From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E156DA0C47 for ; Tue, 10 Aug 2021 17:45:32 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DBDC4411C3; Tue, 10 Aug 2021 17:45:32 +0200 (CEST) Received: from smtp-relay-canonical-0.canonical.com (smtp-relay-canonical-0.canonical.com [185.125.188.120]) by mails.dpdk.org (Postfix) with ESMTP id 19A3E411C5 for ; Tue, 10 Aug 2021 17:45:32 +0200 (CEST) Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPS id F12D93F0FD for ; Tue, 10 Aug 2021 15:45:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1628610331; bh=KtLnW6Yx1ITO7eDWGPfFcuA/mAhwW3hrgVGddeYLo3I=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=h+0CHnoH63hTtutxYC53C1SLwayYPapeTahGPOpI6ZHac2QMVoJWKYEoj1DijCDL+ OWJxFNxsAAbo+jN1+D9ZpDoHtHT/UU38gE6omDx/foGpCxLe6tpgzrsYC+KxfCFVh9 z/UkD3+mt+Fm/tFYorWX8HANUKvloIGR21UMz4GuUZULtiVNJQX0hfGMM1idD5WrE6 bBozoBz9wOy0H8SHGXb9GL7Z7KrtU1DdjlfkbWHczWXGEGx68MjAfK9FPgVy3n78Zd sMwuIElQQSH2q+RSExjt7D0cmU2MyWBrKwHaBJgfgewv2E8UJRAOcR4+hpckWHLv9j D6zzvpMde+C0Q== Received: by mail-ed1-f71.google.com with SMTP id u25-20020aa7d8990000b02903bb6a903d90so10967835edq.17 for ; Tue, 10 Aug 2021 08:45:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KtLnW6Yx1ITO7eDWGPfFcuA/mAhwW3hrgVGddeYLo3I=; b=mShhuPTSz3VUj5LYTa38+E0D4dyQKfs0PpNZvv0qiF2NlzcrlbTDv82eDHxoNF75kP reKhYAasBBOH8A8SKNfIwPzPdjplfBZv+W9YSA5m+FTXHZ6Tttu1hOJNFuqMF5Qv2UOs 7qbDrK0ObYhDd0qKKstqBrt0/yOYf8gFBRZvVEm80vZMUDRCBvRS2IDYQeJznmHQM8zY 77NKeSFO9oFk34ZH/eDGmqMGXX+NRS9Af4RImUFecyLxvOJplwwp+1lX6z99Kp+FQKu7 Xvq4qIMCeVDvE2OF+Qh+26nBvepYZj0CEL5xUsD2GA6NRW+3USxQalrvsfybNheUhqE8 NkJw== X-Gm-Message-State: AOAM530fV720leFZMf9C2jW7wAw3irw/mZpb4KwZAqSUMdRPm/N+fheF n3M2uOus3lFen1UVC9Jug9fU/J/w0o50f9TaWF3JFI8pXxp0YB0cQmdYgKIwT+8qcf343FKLPBG JsSSBl01cGC2V73aomPrMMVkk X-Received: by 2002:aa7:c4d4:: with SMTP id p20mr5659096edr.382.1628610331718; Tue, 10 Aug 2021 08:45:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxP4oV7vn6oNOIdoPU0QZUBmD7QYf9qXy/vXIEDmBGppGp6cGaXQdzYsj44R9S69u+t9wViVw== X-Received: by 2002:aa7:c4d4:: with SMTP id p20mr5659077edr.382.1628610331543; Tue, 10 Aug 2021 08:45:31 -0700 (PDT) Received: from Keschdeichel.fritz.box ([2001:67c:1560:8007::aac:c4ad]) by smtp.gmail.com with ESMTPSA id w20sm317783edu.22.2021.08.10.08.45.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Aug 2021 08:45:30 -0700 (PDT) From: christian.ehrhardt@canonical.com To: Ciara Power Cc: Zhihong Peng , Akhil Goyal , dpdk stable Date: Tue, 10 Aug 2021 17:40:19 +0200 Message-Id: <20210810154022.749358-99-christian.ehrhardt@canonical.com> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210810154022.749358-1-christian.ehrhardt@canonical.com> References: <20210810154022.749358-1-christian.ehrhardt@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'cryptodev: fix freeing after device release' has been queued to stable release 19.11.10 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to stable release 19.11.10 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 08/12/21. