patch 'examples/ipsec-secgw: fix dequeue count from cryptodev' has been queued to stable release 23.11.3

Xueming Li xuemingl at nvidia.com
Mon Nov 11 07:26:58 CET 2024

Previous message (by thread): patch 'crypto/scheduler: fix session size computation' has been queued to stable release 23.11.3
Next message (by thread): patch 'bpf: fix free function mismatch if convert fails' has been queued to stable release 23.11.3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 23.11.3

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/30/24. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://git.dpdk.org/dpdk-stable/log/?h=23.11-staging

This queued commit can be viewed at:
https://git.dpdk.org/dpdk-stable/commit/?h=23.11-staging&id=e3875312dbf74eeec02d8460ae4dd2f35bc2b464

Thanks.

Xueming Li <xuemingl at nvidia.com>

---
>From e3875312dbf74eeec02d8460ae4dd2f35bc2b464 Mon Sep 17 00:00:00 2001
From: Tejasree Kondoj <ktejasree at marvell.com>
Date: Fri, 13 Sep 2024 12:37:26 +0530
Subject: [PATCH] examples/ipsec-secgw: fix dequeue count from cryptodev
Cc: Xueming Li <xuemingl at nvidia.com>

[ upstream commit 88948ff31f57618a74c8985c59e332676995b438 ]

Setting dequeue packet count to max of MAX_PKT_BURST
size instead of MAX_PKTS.

Dequeue from cryptodev is called with MAX_PKTS but
routing functions allocate hop/dst_ip arrays of
size MAX_PKT_BURST. This can corrupt stack causing
stack smashing error when more than MAX_PKT_BURST
packets are returned from cryptodev.

Fixes: a2b445b810ac ("examples/ipsec-secgw: allow larger burst size for vectors")

Signed-off-by: Tejasree Kondoj <ktejasree at marvell.com>
Acked-by: Akhil Goyal <gakhil at marvell.com>
---
 examples/ipsec-secgw/ipsec-secgw.c   | 6 ++++--
 examples/ipsec-secgw/ipsec_process.c | 3 ++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 761b9cf396..5e77d9d2ce 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -626,12 +626,13 @@ drain_inbound_crypto_queues(const struct lcore_conf *qconf,
 	uint32_t n;
 	struct ipsec_traffic trf;
 	unsigned int lcoreid = rte_lcore_id();
+	const int nb_pkts = RTE_DIM(trf.ipsec.pkts);

 	if (app_sa_prm.enable == 0) {

 		/* dequeue packets from crypto-queue */
 		n = ipsec_inbound_cqp_dequeue(ctx, trf.ipsec.pkts,
-			RTE_DIM(trf.ipsec.pkts));
+			RTE_MIN(MAX_PKT_BURST, nb_pkts));

 		trf.ip4.num = 0;
 		trf.ip6.num = 0;
@@ -663,12 +664,13 @@ drain_outbound_crypto_queues(const struct lcore_conf *qconf,
 {
 	uint32_t n;
 	struct ipsec_traffic trf;
+	const int nb_pkts = RTE_DIM(trf.ipsec.pkts);

 	if (app_sa_prm.enable == 0) {

 		/* dequeue packets from crypto-queue */
 		n = ipsec_outbound_cqp_dequeue(ctx, trf.ipsec.pkts,
-			RTE_DIM(trf.ipsec.pkts));
+			RTE_MIN(MAX_PKT_BURST, nb_pkts));

 		trf.ip4.num = 0;
 		trf.ip6.num = 0;
diff --git a/examples/ipsec-secgw/ipsec_process.c b/examples/ipsec-secgw/ipsec_process.c
index b0cece3ad1..1a64a4b49f 100644
--- a/examples/ipsec-secgw/ipsec_process.c
+++ b/examples/ipsec-secgw/ipsec_process.c
@@ -336,6 +336,7 @@ ipsec_cqp_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf)
 	struct rte_ipsec_session *ss;
 	struct traffic_type *out;
 	struct rte_ipsec_group *pg;
+	const int nb_cops = RTE_DIM(trf->ipsec.pkts);
 	struct rte_crypto_op *cop[RTE_DIM(trf->ipsec.pkts)];
 	struct rte_ipsec_group grp[RTE_DIM(trf->ipsec.pkts)];

@@ -345,7 +346,7 @@ ipsec_cqp_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf)
 	out = &trf->ipsec;

 	/* dequeue completed crypto-ops */
-	n = ctx_dequeue(ctx, cop, RTE_DIM(cop));
+	n = ctx_dequeue(ctx, cop, RTE_MIN(MAX_PKT_BURST, nb_cops));
 	if (n == 0)
 		return;

--
2.34.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2024-11-11 14:23:06.037734621 +0800
+++ 0012-examples-ipsec-secgw-fix-dequeue-count-from-cryptode.patch	2024-11-11 14:23:05.032192841 +0800
@@ -1 +1 @@
-From 88948ff31f57618a74c8985c59e332676995b438 Mon Sep 17 00:00:00 2001
+From e3875312dbf74eeec02d8460ae4dd2f35bc2b464 Mon Sep 17 00:00:00 2001
@@ -4,0 +5,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit 88948ff31f57618a74c8985c59e332676995b438 ]
@@ -16 +18,0 @@
-Cc: stable at dpdk.org
@@ -26 +28 @@
-index e98ad2572e..063cc8768e 100644
+index 761b9cf396..5e77d9d2ce 100644
@@ -60 +62 @@
-index ddbe30745b..5080e810e0 100644
+index b0cece3ad1..1a64a4b49f 100644

Previous message (by thread): patch 'crypto/scheduler: fix session size computation' has been queued to stable release 23.11.3
Next message (by thread): patch 'bpf: fix free function mismatch if convert fails' has been queued to stable release 23.11.3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list