From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 35D0FA0C47
	for <public@inbox.dpdk.org>; Tue, 10 Aug 2021 17:45:35 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 304074014F;
	Tue, 10 Aug 2021 17:45:35 +0200 (CEST)
Received: from smtp-relay-canonical-1.canonical.com
 (smtp-relay-canonical-1.canonical.com [185.125.188.121])
 by mails.dpdk.org (Postfix) with ESMTP id F3B88411C6
 for <stable@dpdk.org>; Tue, 10 Aug 2021 17:45:32 +0200 (CEST)
Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com
 [209.85.218.70])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPS id DAE483F338
 for <stable@dpdk.org>; Tue, 10 Aug 2021 15:45:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
 s=20210705; t=1628610332;
 bh=w0GkJagkNup3lPuTeJSU6ulLUbwcwhoFoVSogkCWkds=;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
 MIME-Version;
 b=s5SvrWtJbDozfzXtlWfPqIPDL/57zsx1InO/xtFYDmVGdGAVaIPhDFvqTzVDT5OuW
 BaHAfdTjsS4N1KOJ004paUDBhcY7mnDySzxGjwAPYyDPrwDoN/JjtMTD067JK+aPXW
 8dW+ARUNdkkCuPStJp7uzKtdGE+dcCVY0Q8bVebJ363R7g3r/u7shMG16OUsHLVpLW
 P/RTmEWFHLp2pOc/TCLK7RHpUDGdHULrOJ3tITRLSI4bJlnEr3de1nuFg1F7QQOwUM
 xjdN81/HCxEueLnFH0Bn4wOVNtQmI9rq3m4Mwhc/cOB/4ybQWT5s/Y6DvX16sBell0
 zy5HEksMgQsxg==
Received: by mail-ej1-f70.google.com with SMTP id
 r21-20020a1709067055b02904be5f536463so5768198ejj.0
 for <stable@dpdk.org>; Tue, 10 Aug 2021 08:45:32 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=w0GkJagkNup3lPuTeJSU6ulLUbwcwhoFoVSogkCWkds=;
 b=iMI5bcEQZWoRdyhQZBwVmpQVjVNqQO0aDnMsKvdQoPPjXP0pt2tJqex//l3mtYhCqo
 ZYIuzcxTMOjT73C6786UIkKSxmWaZr9Wbiur8Dxd/AujF9q/wjZ3AG8oshrqP3Vq+vWr
 Rtm4ad6oPg9ZSBpNVvnir2t8WbbDtMjMgFDcEtGPeP8IOuAyweJZYUM8WL5OIR+SUctn
 kzKjDbAmzCoLADDD1J9xoT0YM+TUd1eDPQsjLNcilJ1bMhuGjV1gWgpCV8OgGhTNZCz/
 6JmsXKVCp1420HPUTWCO5j9MHcfQPumaedbVXRKUCJQZ/tybDQp7AJHnX71MdZBNexIV
 HURA==
X-Gm-Message-State: AOAM532OQyHei96zUPJVYA0m3tjcWyjKMceGRRHc+dkfiRIveXxS1lHx
 LdtLMyFlz5KvrDjTxWTxdaISOeQ7eDB8UYcCvfrjdF3yHEEDZxfbdvjPiXMQ/NRgy/Ht2TZOf5v
 wpipWBpB7JvsohdEGwp9LfnWP
X-Received: by 2002:a50:be81:: with SMTP id b1mr5790157edk.295.1628610332633; 
 Tue, 10 Aug 2021 08:45:32 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwrCQVWqTp4ZaKove68+zxMnNBpWI1Csxnjv6qXji5WYUPEGWpD9u2tHFYJ74aswrnfsG4xig==
X-Received: by 2002:a50:be81:: with SMTP id b1mr5790143edk.295.1628610332430; 
 Tue, 10 Aug 2021 08:45:32 -0700 (PDT)
Received: from Keschdeichel.fritz.box ([2001:67c:1560:8007::aac:c4ad])
 by smtp.gmail.com with ESMTPSA id w20sm317783edu.22.2021.08.10.08.45.31
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 10 Aug 2021 08:45:31 -0700 (PDT)
From: christian.ehrhardt@canonical.com
To: Akhil Goyal <gakhil@marvell.com>
Cc: Zhihong Peng <zhihongx.peng@intel.com>,
	dpdk stable <stable@dpdk.org>
Date: Tue, 10 Aug 2021 17:40:20 +0200
Message-Id: <20210810154022.749358-100-christian.ehrhardt@canonical.com>
X-Mailer: git-send-email 2.32.0
In-Reply-To: <20210810154022.749358-1-christian.ehrhardt@canonical.com>
References: <20210810154022.749358-1-christian.ehrhardt@canonical.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [dpdk-stable] patch 'crypto/octeontx: fix freeing after device
 release' has been queued to stable release 19.11.10
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org
Sender: "stable" <stable-bounces@dpdk.org>