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/cpaelzer/dpdk-stable-queue This queued commit can be viewed at: https://github.com/cpaelzer/dpdk-stable-queue/commit/8d586e78ec35caa18df292a704d04a3d68be84e6 Thanks. Christian Ehrhardt --- >From 8d586e78ec35caa18df292a704d04a3d68be84e6 Mon Sep 17 00:00:00 2001 From: Ciara Power Date: Wed, 21 Jul 2021 12:51:22 +0000 Subject: [PATCH] cryptodev: fix freeing after device release [ upstream commit eeaeca82b8cbd6599bafd4029aad5ce4dedff7a2 ] The PMD destroy function was calling the release function, which frees cryptodev->data, and then tries to free cryptodev->data->dev_private, which causes the heap use after free issue. A temporary pointer is set before the free of cryptodev->data, which can then be used afterwards to free dev_private. The free cannot be moved to before the release function is called, as dev_private is used in the PMD close function while being released. Fixes: 9e6edea41805 ("cryptodev: add APIs to assist PMD initialisation") Reported-by: Zhihong Peng Signed-off-by: Ciara Power Acked-by: Akhil Goyal --- lib/librte_cryptodev/rte_cryptodev_pmd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/librte_cryptodev/rte_cryptodev_pmd.c b/lib/librte_cryptodev/rte_cryptodev_pmd.c index 0912004127..e342daabc4 100644 --- a/lib/librte_cryptodev/rte_cryptodev_pmd.c +++ b/lib/librte_cryptodev/rte_cryptodev_pmd.c @@ -140,6 +140,7 @@ int rte_cryptodev_pmd_destroy(struct rte_cryptodev *cryptodev) { int retval; + void *dev_priv = cryptodev->data->dev_private; CDEV_LOG_INFO("Closing crypto device %s", cryptodev->device->name); @@ -149,7 +150,7 @@ rte_cryptodev_pmd_destroy(struct rte_cryptodev *cryptodev) return retval; if (rte_eal_process_type() == RTE_PROC_PRIMARY) - rte_free(cryptodev->data->dev_private); + rte_free(dev_priv); cryptodev->device = NULL; -- 2.32.0 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2021-08-10 15:11:16.801842195 +0200 +++ 0099-cryptodev-fix-freeing-after-device-release.patch 2021-08-10 15:11:13.130638908 +0200 @@ -1 +1 @@ -From eeaeca82b8cbd6599bafd4029aad5ce4dedff7a2 Mon Sep 17 00:00:00 2001 +From 8d586e78ec35caa18df292a704d04a3d68be84e6 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit eeaeca82b8cbd6599bafd4029aad5ce4dedff7a2 ] + @@ -16 +17,0 @@ -Cc: stable@dpdk.org @@ -22 +23 @@ - lib/cryptodev/rte_cryptodev_pmd.c | 3 ++- + lib/librte_cryptodev/rte_cryptodev_pmd.c | 3 ++- @@ -25 +26 @@ -diff --git a/lib/cryptodev/rte_cryptodev_pmd.c b/lib/cryptodev/rte_cryptodev_pmd.c +diff --git a/lib/librte_cryptodev/rte_cryptodev_pmd.c b/lib/librte_cryptodev/rte_cryptodev_pmd.c @@ -27,2 +28,2 @@ ---- a/lib/cryptodev/rte_cryptodev_pmd.c -+++ b/lib/cryptodev/rte_cryptodev_pmd.c +--- a/lib/librte_cryptodev/rte_cryptodev_pmd.c ++++ b/lib/librte_cryptodev/rte_cryptodev_pmd.c