patch 'cryptodev: fix memory corruption in secondary process' has been queued to stable release 25.11.1

Kevin Traynor ktraynor at redhat.com
Thu Mar 19 11:02:36 CET 2026

Previous message (by thread): patch 'vhost: fix use-after-free fdset during shutdown' has been queued to stable release 25.11.1
Next message (by thread): patch 'test/security: skip inline protocol test if no HW support' has been queued to stable release 25.11.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 25.11.1

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 03/23/26. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/e5b8fb0e1cb77d61327d82943c9ec3d7e07e8ee2

Thanks.

Kevin

---
>From e5b8fb0e1cb77d61327d82943c9ec3d7e07e8ee2 Mon Sep 17 00:00:00 2001
From: Piotr Krzewinski <piotr.krzewinski at ericsson.com>
Date: Thu, 26 Feb 2026 14:57:27 +0100
Subject: [PATCH] cryptodev: fix memory corruption in secondary process

[ upstream commit 55ec467f2e9f437acbec42a6a1ccc4bcfee7ad45 ]

When secondary process runs with --no-pci, it skips hardware device
probing, causing different cryptodev dev_id assignments than in primary.
Since memzone lookup is based on dev_id, it leads to secondary
attaching to wrong memzone and corrupting primary's device
data structures.

Fix by making secondary process search for devices by name in existing
memzones instead of using local dev_id allocation.

Fixes: d11b0f30df88 ("cryptodev: introduce API and framework for crypto devices")

Signed-off-by: Piotr Krzewinski <piotr.krzewinski at ericsson.com>
Acked-by: Anatoly Burakov <anatoly.burakov at intel.com>
---
 lib/cryptodev/rte_cryptodev.c | 37 +++++++++++++++++++++++++++++++----
 1 file changed, 33 insertions(+), 4 deletions(-)

diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index f4c6f692f0..c0f57413fe 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -1167,4 +1167,25 @@ rte_cryptodev_find_free_device_index(void)
 }
 
+static uint8_t
+rte_cryptodev_find_device_by_name(const char *name)
+{
+	char mz_name[RTE_MEMZONE_NAMESIZE];
+	const struct rte_memzone *mz;
+	struct rte_cryptodev_data *data;
+	uint8_t dev_id;
+
+	for (dev_id = 0; dev_id < RTE_CRYPTO_MAX_DEVS; dev_id++) {
+		snprintf(mz_name, sizeof(mz_name), "rte_cryptodev_data_%u", dev_id);
+		mz = rte_memzone_lookup(mz_name);
+		if (mz == NULL)
+			continue;
+
+		data = mz->addr;
+		if (strncmp(data->name, name, RTE_CRYPTODEV_NAME_MAX_LEN) == 0)
+			return dev_id;
+	}
+	return RTE_CRYPTO_MAX_DEVS;
+}
+
 RTE_EXPORT_INTERNAL_SYMBOL(rte_cryptodev_pmd_allocate)
 struct rte_cryptodev *
@@ -1180,8 +1201,16 @@ rte_cryptodev_pmd_allocate(const char *name, int socket_id)
 	}
 
-	dev_id = rte_cryptodev_find_free_device_index();
-	if (dev_id == RTE_CRYPTO_MAX_DEVS) {
-		CDEV_LOG_ERR("Reached maximum number of crypto devices");
-		return NULL;
+	if (rte_eal_process_type() == RTE_PROC_SECONDARY) {
+		dev_id = rte_cryptodev_find_device_by_name(name);
+		if (dev_id == RTE_CRYPTO_MAX_DEVS) {
+			CDEV_LOG_ERR("Device %s does not exist in primary process", name);
+			return NULL;
+		}
+	} else {
+		dev_id = rte_cryptodev_find_free_device_index();
+		if (dev_id == RTE_CRYPTO_MAX_DEVS) {
+			CDEV_LOG_ERR("Reached maximum number of crypto devices");
+			return NULL;
+		}
 	}
 
-- 
2.53.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2026-03-19 10:01:08.244572789 +0000
+++ 0038-cryptodev-fix-memory-corruption-in-secondary-process.patch	2026-03-19 10:01:07.106852525 +0000
@@ -1 +1 @@
-From 55ec467f2e9f437acbec42a6a1ccc4bcfee7ad45 Mon Sep 17 00:00:00 2001
+From e5b8fb0e1cb77d61327d82943c9ec3d7e07e8ee2 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 55ec467f2e9f437acbec42a6a1ccc4bcfee7ad45 ]
+
@@ -16 +17,0 @@
-Cc: stable at dpdk.org
@@ -25 +26 @@
-index 7bddb154c2..50071935c2 100644
+index f4c6f692f0..c0f57413fe 100644
@@ -28 +29 @@
-@@ -1178,4 +1178,25 @@ rte_cryptodev_find_free_device_index(void)
+@@ -1167,4 +1167,25 @@ rte_cryptodev_find_free_device_index(void)
@@ -54 +55 @@
-@@ -1191,8 +1212,16 @@ rte_cryptodev_pmd_allocate(const char *name, int socket_id)
+@@ -1180,8 +1201,16 @@ rte_cryptodev_pmd_allocate(const char *name, int socket_id)

Previous message (by thread): patch 'vhost: fix use-after-free fdset during shutdown' has been queued to stable release 25.11.1
Next message (by thread): patch 'test/security: skip inline protocol test if no HW support' has been queued to stable release 25.11.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list