Hi,

FYI, your patch has been queued to stable release 19.11.10

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 08/12/21. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/cpaelzer/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/cpaelzer/dpdk-stable-queue/commit/8bf13272693339b0f50f5c1b3ff69c3090f5b5a2

Thanks.

Christian Ehrhardt <christian.ehrhardt@canonical.com>

---
>From 8bf13272693339b0f50f5c1b3ff69c3090f5b5a2 Mon Sep 17 00:00:00 2001
From: Akhil Goyal <gakhil@marvell.com>
Date: Fri, 30 Jul 2021 23:28:27 +0530
Subject: [PATCH] crypto/octeontx: fix freeing after device release

[ upstream commit 12b650efd49d8b932a7717be1cafd13d9040ea3e ]

When the PMD is removed, rte_cryptodev_pmd_release_device
is called which frees cryptodev->data, and then tries to free
cryptodev->data->dev_private, which causes the heap use
after free issue.

A temporary pointer is set before the free of cryptodev->data,
which can then be used afterwards to free dev_private.

Fixes: bfe2ae495ee2 ("crypto/octeontx: add PMD skeleton")

Reported-by: Zhihong Peng <zhihongx.peng@intel.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/crypto/octeontx/otx_cryptodev.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/octeontx/otx_cryptodev.c b/drivers/crypto/octeontx/otx_cryptodev.c
index ddece13118..adc6c5c042 100644
--- a/drivers/crypto/octeontx/otx_cryptodev.c
+++ b/drivers/crypto/octeontx/otx_cryptodev.c
@@ -72,6 +72,7 @@ otx_cpt_pci_remove(struct rte_pci_device *pci_dev)
 {
 	struct rte_cryptodev *cryptodev;
 	char name[RTE_CRYPTODEV_NAME_MAX_LEN];
+	void *dev_priv;
 
 	if (pci_dev == NULL)
 		return -EINVAL;
@@ -85,11 +86,13 @@ otx_cpt_pci_remove(struct rte_pci_device *pci_dev)
 	if (pci_dev->driver == NULL)
 		return -ENODEV;
 
+	dev_priv = cryptodev->data->dev_private;
+
 	/* free crypto device */
 	rte_cryptodev_pmd_release_device(cryptodev);
 
 	if (rte_eal_process_type() == RTE_PROC_PRIMARY)
-		rte_free(cryptodev->data->dev_private);
+		rte_free(dev_priv);
 
 	cryptodev->device->driver = NULL;
 	cryptodev->device = NULL;
-- 
2.32.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2021-08-10 15:11:16.836756215 +0200
+++ 0100-crypto-octeontx-fix-freeing-after-device-release.patch	2021-08-10 15:11:13.130638908 +0200
@@ -1 +1 @@
-From 12b650efd49d8b932a7717be1cafd13d9040ea3e Mon Sep 17 00:00:00 2001
+From 8bf13272693339b0f50f5c1b3ff69c3090f5b5a2 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 12b650efd49d8b932a7717be1cafd13d9040ea3e ]
+
@@ -15 +16,0 @@
-Cc: stable@dpdk.org
@@ -24 +25 @@
-index 7207909abb..3822c0d779 100644
+index ddece13118..adc6c5c042 100644
@@ -27 +28 @@
-@@ -75,6 +75,7 @@ otx_cpt_pci_remove(struct rte_pci_device *pci_dev)
+@@ -72,6 +72,7 @@ otx_cpt_pci_remove(struct rte_pci_device *pci_dev)
@@ -35 +36 @@
-@@ -88,11 +89,13 @@ otx_cpt_pci_remove(struct rte_pci_device *pci_dev)
+@@ -85,11 +86,13 @@ otx_cpt_pci_remove(struct rte_pci_device *pci_dev)