Fix incorrect buffer handling in out-of-place crypto operations.

For out-of-place scatter-gather sessions with NULL security, an
unnecessary memcpy() may dereference an invalid destination buffer and
cause a segmentation fault. Remove the redundant copy operation.

Also add the missing buffer copy for out-of-place non-scatter-gather
sessions, where the output data was not copied to the destination
buffer for the following transform combinations:

- NULL cipher with NULL authentication
- NULL cipher with authentication enabled
- Cipher with authentication enabled

These changes ensure correct out-of-place processing across the affected
transform combinations and prevent crashes in scatter-gather cases.

Cc: [email protected]

Signed-off-by: Sana Kamboj <[email protected]>
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c 
b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 4c5b6e70b5..aa3fb4c262 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1824,12 +1824,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
                job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length;
        }
 
-       if (cipher_mode == IMB_CIPHER_NULL && oop) {
-               memcpy(job->dst + job->cipher_start_src_offset_in_bytes,
-                       job->src + job->cipher_start_src_offset_in_bytes,
-                       job->msg_len_to_cipher_in_bytes);
-       }
-
        /* Set user data to be crypto operation data struct */
        job->user_data = op;
 
@@ -1845,6 +1839,22 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
                else
                        return multi_sgl_job(job, op, oop,
                                        m_offset, m_src, m_dst, mb_mgr);
+       } else if (oop) {
+               if (cipher_mode == IMB_CIPHER_NULL) {
+                       memcpy(rte_pktmbuf_mtod(m_dst, uint8_t *),
+                               rte_pktmbuf_mtod(m_src, uint8_t *),
+                               job->msg_len_to_cipher_in_bytes +
+                               job->cipher_start_src_offset_in_bytes);
+               } else if (cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN ||
+                               cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN) {
+                       memcpy(rte_pktmbuf_mtod(m_dst, uint8_t *),
+                               rte_pktmbuf_mtod(m_src, uint8_t *),
+                               job->cipher_start_src_offset_in_bits >> 3);
+               } else {
+                       memcpy(rte_pktmbuf_mtod(m_dst, uint8_t *),
+                               rte_pktmbuf_mtod(m_src, uint8_t *),
+                               job->cipher_start_src_offset_in_bytes);
+               }
        }
 
        return 0;
-- 
2.43.5

Reply via email to