From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 79B90A0C40; Fri, 30 Jul 2021 21:10:28 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DF67040040; Fri, 30 Jul 2021 21:10:27 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 60CA54003F; Fri, 30 Jul 2021 21:10:26 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16UJ5WX4008301; Fri, 30 Jul 2021 12:10:25 -0700 Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1anam02lp2044.outbound.protection.outlook.com [104.47.57.44]) by mx0b-0016f401.pphosted.com with ESMTP id 3a456tug8j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 30 Jul 2021 12:10:25 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ia0maCZln53kPsAXK9/N6+iJyWcN9yxGbiKtUNASe3HJ2iUPASVOtDc7scNckymzctvnqmvRzKHUirCKJAgIR/0QhoWp1nYQrnaEKiMBrTPl+VUI5vUAxkT6C7sR/QbcS7oWE9874JFHbbr14yTywk7UWi4Md49ZUyWnF8R5p/krX6t8tosFsfaTBlH2UI5hMuuEb5yK5A99ppFmzlqc+YQX9NIV7RiKPsHvIor9xpnUVyA32MCtz5uo2JIPOYy4XiRfuxXFoBrYZt+lF7KADn94Ro+W3G8DVHZpQezhnacBCfxh8K7X5bayJ2LQqk+Y7F2jRlTU3KVFUJyqqU9PcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3GFKHWPEK9TuoXMR9dr0umfcJfOM4jllpyqa88P/LK0=; b=aJczT3iOUQ6OKCuaGaN8pAXhzkNCgXy46yHB08vpFTYAS5biTaQNgS3hU00H687QCQY8VqSK8PaTwnbLpYTmVJ/9CADHZYrt0vO9HikW2iKPKgQ91dQWxeN1UYzmMgwvVtUC0DQyLvImbefUvk6rAaPRDDwgLp1X63PzKSacelgENuHH9upguHF4RRW6qBbCTM1nMHt2jZmsvM0BiI8Tzev6b3g6ezneoZnEsBuR/gMQJ70L68evEWt/1s01HQ3WvsPPye2NjTJbSyoXBiDkz5Y5qR0RXe/7hHYjuZl0rDZ6HCbPx8OpFw4zcFDhcY7tPXQus2ysBWgLFv6AoOKuxQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3GFKHWPEK9TuoXMR9dr0umfcJfOM4jllpyqa88P/LK0=; b=kCrl5AKMQuqf7jdjp2Z2uiz6CWGnfbwTyq7jWp1QugTbD19ofNSUisASoUG2V1Y/BESo8cpWz3AVKX+XgyUXANnTwJhNK4ImWhG776Bh4k3cQiYRYwRxCCa+ysU+X7OI7Nj1X8PV2A3sF4kqZne1kwXJ598Zvrr1ByrpccsurqY= Received: from CO6PR18MB4484.namprd18.prod.outlook.com (2603:10b6:5:359::9) by CO1PR18MB4746.namprd18.prod.outlook.com (2603:10b6:303:e9::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.19; Fri, 30 Jul 2021 19:10:23 +0000 Received: from CO6PR18MB4484.namprd18.prod.outlook.com ([fe80::1455:9a67:a6e7:e557]) by CO6PR18MB4484.namprd18.prod.outlook.com ([fe80::1455:9a67:a6e7:e557%7]) with mapi id 15.20.4373.025; Fri, 30 Jul 2021 19:10:23 +0000 From: Akhil Goyal To: Akhil Goyal , Ciara Power , "dev@dpdk.org" CC: "roy.fan.zhang@intel.com" , "declan.doherty@intel.com" , "stable@dpdk.org" , ZhihongX Peng , Anoob Joseph Thread-Topic: [EXT] [PATCH] crypto: fix heap use after free bug Thread-Index: AQHXfi8hVvtCIX5JRECJ3pMQLabSP6tXJtrAgATJCiA= Date: Fri, 30 Jul 2021 19:10:23 +0000 Message-ID: References: <20210721125122.185019-1-ciara.power@intel.