[dpdk-stable] [PATCH 18.11] cryptodev: fix missing device id range checking

patches for DPDK stable branches
 help / color / mirror / Atom feed

* [dpdk-stable] [PATCH 18.11] cryptodev: fix missing device id range checking
@ 2020-02-24 13:08 Adam Dybkowski
  2020-02-24 13:55 ` Trahe, Fiona
  2020-02-24 15:58 ` Kevin Traynor
  0 siblings, 2 replies; 3+ messages in thread
From: Adam Dybkowski @ 2020-02-24 13:08 UTC (permalink / raw)
  To: stable, fiona.trahe, bluca; +Cc: Adam Dybkowski

This patch adds range-checking of the device id passed from
the user app code. It prevents out-of-range array accesses
which in some situations resulted in an
application crash (segfault).

Fixes: 8db57afd7ab9 ("cryptodev: fix checks related to device id")

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
 lib/librte_cryptodev/rte_cryptodev.c | 41 +++++++++++++++++++++++++---
 1 file changed, 37 insertions(+), 4 deletions(-)

diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index f7566fc30..180260a3b 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -509,7 +509,8 @@ rte_cryptodev_pmd_get_named_dev(const char *name)
 static inline uint8_t
 rte_cryptodev_is_valid_device_data(uint8_t dev_id)
 {
-	if (rte_crypto_devices[dev_id].data == NULL)
+	if (dev_id >= RTE_CRYPTO_MAX_DEVS ||
+			rte_crypto_devices[dev_id].data == NULL)
 		return 0;
 
 	return 1;
@@ -601,8 +602,9 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices,
 void *
 rte_cryptodev_get_sec_ctx(uint8_t dev_id)
 {
-	if (rte_crypto_devices[dev_id].feature_flags &
-			RTE_CRYPTODEV_FF_SECURITY)
+	if (dev_id < RTE_CRYPTO_MAX_DEVS &&
+			(rte_crypto_devices[dev_id].feature_flags &
+			RTE_CRYPTODEV_FF_SECURITY))
 		return rte_crypto_devices[dev_id].security_ctx;
 
 	return NULL;
@@ -741,6 +743,11 @@ rte_cryptodev_queue_pair_count(uint8_t dev_id)
 {
 	struct rte_cryptodev *dev;
 
+	if (!rte_cryptodev_is_valid_device_data(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return 0;
+	}
+
 	dev = &rte_crypto_devices[dev_id];
 	return dev->data->nb_queue_pairs;
 }
@@ -1169,6 +1176,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
 	uint8_t index;
 	int ret;
 
+	if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return -EINVAL;
+	}
+
 	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
 	if (sess == NULL || xforms == NULL || dev == NULL)
@@ -1202,6 +1214,11 @@ rte_cryptodev_asym_session_init(uint8_t dev_id,
 	uint8_t index;
 	int ret;
 
+	if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return -EINVAL;
+	}
+
 	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
 	if (sess == NULL || xforms == NULL || dev == NULL)
@@ -1271,6 +1288,11 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
 {
 	struct rte_cryptodev *dev;
 
+	if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return -EINVAL;
+	}
+
 	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
 	if (dev == NULL || sess == NULL)
@@ -1289,6 +1311,11 @@ rte_cryptodev_asym_session_clear(uint8_t dev_id,
 {
 	struct rte_cryptodev *dev;
 
+	if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return -EINVAL;
+	}
+
 	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
 	if (dev == NULL || sess == NULL)
@@ -1594,8 +1621,14 @@ rte_cryptodev_driver_id_get(const char *name)
 const char *
 rte_cryptodev_name_get(uint8_t dev_id)
 {
-	struct rte_cryptodev *dev = rte_cryptodev_pmd_get_dev(dev_id);
+	struct rte_cryptodev *dev;
 
+	if (!rte_cryptodev_is_valid_device_data(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return NULL;
+	}
+
+	dev = rte_cryptodev_pmd_get_dev(dev_id);
 	if (dev == NULL)
 		return NULL;
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [dpdk-stable] [PATCH 18.11] cryptodev: fix missing device id range checking
  2020-02-24 13:08 [dpdk-stable] [PATCH 18.11] cryptodev: fix missing device id range checking Adam Dybkowski
@ 2020-02-24 13:55 ` Trahe, Fiona
  2020-02-24 15:58 ` Kevin Traynor
  1 sibling, 0 replies; 3+ messages in thread
From: Trahe, Fiona @ 2020-02-24 13:55 UTC (permalink / raw)
  To: Dybkowski, AdamX, stable, bluca



> -----Original Message-----
> From: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> Sent: Monday, February 24, 2020 1:09 PM
> To: stable@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>; bluca@debian.org
> Cc: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> Subject: [PATCH 18.11] cryptodev: fix missing device id range checking
> 
> This patch adds range-checking of the device id passed from
> the user app code. It prevents out-of-range array accesses
> which in some situations resulted in an
> application crash (segfault).
> 
> Fixes: 8db57afd7ab9 ("cryptodev: fix checks related to device id")
> 
> Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [dpdk-stable] [PATCH 18.11] cryptodev: fix missing device id range checking
  2020-02-24 13:08 [dpdk-stable] [PATCH 18.11] cryptodev: fix missing device id range checking Adam Dybkowski
  2020-02-24 13:55 ` Trahe, Fiona
@ 2020-02-24 15:58 ` Kevin Traynor
  1 sibling, 0 replies; 3+ messages in thread
From: Kevin Traynor @ 2020-02-24 15:58 UTC (permalink / raw)
  To: Adam Dybkowski, stable, fiona.trahe, bluca

