From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7646FA0093 for ; Tue, 19 May 2020 15:00:11 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 6D1211D5DE; Tue, 19 May 2020 15:00:11 +0200 (CEST) Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com [209.85.221.66]) by dpdk.org (Postfix) with ESMTP id 903DF1D5DE for ; Tue, 19 May 2020 15:00:10 +0200 (CEST) Received: by mail-wr1-f66.google.com with SMTP id y3so15842673wrt.1 for ; Tue, 19 May 2020 06:00:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=jtAXEL7rDOlorfH5h+ohnK2jw+r1uTTk47LYHoZJEb0=; b=rKyPpj/UAw8mA+jmoV5dJtIjttVph/7bTQOaDqEjYLGzgifxPDXqTHegeZytup5d37 tWk0XXuguqYa9SJGTsHMzAE50yX4d2LMAjTRzg+3Veoq6t35Tlt1IRzQ9WROZTCrX2gQ dnsa3YfF13Qj5gCr6tCORaz9vKGJ5GLP2kQ5esLrzYy7BgOOC3Zukizzo6MysOenSuuY OBbBEpgdxMXk6S3dQZRvt1rm9C143+6W0Epzxb/wBWhDxYIx2IaOU5R9cXfXSJ4PdeEZ wX5kWRV3BlfLnUqO8iur+I/h+8R5J9riR3sBVPYTrpM7lmTPhz4NimhblLtW2NNNTA+V VQZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=jtAXEL7rDOlorfH5h+ohnK2jw+r1uTTk47LYHoZJEb0=; b=gXefTR9o46Lz4wV65E29p0hKVISkh5hzHMFmE7Itl4U/P4KwNtWsKOMXdgMJ8UUh1n Id47ek8IPuOLtsDyIiRlEEFRJS/P+djKdZGvohQkgxBvs5bUfm/+h9coAo3uShVJ1M7M JNlSbPZyB9XVMYyfpD9qsERJQPNOY0zCzooRSjg4D6UH61GQBuZkG0ymkdENJC7UrwNF wJQYCWuYvPoz4HmzP1WRksNu8YN2mnLN5ZweLkqt8yYj9r9Y1JPPOLOQoPJ/+9DtdltE +GPiUW+abZf2NSkVZ/OO3iXfZ1cIF24NVqupIstUk79KgbW4B92OExwnkIxkOPmCzrnk eeUw== X-Gm-Message-State: AOAM531/mOWY3ZoD8Fv8mxC6ke/Qg6E+AnuYaqOPBn6golWDXHInQ6Q/ I6EMe1Pr2AAxWZSYaUr62So= X-Google-Smtp-Source: ABdhPJzVhNPa3qZlZTKksF/PQvfOiXGf360hgYUjYidCoC/1dMRbOkPhof2L5galr2zSZn4UPoTX6g== X-Received: by 2002:a5d:490d:: with SMTP id x13mr20741280wrq.199.1589893209247; Tue, 19 May 2020 06:00:09 -0700 (PDT) Received: from localhost ([88.98.246.218]) by smtp.gmail.com with ESMTPSA id 1sm4075057wmz.13.2020.05.19.06.00.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 May 2020 06:00:08 -0700 (PDT) From: luca.boccassi@gmail.com To: Adam Dybkowski Cc: Fiona Trahe , Akhil Goyal , dpdk stable Date: Tue, 19 May 2020 13:54:10 +0100 Message-Id: <20200519125804.104349-60-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200519125804.104349-1-luca.boccassi@gmail.com> References: <20200519125804.104349-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'cryptodev: fix missing device id range checking' has been queued to stable release 19.11.3 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to stable release 19.11.3 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 05/21/20. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Thanks. Luca Boccassi --- >From 196993b70538dcc21fc21e04142982c1961d639c Mon Sep 17 00:00:00 2001 From: Adam Dybkowski Date: Thu, 20 Feb 2020 16:04:15 +0100 Subject: [PATCH] cryptodev: fix missing device id range checking [ upstream commit 285b5d1b1fd3c5240c691e3ba33eeb7c1e2c67c3 ] This patch adds range-checking of the device id passed from the user app code. It prevents out-of-range array accesses which in some situations resulted in an application crash (segfault). Fixes: 3dd4435cf473 ("cryptodev: fix checks related to device id") Signed-off-by: Adam Dybkowski Acked-by: Fiona