[dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking

patches for DPDK stable branches
 help / color / mirror / Atom feed

* [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking
@ 2020-02-21 15:40 Adam Dybkowski
  2020-02-21 16:12 ` Luca Boccassi
  2020-02-21 16:16 ` Trahe, Fiona
  0 siblings, 2 replies; 6+ messages in thread
From: Adam Dybkowski @ 2020-02-21 15:40 UTC (permalink / raw)
  To: stable, fiona.trahe, bluca; +Cc: Adam Dybkowski

This patch adds range-checking of the device id passed from
the user app code. It prevents out-of-range array accesses
which in some situations resulted in an
application crash (segfault).

Fixes: 72de277dd423 ("cryptodev: fix checks related to device id")

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
 lib/librte_cryptodev/rte_cryptodev.c | 31 ++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index cdce7824c..150ef9a4a 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -428,7 +428,8 @@ rte_cryptodev_pmd_get_named_dev(const char *name)
 static inline uint8_t
 rte_cryptodev_is_valid_device_data(uint8_t dev_id)
 {
-	if (rte_crypto_devices[dev_id].data == NULL)
+	if (dev_id >= RTE_CRYPTO_MAX_DEVS ||
+			rte_crypto_devices[dev_id].data == NULL)
 		return 0;
 
 	return 1;
@@ -520,8 +521,9 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices,
 void *
 rte_cryptodev_get_sec_ctx(uint8_t dev_id)
 {
-	if (rte_crypto_devices[dev_id].feature_flags &
-			RTE_CRYPTODEV_FF_SECURITY)
+	if (dev_id < RTE_CRYPTO_MAX_DEVS &&
+			(rte_crypto_devices[dev_id].feature_flags &
+			RTE_CRYPTODEV_FF_SECURITY))
 		return rte_crypto_devices[dev_id].security_ctx;
 
 	return NULL;
@@ -660,6 +662,11 @@ rte_cryptodev_queue_pair_count(uint8_t dev_id)
 {
 	struct rte_cryptodev *dev;
 
+	if (!rte_cryptodev_is_valid_device_data(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return 0;
+	}
+
 	dev = &rte_crypto_devices[dev_id];
 	return dev->data->nb_queue_pairs;
 }
@@ -1131,6 +1138,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
 	uint8_t index;
 	int ret;
 
+	if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return -EINVAL;
+	}
+
 	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
 	if (sess == NULL || xforms == NULL || dev == NULL)
@@ -1228,6 +1240,11 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
 {
 	struct rte_cryptodev *dev;
 
+	if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return -EINVAL;
+	}
+
 	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
 	if (dev == NULL || sess == NULL)
@@ -1428,8 +1445,14 @@ rte_cryptodev_driver_id_get(const char *name)
 const char *
 rte_cryptodev_name_get(uint8_t dev_id)
 {
-	struct rte_cryptodev *dev = rte_cryptodev_pmd_get_dev(dev_id);
+	struct rte_cryptodev *dev;
 
+	if (!rte_cryptodev_is_valid_device_data(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return NULL;
+	}
+
+	dev = rte_cryptodev_pmd_get_dev(dev_id);
 	if (dev == NULL)
 		return NULL;
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking
  2020-02-21 15:40 [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking Adam Dybkowski
@ 2020-02-21 16:12 ` Luca Boccassi
  2020-02-26  9:52   ` Luca Boccassi
  2020-02-21 16:16 ` Trahe, Fiona
  1 sibling, 1 reply; 6+ messages in thread
From: Luca Boccassi @ 2020-02-21 16:12 UTC (permalink / raw)
  To: Yu, PingX
  Cc: Adam Dybkowski, stable, fiona.trahe, Mcnamara, John, Daly, Lee,
	Xu, Qian Q, Yigit, Ferruh, O'Hare, Cathal

On Fri, 2020-02-21 at 16:40 +0100, Adam Dybkowski wrote:
> This patch adds range-checking of the device id passed from
> the user app code. It prevents out-of-range array accesses
> which in some situations resulted in an
> application crash (segfault).
> 
> Fixes: 72de277dd423 ("cryptodev: fix checks related to device id")
> 
> Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>

Thanks, applied and pushed.

