From 6b048cdfa211de588c2ca77b2040e88b8f45ae6c Mon Sep 17 00:00:00 2001
From: David Coyle <david.coyle@intel.com>
Date: Thu, 16 Jul 2020 16:33:31 +0100
Subject: [PATCH] crypto/qat: check multi-segment buffers for DOCSIS
Multi-segment mbufs are not supported for DOCSIS security protocol.
This patch adds an explicit check for this and returns an op error if
this case is found. This limitation is also added to the QAT cryptodev
documentation.
Fixes: 6f0ef237404b ("crypto/qat: support DOCSIS protocol")
Signed-off-by: David Coyle <david.coyle@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
doc/guides/cryptodevs/qat.rst | 2 ++
drivers/crypto/qat/qat_sym.c | 12 +++++++-----
2 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
index 931a18f9aa..b9f8c37eab 100644
--- a/doc/guides/cryptodevs/qat.rst
+++ b/doc/guides/cryptodevs/qat.rst
@@ -134,6 +134,8 @@ Limitations
protocol.
* ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` is not supported for combined Crypto-CRC
DOCSIS security protocol.
+* Multi-segment buffers are not supported for combined Crypto-CRC DOCSIS
+ security protocol.
Extra notes on KASUMI F9
~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 6d568ab8fa..632313a268 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -284,13 +284,15 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
/* DOCSIS processing */
#ifdef RTE_LIBRTE_SECURITY
if (is_docsis_sec) {
- /* Check for OOP */
- if (unlikely((op->sym->m_dst != NULL) &&
+ /* Check for OOP or multi-segment buffers */
+ if (unlikely(((op->sym->m_dst != NULL) &&
(op->sym->m_dst !=
- op->sym->m_src))) {
+ op->sym->m_src)) ||
+ op->sym->m_src->nb_segs > 1)) {
QAT_DP_LOG(ERR,
- "OOP not supported for DOCSIS "
- "security");
+ "OOP and/or multi-segment "
+ "buffers are not supported for "
+ "DOCSIS security");
op->status =
RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
return -EINVAL;
--
2.39.5