summaryrefslogtreecommitdiffstats
path: root/src/plugins/ikev2
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2020-09-30 18:35:27 +0200
committerDamjan Marion <dmarion@me.com>2020-10-02 10:34:35 +0000
commit1f6a6b8b2b4efd4d6735ffd6fa683a0190f232e2 (patch)
tree90d3f439d9c75fcb171103ef82918b5ad246653e /src/plugins/ikev2
parent2b92c705791a8186e20b00bbb1c8fc6fd1eddff8 (diff)
ikev2: fix cli memory leak
Type: fix Change-Id: Ibdd83fa336427ec0c66224ecebb1b6bd36d1d1ba Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src/plugins/ikev2')
-rw-r--r--src/plugins/ikev2/ikev2_cli.c70
1 files changed, 40 insertions, 30 deletions
diff --git a/src/plugins/ikev2/ikev2_cli.c b/src/plugins/ikev2/ikev2_cli.c
index 84bf84fe047..727e3473627 100644
--- a/src/plugins/ikev2/ikev2_cli.c
+++ b/src/plugins/ikev2/ikev2_cli.c
@@ -249,6 +249,23 @@ VLIB_CLI_COMMAND (show_ikev2_sa_command, static) = {
};
/* *INDENT-ON* */
+static uword
+unformat_ikev2_token (unformat_input_t * input, va_list * va)
+{
+ u8 **string_return = va_arg (*va, u8 **);
+ const char *token_chars = "a-zA-Z0-9_";
+ if (*string_return)
+ {
+ /* if string_return was already allocated (eg. because of a previous
+ * partial match with a successful unformat_token()), we must free it
+ * before reusing the pointer, otherwise we'll be leaking memory
+ */
+ vec_free (*string_return);
+ *string_return = 0;
+ }
+ return unformat_user (input, unformat_token, token_chars, string_return);
+}
+
static clib_error_t *
ikev2_profile_add_del_command_fn (vlib_main_t * vm,
unformat_input_t * input,
@@ -271,27 +288,23 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
ikev2_transform_integ_type_t integ_alg;
ikev2_transform_dh_type_t dh_type;
- const char *valid_chars = "a-zA-Z0-9_";
-
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
- if (unformat (line_input, "add %U", unformat_token, valid_chars, &name))
+ if (unformat (line_input, "add %U", unformat_ikev2_token, &name))
{
r = ikev2_add_del_profile (vm, name, 1);
goto done;
}
- else
- if (unformat
- (line_input, "del %U", unformat_token, valid_chars, &name))
+ else if (unformat (line_input, "del %U", unformat_ikev2_token, &name))
{
r = ikev2_add_del_profile (vm, name, 0);
goto done;
}
else if (unformat (line_input, "set %U auth shared-key-mic string %v",
- unformat_token, valid_chars, &name, &data))
+ unformat_ikev2_token, &name, &data))
{
r =
ikev2_set_profile_auth (vm, name,
@@ -300,7 +313,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U auth shared-key-mic hex %U",
- unformat_token, valid_chars, &name,
+ unformat_ikev2_token, &name,
unformat_hex_string, &data))
{
r =
@@ -310,7 +323,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U auth rsa-sig cert-file %v",
- unformat_token, valid_chars, &name, &data))
+ unformat_ikev2_token, &name, &data))
{
r =
ikev2_set_profile_auth (vm, name, IKEV2_AUTH_METHOD_RSA_SIG, data,
@@ -318,7 +331,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U id local %U %U",
- unformat_token, valid_chars, &name,
+ unformat_ikev2_token, &name,
unformat_ikev2_id_type, &id_type,
unformat_ip4_address, &ip4))
{
@@ -329,7 +342,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U id local %U 0x%U",
- unformat_token, valid_chars, &name,
+ unformat_ikev2_token, &name,
unformat_ikev2_id_type, &id_type,
unformat_hex_string, &data))
{
@@ -338,7 +351,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U id local %U %v",
- unformat_token, valid_chars, &name,
+ unformat_ikev2_token, &name,
unformat_ikev2_id_type, &id_type, &data))
{
r =
@@ -346,7 +359,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U id remote %U %U",
- unformat_token, valid_chars, &name,
+ unformat_ikev2_token, &name,
unformat_ikev2_id_type, &id_type,
unformat_ip4_address, &ip4))
{
@@ -357,7 +370,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U id remote %U 0x%U",
- unformat_token, valid_chars, &name,
+ unformat_ikev2_token, &name,
unformat_ikev2_id_type, &id_type,
