[v1,2/2] crypto/aesni_mb: improve DOCSIS session creation
diff mbox series

Message ID 20200716153218.65491-3-david.coyle@intel.com
State Accepted
Delegated to: akhil goyal
Headers show
Series
  • improve DOCSIS session creation
Related show

Checks

Context Check Description
ci/travis-robot success Travis build: passed
ci/Intel-compilation success Compilation OK
ci/checkpatch success coding style OK

Commit Message

David Coyle July 16, 2020, 3:32 p.m. UTC
This patch improves the DOCSIS session creation as follows:
- it validates the security action type as well as the protocol before
  creating a session and now does this validation before allocating the
  session from the mempool

Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")

Signed-off-by: David Coyle <david.coyle@intel.com>
---
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

Comments

De Lara Guarch, Pablo July 17, 2020, 7:09 p.m. UTC | #1
Hi David,

> -----Original Message-----
> From: Coyle, David <david.coyle@intel.com>
> Sent: Thursday, July 16, 2020 4:32 PM
> To: akhil.goyal@nxp.com; Doherty, Declan <declan.doherty@intel.com>; De
> Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>
> Cc: dev@dpdk.org; Ryan, Brendan <brendan.ryan@intel.com>; O'loingsigh,
> Mairtin <mairtin.oloingsigh@intel.com>; Coyle, David <david.coyle@intel.com>
> Subject: [PATCH v1 2/2] crypto/aesni_mb: improve DOCSIS session creation
> 
> This patch improves the DOCSIS session creation as follows:
> - it validates the security action type as well as the protocol before
>   creating a session and now does this validation before allocating the
>   session from the mempool
> 
> Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")
> 
> Signed-off-by: David Coyle <david.coyle@intel.com>

Nice, this is actually fixing a potential memory leak, so you could mention this in the commit message/title.

Apart from this:

Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Akhil Goyal July 18, 2020, 9:24 p.m. UTC | #2
> > This patch improves the DOCSIS session creation as follows:
> > - it validates the security action type as well as the protocol before
> >   creating a session and now does this validation before allocating the
> >   session from the mempool
> >
> > Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")
> >
> > Signed-off-by: David Coyle <david.coyle@intel.com>
> 
> Nice, this is actually fixing a potential memory leak, so you could mention this in
> the commit message/title.
> 
> Apart from this:
> 
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

Series applied to dpdk-next-crypto

Title updated as " crypto/aesni_mb: fix memory leak in DOCSIS session"

Thanks.

Patch
diff mbox series

diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index ed93daec7..2362f0c3c 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -875,16 +875,17 @@  aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
+	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL ||
+			conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
+		AESNI_MB_LOG(ERR, "Invalid security protocol");
+		return -EINVAL;
+	}
+
 	if (rte_mempool_get(mempool, &sess_private_data)) {
 		AESNI_MB_LOG(ERR, "Couldn't get object from session mempool");
 		return -ENOMEM;
 	}
 
-	if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
-		AESNI_MB_LOG(ERR, "Invalid security protocol");
-		return -EINVAL;
-	}
-
 	ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
 			sess_private_data);