* [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking @ 2020-02-21 15:40 Adam Dybkowski 2020-02-21 16:12 ` Luca Boccassi 2020-02-21 16:16 ` Trahe, Fiona 0 siblings, 2 replies; 6+ messages in thread From: Adam Dybkowski @ 2020-02-21 15:40 UTC (permalink / raw) To: stable, fiona.trahe, bluca; +Cc: Adam Dybkowski This patch adds range-checking of the device id passed from the user app code. It prevents out-of-range array accesses which in some situations resulted in an application crash (segfault). Fixes: 72de277dd423 ("cryptodev: fix checks related to device id") Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com> --- lib/librte_cryptodev/rte_cryptodev.c | 31 ++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c index cdce7824c..150ef9a4a 100644 --- a/lib/librte_cryptodev/rte_cryptodev.c +++ b/lib/librte_cryptodev/rte_cryptodev.c @@ -428,7 +428,8 @@ rte_cryptodev_pmd_get_named_dev(const char *name) static inline uint8_t rte_cryptodev_is_valid_device_data(uint8_t dev_id) { - if (rte_crypto_devices[dev_id].data == NULL) + if (dev_id >= RTE_CRYPTO_MAX_DEVS || + rte_crypto_devices[dev_id].data == NULL) return 0; return 1; @@ -520,8 +521,9 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices, void * rte_cryptodev_get_sec_ctx(uint8_t dev_id) { - if (rte_crypto_devices[dev_id].feature_flags & - RTE_CRYPTODEV_FF_SECURITY) + if (dev_id < RTE_CRYPTO_MAX_DEVS && + (rte_crypto_devices[dev_id].feature_flags & + RTE_CRYPTODEV_FF_SECURITY)) return rte_crypto_devices[dev_id].security_ctx; return NULL; @@ -660,6 +662,11 @@ rte_cryptodev_queue_pair_count(uint8_t dev_id) { struct rte_cryptodev *dev; + if (!rte_cryptodev_is_valid_device_data(dev_id)) { + CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id); + return 0; + } + dev = &rte_crypto_devices[dev_id]; return dev->data->nb_queue_pairs; } @@ -1131,6 +1138,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id, uint8_t index; int ret; + if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) { + CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id); + return -EINVAL; + } + dev = rte_cryptodev_pmd_get_dev(dev_id); if (sess == NULL || xforms == NULL || dev == NULL) @@ -1228,6 +1240,11 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id, { struct rte_cryptodev *dev; + if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) { + CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id); + return -EINVAL; + } + dev = rte_cryptodev_pmd_get_dev(dev_id); if (dev == NULL || sess == NULL) @@ -1428,8 +1445,14 @@ rte_cryptodev_driver_id_get(const char *name) const char * rte_cryptodev_name_get(uint8_t dev_id) { - struct rte_cryptodev *dev = rte_cryptodev_pmd_get_dev(dev_id); + struct rte_cryptodev *dev; + if (!rte_cryptodev_is_valid_device_data(dev_id)) { + CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id); + return NULL; + } + + dev = rte_cryptodev_pmd_get_dev(dev_id); if (dev == NULL) return NULL; -- 2.17.1 ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking 2020-02-21 15:40 [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking Adam Dybkowski @ 2020-02-21 16:12 ` Luca Boccassi 2020-02-26 9:52 ` Luca Boccassi 2020-02-21 16:16 ` Trahe, Fiona 1 sibling, 1 reply; 6+ messages in thread From: Luca Boccassi @ 2020-02-21 16:12 UTC (permalink / raw) To: Yu, PingX Cc: Adam Dybkowski, stable, fiona.trahe, Mcnamara, John, Daly, Lee, Xu, Qian Q, Yigit, Ferruh, O'Hare, Cathal On Fri, 2020-02-21 at 16:40 +0100, Adam Dybkowski wrote: > This patch adds range-checking of the device id passed from > the user app code. It prevents out-of-range array accesses > which in some situations