Trahe Acked-by: Akhil Goyal --- lib/librte_cryptodev/rte_cryptodev.c | 41 +++++++++++++++++++++++++--- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c index 89aa2ed3e2..f1ab622268 100644 --- a/lib/librte_cryptodev/rte_cryptodev.c +++ b/lib/librte_cryptodev/rte_cryptodev.c @@ -525,7 +525,8 @@ rte_cryptodev_pmd_get_named_dev(const char *name) static inline uint8_t rte_cryptodev_is_valid_device_data(uint8_t dev_id) { - if (rte_crypto_devices[dev_id].data == NULL) + if (dev_id >= RTE_CRYPTO_MAX_DEVS || + rte_crypto_devices[dev_id].data == NULL) return 0; return 1; @@ -617,8 +618,9 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices, void * rte_cryptodev_get_sec_ctx(uint8_t dev_id) { - if (rte_crypto_devices[dev_id].feature_flags & - RTE_CRYPTODEV_FF_SECURITY) + if (dev_id < RTE_CRYPTO_MAX_DEVS && + (rte_crypto_devices[dev_id].feature_flags & + RTE_CRYPTODEV_FF_SECURITY)) return rte_crypto_devices[dev_id].security_ctx; return NULL; @@ -789,6 +791,11 @@ rte_cryptodev_queue_pair_count(uint8_t dev_id) { struct rte_cryptodev *dev; + if (!rte_cryptodev_is_valid_device_data(dev_id)) { + CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id); + return 0; + } + dev = &rte_crypto_devices[dev_id]; return dev->data->nb_queue_pairs; } @@ -1254,6 +1261,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id, uint8_t index; int ret; + if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) { + CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id); + return -EINVAL; + } + dev = rte_cryptodev_pmd_get_dev(dev_id); if (sess == NULL || xforms == NULL || dev == NULL) @@ -1293,6 +1305,11 @@ rte_cryptodev_asym_session_init(uint8_t dev_id, uint8_t index; int ret; + if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) { + CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id); + return -EINVAL; + } + dev = rte_cryptodev_pmd_get_dev(dev_id); if (sess == NULL || xforms == NULL || dev == NULL) @@ -1428,6 +1445,11 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id, struct rte_cryptodev *dev; uint8_t driver_id; + if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) { + CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id); + return -EINVAL; + } + dev = rte_cryptodev_pmd_get_dev(dev_id); if (dev == NULL || sess == NULL) @@ -1452,6 +1474,11 @@ rte_cryptodev_asym_session_clear(uint8_t dev_id, { struct rte_cryptodev *dev; + if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) { + CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id); + return -EINVAL; + } + dev = rte_cryptodev_pmd_get_dev(dev_id); if (dev == NULL || sess == NULL) @@ -1754,8 +1781,14 @@ rte_cryptodev_driver_id_get(const char *name) const char * rte_cryptodev_name_get(uint8_t dev_id) { - struct rte_cryptodev *dev = rte_cryptodev_pmd_get_dev(dev_id); + struct rte_cryptodev *dev; + if (!rte_cryptodev_is_valid_device_data(dev_id)) { + CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id); + return NULL; + } + + dev = rte_cryptodev_pmd_get_dev(dev_id); if (dev == NULL) return NULL; -- 2.20.