From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8FBDAA0A0C for ; Tue, 3 Aug 2021 14:23:21 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 890A540E3C; Tue, 3 Aug 2021 14:23:21 +0200 (CEST) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mails.dpdk.org (Postfix) with ESMTP id 19C0D40E3C for ; Tue, 3 Aug 2021 14:23:20 +0200 (CEST) Received: by mail-wm1-f45.google.com with SMTP id l4-20020a05600c1d04b02902506f89ad2dso1775797wms.1 for ; Tue, 03 Aug 2021 05:23:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=cJX4F/odYn7OUNTA2UPF6HljsKIIkZWP0UqVZ6OBo8c=; b=iubQQduOf38euU7L0FohZT909yNzpBOJ7jbzcsaHtUsgyO8GmF/MGaLfnYkjzKgneg lMd6D1t3a3oxQp0z28v2vP3V6n/C6guvnBmPAtYb01ufcXfLdH8LXezenlN4YV9JlMMC KHJJ6F++nmhBzOFTkHtove5WFDGWCCAjORaAFYeY01z1iX4J2cNVpavc0axoIvlGe4Sx ETgATNQzJ7TeznA6Dl3uVlfrQ1G//fyRpgzi1k1k74ivXLO4vGzPwVetyl0ve85yaWBv 4rrxJg+aA74rsdW2S7i2oUw+gNW+oDea+YcpNMJgxKRDOk+EWxZMnyk5eElnOOmAKRkU HYzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=cJX4F/odYn7OUNTA2UPF6HljsKIIkZWP0UqVZ6OBo8c=; b=XMXmqxuzNBs+HNlGkLPmcRx02YHJylGmKg7XOAQVmC2HBJTJStn8rYoMNcqkiPOIHk WYXfvHCWm8AUGXeBv+CAeNSFbY0W0znv1AfYLqIsCkoWXVHg0oWXGfEUSBjEpwspwLUS TaignVoifBoUpw9t7uHdkZ3aJwVCZkdLVEEaEuuZfCuKnBTDOKKGtTRt7oz6JjXDVTKa bWiImgA+Mugnpm9wFMNuEyzf0n95mt6E2l3NzD7IE1ifTwZSZq+8uZe8/kD4uPwkgzky fG48g6O7jpGgfvUUA6SOE66iMXTDrKOKfPIWju01PJkVNdxaCImtcmlIm2PhJuyvGOPn eZnw== X-Gm-Message-State: AOAM531/dH/woAW+ZbiOlGbBLnJzlQdmj6O3Q54jDGnNQ0NM1q8ETSF8 TqIeRLLpXyQAoxmlAkyGq3E= X-Google-Smtp-Source: ABdhPJx311aSnKLzT5CiIXlOCTcQ9gLosqARE+iEcJ5f7DaRHTAAFDKaQGZmhl6+DDkWvN8UntXXDw== X-Received: by 2002:a05:600c:3041:: with SMTP id n1mr4070661wmh.19.1627993399872; Tue, 03 Aug 2021 05:23:19 -0700 (PDT) Received: from localhost ([137.220.125.106]) by smtp.gmail.com with ESMTPSA id y11sm9040223wru.0.2021.08.03.05.23.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Aug 2021 05:23:19 -0700 (PDT) From: luca.boccassi@gmail.com To: Akhil Goyal Cc: Zhihong Peng , dpdk stable Date: Tue, 3 Aug 2021 13:22:10 +0100 Message-Id: <20210803122214.1094992-21-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210803122214.1094992-1-luca.boccassi@gmail.com> References: <20210726135322.149850-59-luca.boccassi@gmail.com> <20210803122214.1094992-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'crypto/octeontx: fix freeing after device release' has been queued to stable release 20.11.3 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to stable release 20.11.3 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 08/05/21. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/bluca/dpdk-stable This queued commit can be viewed at: https://github.com/bluca/dpdk-stable/commit/fb63987b6d5ea636737deee4e49bb5cd4bf55cee Thanks. Luca Boccassi --- >From fb63987b6d5ea636737deee4e49bb5cd4bf55cee Mon Sep 17 00:00:00 2001 From: Akhil Goyal Date: Fri, 30 Jul 2021 23:28:27 +0530 Subject: [PATCH] crypto/octeontx: fix freeing after device release [ upstream commit 12b650efd49d8b932a7717be1cafd13d9040ea3e ] When the PMD is removed, rte_cryptodev_pmd_release_device is called which frees cryptodev->data, and then tries to free cryptodev->data->dev_private, which causes the heap use after free issue. A temporary pointer is set before the free of cryptodev->data, which can then be used afterwards to free dev_private. Fixes: bfe2ae495ee2 ("crypto/octeontx: add PMD skeleton") Reported-by: Zhihong Peng Signed-off-by: Akhil Goyal --- drivers/crypto/octeontx/otx_cryptodev.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/octeontx/otx_cryptodev.c b/drivers/crypto/octeontx/otx_cryptodev.c index 5ce1cf82fd..36cedb3253 100644 --- a/drivers/crypto/octeontx/otx_cryptodev.c +++ b/drivers/crypto/octeontx/otx_cryptodev.c @@ -71,6 +71,7 @@ otx_cpt_pci_remove(struct rte_pci_device *pci_dev) { struct rte_cryptodev *cryptodev; char name[RTE_CRYPTODEV_NAME_MAX_LEN]; + void *dev_priv; if (pci_dev == NULL) return -EINVAL; @@ -84,11 +85,13 @@ otx_cpt_pci_remove(struct rte_pci_device *pci_dev) if (pci_dev->driver == NULL) return -ENODEV; + dev_priv = cryptodev->data->dev_private; + /* free crypto device */ rte_cryptodev_pmd_release_device(cryptodev); if (rte_eal_process_type() == RTE_PROC_PRIMARY) - rte_free(cryptodev->data->dev_private); + rte_free(dev_priv); cryptodev->device->driver = NULL; cryptodev->device = NULL; -- 2.30.2 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2021-08-03 12:35:09.040872465 +0100 +++ 0021-crypto-octeontx-fix-freeing-after-device-release.patch 2021-08-03 12:35:08.242819288 +0100 @@ -1 +1 @@ -From 12b650efd49d8b932a7717be1cafd13d9040ea3e Mon Sep 17 00:00:00 2001 +From fb63987b6d5ea636737deee4e49bb5cd4bf55cee Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 12b650efd49d8b932a7717be1cafd13d9040ea3e ] + @@ -15 +16,0 @@ -Cc: stable@dpdk.org @@ -24 +25 @@ -index 7207909abb..3822c0d779 100644 +index 5ce1cf82fd..36cedb3253 100644 @@ -27 +28 @@ -@@ -75,6 +75,7 @@ otx_cpt_pci_remove(struct rte_pci_device *pci_dev) +@@ -71,6 +71,7 @@ otx_cpt_pci_remove(struct rte_pci_device *pci_dev) @@ -35 +36 @@ -@@ -88,11 +89,13 @@ otx_cpt_pci_remove(struct rte_pci_device *pci_dev) +@@ -84,11 +85,13 @@ otx_cpt_pci_remove(struct rte_pci_device *pci_dev)