[dpdk-dev] [PATCH] security: fix crash at accessing non-implemented ops

Akhil Goyal akhil.goyal at nxp.com
Thu Apr 23 14:55:27 CEST 2020


Hi Anoob/Konstantin,
> >
> > Check that ops->get_userdata is a valid function pointer will be compiled out.
> > So PMDs that don't implement this function will crash in
> > rte_security_get_userdata().
> > In our particular case - ixgbe.
> > Same story with  rte_security_set_pkt_metadata() - see the patch.
> 
> [Anoob] But ixgbe doesn't implement inline protocol which is the primary
> consumer of this API (rte_security_get_userdata()). So what is the trouble?
> 
> Also, application is expected to call rte_security_set_pkt_metadata() only on
> devices with offload flag RTE_SECURITY_TX_OLOAD_NEED_MDATA. If a PMD
> states it needs MDATA but fails to register a function pointer for doing the same,
> it is a control path problem. Checking for that in the datapath is an overkill.
> 
Whatever your concern is, we can resolve it later, but for now we should have the same
Unconditional checks that were there earlier. We need to make RC1 today/tomorrow.
And this cannot go as an issue.

These are optional APIs and every PMD may not have supported that.

Konstantin,
Please send an update to your patch reverting the original patch for these 2 functions.
Currently it is adding 2 extra checks.

Regards,
Akhil



More information about the dev mailing list