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2020-05-19 13:56:21.275472484 +0100 +++ 0060-cryptodev-fix-missing-device-id-range-checking.patch 2020-05-19 13:56:18.287503043 +0100 @@ -1,15 +1,16 @@ -From 285b5d1b1fd3c5240c691e3ba33eeb7c1e2c67c3 Mon Sep 17 00:00:00 2001 +From 196993b70538dcc21fc21e04142982c1961d639c Mon Sep 17 00:00:00 2001 From: Adam Dybkowski Date: Thu, 20 Feb 2020 16:04:15 +0100 Subject: [PATCH] cryptodev: fix missing device id range checking +[ upstream commit 285b5d1b1fd3c5240c691e3ba33eeb7c1e2c67c3 ] + This patch adds range-checking of the device id passed from the user app code. It prevents out-of-range array accesses which in some situations resulted in an application crash (segfault). Fixes: 3dd4435cf473 ("cryptodev: fix checks related to device id") -Cc: stable@dpdk.org Signed-off-by: Adam Dybkowski Acked-by: Fiona Trahe @@ -19,10 +20,10 @@ 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c -index 6d1d0e9d36..65d61a3ef5 100644 +index 89aa2ed3e2..f1ab622268 100644 --- a/lib/librte_cryptodev/rte_cryptodev.c +++ b/lib/librte_cryptodev/rte_cryptodev.c -@@ -529,7 +529,8 @@ rte_cryptodev_pmd_get_named_dev(const char *name) +@@ -525,7 +525,8 @@ rte_cryptodev_pmd_get_named_dev(const char *name) static inline uint8_t rte_cryptodev_is_valid_device_data(uint8_t dev_id) { @@ -32,7 +33,7 @@ return 0; return 1; -@@ -621,8 +622,9 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices, +@@ -617,8 +618,9 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices, void * rte_cryptodev_get_sec_ctx(uint8_t dev_id) { @@ -44,7 +45,7 @@ return rte_crypto_devices[dev_id].security_ctx; return NULL; -@@ -793,6 +795,11 @@ rte_cryptodev_queue_pair_count(uint8_t dev_id) +@@ -789,6 +791,11 @@ rte_cryptodev_queue_pair_count(uint8_t dev_id) { struct rte_cryptodev *dev; @@ -56,7 +57,7 @@ dev = &rte_crypto_devices[dev_id]; return dev->data->nb_queue_pairs; } -@@ -1258,6 +1265,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id, +@@ -1254,6 +1261,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id, uint8_t index; int ret; @@ -68,7 +69,7 @@ dev = rte_cryptodev_pmd_get_dev(dev_id); if (sess == NULL || xforms == NULL || dev == NULL) -@@ -1297,6 +1309,11 @@ rte_cryptodev_asym_session_init(uint8_t dev_id, +@@ -1293,6 +1305,11 @@ rte_cryptodev_asym_session_init(uint8_t dev_id, uint8_t index; int ret; @@ -80,7 +81,7 @@ dev = rte_cryptodev_pmd_get_dev(dev_id); if (sess == NULL || xforms == NULL || dev == NULL) -@@ -1432,6 +1449,11 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id, +@@ -1428,6 +1445,11 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id, struct rte_cryptodev *dev; uint8_t driver_id; @@ -92,7 +93,7 @@ dev = rte_cryptodev_pmd_get_dev(dev_id); if (dev == NULL || sess == NULL) -@@ -1456,6 +1478,11 @@ rte_cryptodev_asym_session_clear(uint8_t dev_id, +@@ -1452,6 +1474,11 @@ rte_cryptodev_asym_session_clear(uint8_t dev_id, { struct rte_cryptodev *dev; @@ -104,7 +105,7 @@ dev = rte_cryptodev_pmd_get_dev(dev_id); if (dev == NULL || sess == NULL) -@@ -1789,8 +1816,14 @@ rte_cryptodev_driver_id_get(const char *name) +@@ -1754,8 +1781,14 @@ rte_cryptodev_driver_id_get(const char *name) const char * rte_cryptodev_name_get(uint8_t dev_id) {