This patch improves the DOCSIS session creation as follows:
- it validates the security action type as well as the protocol before
creating a session and now does this validation before allocating the
session from the mempool
Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")
Signed-off-by: David Coyle <david.co...@intel.com>
---
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index ed93daec7..2362f0c3c 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -875,16 +875,17 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct
rte_security_session_conf *conf,
struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
int ret;
+ if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL ||
+ conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
+ AESNI_MB_LOG(ERR, "Invalid security protocol");
+ return -EINVAL;
+ }
+
if (rte_mempool_get(mempool, &sess_private_data)) {
AESNI_MB_LOG(ERR, "Couldn't get object from session mempool");
return -ENOMEM;
}
- if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
- AESNI_MB_LOG(ERR, "Invalid security protocol");
- return -EINVAL;
- }
-
ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
sess_private_data);
--
2.17.1
