From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C9631A0C56; Tue, 27 Jul 2021 20:05:01 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8C6C9410F2; Tue, 27 Jul 2021 20:05:01 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 4F9E3410F0; Tue, 27 Jul 2021 20:05:00 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16RHnaii025065; Tue, 27 Jul 2021 11:04:59 -0700 Received: from nam02-dm3-obe.outbound.protection.outlook.com (mail-dm3nam07lp2048.outbound.protection.outlook.com [104.47.56.48]) by mx0a-0016f401.pphosted.com with ESMTP id 3a235e42pe-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 27 Jul 2021 11:04:59 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hz6IHhdzfn3sniaoAHHkh5ZdVVw8p7c7NfUfHZDCy334Ntw4P6+o6XxN5FTxDha/e7hqQ2Ca9stWDYEKAkFN8GYF2v6rbBRBFh3VolrIE0O9jpUXdgFIXwPodXqjbNo64tCOWtQPaj7Pxow6iLGRvHI+YEmZjUHR2JpAv59F57CNGPRCJeduP80/EB+Sf9yPlzJ+/NB8+gDRFbHrP1aQdQOvLahhUxkM5owW1k/8FUNN4bXJjcExPDL10/CWdFd0u2gwBjAanzoe5AyVwHruTvuLLojC0NlJRpl3QTy6HLlH7F75+42QSK6UvRwZexwzyB3DauPBBcd7LBk48cD3QQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wSEyDK3uDHBylpMFF8ILK/G1+pegLKrT2k/FdDMS7nU=; b=S4Sbjx6Zvmr5sUZUCklnz2qD7bM/xBJ7LhLsVvzI8RCuSPfbtN0/TwZXkfacIQhgodOn/Kmf00h97s7Xs8XmBSFIXCV1vdiT+eoEzDh+tFvYM5uG4+99+Tdv4FQ1h80vbvkVnMPonOeeCC1hlLLPl7jCKmIJ9FREQX7ymolfon+4mBaQh5MxV7NhRWp60D88RRRrYXFoEex6CVd4gI6PxvYQWoX9o4MKP36bOPtmtVYxxV4z5tJEKYD3zxz53j1a4P5qcNHrU3dLOagfMYr2vWhcZrildop58QkyANRrNBGljE3wZztfKGEOeIscrCzdvOMZ8KX9TjpPe3ptSrqcjg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wSEyDK3uDHBylpMFF8ILK/G1+pegLKrT2k/FdDMS7nU=; b=e0vvfPbuPRr8orWoAupT3haGzuqR6Y0xAoVLI7sPrpdFTcQFVJOHtzp29EIet6g9Uig+BvSYqJRKF9P6U8cRSBYMDgRGQ1rcpnTLwVouYas6LS/61N/snnLaPj5TpMJVtPF4PHWH26G73pjotPkT8aH3+OeRsLYoMOoNI1LUoiY= Received: from PH0PR18MB4491.namprd18.prod.outlook.com (2603:10b6:510:e6::13) by PH0PR18MB4686.namprd18.prod.outlook.com (2603:10b6:510:c9::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.25; Tue, 27 Jul 2021 18:04:57 +0000 Received: from PH0PR18MB4491.namprd18.prod.outlook.com ([fe80::d435:ad84:b25e:4ad3]) by PH0PR18MB4491.namprd18.prod.outlook.com ([fe80::d435:ad84:b25e:4ad3%6]) with mapi id 15.20.4352.031; Tue, 27 Jul 2021 18:04:57 +0000 From: Akhil Goyal To: Ciara Power , "dev@dpdk.org" CC: "roy.fan.zhang@intel.com" , "declan.doherty@intel.com" , "stable@dpdk.org" , ZhihongX Peng , Anoob Joseph Thread-Topic: [EXT] [PATCH] crypto: fix heap use after free bug Thread-Index: AQHXfi8hVvtCIX5JRECJ3pMQLabSP6tXJtrA Date: Tue, 27 Jul 2021 18:04:57 +0000 Message-ID: References: <20210721125122.185019-1-ciara.power@intel.com> In-Reply-To: <20210721125122.185019-1-ciara.power@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=marvell.