[dpdk-stable] patch 'cryptodev: fix missing device id range checking' has been queued to stable release 19.11.3
luca.boccassi at gmail.com
luca.boccassi at gmail.com
Tue May 19 14:54:10 CEST 2020
Hi,
FYI, your patch has been queued to stable release 19.11.3
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 05/21/20. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Thanks.
Luca Boccassi
---
>From 196993b70538dcc21fc21e04142982c1961d639c Mon Sep 17 00:00:00 2001
From: Adam Dybkowski <adamx.dybkowski at intel.com>
Date: Thu, 20 Feb 2020 16:04:15 +0100
Subject: [PATCH] cryptodev: fix missing device id range checking
[ upstream commit 285b5d1b1fd3c5240c691e3ba33eeb7c1e2c67c3 ]
This patch adds range-checking of the device id passed from
the user app code. It prevents out-of-range array accesses
which in some situations resulted in an
application crash (segfault).
Fixes: 3dd4435cf473 ("cryptodev: fix checks related to device id")
Signed-off-by: Adam Dybkowski <adamx.dybkowski at intel.com>
Acked-by: Fiona Trahe <fiona.trahe at intel.com>
Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
---
lib/librte_cryptodev/rte_cryptodev.c | 41 +++++++++++++++++++++++++---
1 file changed, 37 insertions(+), 4 deletions(-)
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index 89aa2ed3e2..f1ab622268 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -525,7 +525,8 @@ rte_cryptodev_pmd_get_named_dev(const char *name)
static inline uint8_t
rte_cryptodev_is_valid_device_data(uint8_t dev_id)
{
- if (rte_crypto_devices[dev_id].data == NULL)
+ if (dev_id >= RTE_CRYPTO_MAX_DEVS ||
+ rte_crypto_devices[dev_id].data == NULL)
return 0;
return 1;
@@ -617,8 +618,9 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices,
void *
rte_cryptodev_get_sec_ctx(uint8_t dev_id)
{
- if (rte_crypto_devices[dev_id].feature_flags &
- RTE_CRYPTODEV_FF_SECURITY)
+ if (dev_id < RTE_CRYPTO_MAX_DEVS &&
+ (rte_crypto_devices[dev_id].feature_flags &
+ RTE_CRYPTODEV_FF_SECURITY))
return rte_crypto_devices[dev_id].security_ctx;
return NULL;
@@ -789,6 +791,11 @@ rte_cryptodev_queue_pair_count(uint8_t dev_id)
{
struct rte_cryptodev *dev;
+ if (!rte_cryptodev_is_valid_device_data(dev_id)) {
+ CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+ return 0;
+ }
+
dev = &rte_crypto_devices[dev_id];
return dev->data->nb_queue_pairs;
}
@@ -1254,6 +1261,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
uint8_t index;
int ret;
+ if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+ CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+ return -EINVAL;
+ }
+
dev = rte_cryptodev_pmd_get_dev(dev_id);
if (sess == NULL || xforms == NULL || dev == NULL)
@@ -1293,6 +1305,11 @@ rte_cryptodev_asym_session_init(uint8_t dev_id,
uint8_t index;
int ret;
+ if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+ CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+ return -EINVAL;
+ }
+
dev = rte_cryptodev_pmd_get_dev(dev_id);
if (sess == NULL || xforms == NULL || dev == NULL)
@@ -1428,6 +1445,11 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
struct rte_cryptodev *dev;
uint8_t driver_id;
+ if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+ CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+ return -EINVAL;
+ }
+
dev = rte_cryptodev_pmd_get_dev(dev_id);
if (dev == NULL || sess == NULL)
@@ -1452,6 +1474,11 @@ rte_cryptodev_asym_session_clear(uint8_t dev_id,
{
struct rte_cryptodev *dev;
+ if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+ CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+ return -EINVAL;
+ }
+
dev = rte_cryptodev_pmd_get_dev(dev_id);
if (dev == NULL || sess == NULL)
@@ -1754,8 +1781,14 @@ rte_cryptodev_driver_id_get(const char *name)
const char *
rte_cryptodev_name_get(uint8_t dev_id)
{
- struct rte_cryptodev *dev = rte_cryptodev_pmd_get_dev(dev_id);
+ struct rte_cryptodev *dev;
+ if (!rte_cryptodev_is_valid_device_data(dev_id)) {
+ CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+ return NULL;
+ }
+
+ dev = rte_cryptodev_pmd_get_dev(dev_id);
if (dev == NULL)
return NULL;
--
2.20.1
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2020-05-19 13:56:21.275472484 +0100
+++ 0060-cryptodev-fix-missing-device-id-range-checking.patch 2020-05-19 13:56:18.287503043 +0100
@@ -1,15 +1,16 @@
-From 285b5d1b1fd3c5240c691e3ba33eeb7c1e2c67c3 Mon Sep 17 00:00:00 2001
+From 196993b70538dcc21fc21e04142982c1961d639c Mon Sep 17 00:00:00 2001
From: Adam Dybkowski <adamx.dybkowski at intel.com>
Date: Thu, 20 Feb 2020 16:04:15 +0100
Subject: [PATCH] cryptodev: fix missing device id range checking
+[ upstream commit 285b5d1b1fd3c5240c691e3ba33eeb7c1e2c67c3 ]
+
This patch adds range-checking of the device id passed from
the user app code. It prevents out-of-range array accesses
which in some situations resulted in an
application crash (segfault).
