Re: [dpdk-dev] [PATCH] security: fix crash at accessing non-implemented ops

DPDK patches and discussions
 help / color / mirror / Atom feed

From: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
To: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>,
	Anoob Joseph <anoobj@marvell.com>, "dev@dpdk.org" <dev@dpdk.org>
Cc: "akhil.goyal@nxp.com" <akhil.goyal@nxp.com>,
	"Doherty, Declan" <declan.doherty@intel.com>,
	"techboard@dpdk.org" <techboard@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH] security: fix crash at accessing non-implemented ops
Date: Thu, 23 Apr 2020 10:06:13 +0200	[thread overview]
Message-ID: <76d67fd8-d022-f07c-1709-bf8d2e1f05b4@partner.samsung.com> (raw)
In-Reply-To: <DM6PR11MB3308D2CD239D25DBAE47045C9AD30@DM6PR11MB3308.namprd11.prod.outlook.com>


W dniu 23.04.2020 o 09:54, Ananyev, Konstantin pisze:
>> Hi Konstantin,
>>
>> These are data path ops and so it will be better if we can avoid such checks in the datapath. The same is done in ethdev also.
> AFAIK,  get_userdata is an *optional* dev-ops function that can be used by data-path.
> So far there was no strict requirement for the rte_security PMDs to *always* implement it.
> So what you guys did is a silent change of public API behaviour.
> As result ixgbe, (and probably some others rte_security PMDs) stopped working properly.
> I don't see any point in these changes, but if you'd like to do that, at
> least our usual procedure has to be followed:
> 1. Send and RFC to get an agreement with rte_security PMDs maintainers (one release ahead)
> 2. send a deprecation note (one release ahead)
> 3. change the behaviour of the public API
> 4. update release notes
>
> AFAIK 1), 2), 4) wasn't done.
> So I think right now we need to revert original behaviour.
The current changes were made in patch: b6ee9854784 security: fix 
verification of parameters

<snip>
@@ -91,7 +119,9 @@ rte_security_get_userdata(struct rte_security_ctx 
*instance, uint64_t md)
  {
         void *userdata = NULL;

- RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
+#ifdef RTE_DEBUG
+       RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, get_userdata, NULL, NULL);
+#endif
         if (instance->ops->get_userdata(instance->device, md, &userdata))
                 return NULL;
  <snip>


So as you can see, the checks were already there. They've just been 
wrapped up with RTE_DEBUG macro for disabling them in non-debug 
compilation mode and the validation of paramter was change to avoid 
possible segmentation fault if instance lub ops would be NULL

