Add support for the ESP protocol in non-template RSS expansion.
Signed-off-by: Gregory Etelson
---
drivers/net/mlx5/mlx5_nta_rss.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/mlx5/mlx5_nta_rss.c b/drivers/net/mlx5/mlx5_nta_rss.c
index 602df301ac..8f005
I have revised these sections to suit the template, but also,
for punctuation, clarity, and removing repetition when necessary.
Signed-off-by: Nandini Persad
---
doc/guides/sample_app_ug/dist_app.rst | 24 +--
.../sample_app_ug/eventdev_pipeline.rst | 20 +--
doc/guides/sample_ap
Switching to unit test table makes it easier to add new tests.
Signed-off-by: Stephen Hemminger
---
app/test/test_string_fns.c | 18 +++---
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/app/test/test_string_fns.c b/app/test/test_string_fns.c
index 3b311325dc..ce07c17
Since tmp is not used later in the function, this memset
is unnecessary. Even though this is harmless,
it causes tools that look for security issues
around memset to flag this a bug.
Signed-off-by: Stephen Hemminger
Acked-by: Bruce Richardson
---
app/test/test_cmdline_cirbuf.c | 2 --
1 file ch
Need to check the result of malloc() before calling memset.
This is only place in this driver that forgot, other code
does check.
Fixes: 0d9bca480e26 ("net/ntnic: add FPGA modules for initialization")
cc: sta...@dpdk.org
Signed-off-by: Stephen Hemminger
---
drivers/net/ntnic/nthw/nthw_rac.c | 4
Calling memset before free() has no effect and will be flagged
by security parsing tools as a potential bug. None of these data
structures have sensitive information.
Signed-off-by: Stephen Hemminger
---
drivers/net/ntnic/nthw/core/nthw_hif.c| 5 +
drivers/net/ntnic/nthw/core
Script that converts memset before free into rte_memset_sensitive
and memset before rte_free into rte_free_sensitive
Signed-off-by: Stephen Hemminger
---
devtools/cocci/memset_free.cocci | 9 +
1 file changed, 9 insertions(+)
create mode 100644 devtools/cocci/memset_free.cocci
diff --g
Calling memset before rte_free not necessary, and could be
removed by the compiler. In this case, the data is not security
sensitive so the memset can be removed. Some security scanning
tools will flag this.
Signed-off-by: Stephen Hemminger
Acked-by: Bruce Richardson
---
drivers/compress/octeon
Doing memset before free maybe removed by compiler, and
is flagged by security scanning tools as potential problem.
In this case the memset is unnecessary.
Signed-off-by: Stephen Hemminger
Acked-by: Chengwen Feng
---
drivers/bus/uacce/uacce.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/d
Regular memset maybe removed by compiler if done before a free
function. Use new rte_free_sensitive instead.
Signed-off-by: Stephen Hemminger
Acked-by: Bruce Richardson
---
drivers/crypto/qat/qat_asym.c| 5 +
drivers/crypto/qat/qat_sym_session.c | 8
2 files changed, 5 inse
A couple places in this code were generating warnings from
PVS studio about memset potentially being ignored. This is because
the ipv6_buf was declared but never used.
Signed-off-by: Stephen Hemminger
---
drivers/common/cnxk/roc_npc_utils.c | 4
1 file changed, 4 deletions(-)
diff --git a/
The memset was always doing 0 bytes since size computed later.
Link: https://pvs-studio.com/en/blog/posts/cpp/1179/
Fixes: 3a80d7fb2ecd ("crypto/qat: support SHA3 plain hash")
Cc: sta...@dpdk.org
Signed-off-by: Stephen Hemminger
Acked-by: Bruce Richardson
---
drivers/crypto/qat/qat_sym_sessio
Just doing memset() on keys is not enough, compiler can optimize
it away. Use new rte_memzero_explicit() and rte_free_sensitive().
Signed-off-by: Stephen Hemminger
Acked-by: Bruce Richardson
---
drivers/crypto/qat/qat_sym_session.c | 33 ++--
1 file changed, 17 insertion
Similar to test for rte_memset_explicit, use a worker thread
to free and then check the result.
Signed-off-by: Stephen Hemminger
---
app/test/test_malloc.c | 52 ++
1 file changed, 52 insertions(+)
diff --git a/app/test/test_malloc.c b/app/test/test_mallo
The buffer tmp is set but never used. This leads to warning
since the memset could be eliminated by the compiler.
Signed-off-by: Stephen Hemminger
---
app/test/test_cmdline_cirbuf.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/app/test/test_cmdline_cirbuf.c b/app/test/test_cmdline_cirbuf
There are several malloc tests and switching to the table
driven unit test runner improves readability and makes adding
new tests easier.
Signed-off-by: Stephen Hemminger
---
app/test/test_malloc.c | 166 +
1 file changed, 70 insertions(+), 96 deletions(-)
Add a new test for rte_memzero_explicit.
Test strategy is based of glibc bzero_explicit test which
is based off a test in the OpenBSD regression test suite.
Signed-off-by: Stephen Hemminger
---
app/test/test_string_fns.c | 56 ++
1 file changed, 56 insertions(
Although internally rte_free does poison the buffer in most
cases, it is useful to have function that explicitly does
this to avoid any security issues.
