[dpdk-dev] [PATCH] security: fix crash at accessing non-implemented ops

Ananyev, Konstantin konstantin.ananyev at intel.com
Thu Apr 23 15:47:29 CEST 2020

Previous message: [dpdk-dev] [PATCH] security: fix crash at accessing non-implemented ops
Next message: [dpdk-dev] [PATCH] security: fix crash at accessing non-implemented ops
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Akhil,

> 
> Hi Anoob/Konstantin,
> > >
> > > Check that ops->get_userdata is a valid function pointer will be compiled out.
> > > So PMDs that don't implement this function will crash in
> > > rte_security_get_userdata().
> > > In our particular case - ixgbe.
> > > Same story with  rte_security_set_pkt_metadata() - see the patch.
> >
> > [Anoob] But ixgbe doesn't implement inline protocol which is the primary
> > consumer of this API (rte_security_get_userdata()). So what is the trouble?
> >
> > Also, application is expected to call rte_security_set_pkt_metadata() only on
> > devices with offload flag RTE_SECURITY_TX_OLOAD_NEED_MDATA. If a PMD
> > states it needs MDATA but fails to register a function pointer for doing the same,
> > it is a control path problem. Checking for that in the datapath is an overkill.
> >
> Whatever your concern is, we can resolve it later, but for now we should have the same
> Unconditional checks that were there earlier. We need to make RC1 today/tomorrow.
> And this cannot go as an issue.
> 
> These are optional APIs and every PMD may not have supported that.
> 
> Konstantin,
> Please send an update to your patch reverting the original patch for these 2 functions.
> Currently it is adding 2 extra checks.
> 

I am afraid we can't do just that.
As in that case /app/test/test_security.c build wih -DRE_DEBUG will start crashing.

I think we have 3 alternative how to fix it:

1. Keep all these 3 checks for debug and non-debug mode (that what my current patch does).
2. Have both: existed 1 check in non-debug mode, plus new checks in debug mode, i.e.:
rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
 {
 	void *userdata = NULL;
 
+#ifdef RTE_DEBUG
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, get_userdata, NULL, NULL);
+#else
	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
+#endif

 ....

3. Keep only 1 existed check in non-debug mode and remove cases in app/test/test_security.c
that would crash with -DRTE_DEBUG.	

My preference is 1), I don't think these 2 extra checks will affect performance greatly.
Also with 1) we can make these new test-case to be executed for non-debug mode too.
2) is probably also ok - but I think RTE_DEBUG concept should be a separate patch series,
and I don't want to mix things.
What is your opinion here?

Konstantin

Previous message: [dpdk-dev] [PATCH] security: fix crash at accessing non-implemented ops
Next message: [dpdk-dev] [PATCH] security: fix crash at accessing non-implemented ops
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list