From: Kevin Traynor <ktraynor@redhat.com>
To: Adam Dybkowski <adamx.dybkowski@intel.com>,
stable@dpdk.org, fiona.trahe@intel.com, bluca@debian.org
Subject: Re: [dpdk-stable] [PATCH 18.11] cryptodev: fix missing device id range checking
Date: Mon, 24 Feb 2020 15:58:37 +0000 [thread overview]
Message-ID: <b940d448-29f4-dd20-4441-0f68608cfe86@redhat.com> (raw)
In-Reply-To: <20200224130849.3125-1-adamx.dybkowski@intel.com>
On 24/02/2020 13:08, Adam Dybkowski wrote:
> This patch adds range-checking of the device id passed from
> the user app code. It prevents out-of-range array accesses
> which in some situations resulted in an
> application crash (segfault).
>
> Fixes: 8db57afd7ab9 ("cryptodev: fix checks related to device id")
>
> Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Thanks for the backport Adam. Will take when the equivalent patch is in
dpdk master and I will add the reference to master commit.
> ---
> lib/librte_cryptodev/rte_cryptodev.c | 41 +++++++++++++++++++++++++---
> 1 file changed, 37 insertions(+), 4 deletions(-)
>
> diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
> index f7566fc30..180260a3b 100644
> --- a/lib/librte_cryptodev/rte_cryptodev.c
> +++ b/lib/librte_cryptodev/rte_cryptodev.c
> @@ -509,7 +509,8 @@ rte_cryptodev_pmd_get_named_dev(const char *name)
> static inline uint8_t
> rte_cryptodev_is_valid_device_data(uint8_t dev_id)
> {
> - if (rte_crypto_devices[dev_id].data == NULL)
> + if (dev_id >= RTE_CRYPTO_MAX_DEVS ||
> + rte_crypto_devices[dev_id].data == NULL)
> return 0;
>
> return 1;
> @@ -601,8 +602,9 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices,
> void *
> rte_cryptodev_get_sec_ctx(uint8_t dev_id)
> {
> - if (rte_crypto_devices[dev_id].feature_flags &
> - RTE_CRYPTODEV_FF_SECURITY)
> + if (dev_id < RTE_CRYPTO_MAX_DEVS &&
> + (rte_crypto_devices[dev_id].feature_flags &
> + RTE_CRYPTODEV_FF_SECURITY))
> return rte_crypto_devices[dev_id].security_ctx;
>
> return NULL;
> @@ -741,6 +743,11 @@ rte_cryptodev_queue_pair_count(uint8_t dev_id)
> {
> struct rte_cryptodev *dev;
>
> + if (!rte_cryptodev_is_valid_device_data(dev_id)) {
> + CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
> + return 0;
> + }
> +
> dev = &rte_crypto_devices[dev_id];
> return dev->data->nb_queue_pairs;
> }
> @@ -1169,6 +1176,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
> uint8_t index;
> int ret;
>
> + if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
> + CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
> + return -EINVAL;
> + }
> +
> dev = rte_cryptodev_pmd_get_dev(dev_id);
>
> if (sess == NULL || xforms == NULL || dev == NULL)
> @@ -1202,6 +1214,11 @@ rte_cryptodev_asym_session_init(uint8_t dev_id,
> uint8_t index;
> int ret;
>
> + if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
> + CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
> + return -EINVAL;
> + }
> +
> dev = rte_cryptodev_pmd_get_dev(dev_id);
>
> if (sess == NULL || xforms == NULL || dev == NULL)
> @@ -1271,6 +1288,11 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
> {
> struct rte_cryptodev *dev;
>
> + if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
> + CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
> + return -EINVAL;
> + }
> +
> dev = rte_cryptodev_pmd_get_dev(dev_id);
>
> if (dev == NULL || sess == NULL)
> @@ -1289,6 +1311,11 @@ rte_cryptodev_asym_session_clear(uint8_t dev_id,
> {
> struct rte_cryptodev *dev;
>
> + if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
> + CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
> + return -EINVAL;
> + }
> +
> dev = rte_cryptodev_pmd_get_dev(dev_id);
>
> if (dev == NULL || sess == NULL)
> @@ -1594,8 +1621,14 @@ rte_cryptodev_driver_id_get(const char *name)
> const char *
> rte_cryptodev_name_get(uint8_t dev_id)
> {
> - struct rte_cryptodev *dev = rte_cryptodev_pmd_get_dev(dev_id);
> + struct rte_cryptodev *dev;
>
> + if (!rte_cryptodev_is_valid_device_data(dev_id)) {
> + CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
> + return NULL;
> + }
> +
> + dev = rte_cryptodev_pmd_get_dev(dev_id);
> if (dev == NULL)
> return NULL;
>
>
prev parent reply other threads:[~2020-02-24 15:58 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-24 13:08 Adam Dybkowski
2020-02-24 13:55 ` Trahe, Fiona
2020-02-24 15:58 ` Kevin Traynor [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b940d448-29f4-dd20-4441-0f68608cfe86@redhat.com \
--to=ktraynor@redhat.com \
--cc=adamx.dybkowski@intel.com \
--cc=bluca@debian.org \
--cc=fiona.trahe@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).