From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 74889A0597 for ; Thu, 9 Apr 2020 19:25:38 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 43ED81D14C; Thu, 9 Apr 2020 19:25:36 +0200 (CEST) Received: from mailout2.w1.samsung.com (mailout2.w1.samsung.com [210.118.77.12]) by dpdk.org (Postfix) with ESMTP id 241521C247 for ; Thu, 9 Apr 2020 19:25:31 +0200 (CEST) Received: from eucas1p2.samsung.com (unknown [182.198.249.207]) by mailout2.w1.samsung.com (KnoxPortal) with ESMTP id 20200409172530euoutp02538741f26a4e68847a1b3ac409adf65b~ENreEY33M1743617436euoutp02Y for ; Thu, 9 Apr 2020 17:25:30 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 mailout2.w1.samsung.com 20200409172530euoutp02538741f26a4e68847a1b3ac409adf65b~ENreEY33M1743617436euoutp02Y DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1586453130; bh=D+yKErKT0gB5hOObuVTAElRuR7IGi9JsRhDXn7p5Qx8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qutIBPNjmfa2ReBoSZFQ8dvm6jRbnT/olJI9SQ7kyKsT7RUHeoQD9vDSKN3L0kvMM Jchtkt8sdWsdpRIQqu2vgnO7F33yLdLZkqu3b+h2lU3GZmlRITaz0fZqRoV+d5YfFa D+zUnV2xKTOKexKXOzkQLoHa38neW3PF8CwvtuYQ= Received: from eusmges3new.samsung.com (unknown [203.254.199.245]) by eucas1p2.samsung.com (KnoxPortal) with ESMTP id 20200409172530eucas1p2c85d5eeea83d6b8755f1f96f108cb8de~ENrd8JtdB2361523615eucas1p2C; Thu, 9 Apr 2020 17:25:30 +0000 (GMT) Received: from eucas1p1.samsung.com ( [182.198.249.206]) by eusmges3new.samsung.com (EUCPMTA) with SMTP id 92.71.60698.A8A5F8E5; Thu, 9 Apr 2020 18:25:30 +0100 (BST) Received: from eusmtrp1.samsung.com (unknown [182.198.249.138]) by eucas1p1.samsung.com (KnoxPortal) with ESMTPA id 20200409172529eucas1p1f02aaf66052f45ac75ba9e9f63ef1c3a~ENrdfboiw0650506505eucas1p1B; Thu, 9 Apr 2020 17:25:29 +0000 (GMT) Received: from eusmgms2.samsung.com (unknown [182.198.249.180]) by eusmtrp1.samsung.com (KnoxPortal) with ESMTP id 20200409172529eusmtrp131e602943bf6e4c9c96b18631c495e35~ENrdeN5t82215922159eusmtrp1k; Thu, 9 Apr 2020 17:25:29 +0000 (GMT) X-AuditID: cbfec7f5-a29ff7000001ed1a-80-5e8f5a8a0b3c Received: from eusmtip1.samsung.com ( [203.254.199.221]) by eusmgms2.samsung.com (EUCPMTA) with SMTP id 92.48.07950.98A5F8E5; Thu, 9 Apr 2020 18:25:29 +0100 (BST) Received: from localhost.localdomain (unknown [106.210.88.70]) by eusmtip1.samsung.com (KnoxPortal) with ESMTPA id 20200409172529eusmtip1cea41c6cc2c6660ec166f2a00c8eb6bc~ENrcuc5w41096110961eusmtip1o; Thu, 9 Apr 2020 17:25:29 +0000 (GMT) From: Lukasz Wojciechowski To: Akhil Goyal , Declan Doherty , Aviad Yehezkel , Radu Nicolau , Boris Pismenny , Anoob Joseph Cc: dev@dpdk.org, stable@dpdk.org Date: Thu, 9 Apr 2020 19:24:50 +0200 Message-Id: <20200409172502.1693-2-l.wojciechow@partner.samsung.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200409172502.1693-1-l.wojciechow@partner.samsung.com> X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpgleLIzCtJLcpLzFFi42LZduznOd2uqP44g+PfhSzWn5nHaHHq9gdm iw+TlzBaHPvRzm7x5kETi8W7T9uZLNq6BCz+dfxhd+Dw2HCin9Xj14KlrB6L97xk8ng2/TCT x8Z3O5gCWKO4bFJSczLLUov07RK4Mh5v/cte8Fm/4sDOVYwNjAc0uhg5OSQETCR2tB5jB7GF BFYwSvxtd+pi5AKyvzBKnGm5xgLhfGaUmHSwjbmLkQOso6U7HyK+nFGi8dw9RriiEzO/MIKM YhOwlTgy8ysrSEJE4BejxLN1d1hAEswCihJ3V35lA7GFBZwktu6cALabRUBVYsr+P8wgNq+A i8SEbU9ZIe6Tl1i94QBYnFPAVeLW8UvMIEMlBH6zSfzb/h+qyEWieeYbKFtY4tXxLewQtozE 6ck9LBAN2xglrv7+yQjh7GeUuN67AqrKWuLwv99sIM8xC2hKrN+lD/Gno8S3e9EQJp/EjbeC EPfzSUzaNh0aErwSHW1CEDP0JJ72TGWE2fpn7RMWCNtDon3iSmZIAF1mlNi34A7TBEb5WQi7 FjAyrmIUTy0tzk1PLTbOSy3XK07MLS7NS9dLzs/dxAhMF6f/Hf+6g3Hfn6RDjAIcjEo8vB1M /XFCrIllxZW5hxglOJiVRHi9m3rjhHhTEiurUovy44tKc1KLDzFKc7AoifMaL3oZKySQnliS