resulted in an > application crash (segfault). > > Fixes: 72de277dd423 ("cryptodev: fix checks related to device id") > > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com> Thanks, applied and pushed. Yu, would you have time to re-test the head of the 17.11 branch to see if this fixes the issue with QAT? Thanks! -- Kind regards, Luca Boccassi ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking 2020-02-21 16:12 ` Luca Boccassi @ 2020-02-26 9:52 ` Luca Boccassi 2020-02-27 1:48 ` Yu, PingX 0 siblings, 1 reply; 6+ messages in thread From: Luca Boccassi @ 2020-02-26 9:52 UTC (permalink / raw) To: Yu, PingX Cc: Adam Dybkowski, stable, fiona.trahe, Mcnamara, John, Daly, Lee, Xu, Qian Q, Yigit, Ferruh, O'Hare, Cathal On Fri, 2020-02-21 at 16:12 +0000, Luca Boccassi wrote: > On Fri, 2020-02-21 at 16:40 +0100, Adam Dybkowski wrote: > > This patch adds range-checking of the device id passed from > > the user app code. It prevents out-of-range array accesses > > which in some situations resulted in an > > application crash (segfault). > > > > Fixes: 72de277dd423 ("cryptodev: fix checks related to device id") > > > > Signed-off-by: Adam Dybkowski < > > adamx.dybkowski@intel.com > > > > > Thanks, applied and pushed. > > Yu, would you have time to re-test the head of the 17.11 branch to > see > if this fixes the issue with QAT? > > Thanks! Hello Yu, Any update on this? We are just waiting on re-validating the crypto devices (no need for a full run) for the release. Thank you! -- Kind regards, Luca Boccassi ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking 2020-02-26 9:52 ` Luca Boccassi @ 2020-02-27 1:48 ` Yu, PingX 2020-02-27 8:48 ` Luca Boccassi 0 siblings, 1 reply; 6+ messages in thread From: Yu, PingX @ 2020-02-27 1:48 UTC (permalink / raw) To: Luca Boccassi Cc: Dybkowski, AdamX, stable, Trahe, Fiona, Mcnamara, John, Daly, Lee, Xu, Qian Q, Yigit, Ferruh, O'Hare, Cathal Luca, The issue is fixed with patch https://mails.dpdk.org/archives/stable/2020-February/020657.html. You can go ahead now. Regards, Yu Ping > -----Original Message----- > From: Luca Boccassi [mailto:bluca@debian.org] > Sent: Wednesday, February 26, 2020 5:53 PM > To: Yu, PingX <pingx.yu@intel.com> > Cc: Dybkowski, AdamX <adamx.dybkowski@intel.com>; stable@dpdk.org; > Trahe, Fiona <fiona.trahe@intel.com>; Mcnamara, John > <john.mcnamara@intel.com>; Daly, Lee <lee.daly@intel.com>; Xu, Qian Q > <qian.q.xu@intel.com>; Yigit, Ferruh <ferruh.yigit@intel.com>; O'Hare, Cathal > <cathal.ohare@intel.com> > Subject: Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range > checking > > On Fri, 2020-02-21 at 16:12 +0000, Luca Boccassi wrote: > > On Fri, 2020-02-21 at 16:40 +0100, Adam Dybkowski wrote: > > > This patch adds range-checking of the device id passed from the user > > > app code. It prevents out-of-range array accesses which in some > > > situations resulted in an application crash (segfault). > > > > > > Fixes: 72de277dd423 ("cryptodev: fix checks related to device id") > > > > > > Signed-off-by: Adam Dybkowski < > > > adamx.dybkowski@intel.com > > > > > > > > Thanks, applied and pushed. > > > > Yu, would you have time to re-test the head of the 17.11 branch to see > > if this fixes the issue with QAT? > > > > Thanks! > > Hello Yu, > > Any update on this? We are just waiting on re-validating the crypto devices (no > need for a full run) for the release. > > Thank you! > > -- > Kind regards, > Luca Boccassi ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking 2020-02-27 1:48 ` Yu, PingX @ 2020-02-27 8:48 ` Luca Boccassi 0 siblings, 0 replies; 6+ messages