patches for DPDK stable branches
 help / color / Atom feed
From: Kevin Traynor <ktraynor@redhat.com>
To: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Cc: Anoob Joseph <anoobj@marvell.com>,
	Akhil Goyal <akhil.goyal@nxp.com>, dpdk stable <stable@dpdk.org>
Subject: [dpdk-stable] patch 'security: fix verification of parameters' has been queued to LTS release 18.11.9
Date: Thu, 28 May 2020 17:22:27 +0100
Message-ID: <20200528162322.7863-40-ktraynor@redhat.com> (raw)
In-Reply-To: <20200528162322.7863-1-ktraynor@redhat.com>

Hi,

FYI, your patch has been queued to LTS release 18.11.9

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 06/03/20. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable-queue/commit/a50fdf67e881349037cc68db43874582cfa6d550

Thanks.

Kevin.

---
From a50fdf67e881349037cc68db43874582cfa6d550 Mon Sep 17 00:00:00 2001
From: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Date: Thu, 9 Apr 2020 19:24:50 +0200
Subject: [PATCH] security: fix verification of parameters

[ upstream commit b6ee98547847e64b527484ab453a9f81ff3ce067 ]

This patch adds verification of the parameters to the ret_security API
functions. All required parameters are checked if they are not NULL.

Checks verify full chain of pointers, e.g. in case of verification of
"instance->ops->session_XXX", they check also "instance"
and "instance->ops".

Fixes: c261d1431bd8 ("security: introduce security API and framework")
Fixes: 1a08c379b9b5 ("security: support user data retrieval")

Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 lib/librte_security/rte_security.c | 59 +++++++++++++++++++++++-------
 1 file changed, 46 insertions(+), 13 deletions(-)

diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index a222b33cec..4f9639d693 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -2,4 +2,5 @@
  * Copyright 2017 NXP.
  * Copyright(c) 2017 Intel Corporation.
+ * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
  */
 
@@ -10,4 +11,17 @@
 #include "rte_security_driver.h"
 
+/* Macro to check for invalid pointers */
+#define RTE_PTR_OR_ERR_RET(ptr, retval) do {	\
+	if ((ptr) == NULL)			\
+		return retval;			\
+} while (0)
+
+/* Macro to check for invalid pointers chains */
+#define RTE_PTR_CHAIN3_OR_ERR_RET(p1, p2, p3, retval, last_retval) do {	\
+	RTE_PTR_OR_ERR_RET(p1, retval);					\
+	RTE_PTR_OR_ERR_RET(p1->p2, retval);				\
+	RTE_PTR_OR_ERR_RET(p1->p2->p3, last_retval);			\
+} while (0)
+
 struct rte_security_session *
 rte_security_session_create(struct rte_security_ctx *instance,
@@ -17,8 +31,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
 	struct rte_security_session *sess = NULL;
 
-	if (conf == NULL)
-		return NULL;
-
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_create, NULL);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
+	RTE_PTR_OR_ERR_RET(conf, NULL);
+	RTE_PTR_OR_ERR_RET(mp, NULL);
 
 	if (rte_mempool_get(mp, (void **)&sess))
@@ -39,5 +52,9 @@ rte_security_session_update(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_update, -ENOTSUP);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
+			-ENOTSUP);
+	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
+	RTE_PTR_OR_ERR_RET(conf, -EINVAL);
+
 	return instance->ops->session_update(instance->device, sess, conf);
 }
@@ -46,5 +63,6 @@ unsigned int
 rte_security_session_get_size(struct rte_security_ctx *instance)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_get_size, 0, 0);
+
 	return instance->ops->session_get_size(instance->device);
 }
@@ -55,5 +73,9 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
 			       struct rte_security_stats *stats)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_stats_get, -ENOTSUP);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
+			-ENOTSUP);
+	/* Parameter sess can be NULL in case of getting global statistics. */
+	RTE_PTR_OR_ERR_RET(stats, -EINVAL);
+
 	return instance->ops->session_stats_get(instance->device, sess, stats);
 }
@@ -65,5 +87,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 	int ret;
 
