Multi-segment mbufs are not supported for DOCSIS security protocol. This patch adds an explicit check for this and returns an op error if this case is found. This limitation is also added to the QAT cryptodev documentation.
Fixes: 6f0ef237404b ("crypto/qat: support DOCSIS protocol") Signed-off-by: David Coyle <david.co...@intel.com> --- doc/guides/cryptodevs/qat.rst | 2 ++ drivers/crypto/qat/qat_sym.c | 12 +++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst index 931a18f9a..b9f8c37ea 100644 --- a/doc/guides/cryptodevs/qat.rst +++ b/doc/guides/cryptodevs/qat.rst @@ -134,6 +134,8 @@ Limitations protocol. * ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` is not supported for combined Crypto-CRC DOCSIS security protocol. +* Multi-segment buffers are not supported for combined Crypto-CRC DOCSIS + security protocol. Extra notes on KASUMI F9 ~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c index 6d568ab8f..632313a26 100644 --- a/drivers/crypto/qat/qat_sym.c +++ b/drivers/crypto/qat/qat_sym.c @@ -284,13 +284,15 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, /* DOCSIS processing */ #ifdef RTE_LIBRTE_SECURITY if (is_docsis_sec) { - /* Check for OOP */ - if (unlikely((op->sym->m_dst != NULL) && + /* Check for OOP or multi-segment buffers */ + if (unlikely(((op->sym->m_dst != NULL) && (op->sym->m_dst != - op->sym->m_src))) { + op->sym->m_src)) || + op->sym->m_src->nb_segs > 1)) { QAT_DP_LOG(ERR, - "OOP not supported for DOCSIS " - "security"); + "OOP and/or multi-segment " + "buffers are not supported for " + "DOCSIS security"); op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; return -EINVAL; -- 2.17.1