From: Gabriel Oginski Date: Tue, 26 Oct 2021 06:43:33 +0000 (+0100) Subject: crypto: add barrier in crypto key add X-Git-Tag: v22.06-rc0~358 X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;h=c12d48f4e61cabe4352b2ab3e23618cabb7fae06;p=vpp.git crypto: add barrier in crypto key add Originally the pool of keys can be expand and cache with pointer for key can be invalid. For example in Wireguard during handshake process this pool can be expand and pointer for these keys in cache can be invalid for workers or can has incorrect value (poison memory). The fixes add barrier if the pool needs be to expand to ensure that cache in function will be valid and avoid situation when cache has invalid pointer for these keys. Type: fix Signed-off-by: Gabriel Oginski Change-Id: Ida8f300213dfebb91ecaf1937fb08de81c20ba7b --- diff --git a/src/vnet/crypto/crypto.c b/src/vnet/crypto/crypto.c index 3b1505ad448..7903f88b7cb 100644 --- a/src/vnet/crypto/crypto.c +++ b/src/vnet/crypto/crypto.c @@ -365,10 +365,22 @@ vnet_crypto_key_add (vlib_main_t * vm, vnet_crypto_alg_t alg, u8 * data, vnet_crypto_engine_t *engine; vnet_crypto_key_t *key; + u8 need_barrier_sync = 0; + if (!vnet_crypto_key_len_check (alg, length)) return ~0; + pool_get_aligned_will_expand (cm->keys, need_barrier_sync, + CLIB_CACHE_LINE_BYTES); + /* If the cm->keys will expand, stop the parade. */ + if (need_barrier_sync) + vlib_worker_thread_barrier_sync (vm); + pool_get_zero (cm->keys, key); + + if (need_barrier_sync) + vlib_worker_thread_barrier_release (vm); + index = key - cm->keys; key->type = VNET_CRYPTO_KEY_TYPE_DATA; key->alg = alg;