mp2aWpBaBJNl4uCUamAscEjutj1Zt3TmCamjXV8iopp2rmKxfF+unfrAQjTlzI+svUGM/2a8 Sykw9q5s616eIJ9bv9dRh+Hu/kWrasp8rn2s0eB9cEC4OraX+/5u1z8By0IT+udsfp4nLydZ mvqgIeqym89Cjka/SeptD0x7v5n+fTdjyZTfbG9q828pJ1bdjhdL61ZiKc5INNRiLipOBACr WyMREwMAAA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrPLMWRmVeSWpSXmKPExsVy+t/xu7qdUf1xBp/3m1isPzOP0eLU7Q/M Fh8mL2G0OPajnd3izYMmFot3n7YzWbR1CVj86/jD7sDhseFEP6vHrwVLWT0W73nJ5PFs+mEm j43vdjAFsEbp2RTll5akKmTkF5fYKkUbWhjpGVpa6BmZWOoZGpvHWhmZKunb2aSk5mSWpRbp 2yXoZTze+pe94LN+xYGdqxgbGA9odDFycEgImEi0dOd3MXJxCAksZZS4tWopO0RcRuLDJYEu Rk4gU1jiz7UuNhBbSOAjo8SEBRogNpuArcSRmV9ZQXpFBP4xSuz9OokFpJdZQFmib4sVSI2w gJPE1p0T2EFsFgFViSn7/zCD2LwCLhITtj1lhZgvL7F6wwGwOKeAq8St45eYIXbVS9zu+sM4 gZFvASPDKkaR1NLi3PTcYiO94sTc4tK8dL3k/NxNjMDA3Xbs55YdjF3vgg8xCnAwKvHwGjD0 xwmxJpYVV+YeYpTgYFYS4fVu6o0T4k1JrKxKLcqPLyrNSS0+xGgKdNREZinR5HxgVOWVxBua GppbWBqaG5sbm1koifN2CByMERJITyxJzU5NLUgtgulj4uCUamBs/sGephkXqPvx3tFX+rO3 ar2/w3Hm0WmJzMPbBYWvtf9vWJTqVGjzVNvrqaKJfvOGbseUio9fU6/atLw6zvqkcrrNhsQr Fy7kzn+6Jnrf4mnKB+efeL7FiX/Shvlaem8Wxq54cudiddTECIWD3sa6J5rl/eKqnzfeX2VX 9tqpJo87Ikni20knJZbijERDLeai4kQAtD1Pk3ICAAA= X-CMS-MailID: 20200409172529eucas1p1f02aaf66052f45ac75ba9e9f63ef1c3a X-Msg-Generator: CA Content-Type: text/plain; charset="utf-8" X-RootMTR: 20200409172529eucas1p1f02aaf66052f45ac75ba9e9f63ef1c3a X-EPHeader: CA CMS-TYPE: 201P X-CMS-RootMailID: 20200409172529eucas1p1f02aaf66052f45ac75ba9e9f63ef1c3a References: <20200408031351.4288-1-l.wojciechow@partner.samsung.com> <20200409172502.1693-1-l.wojciechow@partner.samsung.com> Subject: [dpdk-stable] [PATCH v3 01/13] security: fix verification of parameters X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" This patch adds verification of the parameters to the ret_security API functions. All required parameters are checked if they are not NULL. Checks verify full chain of pointers, e.g. in case of verification of "instance->ops->session_XXX", they check also "instance" and "instance->ops". Fixes: c261d1431bd8 ("security: introduce security API and framework") Cc: akhil.goyal@nxp.com Fixes: 1a08c379b9b5 ("security: support user data retrieval") Cc: anoob.joseph@caviumnetworks.com Cc: stable@dpdk.org Signed-off-by: Lukasz Wojciechowski --- lib/librte_security/rte_security.c | 59 +++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 13 deletions(-) diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c index bc81ce15d..38ccc2ea9 100644 --- a/lib/librte_security/rte_security.c +++ b/lib/librte_security/rte_security.c @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: BSD-3-Clause * Copyright 2017 NXP. * Copyright(c) 2017 Intel Corporation. + * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved */ #include @@ -9,6 +10,19 @@ #include "rte_security.h" #include "rte_security_driver.h" +/* Macro to check for invalid pointers */ +#define RTE_PTR_OR_ERR_RET(ptr, retval) do { \ + if ((ptr) == NULL) \ + return retval; \ +} while (0) + +/* Macro to check for invalid pointers chains */ +#define RTE_PTR_CHAIN3_OR_ERR_RET(p1, p2, p3, retval, last_retval) do { \ + RTE_PTR_OR_ERR_RET(p1, retval); \ + RTE_PTR_OR_ERR_RET(p1->p2, retval); \ + RTE_PTR_OR_ERR_RET(p1->p2->p3, last_retval); \ +} while (0) + struct rte_security_session * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, @@ -16,10 +30,9 @@ rte_security_session_create(struct rte_security_ctx *instance, { struct rte_security_session *sess = NULL; - if (conf == NULL) - return