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c304ffdd-7a87-4335-3c13-08d9538dae8c x-ms-traffictypediagnostic: CO1PR18MB4746: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: esgUTbW/WrozY6V8XzTRjr35jStKupgrkn51l6oiY0zv3xAA/4nCvvoonfbwXqTpZpCJQjoSavlCcSORArzYhb02DhEDOIwd8To9JOprOjA7ieO2vvNeUyTTy6j1a/TkJVNddpKVTFjHhdfdWF8SPQdltB7d3d5RQNc/MGYc7MluxXxfww8pGEwU5Nq795ddTDhPM0c2nrpK5hw9qlzWkJOGcOh9lmJISm/nGtxYCJ4zYA6wgNZVsXYl5gPBbB4+90iNM9/gHZdgpluNwyGZZX4IyMVfUsbHW6B+2HBfTzDIZUB+YHnugERgJHKsVjQuF9rc7fKczJeODfa7OMwYXm6tK6JF2Zy7CJmcZI1GlJqBw4Bz+aEVyR2P/u/yFimR2PP8NSobvRuT0bRBqahAC9/W6kMs1LufWz+alAcJSXzghdLCs6Lb/dPdexicZ02dHowd5FJJ5vv0ucqOGxPCv6pZx+7JwHZKDYQnAXNdrScr8l9v6gAcSxXaAXs0UIpn2JketC/C2uqPprZ4LqjFMB7eT1usb7EjlXEt/WBLxEjAHhCUWcb5YWhlUdlySHrtpeU5lEE2CVWT1mb+ctJaDecS2WU4jqqWMgjbLkldR6Hou11IeGxnK3jF/zwKyXbKn5TKf4lXERSP4LY3W5pdBdGhMNmM5Ocrk+nDYS8S6+eeLl0ZD812kFQAkH2Av6s6EvQQSL8PkNA19ozZR/qoyw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO6PR18MB4484.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(346002)(376002)(39860400002)(136003)(366004)(71200400001)(5660300002)(55016002)(55236004)(4326008)(66476007)(76116006)(66556008)(66446008)(64756008)(8676002)(9686003)(38070700005)(478600001)(7696005)(6506007)(8936002)(66946007)(52536014)(122000001)(54906003)(83380400001)(33656002)(107886003)(2906002)(186003)(316002)(86362001)(110136005)(38100700002)(26005); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?b7yK7nB6KT5YMZOn3pUM2sRkTW5pBe3kMF7AR/dYgHzkwDigxI2dX/+v8SPW?= =?us-ascii?Q?sT1/9COaNuW3eNjb1qGBAr82SLARfFcvPcFz9JmAnYDpp/v0nnHP5k2Uh8yP?= =?us-ascii?Q?dpXeN143pI+NZxbWP0z+4ZVq+okc1ZGnnOZbCugOGdIo+cd7f3pQijeCWz4t?= =?us-ascii?Q?KfkJJRb5ISe+Tx6r8pb9vQ3hWgLf4sorR0Aijx4nnIm75B2wEVx1YUn9YhZO?= =?us-ascii?Q?GnRg7WpuXlmCsqqOVjK/QsWxkX5C2Xu0/okAQSNWDfsA6MAA+rD5pFZJQZfR?= =?us-ascii?Q?s0uMEhZv8aiP97FhWylfsF2Lljz/HXDRP4F0pYyYXbqreYRy4UC6fmHfzrG3?= =?us-ascii?Q?C/vExMrBjWhw25WDOLII549qVbGHmbFTr9q8Pg/2UhOiR51UEJbryR/PDcNd?= =?us-ascii?Q?Ye1JrRuJ7eu2/6+wJcdVJKIq9lgWsyYSyiCKWNVux4UGeT/Azo4/Vt4ad4IB?= =?us-ascii?Q?j5iJ+7P9foNnJ5uowS6tAI/MyXMbKglMKt22hUyZXRPIPveSLUEjm0fIKzP9?= =?us-ascii?Q?P4RSeqatO/I8EmpFAyDAcrkciCKhK26zbfXt/etuxjv2MZkEd5DNv4p6gkAO?= =?us-ascii?Q?GU0Xg32KeI0VL6fx2/jMX7Qc1+LshD/xjKRHdn52n4F44bPzFvk/ZsNXCGyh?= =?us-ascii?Q?WeIkCVOX3tEUeq3IdCJ4gNaMhZfsE2w34iUNzD6yXwfX97WKAyTl3C+LMtaq?= =?us-ascii?Q?FR5JsRIqivX4DycEcz/GuxDYem2nxRp4+2sVWf78WiPe+mVTKZSv5be3daf1?= =?us-ascii?Q?Mn1agizsE+FbhoV4wYjQm40k4Cx6KGevJluN8S1Tgc7R/69WZ4/XJQw2dbub?= =?us-ascii?Q?rldFZGyA5I5w4gW+J3cMd26hh0q9k6BeZw0TADSm4P8B/VnV18kNObG9LbG6?= =?us-ascii?Q?YNnG4g5CQULBfefzwMQniJgyfTvNgNI3z4BNImcuLwxKx9hXqPOU5vpmCfvH?= =?us-ascii?Q?jc5Uc3NzhsxgekFEN/lNauwCDmnJgJog/gG3FqXXdVuq09dR8IDQGrVjPLSp?= =?us-ascii?Q?UNZGrAEyu70hUzFpbgb1tKLmzacnrDMLVvmiJDVmh1LeW7AOimha7AM+rJ0d?= =?us-ascii?Q?Ph0fewk8xPsBIf3glXbfQEifuwFxi66P6sFzX9sdm5Z1FLlnlFr/HoHR6A8X?= =?us-ascii?Q?4SUpY4ZTejKlgC0QylWS0X1YPuXKFE93t+V3tF/suyNyDeovTZ2PjEgjKOsQ?= =?us-ascii?Q?DoIhBqiXa8MaGleVf5rrgLp3GRCMjZawIbGXnjxBP2TSZYTFIo2LsX0pEEkv?