* [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking
@ 2020-02-21 15:40 Adam Dybkowski
2020-02-21 16:12 ` Luca Boccassi
2020-02-21 16:16 ` Trahe, Fiona
0 siblings, 2 replies; 6+ messages in thread
From: Adam Dybkowski @ 2020-02-21 15:40 UTC (permalink / raw)
To: stable, fiona.trahe, bluca; +Cc: Adam Dybkowski
This patch adds range-checking of the device id passed from
the user app code. It prevents out-of-range array accesses
which in some situations resulted in an
application crash (segfault).
Fixes: 72de277dd423 ("cryptodev: fix checks related to device id")
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
lib/librte_cryptodev/rte_cryptodev.c | 31 ++++++++++++++++++++++++----
1 file changed, 27 insertions(+), 4 deletions(-)
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index cdce7824c..150ef9a4a 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -428,7 +428,8 @@ rte_cryptodev_pmd_get_named_dev(const char *name)
static inline uint8_t
rte_cryptodev_is_valid_device_data(uint8_t dev_id)
{
- if (rte_crypto_devices[dev_id].data == NULL)
+ if (dev_id >= RTE_CRYPTO_MAX_DEVS ||
+ rte_crypto_devices[dev_id].data == NULL)
return 0;
return 1;
@@ -520,8 +521,9 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices,
void *
rte_cryptodev_get_sec_ctx(uint8_t dev_id)
{
- if (rte_crypto_devices[dev_id].feature_flags &
- RTE_CRYPTODEV_FF_SECURITY)
+ if (dev_id < RTE_CRYPTO_MAX_DEVS &&
+ (rte_crypto_devices[dev_id].feature_flags &
+ RTE_CRYPTODEV_FF_SECURITY))
return rte_crypto_devices[dev_id].security_ctx;
return NULL;
@@ -660,6 +662,11 @@ rte_cryptodev_queue_pair_count(uint8_t dev_id)
{
struct rte_cryptodev *dev;
+ if (!rte_cryptodev_is_valid_device_data(dev_id)) {
+ CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+ return 0;
+ }
+
dev = &rte_crypto_devices[dev_id];
return dev->data->nb_queue_pairs;
}
@@ -1131,6 +1138,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
uint8_t index;
int ret;
+ if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+ CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+ return -EINVAL;
+ }
+
dev = rte_cryptodev_pmd_get_dev(dev_id);
if (sess == NULL || xforms == NULL || dev == NULL)
@@ -1228,6 +1240,11 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
{
struct rte_cryptodev *dev;
+ if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+ CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+ return -EINVAL;
+ }
+
dev = rte_cryptodev_pmd_get_dev(dev_id);
if (dev == NULL || sess == NULL)
@@ -1428,8 +1445,14 @@ rte_cryptodev_driver_id_get(const char *name)
const char *
rte_cryptodev_name_get(uint8_t dev_id)
{
- struct rte_cryptodev *dev = rte_cryptodev_pmd_get_dev(dev_id);
+ struct rte_cryptodev *dev;
+ if (!rte_cryptodev_is_valid_device_data(dev_id)) {
+ CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+ return NULL;
+ }
+
+ dev = rte_cryptodev_pmd_get_dev(dev_id);
if (dev == NULL)
return NULL;
--
2.17.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking
2020-02-21 15:40 [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking Adam Dybkowski
@ 2020-02-21 16:12 ` Luca Boccassi
2020-02-26 9:52 ` Luca Boccassi
2020-02-21 16:16 ` Trahe, Fiona
1 sibling, 1 reply; 6+ messages in thread
From: Luca Boccassi @ 2020-02-21 16:12 UTC (permalink / raw)
To: Yu, PingX
Cc: Adam Dybkowski, stable, fiona.trahe, Mcnamara, John, Daly, Lee,
Xu, Qian Q, Yigit, Ferruh, O'Hare, Cathal
On Fri, 2020-02-21 at 16:40 +0100, Adam Dybkowski wrote:
> This patch adds range-checking of the device id passed from
> the user app code. It prevents out-of-range array accesses
> which in some situations resulted in an
> application crash (segfault).
