From patchwork Fri Dec 10 14:09:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Power, Ciara" X-Patchwork-Id: 105064 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1EAA2A0093; Fri, 10 Dec 2021 15:10:10 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8D55B40685; Fri, 10 Dec 2021 15:10:09 +0100 (CET) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mails.dpdk.org (Postfix) with ESMTP id 702FC40041; Fri, 10 Dec 2021 15:10:08 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1639145408; x=1670681408; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=gH/RFh7s1/F8lKm0UpsOfaKbzr7Js/ZyJufZumg4mVw=; b=Pzsb8ApgCqZfFkdJa2P9wtYEFwa5tMJmJcLZlOZfehZhKhVsGN0iHmDX MNTQZHssNn+4/kXY/zT+hv/M6jq3QlnZx3kFIPdrrelSEOxUFjn3cbXKu uplLD0QknGZlIc8BgtuuZ10XdFeWp0XtoQWwCW20IZbJ1vJl2bXjyPRq3 O6Z8VFNIlBElcT3f8rvH7EIQf18XvGbUpMUElNVTfTSqzpRc02nMTmHMw kEpM0kz8gPO00zr6R4v5C8kqdBk7evuOgf3v/j7A7AzZGek4ZvRwTUTVE UYPDvaFYgj3CbpSkCS0nf30T0TmMmf9QvlmtkJGUQschatdDm8uNo6l8v A==; X-IronPort-AV: E=McAfee;i="6200,9189,10193"; a="324613220" X-IronPort-AV: E=Sophos;i="5.88,195,1635231600"; d="scan'208";a="324613220" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Dec 2021 06:10:06 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,195,1635231600"; d="scan'208";a="612936980" Received: from silpixa00400355.ir.intel.com (HELO silpixa00400355.ger.corp.intel.com) ([10.237.222.49]) by orsmga004.jf.intel.com with ESMTP; 10 Dec 2021 06:10:04 -0800 From: Ciara Power To: dev@dpdk.org Cc: stable@dpdk.org, john.mcnamara@intel.com, roy.fan.zhang@intel.com, Ciara Power , Pablo de Lara Subject: [PATCH 1/3] crypto/ipsec_mb: fix qp setup null pointer dereference Date: Fri, 10 Dec 2021 14:09:50 +0000 Message-Id: <20211210140952.2907974-1-ciara.power@intel.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org When setting up a qp in a secondary process, the local qp pointer is set to the stored device qp, configured by the primary process for that device, but only if that device qp is not NULL. If the device qp was not set up correctly by the primary process and has a NULL value, the local qp variable stays at the default initialised value, NULL. This causes a NULL pointer dereference later in the function when using the qp value. This is fixed by always setting the local qp to the value of the device qp stored, and then checking if qp is NULL, returning an error if it is. Coverity issue: 374382 Fixes: 72a169278a56 ("crypto/ipsec_mb: support multi-process") Cc: stable@dpdk.org Signed-off-by: Ciara Power Acked-by: Fan Zhang --- drivers/crypto/ipsec_mb/ipsec_mb_ops.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c index 189262c4ad..6efa417d67 100644 --- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c +++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c @@ -221,8 +221,11 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, IMB_VERSION_STR, IMB_MP_REQ_VER_STR); return -EINVAL; #endif - if (dev->data->queue_pairs[qp_id] != NULL) - qp = dev->data->queue_pairs[qp_id]; + qp = dev->data->queue_pairs[qp_id]; + if (qp == NULL) { + IPSEC_MB_LOG(ERR, "Primary process hasn't configured device qp."); + return -EINVAL; + } } else { /* Free memory prior to re-allocation if needed. */ if (dev->data->queue_pairs[qp_id] != NULL) From patchwork Fri Dec 10 14:09:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Power, Ciara" X-Patchwork-Id: 105065 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A9928A0093; Fri, 10 Dec 2021 15:10:19 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B6DBE4114F; Fri, 10 Dec 2021 15:10:10 +0100 (CET) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mails.dpdk.org (Postfix) with ESMTP id 39EDA40041; Fri, 10 Dec 2021 15:10:09 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1639145409; x=1670681409; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Y9tyIKyMehYB2qtIL1KJFrDrfjJXO9WwVVPQ7kBEOqU=; b=dOiWm3T/cY5Xtlym4UhixUPoAM4HIfAP2ZSKiBZmG7rW6fQE1+5usK2y NPiSAUiEzs5QitZaedmJaoAyF1M9Du79t5tiv3LxCQGa8vsClKK8mP8R1 Y2gKHj10llw4YttremdXBF+dkzg+b/5pMEflSnCYU3jq/BvXEph4stolX 2gurwNofBzIxM8B4O1TXZuqNec5WD0IEIw6IzLmP/q55KKksC3+eJBbPu 1svEr50HuBRh7Q4SJVCjX1w+clkhi2FtTBplmWI5/iza1NigWhvED8THS K8IgjWCUj1HJb2fsfO2iytjt2nrbUvXwH+PZAf/awpMHQrMyrg6edcaDF w==; X-IronPort-AV: E=McAfee;i="6200,9189,10193"; a="324613225" X-IronPort-AV: E=Sophos;i="5.88,195,1635231600"; d="scan'208";a="324613225" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Dec 2021 06:10:08 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,195,1635231600"; d="scan'208";a="612936994" Received: from silpixa00400355.ir.intel.com (HELO silpixa00400355.ger.corp.intel.com) ([10.237.222.49]) by orsmga004.jf.intel.com with ESMTP; 10 Dec 2021 06:10:06 -0800 From: Ciara Power To: dev@dpdk.org