[3/3] net/iavf: set pointer to NULL after free
Checks
Commit Message
When iavf_security_ctx_destroy() is cleaning up, it does not correctly
set the security_ctx variable to NULL, which will lead to wild pointer.
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
---
drivers/net/iavf/iavf_ipsec_crypto.c | 1 +
1 file changed, 1 insertion(+)
Comments
> -----Original Message-----
> From: Yunjian Wang <wangyunjian@huawei.com>
> Sent: Tuesday, February 15, 2022 18:25
> To: dev@dpdk.org
> Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Wu, Jingjing <jingjing.wu@intel.com>; Xing, Beilei
> <beilei.xing@intel.com>; Wang, Haiyue <haiyue.wang@intel.com>; jiawenwu@trustnetic.com;
> jianwang@trustnetic.com; dingxiaoxiong@huawei.com; huangshaozhang@huawei.com; Yunjian Wang
> <wangyunjian@huawei.com>; stable@dpdk.org
> Subject: [dpdk-dev] [PATCH 3/3] net/iavf: set pointer to NULL after free
>
> When iavf_security_ctx_destroy() is cleaning up, it does not correctly
> set the security_ctx variable to NULL, which will lead to wild pointer.
>
> Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
> Cc: stable@dpdk.org
>
> Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
> ---
> drivers/net/iavf/iavf_ipsec_crypto.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c b/drivers/net/iavf/iavf_ipsec_crypto.c
> index 6ac1b213db..f13849ca1c 100644
> --- a/drivers/net/iavf/iavf_ipsec_crypto.c
> +++ b/drivers/net/iavf/iavf_ipsec_crypto.c
> @@ -1555,6 +1555,7 @@ iavf_security_ctx_destroy(struct iavf_adapter *adapter)
>
> iavf_sctx = NULL;
> sctx = NULL;
The above two lines can be removed, since it is local var.
> + adapter->vf.eth_dev->security_ctx = NULL;
Also, adapter->security_ctx = NULL ?
>
> return 0;
> }
> --
> 2.27.0
> -----Original Message-----
> From: Wang, Haiyue [mailto:haiyue.wang@intel.com]
> Sent: Tuesday, February 15, 2022 8:02 PM
> To: wangyunjian <wangyunjian@huawei.com>; dev@dpdk.org
> Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Wu, Jingjing <jingjing.wu@intel.com>;
> Xing, Beilei <beilei.xing@intel.com>; jiawenwu@trustnetic.com;
> jianwang@trustnetic.com; dingxiaoxiong <dingxiaoxiong@huawei.com>;
> Huangshaozhang <huangshaozhang@huawei.com>; stable@dpdk.org
> Subject: RE: [dpdk-dev] [PATCH 3/3] net/iavf: set pointer to NULL after free
>
> > -----Original Message-----
> > From: Yunjian Wang <wangyunjian@huawei.com>
> > Sent: Tuesday, February 15, 2022 18:25
> > To: dev@dpdk.org
> > Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Wu, Jingjing
> > <jingjing.wu@intel.com>; Xing, Beilei <beilei.xing@intel.com>; Wang,
> > Haiyue <haiyue.wang@intel.com>; jiawenwu@trustnetic.com;
> > jianwang@trustnetic.com; dingxiaoxiong@huawei.com;
> > huangshaozhang@huawei.com; Yunjian Wang <wangyunjian@huawei.com>;
> > stable@dpdk.org
> > Subject: [dpdk-dev] [PATCH 3/3] net/iavf: set pointer to NULL after
> > free
> >
> > When iavf_security_ctx_destroy() is cleaning up, it does not correctly
> > set the security_ctx variable to NULL, which will lead to wild pointer.
> >
> > Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
> > ---
> > drivers/net/iavf/iavf_ipsec_crypto.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c
> > b/drivers/net/iavf/iavf_ipsec_crypto.c
> > index 6ac1b213db..f13849ca1c 100644
> > --- a/drivers/net/iavf/iavf_ipsec_crypto.c
> > +++ b/drivers/net/iavf/iavf_ipsec_crypto.c
> > @@ -1555,6 +1555,7 @@ iavf_security_ctx_destroy(struct iavf_adapter
> > *adapter)
> >
> > iavf_sctx = NULL;
> > sctx = NULL;
>
> The above two lines can be removed, since it is local var.
Agree, I will remove them.
>
> > + adapter->vf.eth_dev->security_ctx = NULL;
>
> Also, adapter->security_ctx = NULL ?
OK, I will fix it in next version.
>
> >
> > return 0;
> > }
> > --
> > 2.27.0
@@ -1555,6 +1555,7 @@ iavf_security_ctx_destroy(struct iavf_adapter *adapter)
iavf_sctx = NULL;
sctx = NULL;
+ adapter->vf.eth_dev->security_ctx = NULL;
return 0;
}