Fix incorrect buffer handling in out-of-place crypto operations. For out-of-place scatter-gather sessions with NULL security, an unnecessary memcpy() may dereference an invalid destination buffer and cause a segmentation fault. Remove the redundant copy operation.
Also add the missing buffer copy for out-of-place non-scatter-gather sessions, where the output data was not copied to the destination buffer for the following transform combinations: - NULL cipher with NULL authentication - NULL cipher with authentication enabled - Cipher with authentication enabled These changes ensure correct out-of-place processing across the affected transform combinations and prevent crashes in scatter-gather cases. Cc: [email protected] Signed-off-by: Sana Kamboj <[email protected]> --- drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c index 4c5b6e70b5..aa3fb4c262 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c @@ -1824,12 +1824,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length; } - if (cipher_mode == IMB_CIPHER_NULL && oop) { - memcpy(job->dst + job->cipher_start_src_offset_in_bytes, - job->src + job->cipher_start_src_offset_in_bytes, - job->msg_len_to_cipher_in_bytes); - } - /* Set user data to be crypto operation data struct */ job->user_data = op; @@ -1845,6 +1839,22 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, else return multi_sgl_job(job, op, oop, m_offset, m_src, m_dst, mb_mgr); + } else if (oop) { + if (cipher_mode == IMB_CIPHER_NULL) { + memcpy(rte_pktmbuf_mtod(m_dst, uint8_t *), + rte_pktmbuf_mtod(m_src, uint8_t *), + job->msg_len_to_cipher_in_bytes + + job->cipher_start_src_offset_in_bytes); + } else if (cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN || + cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN) { + memcpy(rte_pktmbuf_mtod(m_dst, uint8_t *), + rte_pktmbuf_mtod(m_src, uint8_t *), + job->cipher_start_src_offset_in_bits >> 3); + } else { + memcpy(rte_pktmbuf_mtod(m_dst, uint8_t *), + rte_pktmbuf_mtod(m_src, uint8_t *), + job->cipher_start_src_offset_in_bytes); + } } return 0; -- 2.43.5

