[dpdk-dev] [PATCH v2 1/2] crypto/qat: improve security instance setup

All of lore.kernel.org
 help / color / mirror / Atom feed

From: David Coyle <david.coyle@intel.com>
To: akhil.goyal@nxp.com, declan.doherty@intel.com,
	pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com
Cc: dev@dpdk.org, brendan.ryan@intel.com,
	mairtin.oloingsigh@intel.com, David Coyle <david.coyle@intel.com>
Subject: [dpdk-dev] [PATCH v2 1/2] crypto/qat: improve security instance setup
Date: Mon, 20 Jul 2020 13:16:20 +0100	[thread overview]
Message-ID: <20200720121621.23628-2-david.coyle@intel.com> (raw)
In-Reply-To: <20200720121621.23628-1-david.coyle@intel.com>

This patch makes some improvements to the security instance setup for
the QAT SYM PMD, as follows:
- fix potential memory leak where the security instance was not freed if
  an error occurred later in the device creation
- tidy-up security instance initialization code by moving it all,
  including enabling the RTE_CRYPTODEV_FF_SECURITY feature, into one
  '#ifdef RTE_LIBRTE_SECURITY' block

Fixes: 6f0ef237404b ("crypto/qat: support DOCSIS protocol")

Signed-off-by: David Coyle <david.coyle@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 drivers/crypto/qat/qat_sym_pmd.c | 42 ++++++++++++++++++--------------
 1 file changed, 24 insertions(+), 18 deletions(-)

diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c
index c7e323cce..43870ac04 100644
--- a/drivers/crypto/qat/qat_sym_pmd.c
+++ b/drivers/crypto/qat/qat_sym_pmd.c
@@ -310,7 +310,7 @@ int
 qat_sym_dev_create(struct qat_pci_device *qat_pci_dev,
 		struct qat_dev_cmd_param *qat_dev_cmd_param __rte_unused)
 {
-	int i = 0;
+	int i = 0, ret = 0;
 	struct qat_device_info *qat_dev_instance =
 			&qat_pci_devs[qat_pci_dev->qat_dev_id];
 
@@ -346,10 +346,6 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev,
 		}
 	}
 
-#ifdef RTE_LIBRTE_SECURITY
-	struct rte_security_ctx *security_instance;
-#endif
-
 	snprintf(name, RTE_CRYPTODEV_NAME_MAX_LEN, "%s_%s",
 			qat_pci_dev->name, "sym");
 	QAT_LOG(DEBUG, "Creating QAT SYM device %s", name);
@@ -381,8 +377,7 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev,
 			RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
 			RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT |
 			RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
-			RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED |
-			RTE_CRYPTODEV_FF_SECURITY;
+			RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED;
 
 	if (rte_eal_process_type() != RTE_PROC_PRIMARY)
 		return 0;
@@ -392,19 +387,21 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev,
 			qat_pci_dev->qat_dev_gen);
 
 #ifdef RTE_LIBRTE_SECURITY
+	struct rte_security_ctx *security_instance;
 	security_instance = rte_malloc("qat_sec",
 				sizeof(struct rte_security_ctx),
 				RTE_CACHE_LINE_SIZE);
 	if (security_instance == NULL) {
 		QAT_LOG(ERR, "rte_security_ctx memory alloc failed");
-		rte_cryptodev_pmd_destroy(cryptodev);
-		return -ENOMEM;
+		ret = -ENOMEM;
+		goto error;
 	}
 
 	security_instance->device = (void *)cryptodev;
 	security_instance->ops = &security_qat_ops;
 	security_instance->sess_cnt = 0;
 	cryptodev->security_ctx = security_instance;
+	cryptodev->feature_flags |= RTE_CRYPTODEV_FF_SECURITY;
 #endif
 
