cryptodev: fix missing device id range checking
diff mbox series

Message ID 20200220150415.32091-1-adamx.dybkowski@intel.com
State Accepted
Delegated to: akhil goyal
Headers show
Series
  • cryptodev: fix missing device id range checking
Related show

Checks

Context Check Description
ci/Intel-compilation success Compilation OK
ci/travis-robot success Travis build: passed
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-testing success Testing PASS
ci/checkpatch success coding style OK

Commit Message

Adam Dybkowski Feb. 20, 2020, 3:04 p.m. UTC
This patch adds range-checking of the device id passed from
the user app code. It prevents out-of-range array accesses
which in some situations resulted in an
application crash (segfault).

Fixes: 3dd4435cf473 ("cryptodev: fix checks related to device id")
Cc: stable@dpdk.org

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
 lib/librte_cryptodev/rte_cryptodev.c | 41 +++++++++++++++++++++++++---
 1 file changed, 37 insertions(+), 4 deletions(-)

Comments

Trahe, Fiona Feb. 20, 2020, 3:39 p.m. UTC | #1
> -----Original Message-----
> From: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> Sent: Thursday, February 20, 2020 3:04 PM
> To: dev@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com
> Cc: Dybkowski, AdamX <adamx.dybkowski@intel.com>; stable@dpdk.org
> Subject: [PATCH] cryptodev: fix missing device id range checking
> 
> This patch adds range-checking of the device id passed from
> the user app code. It prevents out-of-range array accesses
> which in some situations resulted in an
> application crash (segfault).
> 
> Fixes: 3dd4435cf473 ("cryptodev: fix checks related to device id")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Akhil Goyal March 13, 2020, 7:19 a.m. UTC | #2
> Fixes: 3dd4435cf473 ("cryptodev: fix checks related to device id")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
> ---
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Akhil Goyal March 25, 2020, 7:11 p.m. UTC | #3
> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Akhil Goyal
> Sent: Friday, March 13, 2020 12:50 PM
> To: Adam Dybkowski <adamx.dybkowski@intel.com>; dev@dpdk.org;
> fiona.trahe@intel.com
> Cc: stable@dpdk.org
> Subject: Re: [dpdk-dev] [PATCH] cryptodev: fix missing device id range checking
> 
> > Fixes: 3dd4435cf473 ("cryptodev: fix checks related to device id")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
> > ---
> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

Applied to dpdk-next-crypto

Thanks.

Patch
diff mbox series

diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index 6d1d0e9d3..65d61a3ef 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -529,7 +529,8 @@  rte_cryptodev_pmd_get_named_dev(const char *name)
 static inline uint8_t
 rte_cryptodev_is_valid_device_data(uint8_t dev_id)
 {
-	if (rte_crypto_devices[dev_id].data == NULL)
+	if (dev_id >= RTE_CRYPTO_MAX_DEVS ||
+			rte_crypto_devices[dev_id].data == NULL)
 		return 0;
 
 	return 1;
@@ -621,8 +622,9 @@  rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices,
 void *
 rte_cryptodev_get_sec_ctx(uint8_t dev_id)
 {
-	if (rte_crypto_devices[dev_id].feature_flags &
-			RTE_CRYPTODEV_FF_SECURITY)
+	if (dev_id < RTE_CRYPTO_MAX_DEVS &&
+			(rte_crypto_devices[dev_id].feature_flags &
+			RTE_CRYPTODEV_FF_SECURITY))
 		return rte_crypto_devices[dev_id].security_ctx;
 
 	return NULL;
@@ -793,6 +795,11 @@  rte_cryptodev_queue_pair_count(uint8_t dev_id)
 {
 	struct rte_cryptodev *dev;
 
+	if (!rte_cryptodev_is_valid_device_data(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return 0;
+	}
+
 	dev = &rte_crypto_devices[dev_id];
 	return dev->data->nb_queue_pairs;
 }
@@ -1258,6 +1265,11 @@  rte_cryptodev_sym_session_init(uint8_t dev_id,
 	uint8_t index;
 	int ret;
 
+	if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return -EINVAL;
+	}
+
 	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
 	if (sess == NULL || xforms == NULL || dev == NULL)
@@ -1297,6 +1309,11 @@  rte_cryptodev_asym_session_init(uint8_t dev_id,
 	uint8_t index;
 	int ret;
 
+	if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return -EINVAL;
+	}
+
 	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
 	if (sess == NULL || xforms == NULL || dev == NULL)
@@ -1432,6 +1449,11 @@  rte_cryptodev_sym_session_clear(uint8_t dev_id,
 	struct rte_cryptodev *dev;
 	uint8_t driver_id;
 
+	if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return -EINVAL;
+	}
+
 	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
 	if (dev == NULL || sess == NULL)
@@ -1456,6 +1478,11 @@  rte_cryptodev_asym_session_clear(uint8_t dev_id,
 {
 	struct rte_cryptodev *dev;
 
+	if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return -EINVAL;
+	}
+
 	dev = rte_cryptodev_pmd_get_dev(dev_id);
 
 	if (dev == NULL || sess == NULL)
@@ -1789,8 +1816,14 @@  rte_cryptodev_driver_id_get(const char *name)
 const char *
 rte_cryptodev_name_get(uint8_t dev_id)
 {
-	struct rte_cryptodev *dev = rte_cryptodev_pmd_get_dev(dev_id);
+	struct rte_cryptodev *dev;
 
+	if (!rte_cryptodev_is_valid_device_data(dev_id)) {
+		CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+		return NULL;
+	}
+
+	dev = rte_cryptodev_pmd_get_dev(dev_id);
 	if (dev == NULL)
 		return NULL;