NULL; - - RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_create, NULL); + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL); + RTE_PTR_OR_ERR_RET(conf, NULL); + RTE_PTR_OR_ERR_RET(mp, NULL); if (rte_mempool_get(mp, (void **)&sess)) return NULL; @@ -38,14 +51,19 @@ rte_security_session_update(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_security_session_conf *conf) { - RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_update, -ENOTSUP); + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL, + -ENOTSUP); + RTE_PTR_OR_ERR_RET(sess, -EINVAL); + RTE_PTR_OR_ERR_RET(conf, -EINVAL); + return instance->ops->session_update(instance->device, sess, conf); } unsigned int rte_security_session_get_size(struct rte_security_ctx *instance) { - RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0); + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_get_size, 0, 0); + return instance->ops->session_get_size(instance->device); } @@ -54,7 +72,11 @@ rte_security_session_stats_get(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_security_stats *stats) { - RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_stats_get, -ENOTSUP); + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL, + -ENOTSUP); + /* Parameter sess can be NULL in case of getting global statistics. */ + RTE_PTR_OR_ERR_RET(stats, -EINVAL); + return instance->ops->session_stats_get(instance->device, sess, stats); } @@ -64,7 +86,9 @@ rte_security_session_destroy(struct rte_security_ctx *instance, { int ret; - RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_destroy, -ENOTSUP); + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL, + -ENOTSUP); + RTE_PTR_OR_ERR_RET(sess, -EINVAL); if (instance->sess_cnt) instance->sess_cnt--; @@ -81,7 +105,11 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_mbuf *m, void *params) { - RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -ENOTSUP); +#ifdef RTE_DEBUG + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, set_pkt_metadata, -EINVAL, + -ENOTSUP); + RTE_PTR_OR_ERR_RET(sess, -EINVAL); +#endif return instance->ops->set_pkt_metadata(instance->device, sess, m, params); } @@ -91,7 +119,9 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md) { void *userdata = NULL; - RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL); +#ifdef RTE_DEBUG + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, get_userdata, NULL, NULL); +#endif if (instance->ops->get_userdata(instance->device, md, &userdata)) return NULL; @@ -101,7 +131,8 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md) const struct rte_security_capability * rte_security_capabilities_get(struct rte_security_ctx *instance) { - RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL); + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL); + return instance->ops->capabilities_get(instance->device); } @@ -113,7 +144,9 @@ rte_security_capability_get(struct rte_security_ctx *instance, const struct rte_security_capability *capability; uint16_t i = 0; - RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL); + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL); + RTE_PTR_OR_ERR_RET(idx, NULL); + capabilities = instance->ops->capabilities_get(instance->device); if (capabilities == NULL) @@ -121,7 +154,7 @@ rte_security_capability_get(struct rte_security_ctx *instance, while ((capability = &capabilities[i++])->action != RTE_SECURITY_ACTION_TYPE_NONE) { - if (capability->action == idx->action && + if (capability->action == idx->action && capability->protocol == idx->protocol) { if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC) { if (capability->ipsec.proto == -- 2.17.1