From: Adam Dybkowski <adamx.dybkowski@intel.com>
To: stable@dpdk.org, fiona.trahe@intel.com, bluca@debian.org
Cc: Adam Dybkowski <adamx.dybkowski@intel.com>
Subject: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking
Date: Fri, 21 Feb 2020 16:40:05 +0100 [thread overview]
Message-ID: <20200221154005.2777-1-adamx.dybkowski@intel.com> (raw)
This patch adds range-checking of the device id passed from
the user app code. It prevents out-of-range array accesses
which in some situations resulted in an
application crash (segfault).
Fixes: 72de277dd423 ("cryptodev: fix checks related to device id")
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
lib/librte_cryptodev/rte_cryptodev.c | 31 ++++++++++++++++++++++++----
1 file changed, 27 insertions(+), 4 deletions(-)
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index cdce7824c..150ef9a4a 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -428,7 +428,8 @@ rte_cryptodev_pmd_get_named_dev(const char *name)
static inline uint8_t
rte_cryptodev_is_valid_device_data(uint8_t dev_id)
{
- if (rte_crypto_devices[dev_id].data == NULL)
+ if (dev_id >= RTE_CRYPTO_MAX_DEVS ||
+ rte_crypto_devices[dev_id].data == NULL)
return 0;
return 1;
@@ -520,8 +521,9 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices,
void *
rte_cryptodev_get_sec_ctx(uint8_t dev_id)
{
- if (rte_crypto_devices[dev_id].feature_flags &
- RTE_CRYPTODEV_FF_SECURITY)
+ if (dev_id < RTE_CRYPTO_MAX_DEVS &&
+ (rte_crypto_devices[dev_id].feature_flags &
+ RTE_CRYPTODEV_FF_SECURITY))
return rte_crypto_devices[dev_id].security_ctx;
return NULL;
@@ -660,6 +662,11 @@ rte_cryptodev_queue_pair_count(uint8_t dev_id)
{
struct rte_cryptodev *dev;
+ if (!rte_cryptodev_is_valid_device_data(dev_id)) {
+ CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+ return 0;
+ }
+
dev = &rte_crypto_devices[dev_id];
return dev->data->nb_queue_pairs;
}
@@ -1131,6 +1138,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
uint8_t index;
int ret;
+ if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+ CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+ return -EINVAL;
+ }
+
dev = rte_cryptodev_pmd_get_dev(dev_id);
if (sess == NULL || xforms == NULL || dev == NULL)
@@ -1228,6 +1240,11 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
{
struct rte_cryptodev *dev;
+ if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+ CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+ return -EINVAL;
+ }
+
dev = rte_cryptodev_pmd_get_dev(dev_id);
if (dev == NULL || sess == NULL)
@@ -1428,8 +1445,14 @@ rte_cryptodev_driver_id_get(const char *name)
const char *
rte_cryptodev_name_get(uint8_t dev_id)
{
- struct rte_cryptodev *dev = rte_cryptodev_pmd_get_dev(dev_id);
+ struct rte_cryptodev *dev;
+ if (!rte_cryptodev_is_valid_device_data(dev_id)) {
+ CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+ return NULL;
+ }
+
+ dev = rte_cryptodev_pmd_get_dev(dev_id);
if (dev == NULL)
return NULL;
--
2.17.1
next reply other threads:[~2020-02-21 15:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-21 15:40 Adam Dybkowski [this message]
2020-02-21 16:12 ` Luca Boccassi
2020-02-26 9:52 ` Luca Boccassi
2020-02-27 1:48 ` Yu, PingX
2020-02-27 8:48 ` Luca Boccassi
2020-02-21 16:16 ` Trahe, Fiona
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200221154005.2777-1-adamx.dybkowski@intel.com \
--to=adamx.dybkowski@intel.com \
--cc=bluca@debian.org \
--cc=fiona.trahe@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).