unformat_hex_string, &data))
{
@@ -366,7 +379,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U id remote %U %v",
- unformat_token, valid_chars, &name,
+ unformat_ikev2_token, &name,
unformat_ikev2_id_type, &id_type, &data))
{
r = ikev2_set_profile_id (vm, name, (u8) id_type, data, /*remote */
@@ -375,7 +388,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
}
else if (unformat (line_input, "set %U traffic-selector local "
"ip-range %U - %U port-range %u - %u protocol %u",
- unformat_token, valid_chars, &name,
+ unformat_ikev2_token, &name,
unformat_ip4_address, &ip4,
unformat_ip4_address, &end_addr,
&tmp1, &tmp2, &tmp3))
@@ -387,7 +400,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
}
else if (unformat (line_input, "set %U traffic-selector remote "
"ip-range %U - %U port-range %u - %u protocol %u",
- unformat_token, valid_chars, &name,
+ unformat_ikev2_token, &name,
unformat_ip4_address, &ip4,
unformat_ip4_address, &end_addr,
&tmp1, &tmp2, &tmp3))
@@ -398,7 +411,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U responder %U %U",
- unformat_token, valid_chars, &name,
+ unformat_ikev2_token, &name,
unformat_vnet_sw_interface, vnm,
&responder_sw_if_index, unformat_ip4_address,
&responder_ip4))
@@ -409,7 +422,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U tunnel %U",
- unformat_token, valid_chars, &name,
+ unformat_ikev2_token, &name,
unformat_vnet_sw_interface, vnm, &tun_sw_if_index))
{
r = ikev2_set_profile_tunnel_interface (vm, name, tun_sw_if_index);
@@ -419,7 +432,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
if (unformat
(line_input,
"set %U ike-crypto-alg %U %u ike-integ-alg %U ike-dh %U",
- unformat_token, valid_chars, &name,
+ unformat_ikev2_token, &name,
unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1,
unformat_ikev2_transform_integ_type, &integ_alg,
unformat_ikev2_transform_dh_type, &dh_type))
@@ -433,7 +446,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
if (unformat
(line_input,
"set %U ike-crypto-alg %U %u ike-dh %U",
- unformat_token, valid_chars, &name,
+ unformat_ikev2_token, &name,
unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1,
unformat_ikev2_transform_dh_type, &dh_type))
{
@@ -447,7 +460,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
if (unformat
(line_input,
"set %U esp-crypto-alg %U %u esp-integ-alg %U",
- unformat_token, valid_chars, &name,
+ unformat_ikev2_token, &name,
unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1,
unformat_ikev2_transform_integ_type, &integ_alg))
{
@@ -459,7 +472,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
else if (unformat
(line_input,
"set %U esp-crypto-alg %U %u",
- unformat_token, valid_chars, &name,
+ unformat_ikev2_token, &name,
unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1))
{
r =
@@ -467,7 +480,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U sa-lifetime %lu %u %u %lu",
- unformat_token, valid_chars, &name,
+ unformat_ikev2_token, &name,
&tmp4, &tmp1, &tmp2, &tmp5))
{
r =
@@ -475,13 +488,13 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
goto done;
}
else if (unformat (line_input, "set %U udp-encap",
- unformat_token, valid_chars, &name))
+ unformat_ikev2_token, &name))
{
r = ikev2_set_profile_udp_encap (vm, name);
goto done;
}
else if (unformat (line_input, "set %U ipsec-over-udp port %u",
- unformat_token, valid_chars, &name, &tmp1))
+ unformat_ikev2_token, &name, &tmp1))
{
int rv = ikev2_set_profile_ipsec_udp_port (vm, name, tmp1, 1);
if (rv)
@@ -725,15 +738,12 @@ ikev2_initiate_command_fn (vlib_main_t * vm,
u32 tmp1;
u64 tmp2;
- const char *valid_chars = "a-zA-Z0-9_";
-
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
- if (unformat
- (line_input, "sa-init %U", unformat_token, valid_chars, &name))
+ if (unformat (line_input, "sa-init %U", unformat_ikev2_token, &name))
{
r = ikev2_initiate_sa_init (vm, name);
goto done;