 	internals = cryptodev->data->dev_private;
@@ -428,10 +425,8 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev,
 		QAT_LOG(DEBUG,
 			"QAT gen %d capabilities unknown",
 			qat_pci_dev->qat_dev_gen);
-		rte_cryptodev_pmd_destroy(cryptodev);
-		memset(&qat_dev_instance->sym_rte_dev, 0,
-			sizeof(qat_dev_instance->sym_rte_dev));
-		return -(EINVAL);
+		ret = -(EINVAL);
+		goto error;
 	}
 
 	internals->capa_mz = rte_memzone_lookup(capa_memz_name);
@@ -442,12 +437,11 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev,
 	}
 	if (internals->capa_mz == NULL) {
 		QAT_LOG(DEBUG,
-			"Error allocating memzone for capabilities, destroying PMD for %s",
+			"Error allocating memzone for capabilities, destroying "
+			"PMD for %s",
 			name);
-		rte_cryptodev_pmd_destroy(cryptodev);
-		memset(&qat_dev_instance->sym_rte_dev, 0,
-			sizeof(qat_dev_instance->sym_rte_dev));
-		return -EFAULT;
+		ret = -EFAULT;
+		goto error;
 	}
 
 	memcpy(internals->capa_mz->addr, capabilities, capa_size);
@@ -467,6 +461,17 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev,
 			cryptodev->data->name, internals->sym_dev_id);
 
 	return 0;
+
+error:
+#ifdef RTE_LIBRTE_SECURITY
+	rte_free(cryptodev->security_ctx);
+	cryptodev->security_ctx = NULL;
+#endif
+	rte_cryptodev_pmd_destroy(cryptodev);
+	memset(&qat_dev_instance->sym_rte_dev, 0,
+		sizeof(qat_dev_instance->sym_rte_dev));
+
+	return ret;
 }
 
 int
@@ -485,6 +490,7 @@ qat_sym_dev_destroy(struct qat_pci_device *qat_pci_dev)
 	cryptodev = rte_cryptodev_pmd_get_dev(qat_pci_dev->sym_dev->sym_dev_id);
 #ifdef RTE_LIBRTE_SECURITY
 	rte_free(cryptodev->security_ctx);
+	cryptodev->security_ctx = NULL;
 #endif
 	rte_cryptodev_pmd_destroy(cryptodev);
 	qat_pci_devs[qat_pci_dev->qat_dev_id].sym_rte_dev.name = NULL;
-- 
2.17.1

next prev parent reply	other threads:[~2020-07-20 12:41 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-16 15:35 [dpdk-dev] [PATCH v1 0/2] improve security instance setup David Coyle
2020-07-16 15:35 ` [dpdk-dev] [PATCH v1 1/2] crypto/qat: " David Coyle
2020-07-17 18:20   ` Trahe, Fiona
2020-07-18 21:36     ` Akhil Goyal
2020-07-18 21:40       ` Akhil Goyal
2020-07-20 12:39         ` Coyle, David
2020-07-16 15:36 ` [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: " David Coyle
2020-07-17 19:29   ` De Lara Guarch, Pablo
2020-07-20 12:38     ` Coyle, David
2020-07-20 12:16 ` [dpdk-dev] [PATCH v2 0/2] " David Coyle
2020-07-20 12:16   ` David Coyle [this message]
2020-07-20 12:16   ` [dpdk-dev] [PATCH v2 2/2] crypto/aesni-mb: " David Coyle
2020-07-22  7:58     ` De Lara Guarch, Pablo
2020-07-26 19:08   ` [dpdk-dev] [PATCH v2 0/2] " Akhil Goyal

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c7e323cc dfblob:43870ac0 )
 OR (
bs:"[dpdk-dev] [PATCH v2 1/2] crypto/qat: improve security instance setup" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200720121621.23628-2-david.coyle@intel.com \
    --to=david.coyle@intel.com \
    --cc=akhil.goyal@nxp.com \
    --cc=brendan.ryan@intel.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=fiona.trahe@intel.com \
    --cc=mairtin.oloingsigh@intel.com \
    --cc=pablo.de.lara.guarch@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.