[dpdk-dev] [PATCH] crypto/aesni_mb: fix possible array overrun

Akhil Goyal akhil.goyal at nxp.com
Wed Sep 26 14:27:22 CEST 2018

Previous message: [dpdk-dev] [PATCH] crypto/aesni_gcm: remove unneeded J0 calculation
Next message: [dpdk-dev] [PATCH v1 5/5] vfio: enable vfio hotplug by req notifier handler
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


On 8/2/2018 10:19 AM, Pablo de Lara wrote:
> In order to process crypto operations in the AESNI MB PMD,
> they need to be sent to the buffer manager of the Multi-buffer library,
> through the "job" structure.
>
> Currently, it is checked if there are outstanding operations to process
> in the ring, before getting a new job. However, if there are no available
> jobs in the manager, a flush operation needs to take place, freeing some of the jobs,
> so it can be used for the outstanding operation.
>
> In order to avoid leaving the dequeued operation without being processed,
> the maximum number of operations that can be flushed is the remaining operations
> to return, which is the maximum number of operations that can be return minus
> the number of operations ready to be returned (nb_ops - processed_jobs),
> minus 1 (for the new operation).
>
> The problem comes when (nb_ops - processed_jobs) is 1 (last operation to dequeue).
> In that case, flush_mb_mgr is called with maximum number of operations equal to 0,
> which is wrong, causing a potential overrun in the "ops" array.
> Besides, the operation dequeued from the ring will be leaked, as no more operations can
> be returned.
>
> The solution is to first check if there are jobs available in the manager.
> If there are not, flush operation gets called, and if enough operations are returned
> from the manager, then no more outstanding operations get dequeued from the ring,
> avoiding both the memory leak and the array overrun.
> If there are enough jobs, the PMD tries to dequeue an operation from the ring.
> If there are no operations in the ring, the new job pointer is not used,
> and it will be used in the next get_next_job call, so no memory leak happens.
>
> Fixes: 0f548b50a160 ("crypto/aesni_mb: process crypto op on dequeue")
> Cc: stable at dpdk.org
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
> ---
>

Applied to dpdk-next-crypto
Aligned description to 75 characters.

Thanks

Previous message: [dpdk-dev] [PATCH] crypto/aesni_gcm: remove unneeded J0 calculation
Next message: [dpdk-dev] [PATCH v1 5/5] vfio: enable vfio hotplug by req notifier handler
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list