Name of new API is chosen to be similar to Linux kernel
kfree_sensitive() to make porting drivers easier.
Signed-off-by: Stephen Hemminger
Acke
When memset() is used before a release function such as free,
the compiler if allowed to optimize the memset away under
the as-if rules. This is normally ok, but in certain cases such
as passwords or security keys it is problematic.
Introduce a DPDK wrapper which uses the bzero_explicit function
o
This series handles memset related bugs identified by PVS Studio.
This tool will correctly flag places where memset could be deleted.
See: https://pvs-studio.com/en/docs/warnings/v597/
Compilers are free to optimize away memset called before free.
This is handled in other libraries and OS's by the
On Sun, 16 Feb 2025 17:08:33 +0100
Ariel Otilibili wrote:
> rte_pcapng_close() might dereference a null pointer; as example,
> PVS-Studio gives its usage in test_pcapng.c: indeed, that call to
> rte_pcapng_close() might receive a null pointer.
>
> Link: https://pvs-studio.com/en/docs/warnings/v5
Hello,
This patch fixes a null dereference warning; it was found by static analysis,
courtesy of Stephen Hemminger.
Thank you,
Ariel Otilibili (1):
pcapng: fix null dereference in rte_pcapng_close
.mailmap| 2 +-
lib/pcapng/rte_pcapng.c | 3 +++
2 files changed, 4 insertions
rte_pcapng_close() might dereference a null pointer; as example,
PVS-Studio gives its usage in test_pcapng.c: indeed, that call to
rte_pcapng_close() might receive a null pointer.
Link: https://pvs-studio.com/en/docs/warnings/v522/
Link:
https://github.com/DPDK/dpdk/blob/e5176f23ae8b31437c3e5eb87
Return correct error status when incorrect signature is
used in RSA verify op.
Fixes: d7bd42f6db19 ("crypto/openssl: update RSA routine with 3.0 EVP API")
Cc: sta...@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan
---
drivers/crypto/openssl/rte_openssl_pmd.c | 3 +++
1 file changed, 3 insert
Return error code in an asymmetric operation status
when none of the known conditions met.
Fixes: d29c4e0a4bea ("crypto/cnxk: fix ECDH public key verification")
Signed-off-by: Gowrishankar Muthukrishnan
---
drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 2 ++
1 file changed, 2 insertions(+)
diff -
Flow actions parameters in indirect actions list are created as
read-only and shared between all flows that reference that indirect
list.
If a flow rule needs to apply rule specific actions list parameters it
does it with the indirect actions list conf parameter.
The patch allows flow rule to set
From: Erez Shitrit
Rule is set according to its specific domain.
Signed-off-by: Erez Shitrit
Signed-off-by: Hamdan Igbaria
Acked-by: Matan Azrad
---
drivers/net/mlx5/hws/mlx5dr_rule.c | 23 ++-
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/drivers/net/mlx
From: Erez Shitrit
Context creates its pools according to the table type.
Signed-off-by: Erez Shitrit
Signed-off-by: Hamdan Igbaria
Acked-by: Matan Azrad
---
drivers/net/mlx5/hws/mlx5dr_context.c | 21 -
drivers/net/mlx5/hws/mlx5dr_context.h | 3 +++
2 files changed, 23
From: Erez Shitrit
Till now the FDB processing domain is split into two mutually
exclusive sub domains FDB_RX and FDB_TX.
Packets originating from the Uplink(s) are processed in the FDB_RX
sub domain, while packets originating from all other Vports are
processed in the FDB_TX sub domain.
Now add
From: Erez Shitrit
Actions are depended on the sub-domain that will be used.
So handle the actions accordingly.
>From now on we don't fix-up for actions that doesn't fit the right
domain, we will let it be failed by the FW while creating the STC for
it.
Signed-off-by: Erez Shitrit
Signed-off-by
From: Erez Shitrit
In order to have the details of the new specific domains.
Signed-off-by: Erez Shitrit
Signed-off-by: Hamdan Igbaria
Acked-by: Matan Azrad
---
drivers/net/mlx5/hws/mlx5dr_debug.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/mlx5/hws/ml
From: Erez Shitrit
Matcher for one of the new FDB sub-domains contains specific
details according to the type of that sub-domain.
Signed-off-by: Erez Shitrit
Signed-off-by: Hamdan Igbaria
Acked-by: Matan Azrad
---
drivers/net/mlx5/hws/mlx5dr_matcher.c | 39 ---
driver
From: Erez Shitrit
Take care of table creation from one of the new types that now exposed
to the user (FDB_RX, FDB_TX and FDB_UNIFIED)
Signed-off-by: Erez Shitrit
Signed-off-by: Hamdan Igbaria
Acked-by: Matan Azrad
---
drivers/net/mlx5/hws/mlx5dr_action.c | 6 ++---
drivers/net/mlx5/hws/mlx
From: Erez Shitrit
Type MLX5DR_TABLE_TYPE_FDB handles two types of rules and matching one
for FDB_RX and one for FDB_TX, now we separate FDB type to 3 sub
domains, RX / TX and UNIFIED.
The RX and TX as before, the new one UNIFIED will use for rules /
actions that are common to both RX and TX.
Si
Acked-by: Morten Brørup
35 matches
Mail list logo