Yu, would you have time to re-test the head of the 17.11 branch to see
if this fixes the issue with QAT?

Thanks!

-- 
Kind regards,
Luca Boccassi

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking
  2020-02-21 16:12 ` Luca Boccassi
@ 2020-02-26  9:52   ` Luca Boccassi
  2020-02-27  1:48     ` Yu, PingX
  0 siblings, 1 reply; 6+ messages in thread
From: Luca Boccassi @ 2020-02-26  9:52 UTC (permalink / raw)
  To: Yu, PingX
  Cc: Adam Dybkowski, stable, fiona.trahe, Mcnamara, John, Daly, Lee,
	Xu, Qian Q, Yigit, Ferruh, O'Hare, Cathal

On Fri, 2020-02-21 at 16:12 +0000, Luca Boccassi wrote:
> On Fri, 2020-02-21 at 16:40 +0100, Adam Dybkowski wrote:
> > This patch adds range-checking of the device id passed from
> > the user app code. It prevents out-of-range array accesses
> > which in some situations resulted in an
> > application crash (segfault).
> > 
> > Fixes: 72de277dd423 ("cryptodev: fix checks related to device id")
> > 
> > Signed-off-by: Adam Dybkowski <
> > adamx.dybkowski@intel.com
> > >
> 
> Thanks, applied and pushed.
> 
> Yu, would you have time to re-test the head of the 17.11 branch to
> see
> if this fixes the issue with QAT?
> 
> Thanks!

Hello Yu,

Any update on this? We are just waiting on re-validating the crypto
devices (no need for a full run) for the release.

Thank you!

-- 
Kind regards,
Luca Boccassi

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking
  2020-02-26  9:52   ` Luca Boccassi
@ 2020-02-27  1:48     ` Yu, PingX
  2020-02-27  8:48       ` Luca Boccassi
  0 siblings, 1 reply; 6+ messages in thread
From: Yu, PingX @ 2020-02-27  1:48 UTC (permalink / raw)
  To: Luca Boccassi
  Cc: Dybkowski, AdamX, stable, Trahe, Fiona, Mcnamara, John, Daly,
	Lee, Xu, Qian Q, Yigit, Ferruh, O'Hare, Cathal

Luca, 
The issue is fixed with patch https://mails.dpdk.org/archives/stable/2020-February/020657.html.
You can go ahead now.

Regards,
Yu Ping


> -----Original Message-----
> From: Luca Boccassi [mailto:bluca@debian.org]
> Sent: Wednesday, February 26, 2020 5:53 PM
> To: Yu, PingX <pingx.yu@intel.com>
> Cc: Dybkowski, AdamX <adamx.dybkowski@intel.com>; stable@dpdk.org;
> Trahe, Fiona <fiona.trahe@intel.com>; Mcnamara, John
> <john.mcnamara@intel.com>; Daly, Lee <lee.daly@intel.com>; Xu, Qian Q
> <qian.q.xu@intel.com>; Yigit, Ferruh <ferruh.yigit@intel.com>; O'Hare, Cathal
> <cathal.ohare@intel.com>
> Subject: Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range
> checking
> 
> On Fri, 2020-02-21 at 16:12 +0000, Luca Boccassi wrote:
> > On Fri, 2020-02-21 at 16:40 +0100, Adam Dybkowski wrote:
> > > This patch adds range-checking of the device id passed from the user
> > > app code. It prevents out-of-range array accesses which in some
> > > situations resulted in an application crash (segfault).
> > >
> > > Fixes: 72de277dd423 ("cryptodev: fix checks related to device id")
> > >
> > > Signed-off-by: Adam Dybkowski <
> > > adamx.dybkowski@intel.com
> > > >
> >
> > Thanks, applied and pushed.
> >
> > Yu, would you have time to re-test the head of the 17.11 branch to see
> > if this fixes the issue with QAT?
> >
> > Thanks!
> 
> Hello Yu,
> 
> Any update on this? We are just waiting on re-validating the crypto devices (no
> need for a full run) for the release.
> 
> Thank you!
> 
> --
> Kind regards,
> Luca Boccassi

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking
  2020-02-27  1:48     ` Yu, PingX
@ 2020-02-27  8:48       ` Luca Boccassi
  0 siblings, 0 replies; 6+ messages in thread
From: Luca Boccassi @ 2020-02-27  8:48 UTC (permalink / raw)
  To: Yu, PingX
  Cc: Dybkowski, AdamX, stable, Trahe, Fiona, Mcnamara, John, Daly,
	Lee, Xu, Qian Q, Yigit, Ferruh, O'Hare, Cathal

Great, thank you very much for confirming!

