Skip to content

Commit ec05d61

Browse files
ktejasree123Akhil Goyal
ktejasree123
authored and
Akhil Goyal
committed
examples/ipsec-secgw: fix dequeue count from cryptodev
Setting dequeue packet count to max of MAX_PKT_BURST size instead of MAX_PKTS. Dequeue from cryptodev is called with MAX_PKTS but routing functions allocate hop/dst_ip arrays of size MAX_PKT_BURST. This can corrupt stack causing stack smashing error when more than MAX_PKT_BURST packets are returned from cryptodev. Fixes: a2b445b ("examples/ipsec-secgw: allow larger burst size for vectors") Cc: [email protected] Signed-off-by: Tejasree Kondoj <[email protected]> Acked-by: Akhil Goyal <[email protected]>
1 parent 7327a65 commit ec05d61

File tree

2 files changed

+6
-3
lines changed

2 files changed

+6
-3
lines changed

examples/ipsec-secgw/ipsec-secgw.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -626,12 +626,13 @@ drain_inbound_crypto_queues(const struct lcore_conf *qconf,
626626
uint32_t n;
627627
struct ipsec_traffic trf;
628628
unsigned int lcoreid = rte_lcore_id();
629+
const int nb_pkts = RTE_DIM(trf.ipsec.pkts);
629630

630631
if (app_sa_prm.enable == 0) {
631632

632633
/* dequeue packets from crypto-queue */
633634
n = ipsec_inbound_cqp_dequeue(ctx, trf.ipsec.pkts,
634-
RTE_DIM(trf.ipsec.pkts));
635+
RTE_MIN(MAX_PKT_BURST, nb_pkts));
635636

636637
trf.ip4.num = 0;
637638
trf.ip6.num = 0;
@@ -663,12 +664,13 @@ drain_outbound_crypto_queues(const struct lcore_conf *qconf,
663664
{
664665
uint32_t n;
665666
struct ipsec_traffic trf;
667+
const int nb_pkts = RTE_DIM(trf.ipsec.pkts);
666668

667669
if (app_sa_prm.enable == 0) {
668670

669671
/* dequeue packets from crypto-queue */
670672
n = ipsec_outbound_cqp_dequeue(ctx, trf.ipsec.pkts,
671-
RTE_DIM(trf.ipsec.pkts));
673+
RTE_MIN(MAX_PKT_BURST, nb_pkts));
672674

673675
trf.ip4.num = 0;
674676
trf.ip6.num = 0;

examples/ipsec-secgw/ipsec_process.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -336,6 +336,7 @@ ipsec_cqp_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf)
336336
struct rte_ipsec_session *ss;
337337
struct traffic_type *out;
338338
struct rte_ipsec_group *pg;
339+
const int nb_cops = RTE_DIM(trf->ipsec.pkts);
339340
struct rte_crypto_op *cop[RTE_DIM(trf->ipsec.pkts)];
340341
struct rte_ipsec_group grp[RTE_DIM(trf->ipsec.pkts)];
341342

@@ -345,7 +346,7 @@ ipsec_cqp_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf)
345346
out = &trf->ipsec;
346347

347348
/* dequeue completed crypto-ops */
348-
n = ctx_dequeue(ctx, cop, RTE_DIM(cop));
349+
n = ctx_dequeue(ctx, cop, RTE_MIN(MAX_PKT_BURST, nb_cops));
349350
if (n == 0)
350351
return;
351352

0 commit comments

Comments
 (0)