cryptodev: add reference count to session private data

author Fan Zhang <roy.fan.zhang@intel.com>

Thu, 10 Jan 2019 14:50:21 +0000 (14:50 +0000)

committer Pablo de Lara <pablo.de.lara.guarch@intel.com>

Thu, 10 Jan 2019 15:57:22 +0000 (16:57 +0100)
author Fan Zhang <roy.fan.zhang@intel.com>
Thu, 10 Jan 2019 14:50:21 +0000 (14:50 +0000)
committer Pablo de Lara <pablo.de.lara.guarch@intel.com>
Thu, 10 Jan 2019 15:57:22 +0000 (16:57 +0100)
diff --git a/doc/guides/prog_guide/img/cryptodev_sym_sess.svg b/doc/guides/prog_guide/img/cryptodev_sym_sess.svg

index 20059cc0f203fcd50b643969f4539ef68446bdae..7d7052c38e14d2ab8af4954dbe41bb16e6fa0332 100644 (file)
--- a/doc/guides/prog_guide/img/cryptodev_sym_sess.svg
+++ b/doc/guides/prog_guide/img/cryptodev_sym_sess.svg
@@ -308,6 +308,13 @@
         class="st2"
         y="189.4823"
         x="-185.78569">user_data</text>
+<text
+       transform="scale(0.71276665,1.4029837)"
+       style="font-size:14.02988338px;font-family:Calibri;overflow:visible;color-interpolation-filters:sRGB;fill:#386288;fill-rule:evenodd;stroke-width:1.40298378;stroke-linecap:square;stroke-miterlimit:3"
+       id="text24-5-5-1-4"
+       class="st2"
+       y="129.23468"
+       x="-204.95244">uint16_t refcnt;</text>
  </g><g
       transform="matrix(1.022976,0,0,0.71529071,199.82034,-39.936699)"
       id="shape19-6-5"><title
diff --git a/doc/guides/rel_notes/release_19_02.rst b/doc/guides/rel_notes/release_19_02.rst

index 374c6a1a33581c512bf6edec707cdbedc097d671..47518ceaecd13f9c000ec0e1c3cabcc4f907db6c 100644 (file)
--- a/doc/guides/rel_notes/release_19_02.rst
+++ b/doc/guides/rel_notes/release_19_02.rst
@@ -100,6 +100,12 @@ New Features
    devices to track dirty pages caused by DMA. IFC driver has enabled this
    SW-assisted live migration mode.
  
+* **Added security checks to cryptodev symmetric session operations.**
+
+  Added a set of security checks to the access cryptodev symmetric session.
+  The checks include the session's user data read/write check and the
+  session private data referencing status check while freeing a session.
+
  * **Updated the AESNI-MB PMD.**
  
    * Add support for intel-ipsec-mb version 0.52.
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c

index d01bb110e2c2dec7ad2433cc9978c1fbc507e0d9..654c39fe1856834e63b719432d97c8754eac4d8b 100644 (file)
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -1216,7 +1216,7 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
  
         RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_configure, -ENOTSUP);
  
-       if (sess->sess_data[index].data == NULL) {
+       if (sess->sess_data[index].refcnt == 0) {
                 ret = dev->dev_ops->sym_session_configure(dev, xforms,
                                                         sess, mp);
                 if (ret < 0) {
@@ -1227,6 +1227,7 @@ rte_cryptodev_sym_session_init(uint8_t dev_id,
                 }
         }
  
+       sess->sess_data[index].refcnt++;
         return 0;
  }
  
@@ -1372,12 +1373,17 @@ rte_cryptodev_sym_session_clear(uint8_t dev_id,
                 struct rte_cryptodev_sym_session *sess)
  {
         struct rte_cryptodev *dev;
+       uint8_t driver_id;
  
         dev = rte_cryptodev_pmd_get_dev(dev_id);
  
         if (dev == NULL || sess == NULL)
                 return -EINVAL;
  
+       driver_id = dev->driver_id;
+       if (--sess->sess_data[driver_id].refcnt != 0)
+               return -EBUSY;
+
         RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_session_clear, -ENOTSUP);
  
         dev->dev_ops->sym_session_clear(dev, sess);
@@ -1407,16 +1413,14 @@ int
  rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess)
  {
         uint8_t i;
-       void *sess_priv;
         struct rte_mempool *sess_mp;
  
         if (sess == NULL)
                 return -EINVAL;
  
         /* Check that all device private data has been freed */
-       for (i = 0; i < nb_drivers; i++) {
-               sess_priv = get_sym_session_private_data(sess, i);
-               if (sess_priv != NULL)
+       for (i = 0; i < sess->nb_drivers; i++) {
+               if (sess->sess_data[i].refcnt != 0)
                         return -EBUSY;
         }
  
diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h

index b6a9321d5d66226a9739d62cc3c6b8ec6c06cc7f..0a3e7239a10ecf0004ac25a464388673301fe5a5 100644 (file)
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -959,6 +959,7 @@ struct rte_cryptodev_sym_session {
         /**< session user data will be placed after sess_data */
         __extension__ struct {
                 void *data;
+               uint16_t refcnt;
         } sess_data[0];
         /**< Driver specific session material, variable size */
  };
author	Fan Zhang <roy.fan.zhang@intel.com>
	Thu, 10 Jan 2019 14:50:21 +0000 (14:50 +0000)
committer	Pablo de Lara <pablo.de.lara.guarch@intel.com>
	Thu, 10 Jan 2019 15:57:22 +0000 (16:57 +0100)
doc/guides/prog_guide/img/cryptodev_sym_sess.svg		patch \| blob \| history
doc/guides/rel_notes/release_19_02.rst		patch \| blob \| history
lib/librte_cryptodev/rte_cryptodev.c		patch \| blob \| history
lib/librte_cryptodev/rte_cryptodev.h		patch \| blob \| history