From f441b5d0ed8ff9d87412c1640dfec93e9cba03bd Mon Sep 17 00:00:00 2001 From: gaoginskx Date: Mon, 7 Jun 2021 12:07:01 +0100 Subject: crypto: use fixed crypto frame pool The async frames pool may be resized once drained. This will cause 2 problems: original pool pointer is invalidated and pool size changed, both problems will confuse the crypto infra user graph nodes (like IPsec and Wireguard) and crypto engines if they expect the pool pointers always valid and the pool size never changed (for performance reason). This patch introduces fixed size of the async frames pool. This helps zeroing surprise to the components shown above and avoiding segmentation fault when pool resizing happened. In addition, the crypto engine may take advantage of the feature to sync its own pool/vector with crypto infra. Type: improvement Signed-off-by: Gabriel Oginski Signed-off-by: Piotr Bronowski Change-Id: I2a71783b90149fa376848b9c4f84ce8c6c034bef --- src/plugins/wireguard/wireguard_output_tun.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/plugins/wireguard/wireguard_output_tun.c') diff --git a/src/plugins/wireguard/wireguard_output_tun.c b/src/plugins/wireguard/wireguard_output_tun.c index 4ff1621b4a3..a5630811b9d 100644 --- a/src/plugins/wireguard/wireguard_output_tun.c +++ b/src/plugins/wireguard/wireguard_output_tun.c @@ -368,6 +368,8 @@ wg_add_to_async_frame (vlib_main_t *vm, wg_per_thread_data_t *ptd, { *async_frame = vnet_crypto_async_get_frame ( vm, VNET_CRYPTO_OP_CHACHA20_POLY1305_TAG16_AAD0_ENC); + if (PREDICT_FALSE (NULL == *async_frame)) + goto error; /* Save the frame to the list we'll submit at the end */ vec_add1 (ptd->async_frames, *async_frame); } -- cgit 1.2.3-korg