y received bytes. */ uint64_t idropped; /**< Total of packets dropped when Rx ring full. */ uint64_t rx_nombuf; /**< Total of Rx mbuf allocation failures. */ }; /** Rx queue descriptor. */ struct rxq { struct priv *priv; /**< Back pointer to private data. */ struct rte_mempool *mp; /**< Memory pool for allocations. */ struct ibv_cq *cq; /**< Completion queue. */ struct ibv_wq *wq; /**< Work queue. */ struct ibv_comp_channel *channel; /**< Rx completion channel. */ uint16_t rq_ci; /**< Saved RQ consumer index. */ uint16_t port_id; /**< Port ID for incoming packets. */ uint16_t sges_n; /**< Number of segments per packet (log2 value). */ uint16_t elts_n; /**< Mbuf queue size (log2 value). */ struct mlx4_mr_ctrl mr_ctrl; /* MR control descriptor. */ struct rte_mbuf *(*elts)[]; /**< Rx elements. */ volatile struct mlx4_wqe_data_seg (*wqes)[]; /**< HW queue entries. */ volatile uint32_t *rq_db; /**< RQ doorbell record. */ uint32_t csum:1; /**< Enable checksum offloading. */ uint32_t csum_l2tun:1; /**< Same for L2 tunnels. */ uint32_t crc_present:1; /**< CRC must be subtracted. */ uint32_t l2tun_offload:1; /**< L2 tunnel offload is enabled. */ struct mlx4_cq mcq; /**< Info for directly manipulating the CQ. */ struct mlx4_rxq_stats stats; /**< Rx queue counters. */ unsigned int socket; /**< CPU socket ID for allocations. */ uint32_t usecnt; /**< Number of users relying on queue resources. */ uint8_t data[]; /**< Remaining queue resources. */ }; /** Shared flow target for Rx queues. */ struct mlx4_rss { LIST_ENTRY(mlx4_rss) next; /**< Next entry in list. */ struct priv *priv; /**< Back pointer to private data. */ uint32_t refcnt; /**< Reference count for this object. */ uint32_t usecnt; /**< Number of users relying on @p qp and @p ind. */ struct ibv_qp *qp; /**< Queue pair. */ struct ibv_rwq_ind_table *ind; /**< Indirection table. */ uint64_t fields; /**< Fields for RSS processing (Verbs format). */ uint8_t key[MLX4_RSS_HASH_KEY_SIZE]; /**< Hash key to use. */ uint16_t queues; /**< Number of target queues. */ uint16_t queue_id[]; /**< Target queues. */ }; /** Tx element. */ struct txq_elt { struct rte_mbuf *buf; /**< Buffer. */ union { volatile struct mlx4_wqe_ctrl_seg *wqe; /**< SQ WQE. */ volatile uint32_t *eocb; /**< End of completion burst. */ }; }; /** Tx queue counters. */ struct mlx4_txq_stats { unsigned int idx; /**< Mapping index. */ uint64_t opackets; /**< Total of successfully sent packets. */ uint64_t obytes; /**< Total of successfully sent bytes. */ uint64_t odropped; /**< Total number of packets failed to transmit. */ }; /** Tx queue descriptor. */ struct txq { struct mlx4_sq msq; /**< Info for directly manipulating the SQ. */ struct mlx4_cq mcq; /**< Info for directly manipulating the CQ. */ unsigned int elts_head; /**< Current index in (*elts)[]. */ unsigned int elts_tail; /**< First element awaiting completion. */ int elts_comp_cd; /**< Countdown for next completion. */ unsigned int elts_comp_cd_init; /**< Initial value for countdown. */ unsigned int elts_n; /**< (*elts)[] length. */ struct mlx4_mr_ctrl mr_ctrl; /* MR control descriptor. */ struct txq_elt (*elts)[]; /**< Tx elements. */ struct mlx4_txq_stats stats; /**< Tx queue counters. */ uint32_t max_inline; /**< Max inline send size. */ uint32_t csum:1; /**< Enable checksum offloading. */ uint32_t csum_l2tun:1; /**< Same for L2 tunnels. */ uint32_t lb:1; /**< Whether packets should be looped back by eSwitch. */ uint8_t *bounce_buf; /**< Memory used for storing the first DWORD of data TXBBs. */ struct priv *priv; /**< Back pointer to private data. */ unsigned int socket; /**< CPU socket ID for allocations. */ struct ibv_cq *cq; /**< Completion queue. */ struct ibv_qp *qp; /**< Queue pair. */ uint8_t data[]; /**< Remaining queue resources. */ }; /* mlx4_rxq.c */ uint8_t mlx4_rss_hash_key_default[MLX4_RSS_HASH_KEY_SIZE]; int mlx4_rss_init(struct priv *priv); void mlx4_rss_deinit(struct priv *priv); struct mlx4_rss *mlx4_rss_get(struct priv *priv, uint64_t fields, const uint8_t key[MLX4_RSS_HASH_KEY_SIZE], uint16_t queues, const uint16_t queue_id[]); void mlx4_rss_put(struct mlx4_rss *rss); int mlx4_rss_attach(struct mlx4_rss *rss); void mlx4_rss_detach(struct mlx4_rss *rss); int mlx4_rxq_attach(struct rxq *rxq); void mlx4_rxq_detach(struct rxq *rxq); uint64_t mlx4_get_rx_port_offloads(struct priv *priv); uint64_t mlx4_get_rx_queue_offloads(struct priv *priv); int mlx4_rx_queue_setup(struct rte_eth_dev *dev, uint16_t idx, uint16_t desc, unsigned int socket, const struct rte_eth_rxconf *conf, struct rte_mempool *mp); void mlx4_rx_queue_release(void *dpdk_rxq); /* mlx4_rxtx.c */ uint16_t mlx4_tx_burst(void *dpdk_txq, struct rte_mbuf **pkts, uint16_t pkts_n); uint16_t mlx4_rx_burst(void *dpdk_rxq, struct rte_mbuf **pkts, uint16_t pkts_n); uint16_t mlx4_tx_burst_removed(void *dpdk_txq, struct rte_mbuf **pkts, uint16_t pkts_n); uint16_t mlx4_rx_burst_removed(void *dpdk_rxq, struct rte_mbuf **pkts, uint16_t pkts_n); /* mlx4_txq.c */ uint64_t mlx4_get_tx_port_offloads(struct priv *priv); int mlx4_tx_queue_setup(struct rte_eth_dev *dev, uint16_t idx, uint16_t desc, unsigned int socket, const struct rte_eth_txconf *conf); void mlx4_tx_queue_release(void *dpdk_txq); /* mlx4_mr.c */ void mlx4_mr_flush_local_cache(struct mlx4_mr_ctrl *mr_ctrl); uint32_t mlx4_rx_addr2mr_bh(struct rxq *rxq, uintptr_t addr); uint32_t mlx4_tx_addr2mr_bh(struct txq *txq, uintptr_t addr); uint32_t mlx4_tx_update_ext_mp(struct txq *txq, uintptr_t addr, struct rte_mempool *mp); /** * Get Memory Pool (MP) from mbuf. If mbuf is indirect, the pool from which the * cloned mbuf is allocated is returned instead. * * @param buf * Pointer to mbuf. * * @return * Memory pool where data is located for given mbuf. */ static struct rte_mempool * mlx4_mb2mp(struct rte_mbuf *buf) { if (unlikely(RTE_MBUF_INDIRECT(buf))) return rte_mbuf_from_indirect(buf)->pool; return buf->pool; } /** * Query LKey from a packet buffer for Rx. No need to flush local caches for Rx * as mempool is pre-configured and static. * * @param rxq * Pointer to Rx queue structure. * @param addr * Address to search. * * @return * Searched LKey on success, UINT32_MAX on no match. */ static __rte_always_inline uint32_t mlx4_rx_addr2mr(struct rxq *rxq, uintptr_t addr) { struct mlx4_mr_ctrl *mr_ctrl = &rxq->mr_ctrl; uint32_t lkey; /* Linear search on MR cache array. */ lkey = mlx4_mr_lookup_cache(mr_ctrl->cache, &mr_ctrl->mru, MLX4_MR_CACHE_N, addr); if (likely(lkey != UINT32_MAX)) return lkey; /* Take slower bottom-half (Binary Search) on miss. */ return mlx4_rx_addr2mr_bh(rxq, addr); } #define mlx4_rx_mb2mr(rxq, mb) mlx4_rx_addr2mr(rxq, (uintptr_t)((mb)->buf_addr)) /** * Query LKey from a packet buffer for Tx. If not found, add the mempool. * * @param txq * Pointer to Tx queue structure. * @param addr * Address to search. * * @return * Searched LKey on success, UINT32_MAX on no match. */ static __rte_always_inline uint32_t mlx4_tx_addr2mr(struct txq *txq, uintptr_t addr) { struct mlx4_mr_ctrl *mr_ctrl = &txq->mr_ctrl; uint32_t lkey; /* Check generation bit to see if there's any change on existing MRs. */ if (unlikely(*mr_ctrl->dev_gen_ptr != mr_ctrl->cur_gen)) mlx4_mr_flush_local_cache(mr_ctrl); /* Linear search on MR cache array. */ lkey = mlx4_mr_lookup_cache(mr_ctrl->cache, &mr_ctrl->mru, MLX4_MR_CACHE_N, addr); if (likely(lkey != UINT32_MAX)) return lkey; /* Take slower bottom-half (binary search) on miss. */ return mlx4_tx_addr2mr_bh(txq, addr); } static __rte_always_inline uint32_t mlx4_tx_mb2mr(struct txq *txq, struct rte_mbuf *mb) { uintptr_t addr = (uintptr_t)mb->buf_addr; uint32_t lkey = mlx4_tx_addr2mr(txq, addr); if (likely(lkey != UINT32_MAX)) return lkey; if (rte_errno == ENXIO) { /* Mempool may have externally allocated memory. */ lkey = mlx4_tx_update_ext_mp(txq, addr, mlx4_mb2mp(mb)); } return lkey; } #endif /* MLX4_RXTX_H_ */