Fixes: 3dd4435cf473 ("cryptodev: fix checks related to device id")
-Cc: stable at dpdk.org
Signed-off-by: Adam Dybkowski <adamx.dybkowski at intel.com>
Acked-by: Fiona Trahe <fiona.trahe at intel.com>
@@ -19,10 +20,10 @@
1 file changed, 37 insertions(+), 4 deletions(-)
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
-index 6d1d0e9d36..65d61a3ef5 100644
+index 89aa2ed3e2..f1ab622268 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
-@@ -529,7 +529,8 @@ rte_cryptodev_pmd_get_named_dev(const char *name)
+@@ -525,7 +525,8 @@ rte_cryptodev_pmd_get_named_dev(const char *name)
static inline uint8_t
rte_cryptodev_is_valid_device_data(uint8_t dev_id)
{
@@ -32,7 +33,7 @@
return 0;
return 1;
-@@ -621,8 +622,9 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices,
+@@ -617,8 +618,9 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices,
void *
rte_cryptodev_get_sec_ctx(uint8_t dev_id)
{
@@ -44,7 +45,7 @@
return rte_crypto_devices[dev_id].security_ctx;
return NULL;
-@@ -793,6 +795,11 @@ rte_cryptodev_queue_pair_count(uint8_t dev_id)
+@@ -789,6 +791,11 @@ rte_cryptodev_queue_pair_count(uint8_t dev_id)
{
struct rte_cryptodev *dev;
@@ -56,7 +57,7 @@
dev = &rte_crypto_devices[dev_id];
return dev->data->nb_queue_pairs;
}
-@@ -1258,6 +1265,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
+@@ -1254,6 +1261,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
uint8_t index;
int ret;
@@ -68,7 +69,7 @@
dev = rte_cryptodev_pmd_get_dev(dev_id);
if (sess == NULL || xforms == NULL || dev == NULL)
-@@ -1297,6 +1309,11 @@ rte_cryptodev_asym_session_init(uint8_t dev_id,
+@@ -1293,6 +1305,11 @@ rte_cryptodev_asym_session_init(uint8_t dev_id,
uint8_t index;
int ret;
@@ -80,7 +81,7 @@
dev = rte_cryptodev_pmd_get_dev(dev_id);
if (sess == NULL || xforms == NULL || dev == NULL)
-@@ -1432,6 +1449,11 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
+@@ -1428,6 +1445,11 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
struct rte_cryptodev *dev;
uint8_t driver_id;
@@ -92,7 +93,7 @@
dev = rte_cryptodev_pmd_get_dev(dev_id);
if (dev == NULL || sess == NULL)
-@@ -1456,6 +1478,11 @@ rte_cryptodev_asym_session_clear(uint8_t dev_id,
+@@ -1452,6 +1474,11 @@ rte_cryptodev_asym_session_clear(uint8_t dev_id,
{
struct rte_cryptodev *dev;
@@ -104,7 +105,7 @@
dev = rte_cryptodev_pmd_get_dev(dev_id);
if (dev == NULL || sess == NULL)
-@@ -1789,8 +1816,14 @@ rte_cryptodev_driver_id_get(const char *name)
+@@ -1754,8 +1781,14 @@ rte_cryptodev_driver_id_get(const char *name)
const char *
rte_cryptodev_name_get(uint8_t dev_id)
{
More information about the stable
mailing list