>> https://protect2.fireeye.com/url?k=e0478418-bdd92a82-e0460f57-0cc47a336fae-55cc35a7b94c97c0&q=1&u=http%3A%2F%2Fcode.dpdk.org%2Fdpdk%2Fv20.02%2Fsource%2Flib%2Flibrte_ethdev%2Frte_ethdev.h%23L4372
>>
>> Datapath functions in cryptodev (enqueue/dequeue) doesn't even have such checks.
>> https://protect2.fireeye.com/url?k=79d7974a-244939d0-79d61c05-0cc47a336fae-19f540008a9467cf&q=1&u=http%3A%2F%2Fcode.dpdk.org%2Fdpdk%2Fv20.02%2Fsource%2Flib%2Flibrte_cryptodev%2Frte_cryptodev.h%23L962
> That's a different story:
> rx_burst/tx_burst, enqueue/dequeue are mandatory dev-ops functions that
> have to be implemented by each  ethdev/cryptodev API.
>
>>
>> Thanks,
>> Anoob
>>
>>> -----Original Message-----
>>> From: dev <dev-bounces@dpdk.org> On Behalf Of Konstantin Ananyev
>>> Sent: Thursday, April 23, 2020 5:22 AM
>>> To: dev@dpdk.org
>>> Cc: akhil.goyal@nxp.com; declan.doherty@intel.com; Konstantin Ananyev
>>> <konstantin.ananyev@intel.com>
>>> Subject: [dpdk-dev] [PATCH] security: fix crash at accessing non-implemented
>>> ops
>>>
>>> Valid checks for optional function pointers inside dev-ops were disabled by
>>> undefined macro.
>>>
>>> Fixes: b6ee98547847 ("security: fix verification of parameters")
>>>
>>> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
>>> ---
>>>   lib/librte_security/rte_security.c | 4 ----
>>>   1 file changed, 4 deletions(-)
>>>
>>> diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
>>> index d475b0977..b65430ce2 100644
>>> --- a/lib/librte_security/rte_security.c
>>> +++ b/lib/librte_security/rte_security.c
>>> @@ -107,11 +107,9 @@ rte_security_set_pkt_metadata(struct rte_security_ctx
>>> *instance,
>>>   			      struct rte_security_session *sess,
>>>   			      struct rte_mbuf *m, void *params)  { -#ifdef
>>> RTE_DEBUG
>>>   	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, set_pkt_metadata, -
>>> EINVAL,
>>>   			-ENOTSUP);
>>>   	RTE_PTR_OR_ERR_RET(sess, -EINVAL);
>>> -#endif
>>>   	return instance->ops->set_pkt_metadata(instance->device,
>>>   					       sess, m, params);
>>>   }
>>> @@ -121,9 +119,7 @@ rte_security_get_userdata(struct rte_security_ctx
>>> *instance, uint64_t md)  {
>>>   	void *userdata = NULL;
>>>
>>> -#ifdef RTE_DEBUG
>>>   	RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, get_userdata, NULL,
>>> NULL); -#endif
>>>   	if (instance->ops->get_userdata(instance->device, md, &userdata))
>>>   		return NULL;
>>>
>>> --
>>> 2.17.1
>
-- 

Lukasz Wojciechowski
Principal Software Engineer

Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 88 25
l.wojciechow@partner.samsung.com

next prev parent reply	other threads:[~2020-04-23  8:06 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-22 23:51 Konstantin Ananyev
2020-04-23  0:11 ` Ananyev, Konstantin
2020-04-23  7:58   ` Lukasz Wojciechowski
2020-04-23  4:07 ` Anoob Joseph
2020-04-23  7:54   ` Ananyev, Konstantin
2020-04-23  8:06     ` Lukasz Wojciechowski [this message]
2020-04-23  8:11       ` Ananyev, Konstantin
2020-04-23  8:22       ` Ananyev, Konstantin
2020-04-23  9:09     ` Anoob Joseph
2020-04-23 10:54       ` Ananyev, Konstantin
2020-04-23 11:23         ` Anoob Joseph
2020-04-23 12:55           ` Akhil Goyal
2020-04-23 13:30             ` Lukasz Wojciechowski
2020-04-23 13:47             ` Ananyev, Konstantin
2020-04-23 14:08               ` Akhil Goyal
2020-04-23 14:48                 ` Ananyev, Konstantin
2020-04-23  8:00   ` Lukasz Wojciechowski
2020-04-23  8:28     ` Ananyev, Konstantin
2020-04-23 15:10 ` [dpdk-dev] [PATCH v2] " Konstantin Ananyev
2020-04-23 15:51   ` Akhil Goyal
2020-04-23 16:08     ` Anoob Joseph
2020-04-23 16:14       ` Akhil Goyal
2020-04-23 16:29         ` Lukasz Wojciechowski
     [not found]   ` <CGME20200423162615eucas1p2224e9313aa640f755cf226649d093bb9@eucas1p2.samsung.com>
2020-04-23 16:25     ` [dpdk-dev] [PATCH] test/security: enable tests for " Lukasz Wojciechowski
2020-05-09 21:47       ` Akhil Goyal
2020-05-11 10:15         ` Lukasz Wojciechowski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=76d67fd8-d022-f07c-1709-bf8d2e1f05b4@partner.samsung.com \
    --to=l.wojciechow@partner.samsung.com \
    --cc=akhil.goyal@nxp.com \
    --cc=anoobj@marvell.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=konstantin.ananyev@intel.com \
    --cc=techboard@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).