When destroying a security session, the AESNI-MB PMD attempted to clear the private aesni_mb session object to remove any key material. However, the function aesni_mb_pmd_sec_sess_destroy() cleared the security session object instead of the private session object. This patch fixes this issue by now clearing the private session object. Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol") Signed-off-by: David Coyle <david.coyle@intel.com> --- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 2362f0c3c..b11d7f12b 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -911,7 +911,7 @@ aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, if (sess_priv) { struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); - memset(sess, 0, sizeof(struct aesni_mb_session)); + memset(sess_priv, 0, sizeof(struct aesni_mb_session)); set_sec_session_private_data(sess, NULL); rte_mempool_put(sess_mp, sess_priv); } -- 2.17.1
Hi David,
> -----Original Message-----
> From: Coyle, David <david.coyle@intel.com>
> Sent: Tuesday, October 6, 2020 10:42 AM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>
> Cc: dev@dpdk.org; akhil.goyal@nxp.com; Coyle, David
> <david.coyle@intel.com>
> Subject: [PATCH v1] crypto/aesni_mb: fix incorrect clearing of security session
>
> When destroying a security session, the AESNI-MB PMD attempted to clear the
> private aesni_mb session object to remove any key material. However, the
> function aesni_mb_pmd_sec_sess_destroy() cleared the security session object
> instead of the private session object.
>
> This patch fixes this issue by now clearing the private session object.
>
> Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")
>
> Signed-off-by: David Coyle <david.coyle@intel.com>
Patch looks good, but you need to CC stable, as this should be backported since the issue was introduced in the previous release.
So, add Cc: stable@dpdk.org after Fixes: fda... and send a v2.
Apart from that, you can keep my ack:
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
When destroying a security session, the AESNI-MB PMD attempted to clear the private aesni_mb session object to remove any key material. However, the function aesni_mb_pmd_sec_sess_destroy() cleared the security session object instead of the private session object. This patch fixes this issue by now clearing the private session object. Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol") Cc: stable@dpdk.org Signed-off-by: David Coyle <david.coyle@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- v2: * CC'ing stable@dpdk.org drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 2362f0c3c..b11d7f12b 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -911,7 +911,7 @@ aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, if (sess_priv) { struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); - memset(sess, 0, sizeof(struct aesni_mb_session)); + memset(sess_priv, 0, sizeof(struct aesni_mb_session)); set_sec_session_private_data(sess, NULL); rte_mempool_put(sess_mp, sess_priv); } -- 2.17.1
Hi Pablo > > > > When destroying a security session, the AESNI-MB PMD attempted to > > clear the private aesni_mb session object to remove any key material. > > However, the function aesni_mb_pmd_sec_sess_destroy() cleared the > > security session object instead of the private session object. > > > > This patch fixes this issue by now clearing the private session object. > > > > Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol") > > > > Signed-off-by: David Coyle <david.coyle@intel.com> > > Patch looks good, but you need to CC stable, as this should be backported > since the issue was introduced in the previous release. > So, add Cc: stable@dpdk.org after Fixes: fda... and send a v2. > Apart from that, you can keep my ack: [DC] Done, thanks for pointing that out > > Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> When destroying a security session, the AESNI-MB PMD attempted to clear
> the private aesni_mb session object to remove any key material. However,
> the function aesni_mb_pmd_sec_sess_destroy() cleared the security session
> object instead of the private session object.
>
> This patch fixes this issue by now clearing the private session object.
>
> Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")
> Cc: stable@dpdk.org
>
> Signed-off-by: David Coyle <david.coyle@intel.com>
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
Applied to dpdk-next-crypto
Thanks.