[dpdk-stable] [PATCH] lib/eventdev: fix null pointer dereferences coverity issue

[Chaitanya Babu, TalluriX]

Hi Abhinandan,

>-----Original Message-----
>From: Gujjar, Abhinandan S
>Sent: Wednesday, September 25, 2019 11:17 AM
>To: Chaitanya Babu, TalluriX <tallurix.chaitanya.babu at intel.com>;
>dev at dpdk.org
>Cc: Pattan, Reshma <reshma.pattan at intel.com>; Parthasarathy, JananeeX M
><jananeex.m.parthasarathy at intel.com>; stable at dpdk.org
>Subject: RE: [PATCH] lib/eventdev: fix null pointer dereferences coverity issue
>
>Please find the comments inline
>
>> -----Original Message-----
>> From: Chaitanya Babu, TalluriX
>> Sent: Friday, September 20, 2019 12:39 PM
>> To: dev at dpdk.org
>> Cc: Pattan, Reshma <reshma.pattan at intel.com>; Parthasarathy, JananeeX
>> M <jananeex.m.parthasarathy at intel.com>; Gujjar, Abhinandan S
>> <abhinandan.gujjar at intel.com>; Chaitanya Babu, TalluriX
>> <tallurix.chaitanya.babu at intel.com>; stable at dpdk.org
>> Subject: [PATCH] lib/eventdev: fix null pointer dereferences coverity
>> issue
>>
>> One issue caught by Coverity 340075
>> *deref_ptr: Directly dereferencing pointer qp_info.
>>
>> In eca_enq_to_cryptodev() qp_info dereferenced without null check in
>> both session and sessionless crypto ops.
>>
>> The fix is to access qp_info after null check.
>>
>> Coverity issue: 340075
>> Fixes: 7901eac340 ("eventdev: add crypto adapter implementation")
>> Cc: stable at dpdk.org
>>
>> Signed-off-by: Chaitanya Babu Talluri
>> <tallurix.chaitanya.babu at intel.com>
>> ---
>>  lib/librte_eventdev/rte_event_crypto_adapter.c | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/lib/librte_eventdev/rte_event_crypto_adapter.c
>> b/lib/librte_eventdev/rte_event_crypto_adapter.c
>> index 22d910816..4f3f57348 100644
>> --- a/lib/librte_eventdev/rte_event_crypto_adapter.c
>> +++ b/lib/librte_eventdev/rte_event_crypto_adapter.c
>> @@ -356,7 +356,7 @@ eca_enq_to_cryptodev(struct
>> rte_event_crypto_adapter *adapter,
>>  			cdev_id = m_data->request_info.cdev_id;
>>  			qp_id = m_data->request_info.queue_pair_id;
>>  			qp_info = &adapter->cdevs[cdev_id].qpairs[qp_id];
>> -			if (!qp_info->qp_enabled) {
>> +			if ((qp_info == NULL) || (!qp_info->qp_enabled)) {
>qp_info cannot be null as the memory allocation is done in
>rte_event_crypto_adapter_queue_pair_add() -> eca_add_queue_pair().
>Please refer line #736 which is allocating memory for "dev_info->dev->data-
>>nb_queue_pairs"
>
>Without queue_pair_add(), service core cannot be started [Please look at
>eca_init_service()].
>This issue can be marked to ignore in klockworks.
>

Yes, we observed that queue pairs are allocated earlier based on device config.
But NULL check is done here just in case if queue pair id "qp_id" is invalid since this is fed from request info during enqueue.

Please let us know if still this change is not required, we will ignore this patch.

>>  				rte_pktmbuf_free(crypto_op->sym->m_src);
>>  				rte_crypto_op_free(crypto_op);
>>  				continue;
>> @@ -372,7 +372,7 @@ eca_enq_to_cryptodev(struct
>> rte_event_crypto_adapter *adapter,
>>  			cdev_id = m_data->request_info.cdev_id;
>>  			qp_id = m_data->request_info.queue_pair_id;
>>  			qp_info = &adapter->cdevs[cdev_id].qpairs[qp_id];
>> -			if (!qp_info->qp_enabled) {
>> +			if ((qp_info == NULL) || (!qp_info->qp_enabled)) {
>>  				rte_pktmbuf_free(crypto_op->sym->m_src);
>>  				rte_crypto_op_free(crypto_op);
>>  				continue;
>> --
>> 2.17.2