cryptodev: fix missing device id range checking

This patch adds range-checking of the device id passed from
the user app code. It prevents out-of-range array accesses
which in some situations resulted in an
application crash (segfault).

Fixes: 3dd4435cf473 ("cryptodev: fix checks related to device id")
Cc: stable@dpdk.org
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index 6d1d0e9..65d61a3 100644 (file)
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -529,7 +529,8 @@ rte_cryptodev_pmd_get_named_dev(const char *name)
 static inline uint8_t
 rte_cryptodev_is_valid_device_data(uint8_t dev_id)
 {
-       if (rte_crypto_devices[dev_id].data == NULL)
+       if (dev_id >= RTE_CRYPTO_MAX_DEVS ||
+                       rte_crypto_devices[dev_id].data == NULL)
                return 0;
 
        return 1;
@@ -621,8 +622,9 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices,
 void *
 rte_cryptodev_get_sec_ctx(uint8_t dev_id)
 {
-       if (rte_crypto_devices[dev_id].feature_flags &
-                       RTE_CRYPTODEV_FF_SECURITY)
+       if (dev_id < RTE_CRYPTO_MAX_DEVS &&
+                       (rte_crypto_devices[dev_id].feature_flags &
+                       RTE_CRYPTODEV_FF_SECURITY))
                return rte_crypto_devices[dev_id].security_ctx;
 
        return NULL;
@@ -793,6 +795,11 @@ rte_cryptodev_queue_pair_count(uint8_t dev_id)
 {
        struct rte_cryptodev *dev;
 
+       if (!rte_cryptodev_is_valid_device_data(dev_id)) {
+               CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+               return 0;
+       }
+
        dev = &rte_crypto_devices[dev_id];
        return dev->data->nb_queue_pairs;
 }
@@ -1258,6 +1265,11 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
        uint8_t index;
        int ret;
 
+       if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+               CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+               return -EINVAL;
+       }
+
        dev = rte_cryptodev_pmd_get_dev(dev_id);
 
        if (sess == NULL || xforms == NULL || dev == NULL)
@@ -1297,6 +1309,11 @@ rte_cryptodev_asym_session_init(uint8_t dev_id,
        uint8_t index;
        int ret;
 
+       if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+               CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+               return -EINVAL;
+       }
+
        dev = rte_cryptodev_pmd_get_dev(dev_id);
 
        if (sess == NULL || xforms == NULL || dev == NULL)
@@ -1432,6 +1449,11 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
        struct rte_cryptodev *dev;
        uint8_t driver_id;
 
+       if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+               CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+               return -EINVAL;
+       }
+
        dev = rte_cryptodev_pmd_get_dev(dev_id);
 
        if (dev == NULL || sess == NULL)
@@ -1456,6 +1478,11 @@ rte_cryptodev_asym_session_clear(uint8_t dev_id,
 {
        struct rte_cryptodev *dev;
 
+       if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+               CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+               return -EINVAL;
+       }
+
        dev = rte_cryptodev_pmd_get_dev(dev_id);
 
        if (dev == NULL || sess == NULL)
@@ -1789,8 +1816,14 @@ rte_cryptodev_driver_id_get(const char *name)
 const char *
 rte_cryptodev_name_get(uint8_t dev_id)
 {
-       struct rte_cryptodev *dev = rte_cryptodev_pmd_get_dev(dev_id);
+       struct rte_cryptodev *dev;
 
+       if (!rte_cryptodev_is_valid_device_data(dev_id)) {
+               CDEV_LOG_ERR("Invalid dev_id=%" PRIu8, dev_id);
+               return NULL;
+       }
+
+       dev = rte_cryptodev_pmd_get_dev(dev_id);
        if (dev == NULL)
                return NULL;