>
> Fixes: 72de277dd423 ("cryptodev: fix checks related to device id")
>
> Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Thanks, applied and pushed.
Yu, would you have time to re-test the head of the 17.11 branch to see
if this fixes the issue with QAT?
Thanks!
--
Kind regards,
Luca Boccassi
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking
2020-02-21 15:40 [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking Adam Dybkowski
2020-02-21 16:12 ` Luca Boccassi
@ 2020-02-21 16:16 ` Trahe, Fiona
1 sibling, 0 replies; 6+ messages in thread
From: Trahe, Fiona @ 2020-02-21 16:16 UTC (permalink / raw)
To: Dybkowski, AdamX, stable, bluca
> -----Original Message-----
> From: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> Sent: Friday, February 21, 2020 3:40 PM
> To: stable@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>; bluca@debian.org
> Cc: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> Subject: [PATCH 17.11] cryptodev: fix missing device id range checking
>
> This patch adds range-checking of the device id passed from
> the user app code. It prevents out-of-range array accesses
> which in some situations resulted in an
> application crash (segfault).
>
> Fixes: 72de277dd423 ("cryptodev: fix checks related to device id")
>
> Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking
2020-02-21 16:12 ` Luca Boccassi
@ 2020-02-26 9:52 ` Luca Boccassi
2020-02-27 1:48 ` Yu, PingX
0 siblings, 1 reply; 6+ messages in thread
From: Luca Boccassi @ 2020-02-26 9:52 UTC (permalink / raw)
To: Yu, PingX
Cc: Adam Dybkowski, stable, fiona.trahe, Mcnamara, John, Daly, Lee,
Xu, Qian Q, Yigit, Ferruh, O'Hare, Cathal
On Fri, 2020-02-21 at 16:12 +0000, Luca Boccassi wrote:
> On Fri, 2020-02-21 at 16:40 +0100, Adam Dybkowski wrote:
> > This patch adds range-checking of the device id passed from
> > the user app code. It prevents out-of-range array accesses
> > which in some situations resulted in an
> > application crash (segfault).
> >
> > Fixes: 72de277dd423 ("cryptodev: fix checks related to device id")
> >
> > Signed-off-by: Adam Dybkowski <
> > adamx.dybkowski@intel.com
> > >
>
> Thanks, applied and pushed.
>
> Yu, would you have time to re-test the head of the 17.11 branch to
> see
> if this fixes the issue with QAT?
>
> Thanks!
Hello Yu,
Any update on this? We are just waiting on re-validating the crypto
devices (no need for a full run) for the release.
Thank you!
--
Kind regards,
Luca Boccassi
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking
2020-02-26 9:52 ` Luca Boccassi
@ 2020-02-27 1:48 ` Yu, PingX
2020-02-27 8:48 ` Luca Boccassi
0 siblings, 1 reply; 6+ messages in thread
From: Yu, PingX @ 2020-02-27 1:48 UTC (permalink / raw)
To: Luca Boccassi
Cc: Dybkowski, AdamX, stable, Trahe, Fiona, Mcnamara, John, Daly,
Lee, Xu, Qian Q, Yigit, Ferruh, O'Hare, Cathal
Luca,
The issue is fixed with patch https://mails.dpdk.org/archives/stable/2020-February/020657.html.
You can go ahead now.
Regards,
Yu Ping
> -----Original Message-----
> From: Luca Boccassi [mailto:bluca@debian.org]
> Sent: Wednesday, February 26, 2020 5:53 PM
> To: Yu, PingX <pingx.yu@intel.com>
> Cc: Dybkowski, AdamX <adamx.dybkowski@intel.com>; stable@dpdk.org;
> Trahe, Fiona <fiona.trahe@intel.com>; Mcnamara, John
> <john.mcnamara@intel.com>; Daly, Lee <lee.daly@intel.com>; Xu, Qian Q
> <qian.q.xu@intel.com>; Yigit, Ferruh <ferruh.yigit@intel.com>; O'Hare, Cathal
> <cathal.ohare@intel.com>
> Subject: Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range
> checking
>
> On Fri, 2020-02-21 at 16:12 +0000, Luca Boccassi wrote:
> > On Fri, 2020-02-21 at 16:40 +0100, Adam Dybkowski wrote:
> > > This patch adds range-checking of the device id passed from the user
> > > app code. It prevents out-of-range array accesses which in some
> > > situations resulted in an application crash (segfault).
