diff mbox series

[3/3] net/iavf: set pointer to NULL after free

Message ID	bc4ae5b647546d31f83b6eca6f5be390c0cd38ed.1644842271.git.wangyunjian@huawei.com (mailing list archive)
State	Superseded, archived
Delegated to:	Ferruh Yigit
Headers	From: Yunjian Wang <wangyunjian@huawei.com> To: <dev@dpdk.org> CC: <ferruh.yigit@intel.com>, <jingjing.wu@intel.com>, <beilei.xing@intel.com>, <haiyue.wang@intel.com>, <jiawenwu@trustnetic.com>, <jianwang@trustnetic.com>, <dingxiaoxiong@huawei.com>, <huangshaozhang@huawei.com>, Yunjian Wang <wangyunjian@huawei.com>, <stable@dpdk.org> Subject: [dpdk-dev] [PATCH 3/3] net/iavf: set pointer to NULL after free Date: Tue, 15 Feb 2022 18:25:03 +0800 Message-ID: <bc4ae5b647546d31f83b6eca6f5be390c0cd38ed.1644842271.git.wangyunjian@huawei.com> In-Reply-To: <cover.1644842271.git.wangyunjian@huawei.com> References: <cover.1644842271.git.wangyunjian@huawei.com> MIME-Version: 1.0 Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	fixes for ixgbe/txgbe/iavf \| [0/3] fixes for ixgbe/txgbe/iavf [1/3] net/ixgbe: set pointer to NULL after free [2/3] net/txgbe: set pointer to NULL after free [3/3] net/iavf: set pointer to NULL after free

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK
ci/intel-Testing	success	Testing PASS
ci/github-robot: build	success	github build: passed

Commit Message

Yunjian Wang Feb. 15, 2022, 10:25 a.m. UTC

  When iavf_security_ctx_destroy() is cleaning up, it does not correctly
set the security_ctx variable to NULL, which will lead to wild pointer.

Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: stable@dpdk.org

Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
---
 drivers/net/iavf/iavf_ipsec_crypto.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Wang, Haiyue Feb. 15, 2022, 12:02 p.m. UTC | #1

> -----Original Message-----
> From: Yunjian Wang <wangyunjian@huawei.com>
> Sent: Tuesday, February 15, 2022 18:25
> To: dev@dpdk.org
> Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Wu, Jingjing <jingjing.wu@intel.com>; Xing, Beilei
> <beilei.xing@intel.com>; Wang, Haiyue <haiyue.wang@intel.com>; jiawenwu@trustnetic.com;
> jianwang@trustnetic.com; dingxiaoxiong@huawei.com; huangshaozhang@huawei.com; Yunjian Wang
> <wangyunjian@huawei.com>; stable@dpdk.org
> Subject: [dpdk-dev] [PATCH 3/3] net/iavf: set pointer to NULL after free
> 
> When iavf_security_ctx_destroy() is cleaning up, it does not correctly
> set the security_ctx variable to NULL, which will lead to wild pointer.
> 
> Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
> ---
>  drivers/net/iavf/iavf_ipsec_crypto.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c b/drivers/net/iavf/iavf_ipsec_crypto.c
> index 6ac1b213db..f13849ca1c 100644
> --- a/drivers/net/iavf/iavf_ipsec_crypto.c
> +++ b/drivers/net/iavf/iavf_ipsec_crypto.c
> @@ -1555,6 +1555,7 @@ iavf_security_ctx_destroy(struct iavf_adapter *adapter)
> 
>  	iavf_sctx = NULL;
>  	sctx = NULL;

The above two lines can be removed, since it is local var.

> +	adapter->vf.eth_dev->security_ctx = NULL;

Also, adapter->security_ctx = NULL ?

> 
>  	return 0;
>  }
> --
> 2.27.0

Yunjian Wang Feb. 15, 2022, 12:10 p.m. UTC | #2

> -----Original Message-----
> From: Wang, Haiyue [mailto:haiyue.wang@intel.com]
> Sent: Tuesday, February 15, 2022 8:02 PM
> To: wangyunjian <wangyunjian@huawei.com>; dev@dpdk.org
> Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Wu, Jingjing <jingjing.wu@intel.com>;
> Xing, Beilei <beilei.xing@intel.com>; jiawenwu@trustnetic.com;
> jianwang@trustnetic.com; dingxiaoxiong <dingxiaoxiong@huawei.com>;
> Huangshaozhang <huangshaozhang@huawei.com>; stable@dpdk.org
> Subject: RE: [dpdk-dev] [PATCH 3/3] net/iavf: set pointer to NULL after free
> 
> > -----Original Message-----
> > From: Yunjian Wang <wangyunjian@huawei.com>
> > Sent: Tuesday, February 15, 2022 18:25
> > To: dev@dpdk.org
> > Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Wu, Jingjing
> > <jingjing.wu@intel.com>; Xing, Beilei <beilei.xing@intel.com>; Wang,
> > Haiyue <haiyue.wang@intel.com>; jiawenwu@trustnetic.com;
> > jianwang@trustnetic.com; dingxiaoxiong@huawei.com;
> > huangshaozhang@huawei.com; Yunjian Wang <wangyunjian@huawei.com>;
> > stable@dpdk.org
> > Subject: [dpdk-dev] [PATCH 3/3] net/iavf: set pointer to NULL after
> > free
> >
> > When iavf_security_ctx_destroy() is cleaning up, it does not correctly
> > set the security_ctx variable to NULL, which will lead to wild pointer.
> >
> > Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
> > ---
> >  drivers/net/iavf/iavf_ipsec_crypto.c | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c
> > b/drivers/net/iavf/iavf_ipsec_crypto.c
> > index 6ac1b213db..f13849ca1c 100644
> > --- a/drivers/net/iavf/iavf_ipsec_crypto.c
> > +++ b/drivers/net/iavf/iavf_ipsec_crypto.c
> > @@ -1555,6 +1555,7 @@ iavf_security_ctx_destroy(struct iavf_adapter
> > *adapter)
> >
> >  	iavf_sctx = NULL;
> >  	sctx = NULL;
> 
> The above two lines can be removed, since it is local var.

Agree, I will remove them.

> 
> > +	adapter->vf.eth_dev->security_ctx = NULL;
> 
> Also, adapter->security_ctx = NULL ?

OK, I will fix it in next version.

> 
> >
> >  	return 0;
> >  }
> > --
> > 2.27.0

diff mbox series

Patch

diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c b/drivers/net/iavf/iavf_ipsec_crypto.c
index 6ac1b213db..f13849ca1c 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.c
+++ b/drivers/net/iavf/iavf_ipsec_crypto.c
@@ -1555,6 +1555,7 @@  iavf_security_ctx_destroy(struct iavf_adapter *adapter)
 
 	iavf_sctx = NULL;
 	sctx = NULL;
+	adapter->vf.eth_dev->security_ctx = NULL;
 
 	return 0;
 }