From: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
To: Akhil Goyal <akhil.goyal@nxp.com>,
Hemant Agrawal <hemant.agrawal@nxp.com>
Cc: "dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH 1/2] crypto/dpaa_sec: improve memory freeing
Date: Mon, 11 May 2020 12:17:27 +0200 [thread overview]
Message-ID: <18e9077f-2f8a-0809-5b39-89ebc54b6e9b@partner.samsung.com> (raw)
In-Reply-To: <VI1PR04MB3168FD3E15EEC2E57E07D896E6A30@VI1PR04MB3168.eurprd04.prod.outlook.com>
W dniu 09.05.2020 o 23:58, Akhil Goyal pisze:
> Hi Lukasz,
>
> Thanks for the detailed analysis.
> Series
> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
>
> Applied to dpdk-next-crypto
>
> Thanks.
I am a fan of big commit messages. Just let me know when I'll cross the
line withe these novels ;)
Thank you
>> This patch fixes management of memory for authentication
>> and encryption keys.
>> There were two issues with former state of implementation:
>>
>> 1) Invalid access to dpaa_sec_session union members
>> The dpaa_sec_session structure includes an anonymous union:
>> union {
>> struct {...} aead_key;
>> struct {
>> struct {...} cipher_key;
>> struct {...} auth_key;
>> };
>> };
>> Depending on the used algorithm a rte_zmalloc() function
>> allocated memory that was kept in aead_key, cipher_key
>> or auth_key. However every time the memory was released,
>> rte_free() was called only on cipher and auth keys, even
>> if pointer to allocated memory was stored in aead_key.
>>
>> The C language specification defines such behavior as undefined.
>> As the cipher_key and aead_key are similar, have same sizes and
>> alignment, it has worked, but it's directly against C specification.
>>
>> This patch fixes this, providing a free_session_data() function
>> to free the keys data. It verifies which algorithm was used
>> (aead or auth+cipher) and frees proper part of the union.
>>
>> 2) Some keys might have been freed multiple times
>> In functions like: dpaa_sec_cipher_init(), dpaa_sec_auth_init(),
>> dpaa_sec_chain_init(), dpaa_sec_aead_init() keys data were freed
>> before returning due to some error conditions. However the pointers
>> were not zeroed causing another calls to ret_free from higher
>> layers of code. This causes an error log about invalid memory address
>> to be printed.
>>
>> This patch fixes it by making only one layer responsible for freeing
>> memory:
>> * dpaa_sec_set_session_parameters() for allocations made in:
>> - dpaa_sec_cipher_init()
>> - dpaa_sec_auth_init()
>> - dpaa_sec_chain_init()
>> - dpaa_sec_aead_init()
>> * dpaa_sec_set_ipsec_session() for allocations made in:
>> - dpaa_sec_ipsec_aead_init()
>> - dpaa_sec_ipsec_proto_init()
>> * dpaa_sec_set_pdcp_session() for allocations made in:
>> - dpaa_sec_set_pdcp_session() /*only one layer in case of pdcp*/
>>
>> Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
>> ---
--
Lukasz Wojciechowski
Principal Software Engineer
Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 88 25
l.wojciechow@partner.samsung.com
next prev parent reply other threads:[~2020-05-11 10:17 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20200505214128eucas1p26202807ca7da9e16c1628fd63cb2dfeb@eucas1p2.samsung.com>
2020-05-05 21:41 ` Lukasz Wojciechowski
[not found] ` <CGME20200505214129eucas1p146b40738c440b77ee0131d18a80eea3d@eucas1p1.samsung.com>
2020-05-05 21:41 ` [dpdk-dev] [PATCH 2/2] crypto/dpaa_sec: repair memory allocations Lukasz Wojciechowski
2020-05-09 21:58 ` [dpdk-dev] [PATCH 1/2] crypto/dpaa_sec: improve memory freeing Akhil Goyal
2020-05-11 10:17 ` Lukasz Wojciechowski [this message]
2020-05-11 10:20 ` Akhil Goyal
2020-05-11 13:11 ` Lukasz Wojciechowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=18e9077f-2f8a-0809-5b39-89ebc54b6e9b@partner.samsung.com \
--to=l.wojciechow@partner.samsung.com \
--cc=akhil.goyal@nxp.com \
--cc=dev@dpdk.org \
--cc=hemant.agrawal@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).