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_destroy, -ENOTSUP);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL,
+			-ENOTSUP);
+	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
 
 	if (instance->sess_cnt)
@@ -82,5 +106,9 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 			      struct rte_mbuf *m, void *params)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -ENOTSUP);
+#ifdef RTE_DEBUG
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, set_pkt_metadata, -EINVAL,
+			-ENOTSUP);
+	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
+#endif
 	return instance->ops->set_pkt_metadata(instance->device,
 					       sess, m, params);
@@ -92,5 +120,7 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
 	void *userdata = NULL;
 
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
+#ifdef RTE_DEBUG
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, get_userdata, NULL, NULL);
+#endif
 	if (instance->ops->get_userdata(instance->device, md, &userdata))
 		return NULL;
@@ -102,5 +132,6 @@ const struct rte_security_capability *
 rte_security_capabilities_get(struct rte_security_ctx *instance)
 {
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL);
+
 	return instance->ops->capabilities_get(instance->device);
 }
@@ -114,5 +145,7 @@ rte_security_capability_get(struct rte_security_ctx *instance,
 	uint16_t i = 0;
 
-	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
+	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL);
+	RTE_PTR_OR_ERR_RET(idx, NULL);
+
 	capabilities = instance->ops->capabilities_get(instance->device);
 
@@ -122,5 +155,5 @@ rte_security_capability_get(struct rte_security_ctx *instance,
 	while ((capability = &capabilities[i++])->action
 			!= RTE_SECURITY_ACTION_TYPE_NONE) {
-		if (capability->action  == idx->action &&
+		if (capability->action == idx->action &&
 				capability->protocol == idx->protocol) {
 			if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC) {
-- 
2.21.3

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2020-05-28 17:13:01.218668789 +0100
+++ 0040-security-fix-verification-of-parameters.patch	2020-05-28 17:12:59.108556242 +0100
@@ -1 +1 @@
-From b6ee98547847e64b527484ab453a9f81ff3ce067 Mon Sep 17 00:00:00 2001
+From a50fdf67e881349037cc68db43874582cfa6d550 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit b6ee98547847e64b527484ab453a9f81ff3ce067 ]
+
@@ -15 +16,0 @@
-Cc: stable@dpdk.org
@@ -25 +26 @@
-index bc81ce15d1..38ccc2ea9c 100644
+index a222b33cec..4f9639d693 100644


