[v1,2/2] crypto/aesni_mb: improve DOCSIS session creation
Checks
Commit Message
This patch improves the DOCSIS session creation as follows:
- it validates the security action type as well as the protocol before
creating a session and now does this validation before allocating the
session from the mempool
Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")
Signed-off-by: David Coyle <david.coyle@intel.com>
---
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
Comments
Hi David,
> -----Original Message-----
> From: Coyle, David <david.coyle@intel.com>
> Sent: Thursday, July 16, 2020 4:32 PM
> To: akhil.goyal@nxp.com; Doherty, Declan <declan.doherty@intel.com>; De
> Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>
> Cc: dev@dpdk.org; Ryan, Brendan <brendan.ryan@intel.com>; O'loingsigh,
> Mairtin <mairtin.oloingsigh@intel.com>; Coyle, David <david.coyle@intel.com>
> Subject: [PATCH v1 2/2] crypto/aesni_mb: improve DOCSIS session creation
>
> This patch improves the DOCSIS session creation as follows:
> - it validates the security action type as well as the protocol before
> creating a session and now does this validation before allocating the
> session from the mempool
>
> Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")
>
> Signed-off-by: David Coyle <david.coyle@intel.com>
Nice, this is actually fixing a potential memory leak, so you could mention this in the commit message/title.
Apart from this:
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> > This patch improves the DOCSIS session creation as follows:
> > - it validates the security action type as well as the protocol before
> > creating a session and now does this validation before allocating the
> > session from the mempool
> >
> > Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")
> >
> > Signed-off-by: David Coyle <david.coyle@intel.com>
>
> Nice, this is actually fixing a potential memory leak, so you could mention this in
> the commit message/title.
>
> Apart from this:
>
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Series applied to dpdk-next-crypto
Title updated as " crypto/aesni_mb: fix memory leak in DOCSIS session"
Thanks.
@@ -875,16 +875,17 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
int ret;
+ if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL ||
+ conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
+ AESNI_MB_LOG(ERR, "Invalid security protocol");
+ return -EINVAL;
+ }
+
if (rte_mempool_get(mempool, &sess_private_data)) {
AESNI_MB_LOG(ERR, "Couldn't get object from session mempool");
return -ENOMEM;
}
- if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
- AESNI_MB_LOG(ERR, "Invalid security protocol");
- return -EINVAL;
- }
-
ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
sess_private_data);