From: Fiona Trahe Date: Wed, 10 Jul 2019 09:53:24 +0000 (+0100) Subject: crypto/qat: fix crashes X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=1a2ff596793b1ed6ae3c0d50251f7b0f5d9e69e7;p=dpdk.git crypto/qat: fix crashes Resolution for seg-faults observed: 1) in buffer re-alignment in-place sgl case 2) case where data end is exactly at end of an sgl segment. Also renamed variable and increased comments for clearer code. Fixes: 40002f6c2a24 ("crypto/qat: extend support for digest-encrypted auth-cipher") Signed-off-by: Fiona Trahe Tested-by: Konstantin Ananyev Acked-by: Damian Nowak --- diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c index 2dc0614928..46ef27a6d2 100644 --- a/drivers/crypto/qat/qat_sym.c +++ b/drivers/crypto/qat/qat_sym.c @@ -156,9 +156,10 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, uint32_t auth_len = 0, auth_ofs = 0; uint32_t min_ofs = 0; uint64_t src_buf_start = 0, dst_buf_start = 0; - uint64_t digest_start = 0; + uint64_t auth_data_end = 0; uint8_t do_sgl = 0; uint8_t in_place = 1; + int alignment_adjustment = 0; struct rte_crypto_op *op = (struct rte_crypto_op *)in_op; struct qat_sym_op_cookie *cookie = (struct qat_sym_op_cookie *)op_cookie; @@ -465,6 +466,10 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, min_ofs); } dst_buf_start = src_buf_start; + + /* remember any adjustment for later, note, can be +/- */ + alignment_adjustment = src_buf_start - + rte_pktmbuf_iova_offset(op->sym->m_src, min_ofs); } if (do_cipher || do_aead) { @@ -494,33 +499,37 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, : (auth_param->auth_off + auth_param->auth_len); if (do_auth && do_cipher) { + /* Handle digest-encrypted cases, i.e. + * auth-gen-then-cipher-encrypt and + * cipher-decrypt-then-auth-verify + */ + /* First find the end of the data */ if (do_sgl) { uint32_t remaining_off = auth_param->auth_off + - auth_param->auth_len; + auth_param->auth_len + alignment_adjustment; struct rte_mbuf *sgl_buf = (in_place ? - op->sym->m_src : op->sym->m_dst); - while (remaining_off >= rte_pktmbuf_data_len( - sgl_buf)) { - remaining_off -= rte_pktmbuf_data_len( - sgl_buf); + op->sym->m_src : op->sym->m_dst); + + while (remaining_off >= rte_pktmbuf_data_len(sgl_buf) + && sgl_buf->next != NULL) { + remaining_off -= rte_pktmbuf_data_len(sgl_buf); sgl_buf = sgl_buf->next; } - digest_start = (uint64_t)rte_pktmbuf_iova_offset( + + auth_data_end = (uint64_t)rte_pktmbuf_iova_offset( sgl_buf, remaining_off); } else { - digest_start = (in_place ? + auth_data_end = (in_place ? src_buf_start : dst_buf_start) + auth_param->auth_off + auth_param->auth_len; } - /* Handle cases of auth-gen-then-cipher and - * cipher-decrypt-then-auth-verify with digest encrypted - */ + /* Then check if digest-encrypted conditions are met */ if ((auth_param->auth_off + auth_param->auth_len < cipher_param->cipher_offset + cipher_param->cipher_length) && (op->sym->auth.digest.phys_addr == - digest_start)) { + auth_data_end)) { /* Handle partial digest encryption */ if (cipher_param->cipher_offset + cipher_param->cipher_length <