> > >
> > > Fixes: 72de277dd423 ("cryptodev: fix checks related to device id")
> > >
> > > Signed-off-by: Adam Dybkowski <
> > > adamx.dybkowski@intel.com
> > > >
> >
> > Thanks, applied and pushed.
> >
> > Yu, would you have time to re-test the head of the 17.11 branch to see
> > if this fixes the issue with QAT?
> >
> > Thanks!
>
> Hello Yu,
>
> Any update on this? We are just waiting on re-validating the crypto devices (no
> need for a full run) for the release.
>
> Thank you!
>
> --
> Kind regards,
> Luca Boccassi
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking
2020-02-27 1:48 ` Yu, PingX
@ 2020-02-27 8:48 ` Luca Boccassi
0 siblings, 0 replies; 6+ messages in thread
From: Luca Boccassi @ 2020-02-27 8:48 UTC (permalink / raw)
To: Yu, PingX
Cc: Dybkowski, AdamX, stable, Trahe, Fiona, Mcnamara, John, Daly,
Lee, Xu, Qian Q, Yigit, Ferruh, O'Hare, Cathal
Great, thank you very much for confirming!
On Thu, 2020-02-27 at 01:48 +0000, Yu, PingX wrote:
> Luca,
> The issue is fixed with patch
> https://mails.dpdk.org/archives/stable/2020-February/020657.html
> .
> You can go ahead now.
>
> Regards,
> Yu Ping
>
>
> > -----Original Message-----
> > From: Luca Boccassi [mailto:
> > bluca@debian.org
> > ]
> > Sent: Wednesday, February 26, 2020 5:53 PM
> > To: Yu, PingX <
> > pingx.yu@intel.com
> > >
> > Cc: Dybkowski, AdamX <
> > adamx.dybkowski@intel.com
> > >;
> > stable@dpdk.org
> > ;
> > Trahe, Fiona <
> > fiona.trahe@intel.com
> > >; Mcnamara, John
> > <
> > john.mcnamara@intel.com
> > >; Daly, Lee <
> > lee.daly@intel.com
> > >; Xu, Qian Q
> > <
> > qian.q.xu@intel.com
> > >; Yigit, Ferruh <
> > ferruh.yigit@intel.com
> > >; O'Hare, Cathal
> > <
> > cathal.ohare@intel.com
> > >
> > Subject: Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing
> > device id range
> > checking
> >
> > On Fri, 2020-02-21 at 16:12 +0000, Luca Boccassi wrote:
> > > On Fri, 2020-02-21 at 16:40 +0100, Adam Dybkowski wrote:
> > > > This patch adds range-checking of the device id passed from the
> > > > user
> > > > app code. It prevents out-of-range array accesses which in some
> > > > situations resulted in an application crash (segfault).
> > > >
> > > > Fixes: 72de277dd423 ("cryptodev: fix checks related to device
> > > > id")
> > > >
> > > > Signed-off-by: Adam Dybkowski <
> > > > adamx.dybkowski@intel.com
> > > >
> > >
> > > Thanks, applied and pushed.
> > >
> > > Yu, would you have time to re-test the head of the 17.11 branch
> > > to see
> > > if this fixes the issue with QAT?
> > >
> > > Thanks!
> >
> > Hello Yu,
> >
> > Any update on this? We are just waiting on re-validating the crypto
> > devices (no
> > need for a full run) for the release.
> >
> > Thank you!
> >
> > --
> > Kind regards,
> > Luca Boccassi
--
Kind regards,
Luca Boccassi
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-02-27 8:48 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-21 15:40 [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking Adam Dybkowski
2020-02-21 16:12 ` Luca Boccassi
2020-02-26 9:52 ` Luca Boccassi
2020-02-27 1:48 ` Yu, PingX
2020-02-27 8:48 ` Luca Boccassi
2020-02-21 16:16 ` Trahe, Fiona
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).