == tail,
>                * circ buff is either full(tail pointer roll over) or empty
>                */
>               if (bufp->count != 0) {
> -                     /* circ buffer is full */
> -                     n = bufp->count;
> +                     /* Circ buffer - FULL.
> +                      * Flush OPs from head to max size of buffer.
> +                      * Rest of the OPS will be flushed in next iteration.
> +                      */
> +                     n = bufp->size - *headp;
>               } else {
> -                     /* circ buffer is empty */
> +                     /* Circ buffer - Empty */
>                       *nb_ops_flushed = 0;
> -                     return 0;  /* buffer empty */
> +                     return 0;
>               }
>       }
> 
> --
> 2.6.4























					Reply via email to