  parent reply index

Thread overview: 97+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-28 16:21 [dpdk-stable] patch 'app/pipeline: fix build with gcc 10' " Kevin Traynor
2020-05-28 16:21 ` [dpdk-stable] patch 'examples/eventdev: " Kevin Traynor
2020-05-28 16:21 ` [dpdk-stable] patch 'drivers: add crypto as dependency for event drivers' " Kevin Traynor
2020-05-28 16:21 ` [dpdk-stable] patch 'eal: fix log message print for regex' " Kevin Traynor
2020-05-28 16:21 ` [dpdk-stable] patch 'eal/arm64: fix precise TSC' " Kevin Traynor
2020-05-28 16:21 ` [dpdk-stable] patch 'mem: mark pages as not accessed when reserving VA' " Kevin Traynor
2020-05-28 16:21 ` [dpdk-stable] patch 'service: fix crash on exit' " Kevin Traynor
2020-05-28 16:21 ` [dpdk-stable] patch 'pci: fix build on ppc' " Kevin Traynor
2020-05-28 16:21 ` [dpdk-stable] patch 'net/i40e: fix X722 performance' " Kevin Traynor
2020-05-28 16:21 ` [dpdk-stable] patch 'doc: fix number of failsafe sub-devices' " Kevin Traynor
2020-05-28 16:21 ` [dpdk-stable] patch 'net/sfc: fix reported promiscuous/multicast mode' " Kevin Traynor
2020-05-28 16:21 ` [dpdk-stable] patch 'net/sfc: fix initialization error path' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/sfc: fix Rx queue start failure " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/mlx5: fix mask used for IPv6 item validation' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'ethdev: fix spelling' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/sfc/base: reduce filter priorities to implemented only' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/sfc/base: reject automatic filter creation by users' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/sfc/base: refactor filter lookup loop in EF10' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/sfc/base: handle manual and auto filter clashes " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/mlx5: fix CVLAN tag set in IP item translation' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'contigmem: cleanup properly when load fails' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'devtools: fix symbol map change check' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'test: skip some subtests in no-huge mode' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'test/kvargs: fix to consider empty elements as valid' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'test/kvargs: fix invalid cases check' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'kvargs: fix buffer overflow when parsing list' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'bus/pci: fix devargs on probing again' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'common/qat: fix GEN3 marketing name' " Kevin Traynor
2020-06-04 16:29   ` Trahe, Fiona
2020-06-04 16:36     ` Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'event/dsw: remove redundant control ring poll' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'event/dsw: remove unnecessary read barrier' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'doc: fix sphinx compatibility' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'log: fix level picked with globbing on type register' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'doc: fix matrix CSS for recent sphinx' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'vfio: fix race condition with sysfs' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'vfio: fix use after free with multiprocess' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'drivers: fix log type variables for -fno-common' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'drivers/crypto: " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'test/crypto: fix flag check' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'crypto/openssl: fix out-of-place encryption' " Kevin Traynor
2020-05-28 16:22 ` Kevin Traynor [this message]
2020-05-28 16:22 ` [dpdk-stable] patch 'security: fix return types in documentation' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'security: fix session counter' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'test: remove redundant macro' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/mlx5: fix validation of VXLAN/VXLAN-GPE specs' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'examples/vmdq: fix output of pools/queues' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/mvneta: do not use PMD log type' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/virtio: " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/tap: " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/bnxt: " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/dpaa: use dynamic " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/thunderx: " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/tap: remove unused assert' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/octeontx: fix meson build for disabled drivers' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/netvsc: propagate descriptor limits from VF' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/netvsc: handle Rx packets during multi-channel setup' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/netvsc: split send buffers from Tx descriptors' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/netvsc: fix memory free on device close' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/netvsc: remove process event optimization' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/netvsc: handle Tx completions based on burst size' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/netvsc: avoid possible live lock' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'ethdev: fix build when vtune profiling is on' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'examples/vmdq: fix RSS configuration' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/ena/base: make allocation macros thread-safe' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/ena/base: prevent allocation of zero sized memory' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/ena/base: fix testing for supported hash function' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/ena/base: fix documentation of functions' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/ena/base: fix indentation in CQ polling' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/ena/base: fix indentation of multiple defines' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/ena: set IO ring size to valid value' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/null: fix secondary burst function selection' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'net/null: remove redundant check' " Kevin Traynor
2020-05-28 16:22 ` [dpdk-stable] patch 'vhost/crypto: add missing user protocol flag' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'net/vhost: fix potential memory leak on close' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'net/virtio: fix outdated comment' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'vhost: remove unused variable' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'vhost: make IOTLB cache name unique among processes' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'net/mlx4: fix build with -fno-common' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'net/i40e: relax barrier in Tx for NEON' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'net/tap: fix mbuf and mem leak during queue release' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'net/tap: fix check for mbuf number of segment' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'net/tap: fix file close on remove' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'net/tap: fix fd leak on creation failure' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'net/tap: fix unexpected link handler' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'net/virtio-user: fix devargs parsing' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'net/tap: fix queues fd check before close' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'net/iavf: fix stats query error code' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'net/bnxt: fix VLAN add when port is stopped' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'security: fix crash at accessing non-implemented ops' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'lpm6: fix size of tbl8 group' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'lpm6: fix comments spelling' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'eal: " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'fix various typos found by Lintian' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'app: fix usage help of options separated by dashes' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'usertools: check for pci.ids in /usr/share/misc' " Kevin Traynor
2020-05-28 16:23 ` [dpdk-stable] patch 'bus/pci: fix UIO resource access from secondary process' " Kevin Traynor

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200528162322.7863-40-ktraynor@redhat.com \
    --to=ktraynor@redhat.com \
    --cc=akhil.goyal@nxp.com \
    --cc=anoobj@marvell.com \
    --cc=l.wojciechow@partner.samsung.com \
    --cc=stable@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

patches for DPDK stable branches

Archives are clonable:
	git clone --mirror http://inbox.dpdk.org/stable/0 stable/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 stable stable/ http://inbox.dpdk.org/stable \
		stable@dpdk.org
	public-inbox-index stable


Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.stable


AGPL code for this site: git clone https://public-inbox.org/ public-inbox