On 24/02/2020 13:08, Adam Dybkowski wrote:
> This patch adds range-checking of the device id passed from
> the user app code. It prevents out-of-range array accesses
> which in some situations resulted in an
> application crash (segfault).
> 
> Fixes: 8db57afd7ab9 ("cryptodev: fix checks related to device id")
> 
> Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>

Thanks for the backport Adam. Will take when the equivalent patch is in
dpdk master and I will add the reference to master commit.

> ---
>  lib/librte_cryptodev/rte_cryptodev.c | 41 +++++++++++++++++++++++++---
>  1 file changed, 37 insertions(+), 4 deletions(-)
> 
> diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
> index f7566fc30..180260a3b 100644
> --- a/lib/librte_cryptodev/rte_cryptodev.c
> +++ b/lib/librte_cryptodev/rte_cryptodev.c
> @@ -509,7 +509,8 @@ rte_cryptodev_pmd_get_named_dev(const char *name)
>  static inline uint8_t
>  rte_cryptodev_is_valid_device_data(uint8_t dev_id)
>  {
> -	if (rte_crypto_devices[dev_id].data == NULL)
> +	if (dev_id >= RTE_CRYPTO_MAX_DEVS ||
> +			rte_crypto_devices[dev_id].data == NULL)
>  		return 0;
>  
>  	return 1;
> @@ -601,8 +602,9 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices,
>  void *
>  rte_cryptodev_get_sec_ctx(uint8_t dev_id)
>  {
> -	if (rte_crypto_devices[dev_id].feature_flags &
> -			RTE_CRYPTODEV_FF_SECURITY)
> +	if (dev_id < RTE_CRYPTO_MAX_DEVS &&
> +			(rte_crypto_devices[dev_id].feature_flags &
> +			RTE_CRYPTODEV_FF_SECURITY))
>  		return rte_crypto_devices[dev_id].security_ctx;
>  
>  	return NULL;
> @@ -741,6 +743,11 @@ rte_cryptodev_queue_pair_count(uint8_t dev_id)
>  {
>  	struct rte_cryptodev *dev;
>  
> +	if (!rte_cryptodev_is_valid_device_data(dev_id)) {
> +		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
> +		return 0;
> +	}
> +
>  	dev = &rte_crypto_devices[dev_id];
>  	return dev->data->nb_queue_pairs;
>  }
> @@ -1169,6 +1176,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
>  	uint8_t index;
>  	int ret;
>  
> +	if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
> +		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
> +		return -EINVAL;
> +	}
> +
>  	dev = rte_cryptodev_pmd_get_dev(dev_id);
>  
>  	if (sess == NULL || xforms == NULL || dev == NULL)
> @@ -1202,6 +1214,11 @@ rte_cryptodev_asym_session_init(uint8_t dev_id,
>  	uint8_t index;
>  	int ret;
>  
> +	if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
> +		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
> +		return -EINVAL;
> +	}
> +
>  	dev = rte_cryptodev_pmd_get_dev(dev_id);
>  
>  	if (sess == NULL || xforms == NULL || dev == NULL)
> @@ -1271,6 +1288,11 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
>  {
>  	struct rte_cryptodev *dev;
>  
> +	if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
> +		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
> +		return -EINVAL;
> +	}
> +
>  	dev = rte_cryptodev_pmd_get_dev(dev_id);
>  
>  	if (dev == NULL || sess == NULL)
> @@ -1289,6 +1311,11 @@ rte_cryptodev_asym_session_clear(uint8_t dev_id,
>  {
>  	struct rte_cryptodev *dev;
>  
> +	if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
> +		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
> +		return -EINVAL;
> +	}
> +
>  	dev = rte_cryptodev_pmd_get_dev(dev_id);
>  
>  	if (dev == NULL || sess == NULL)
> @@ -1594,8 +1621,14 @@ rte_cryptodev_driver_id_get(const char *name)
>  const char *
>  rte_cryptodev_name_get(uint8_t dev_id)
>  {
> -	struct rte_cryptodev *dev = rte_cryptodev_pmd_get_dev(dev_id);
> +	struct rte_cryptodev *dev;
>  
> +	if (!rte_cryptodev_is_valid_device_data(dev_id)) {
> +		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
> +		return NULL;
> +	}
> +
> +	dev = rte_cryptodev_pmd_get_dev(dev_id);
>  	if (dev == NULL)
>  		return NULL;
>  
> 


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2020-02-24 15:58 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-24 13:08 [dpdk-stable] [PATCH 18.11] cryptodev: fix missing device id range checking Adam Dybkowski
2020-02-24 13:55 ` Trahe, Fiona
2020-02-24 15:58 ` Kevin Traynor

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).