in thread From: Luca Boccassi @ 2020-02-27 8:48 UTC (permalink / raw) To: Yu, PingX Cc: Dybkowski, AdamX, stable, Trahe, Fiona, Mcnamara, John, Daly, Lee, Xu, Qian Q, Yigit, Ferruh, O'Hare, Cathal Great, thank you very much for confirming! On Thu, 2020-02-27 at 01:48 +0000, Yu, PingX wrote: > Luca, > The issue is fixed with patch > https://mails.dpdk.org/archives/stable/2020-February/020657.html > . > You can go ahead now. > > Regards, > Yu Ping > > > > -----Original Message----- > > From: Luca Boccassi [mailto: > > bluca@debian.org > > ] > > Sent: Wednesday, February 26, 2020 5:53 PM > > To: Yu, PingX < > > pingx.yu@intel.com > > > > > Cc: Dybkowski, AdamX < > > adamx.dybkowski@intel.com > > >; > > stable@dpdk.org > > ; > > Trahe, Fiona < > > fiona.trahe@intel.com > > >; Mcnamara, John > > < > > john.mcnamara@intel.com > > >; Daly, Lee < > > lee.daly@intel.com > > >; Xu, Qian Q > > < > > qian.q.xu@intel.com > > >; Yigit, Ferruh < > > ferruh.yigit@intel.com > > >; O'Hare, Cathal > > < > > cathal.ohare@intel.com > > > > > Subject: Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing > > device id range > > checking > > > > On Fri, 2020-02-21 at 16:12 +0000, Luca Boccassi wrote: > > > On Fri, 2020-02-21 at 16:40 +0100, Adam Dybkowski wrote: > > > > This patch adds range-checking of the device id passed from the > > > > user > > > > app code. It prevents out-of-range array accesses which in some > > > > situations resulted in an application crash (segfault). > > > > > > > > Fixes: 72de277dd423 ("cryptodev: fix checks related to device > > > > id") > > > > > > > > Signed-off-by: Adam Dybkowski < > > > > adamx.dybkowski@intel.com > > > > > > > > > > Thanks, applied and pushed. > > > > > > Yu, would you have time to re-test the head of the 17.11 branch > > > to see > > > if this fixes the issue with QAT? > > > > > > Thanks! > > > > Hello Yu, > > > > Any update on this? We are just waiting on re-validating the crypto > > devices (no > > need for a full run) for the release. > > > > Thank you! > > > > -- > > Kind regards, > > Luca Boccassi -- Kind regards, Luca Boccassi ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking 2020-02-21 15:40 [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking Adam Dybkowski 2020-02-21 16:12 ` Luca Boccassi @ 2020-02-21 16:16 ` Trahe, Fiona 1 sibling, 0 replies; 6+ messages in thread From: Trahe, Fiona @ 2020-02-21 16:16 UTC (permalink / raw) To: Dybkowski, AdamX, stable, bluca > -----Original Message----- > From: Dybkowski, AdamX <adamx.dybkowski@intel.com> > Sent: Friday, February 21, 2020 3:40 PM > To: stable@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>; bluca@debian.org > Cc: Dybkowski, AdamX <adamx.dybkowski@intel.com> > Subject: [PATCH 17.11] cryptodev: fix missing device id range checking > > This patch adds range-checking of the device id passed from > the user app code. It prevents out-of-range array accesses > which in some situations resulted in an > application crash (segfault). > > Fixes: 72de277dd423 ("cryptodev: fix checks related to device id") > > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com> Acked-by: Fiona Trahe <fiona.trahe@intel.com> ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-02-27 8:48 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-02-21 15:40 [dpdk-stable] [PATCH 17.11] cryptodev: fix missing device id range checking Adam Dybkowski 2020-02-21 16:12 ` Luca Boccassi 2020-02-26 9:52 ` Luca Boccassi 2020-02-27 1:48 ` Yu, PingX 2020-02-27 8:48 ` Luca Boccassi 2020-02-21 16:16 ` Trahe, Fiona
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).