[dpdk-dev] [PATCH] common/cpt: add checks for offset overflow
Anoob Joseph
anoobj at marvell.com
Mon May 10 11:44:00 CEST 2021
Add checks to catch overflow of any offsets. Offset control word
specifies,
1. 16 bits encryption offset
2. 8 bits IV offset
3. 8 bits auth offset
Signed-off-by: Anoob Joseph <anoobj at marvell.com>
---
drivers/common/cpt/cpt_ucode.h | 59 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 59 insertions(+)
diff --git a/drivers/common/cpt/cpt_ucode.h b/drivers/common/cpt/cpt_ucode.h
index 73be980..b8ccbe6 100644
--- a/drivers/common/cpt/cpt_ucode.h
+++ b/drivers/common/cpt/cpt_ucode.h
@@ -954,6 +954,16 @@ cpt_enc_hmac_prep(uint32_t flags,
req->ist.ei2 = (uint64_t)c_vaddr - 8;
}
+ if (unlikely((encr_offset >> 16) ||
+ (iv_offset >> 8) ||
+ (auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ CPT_LOG_DP_ERR("iv_offset : %d", iv_offset);
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
+
/* 16 byte aligned cpt res address */
req->completion_addr = (uint64_t *)((uint8_t *)c_vaddr);
*req->completion_addr = COMPLETION_CODE_INIT;
@@ -1116,6 +1126,16 @@ cpt_dec_hmac_prep(uint32_t flags,
dest[1] = src[1];
}
+ if (unlikely((encr_offset >> 16) ||
+ (iv_offset >> 8) ||
+ (auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ CPT_LOG_DP_ERR("iv_offset : %d", iv_offset);
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
+
*(uint64_t *)offset_vaddr =
rte_cpu_to_be_64(((uint64_t)encr_offset << 16) |
((uint64_t)iv_offset << 8) |
@@ -1144,6 +1164,16 @@ cpt_dec_hmac_prep(uint32_t flags,
dest[1] = src[1];
}
+ if (unlikely((encr_offset >> 16) ||
+ (iv_offset >> 8) ||
+ (auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ CPT_LOG_DP_ERR("iv_offset : %d", iv_offset);
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
+
*(uint64_t *)offset_vaddr =
rte_cpu_to_be_64(((uint64_t)encr_offset << 16) |
((uint64_t)iv_offset << 8) |
@@ -1401,6 +1431,14 @@ cpt_zuc_snow3g_enc_prep(uint32_t req_flags,
offset_ctrl = rte_cpu_to_be_64((uint64_t)encr_offset << 16);
}
+ if (unlikely((encr_offset >> 16) ||
+ (auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
+
/* IV */
iv_s = (flags == 0x1) ? params->auth_iv_buf :
params->iv_buf;
@@ -1809,6 +1847,12 @@ cpt_zuc_snow3g_dec_prep(uint32_t req_flags,
req->ist.ei2 = (uint64_t)c_vaddr - 8;
}
+ if (unlikely((encr_offset >> 16))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ return;
+ }
+
/* 16 byte aligned cpt res address */
req->completion_addr = (uint64_t *)((uint8_t *)c_vaddr);
*req->completion_addr = COMPLETION_CODE_INIT;
@@ -1924,11 +1968,21 @@ cpt_kasumi_enc_prep(uint32_t req_flags,
outputlen = inputlen;
/* iv offset is 0 */
*offset_vaddr = rte_cpu_to_be_64((uint64_t)encr_offset << 16);
+ if (unlikely((encr_offset >> 16))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ return;
+ }
} else {
inputlen = auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8);
outputlen = mac_len;
/* iv offset is 0 */
*offset_vaddr = rte_cpu_to_be_64((uint64_t)auth_offset);
+ if (unlikely((auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
}
i = fill_sg_comp(gather_comp, i, (uint64_t)offset_vaddr,
@@ -2120,6 +2174,11 @@ cpt_kasumi_dec_prep(uint64_t d_offs,
/* Offset control word followed by iv */
*offset_vaddr = rte_cpu_to_be_64((uint64_t)encr_offset << 16);
+ if (unlikely((encr_offset >> 16))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ return;
+ }
i = fill_sg_comp(gather_comp, i, (uint64_t)offset_vaddr,
OFF_CTRL_LEN + iv_len);
--
2.7.4
More information about the dev
mailing list