On Thu, 2020-02-27 at 01:48 +0000, Yu, PingX wrote:
> Luca, 
> The issue is fixed with patch 
> https://mails.dpdk.org/archives/stable/2020-February/020657.html
> .
> You can go ahead now.
> 
> Regards,
> Yu Ping
> 
> 
> > -----Original Message-----
> > From: Luca Boccassi [mailto:
> > bluca@debian.org
> > ]
> > Sent: Wednesday, February 26, 2020 5:53 PM
> > To: Yu, PingX <
> > pingx.yu@intel.com
> > >
> > Cc: Dybkowski, AdamX <
> > adamx.dybkowski@intel.com
> > >; 
> > stable@dpdk.org
> > ;
> > Trahe, Fiona <
> > fiona.trahe@intel.com
> > >; Mcnamara, John
> > <
> > john.mcnamara@intel.com
> > >; Daly, Lee <
> > lee.daly@intel.com
> > >; Xu, Qian Q
> > <
> > qian.q.xu@intel.com
> > >; Yigit, Ferruh <
> > ferruh.yigit@intel.com
> > >; O'Hare, Cathal
> > <
> > cathal.ohare@intel.com
> > >
> > Subject: Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing
> > device id range
> > checking
> > 
> > On Fri, 2020-02-21 at 16:12 +0000, Luca Boccassi wrote:
> > > On Fri, 2020-02-21 at 16:40 +0100, Adam Dybkowski wrote:
> > > > This patch adds range-checking of the device id passed from the
> > > > user
> > > > app code. It prevents out-of-range array accesses which in some
> > > > situations resulted in an application crash (segfault).
> > > > 
> > > > Fixes: 72de277dd423 ("cryptodev: fix checks related to device
> > > > id")
> > > > 
> > > > Signed-off-by: Adam Dybkowski <
> > > > adamx.dybkowski@intel.com
> > > > 
> > > 
> > > Thanks, applied and pushed.
> > > 
> > > Yu, would you have time to re-test the head of the 17.11 branch
> > > to see
> > > if this fixes the issue with QAT?
> > > 
> > > Thanks!
> > 
> > Hello Yu,
> > 
> > Any update on this? We are just waiting on re-validating the crypto
> > devices (no
> > need for a full run) for the release.
> > 
> > Thank you!
> > 
> > --
> > Kind regards,
> > Luca Boccassi
-- 
Kind regards,
Luca Boccassi

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking
  2020-02-21 15:40 [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking Adam Dybkowski
  2020-02-21 16:12 ` Luca Boccassi
@ 2020-02-21 16:16 ` Trahe, Fiona
  1 sibling, 0 replies; 6+ messages in thread
From: Trahe, Fiona @ 2020-02-21 16:16 UTC (permalink / raw)
  To: Dybkowski, AdamX, stable, bluca



> -----Original Message-----
> From: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> Sent: Friday, February 21, 2020 3:40 PM
> To: stable@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>; bluca@debian.org
> Cc: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> Subject: [PATCH 17.11] cryptodev: fix missing device id range checking
> 
> This patch adds range-checking of the device id passed from
> the user app code. It prevents out-of-range array accesses
> which in some situations resulted in an
> application crash (segfault).
> 
> Fixes: 72de277dd423 ("cryptodev: fix checks related to device id")
> 
> Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>



^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2020-02-27  8:48 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-21 15:40 [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking Adam Dybkowski
2020-02-21 16:12 ` Luca Boccassi
2020-02-26  9:52   ` Luca Boccassi
2020-02-27  1:48     ` Yu, PingX
2020-02-27  8:48       ` Luca Boccassi
2020-02-21 16:16 ` Trahe, Fiona

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).