= =?us-ascii?Q?lWTrCta+zBoYR08iYWBQV8+Hg5L2tLLm+Ovpj5Fepa0sjV885Zty9SyWjvTw?= =?us-ascii?Q?rlA71SUXWfvEsrhFWxgoHWLM?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO6PR18MB4484.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c304ffdd-7a87-4335-3c13-08d9538dae8c X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2021 19:10:23.1933 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: e2xCrNraSd/W0//fy4J5bGF4IjWJwkficLEblonMmV8CCse4rk+oIXoQFs8BBiEtACv+Eb+yI/pd3UHHFl5tow== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR18MB4746 X-Proofpoint-GUID: n1hWBLPYhw3nN1Fo3Gpv9j-KjJrS8XQR X-Proofpoint-ORIG-GUID: n1hWBLPYhw3nN1Fo3Gpv9j-KjJrS8XQR X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-30_11:2021-07-30, 2021-07-30 signatures=0 Subject: Re: [dpdk-dev] [EXT] [PATCH] crypto: fix heap use after free bug X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Fixed title Cryptodev: fix heap use after free > > The PMD destroy function was calling the release function, which frees > > cryptodev->data, and then tries to free cryptodev->data->dev_private, > > which causes the heap use after free issue. > > > > A temporary pointer is set before the free of cryptodev->data, > > which can then be used afterwards to free dev_private. > > The free cannot be moved to before the release function is called, > > as dev_private is used in the QAT close function while being released. I believe all PMDs use dev_private for close. Hence replaces QAT with PMD > > > > Fixes: 9e6edea41805 ("cryptodev: add APIs to assist PMD initialisation"= ) > > Cc: declan.doherty@intel.com > > Cc: stable@dpdk.org > > > > Reported-by: ZhihongX Peng > > Signed-off-by: Ciara Power > > > > --- > > The same issue is found in crypto/octeontx, > > which may need to be addressed by maintainers. > > Cc: Anoob Joseph > > --- > > lib/cryptodev/rte_cryptodev_pmd.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/lib/cryptodev/rte_cryptodev_pmd.c > > b/lib/cryptodev/rte_cryptodev_pmd.c > > index 0912004127..900acd7ba4 100644 > > --- a/lib/cryptodev/rte_cryptodev_pmd.c > > +++ b/lib/cryptodev/rte_cryptodev_pmd.c > > @@ -140,6 +140,7 @@ int > > rte_cryptodev_pmd_destroy(struct rte_cryptodev *cryptodev) > > { > > int retval; > > + void *tmp_dev_private =3D cryptodev->data->dev_private; >=20 > Can we rename this pointer as dev_private? Renamed this while merging, as we have RC3 deadline today. >=20 > > > > CDEV_LOG_INFO("Closing crypto device %s", cryptodev->device- > > >name); > > > > @@ -149,7 +150,7 @@ rte_cryptodev_pmd_destroy(struct rte_cryptodev > > *cryptodev) > > return retval; > > > > if (rte_eal_process_type() =3D=3D RTE_PROC_PRIMARY) > > - rte_free(cryptodev->data->dev_private); > > + rte_free(tmp_dev_private); > > > > > > cryptodev->device =3D NULL; > > -- > > 2.25.1