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9080192b-5d6c-452f-7286-08d951290b24 x-ms-traffictypediagnostic: PH0PR18MB4686: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: vYXWzjrNjmGJXYEJwsFFkjBykxQNcYOZy4JCujS/C7kkHe79a9JqUkpuXLTM7gH/S1FYTHRU2DgGdwa5kl4sOzT2mRFTOgSov8v3eYzeLs2OOcN/QrV0Q3A8aYl6e8GPGhTtisouSD0X4/pBCzdH64zuNNJvwsKsC3yB/sCSw7tt5fqG2rEYsddY7sX6t9QE4m+9zM/u60axb0CZneab6/NUXFAXaScSwxVY09wO/aSSnGSRhdQJLRdJpGMvZORiq6Re7rlwwbiuSQfzuBVpVT/OfVwy20C/FiV5x8p+RPPurGKjpS3+ALkbfHFtYw3KGabJdz3M/WfdXy/XhQN4r/UDQN2Xbvxe2TVi6rIuLFXxMRjr/BYHKZQa5LSXysJu7ftOSczah7p9qomfpRUBQWWhGRPLL9urQNel8M+3S43l1I+YE9HX8Z/7PaJsz0gt/WxL9B5fLGxThzfncdIZahxLc8qwRqzeTgCij25pvdxbASiKXV2gpUN0vy0FVwGreFbQfTSL/y8O0tJVYCEPcJrQXP4yPmjw+JYnqcAhwU8TGxuGqSGQRL4YQLnO4//9tBMrSTInR2G6E6dIe7NtEGBPlByTJhNFqF0O0mXcYPyv0yjepqhnbvqTSwdSRtG4tE/S03q4+RJCVjNX3++OBvXazL1y37wFpLllQ2MjS/aHHQf03Zo3rau8gZwS4T0Pqd/k47lU4JUeVeq869x9LQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR18MB4491.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(366004)(39860400002)(346002)(376002)(66446008)(64756008)(66556008)(66476007)(122000001)(52536014)(26005)(33656002)(2906002)(8936002)(8676002)(55016002)(478600001)(7696005)(9686003)(54906003)(86362001)(71200400001)(186003)(76116006)(5660300002)(4326008)(83380400001)(107886003)(316002)(110136005)(55236004)(6506007)(66946007)(38100700002)(38070700004); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?VpPtPicQnJoZb0bAqYTWm7lW1lvCq0OUX2HxZfynAsQIkRwbS3AmoJLKYFX8?= =?us-ascii?Q?13mxMZ12MU2ngz5GE7lOUGspy0B0yuIIgRz3nDK7FQ1KfLprkogb8JhT8Y62?= =?us-ascii?Q?rxz41+GrhRbIfJdkLsi3tpGQNPCtYwixocKXRrgE/911lXwmMPfQfgRcVDGU?= =?us-ascii?Q?k/jYt58SvNYmzanmQw1XWFnZW4crxyEzWyasnzjDxvRYk0rhAd+QJu5Zw1j9?= =?us-ascii?Q?q7ojbFgciZkWbSruUp5VfUWas+ROJi7u0kykEF72GOsb3vTd3q2FwGYCda25?= =?us-ascii?Q?x1MfYVBVluftBUyuBbqZLhAjUPC4fWTtE03gJGjQIxrhneBl9A1y78XTUliR?= =?us-ascii?Q?2Fpv75dsJyzLPwHv9uiH6RF4MVqc8T/fwH7JBdkbmCK0BC22BiJJEqvdQKPH?= =?us-ascii?Q?KP0hqQy8kaUyhEy9KODdUXwIUHP7PJFzIRTxfHol17CZ2j4KhMj6rtrCs+NH?= =?us-ascii?Q?B8d7k1NdmbQnWDL8NHkmSyKW/CPbLQMYVO9JIVtiuETt9DbdIS2hbYud/nd6?= =?us-ascii?Q?f9s9226IpHeEeZKFgmgkgV3xijZSO/oYNh/jjoc9RAPi158N0Dhb9kfYEw7w?= =?us-ascii?Q?K6m833TmNKVhKMxJn0NcAnO79np+5eHgoLW3EDz6TNRzHoCDHNCifjDd/IFR?= =?us-ascii?Q?Rq58kbbmGdqaEIgH1CLpC7JASSVLr3vAXenu5IWS/Ky8ni1EcG3h244dkocN?= =?us-ascii?Q?Vb2w6gTke+j5kKogcWQ96nUN0UX2CKwgGi667CjZ5HRjQModxETs9zhYdixe?= =?us-ascii?Q?1XUmewjlYHmhhxbHCItsjm0Ttmp9KYyUAIGZY0yEopLpsBW3DXY5/2MNNis3?= =?us-ascii?Q?8z+WgYIheDg+6r65GXM+sihuaOlMqCwVwy1om776Po9dpmFEvHztH+PTTZE0?= =?us-ascii?Q?gdMndvHJTzqd4J3bnn2jfxn8FTsTDtI+RKiTCj/iugaacSdnPY395I9cVJp1?= =?us-ascii?Q?ObwM90BKiG8N/1gie2BYG8jQKX1+Thl6ktMlvsjic5fn/w6Pi5UcbwpG7zZU?= =?us-ascii?Q?ar5wujaZnsnfYx2b1VVsB+fyGbnT3faizZbKAd3KrHt2ghuPg9+SfyndxnpI?