Cc: stable@dpdk.org, john.mcnamara@intel.com, roy.fan.zhang@intel.com, Ciara Power , Pablo de Lara Subject: [PATCH 2/3] crypto/ipsec_mb: fix qp cleanup null pointer dereference Date: Fri, 10 Dec 2021 14:09:51 +0000 Message-Id: <20211210140952.2907974-2-ciara.power@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211210140952.2907974-1-ciara.power@intel.com> References: <20211210140952.2907974-1-ciara.power@intel.com> MIME-Version: 1.0 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org The qp was being used in the cleanup without checking if it was non NULL. A check is now added to verify qp is non NULL before use. Coverity issue: 374375 Fixes: c75542ae4200 ("crypto/ipsec_mb: introduce IPsec_mb framework") Cc: roy.fan.zhang@intel.com Cc: stable@dpdk.org Signed-off-by: Ciara Power Acked-by: Fan Zhang --- drivers/crypto/ipsec_mb/ipsec_mb_ops.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c index 6efa417d67..1ebd23e8f0 100644 --- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c +++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c @@ -285,6 +285,8 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, return 0; qp_setup_cleanup: + if (qp == NULL) + return ret; #if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM if (qp->mb_mgr) free_mb_mgr(qp->mb_mgr); @@ -294,8 +296,7 @@ ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, if (qp->mb_mgr_mz) rte_memzone_free(qp->mb_mgr_mz); #endif - if (qp) - rte_free(qp); + rte_free(qp); return ret; } From patchwork Fri Dec 10 14:09:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Power, Ciara" X-Patchwork-Id: 105066 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F308FA0093; Fri, 10 Dec 2021 15:10:26 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E1684426DC; Fri, 10 Dec 2021 15:10:13 +0100 (CET) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mails.dpdk.org (Postfix) with ESMTP id A63EC426DA; Fri, 10 Dec 2021 15:10:11 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1639145411; x=1670681411; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=h6ipAbblu1FzKjzbDTsYQ8Jyb0i4w76Vp0s042aVQyk=; b=QnTFSbF2xL+Wahjc7nC4Hy9Kfhth5ZirSvf2p6jqrB1sh3gwbplsrauj 46y78BcIENTbFnc+OV/G71Ec/+900PM3XSK3octY2lRSW/0bIAgnZZLQs 8bmYi08emihkVXbT46552HowQ3c/epEyyR2UG9hPl6NzZw0nAef7ktY/F l2WNh5GuXYtZHX4OZzQY8h+41vGktLqyJ0iyYsXg99ZhjVxWEXPeC489x 14u8FAPlj1QLuH5nTAA1DfBDUCfTML5D0BWJWqi+iEJ5244QUCk/HdJTI QBTNLsUuPHfEIkrFSGNf2Fr6kV1dQ97ADqQQsjhClc0bJ3hsxUS3n77Gb w==; X-IronPort-AV: E=McAfee;i="6200,9189,10193"; a="324613227" X-IronPort-AV: E=Sophos;i="5.88,195,1635231600"; d="scan'208";a="324613227" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Dec 2021 06:10:10 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,195,1635231600"; d="scan'208";a="612937013" Received: from silpixa00400355.ir.intel.com (HELO silpixa00400355.ger.corp.intel.com) ([10.237.222.49]) by orsmga004.jf.intel.com with ESMTP; 10 Dec 2021 06:10:08 -0800 From: Ciara Power To: dev@dpdk.org Cc: stable@dpdk.org, john.mcnamara@intel.com, roy.fan.zhang@intel.com, Ciara Power , piotrx.bronowski@intel.com, Pablo de Lara Subject: [PATCH 3/3] crypto/ipsec_mb: fix tainted data for session Date: Fri, 10 Dec 2021 14:09:52 +0000 Message-Id: <20211210140952.2907974-3-ciara.power@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211210140952.2907974-1-ciara.power@intel.com> References: <20211210140952.2907974-1-ciara.power@intel.com> MIME-Version: 1.0 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Downcasting a void * to struct aesni_gcm_session * caused the session data to be treated as tainted. Removing the void * temporary variable and adding a cast avoids this issue. Coverity issue: 374377 Fixes: 746825e5c0ea ("crypto/ipsec_mb: move aesni_gcm PMD") Cc: piotrx.bronowski@intel.com Cc: stable@dpdk.org Signed-off-by: Ciara Power Acked-by: Fan Zhang --- drivers/crypto/ipsec_mb/pmd_aesni_gcm.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c index 2c203795ab..e5ad629fe5 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c +++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c @@ -713,19 +713,17 @@ aesni_gcm_process_bulk(struct rte_cryptodev *dev, __rte_unused union rte_crypto_sym_ofs ofs, struct rte_crypto_sym_vec *vec) { - void *sess_priv; struct aesni_gcm_session *s; struct gcm_context_data gdata_ctx; IMB_MGR *mb_mgr; - sess_priv = get_sym_session_private_data(sess, dev->driver_id); - if (unlikely(sess_priv == NULL)) { + s = (struct aesni_gcm_session *) get_sym_session_private_data(sess, + dev->driver_id); + if (unlikely(s == NULL)) { aesni_gcm_fill_error_code(vec, EINVAL); return 0; } - s = sess_priv; - /* get per-thread MB MGR, create one if needed */ mb_mgr = get_per_thread_mb_mgr(); if (unlikely(mb_mgr == NULL))