diff mbox series

[1/3] crypto/ipsec_mb: fix qp setup null pointer dereference

Message ID 20211210140952.2907974-1-ciara.power@intel.com (mailing list archive)
State Accepted, archived
Delegated to: akhil goyal
Headers
Series [1/3] crypto/ipsec_mb: fix qp setup null pointer dereference |

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Power, Ciara Dec. 10, 2021, 2:09 p.m. UTC 
  When setting up a qp in a secondary process, the local qp pointer is set
to the stored device qp, configured by the primary process for that
device, but only if that device qp is not NULL.
If the device qp was not set up correctly by the primary process and has
a NULL value, the local qp variable stays at the default initialised
value, NULL. This causes a NULL pointer dereference later in the
function when using the qp value.

This is fixed by always setting the local qp to the value of the device
qp stored, and then checking if qp is NULL, returning an error if it is.

Coverity issue: 374382
Fixes: 72a169278a56 ("crypto/ipsec_mb: support multi-process")
Cc: stable@dpdk.org

Signed-off-by: Ciara Power <ciara.power@intel.com>
---
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

Comments

Fan Zhang Dec. 16, 2021, 3:02 p.m. UTC | #1 
> -----Original Message-----
> From: Power, Ciara <ciara.power@intel.com>
> Sent: Friday, December 10, 2021 2:10 PM
> To: dev@dpdk.org
> Cc: stable@dpdk.org; Mcnamara, John <john.mcnamara@intel.com>; Zhang,
> Roy Fan <roy.fan.zhang@intel.com>; Power, Ciara <ciara.power@intel.com>;
> De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Subject: [PATCH 1/3] crypto/ipsec_mb: fix qp setup null pointer dereference
> 
> When setting up a qp in a secondary process, the local qp pointer is set
> to the stored device qp, configured by the primary process for that
> device, but only if that device qp is not NULL.
> If the device qp was not set up correctly by the primary process and has
> a NULL value, the local qp variable stays at the default initialised
> value, NULL. This causes a NULL pointer dereference later in the
> function when using the qp value.
> 
> This is fixed by always setting the local qp to the value of the device
> qp stored, and then checking if qp is NULL, returning an error if it is.
> 
> Coverity issue: 374382
> Fixes: 72a169278a56 ("crypto/ipsec_mb: support multi-process")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
diff mbox series

Patch

diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
index 189262c4ad..6efa417d67 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
@@ -221,8 +221,11 @@  ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 				IMB_VERSION_STR, IMB_MP_REQ_VER_STR);
 		return -EINVAL;
 #endif
-		if (dev->data->queue_pairs[qp_id] != NULL)
-			qp = dev->data->queue_pairs[qp_id];
+		qp = dev->data->queue_pairs[qp_id];
+		if (qp == NULL) {
+			IPSEC_MB_LOG(ERR, "Primary process hasn't configured device qp.");
+			return -EINVAL;
+		}
 	} else {
 		/* Free memory prior to re-allocation if needed. */
 		if (dev->data->queue_pairs[qp_id] != NULL)