= =?us-ascii?Q?eT2dGgdQcsZRqfiGL4q/ML0Hsb3WqoGyWLj2YGOUWEzw4q4r62JXmSXE1kNG?= =?us-ascii?Q?ewAV2t80V7AXdrajvz30UKNSWQAmLZdUNfAOB/KplApfKw1vVAh3S/8qMGbZ?= =?us-ascii?Q?nESZRO9jpUO7JPZB/F2VroWHnQwnWtkmL0kAsmUuztvADWRTpJezfISJFqQh?= =?us-ascii?Q?OM0NW5YBSZL6i/Jx+mazgY5Mf7WN4FKedvP0KDDdnkpqI1PRzOXERBu8QxZU?= =?us-ascii?Q?yKT2QWadS1cvzAPuM97EfS7i?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR18MB4491.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9080192b-5d6c-452f-7286-08d951290b24 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2021 18:04:57.0778 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: nC2hOblNZua2sTP/ur0f8jkx41boQC5ObLm1RyWA9dE6Lx/uSjd5a80Y0dZl6hRd9ScNlMKroAO1VxYJ2ETA+w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR18MB4686 X-Proofpoint-ORIG-GUID: zmQMkQbPpJaLnntz1_7yzPDj1cxZ2EvW X-Proofpoint-GUID: zmQMkQbPpJaLnntz1_7yzPDj1cxZ2EvW X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-27_10:2021-07-27, 2021-07-27 signatures=0 Subject: Re: [dpdk-dev] [EXT] [PATCH] crypto: fix heap use after free bug X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > The PMD destroy function was calling the release function, which frees > cryptodev->data, and then tries to free cryptodev->data->dev_private, > which causes the heap use after free issue. >=20 > A temporary pointer is set before the free of cryptodev->data, > which can then be used afterwards to free dev_private. > The free cannot be moved to before the release function is called, > as dev_private is used in the QAT close function while being released. >=20 > Fixes: 9e6edea41805 ("cryptodev: add APIs to assist PMD initialisation") > Cc: declan.doherty@intel.com > Cc: stable@dpdk.org >=20 > Reported-by: ZhihongX Peng > Signed-off-by: Ciara Power >=20 > --- > The same issue is found in crypto/octeontx, > which may need to be addressed by maintainers. > Cc: Anoob Joseph > --- > lib/cryptodev/rte_cryptodev_pmd.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) >=20 > diff --git a/lib/cryptodev/rte_cryptodev_pmd.c > b/lib/cryptodev/rte_cryptodev_pmd.c > index 0912004127..900acd7ba4 100644 > --- a/lib/cryptodev/rte_cryptodev_pmd.c > +++ b/lib/cryptodev/rte_cryptodev_pmd.c > @@ -140,6 +140,7 @@ int > rte_cryptodev_pmd_destroy(struct rte_cryptodev *cryptodev) > { > int retval; > + void *tmp_dev_private =3D cryptodev->data->dev_private; Can we rename this pointer as dev_private? >=20 > CDEV_LOG_INFO("Closing crypto device %s", cryptodev->device- > >name); >=20 > @@ -149,7 +150,7 @@ rte_cryptodev_pmd_destroy(struct rte_cryptodev > *cryptodev) > return retval; >=20 > if (rte_eal_process_type() =3D=3D RTE_PROC_PRIMARY) > - rte_free(cryptodev->data->dev_private); > + rte_free(tmp_dev_private); >=20 >=20 > cryptodev->device =3D NULL; > -- > 2.25.1