crypto: add barrier in crypto key add

Originally the pool of keys can be expand and cache with pointer for
key can be invalid.
For example in Wireguard during handshake process this pool can be
expand and pointer for these keys in cache can be invalid for workers
or can has incorrect value (poison memory).

The fixes add barrier if the pool needs be to expand to ensure that
cache in function will be valid and avoid situation when cache has
invalid pointer for these keys.

Type: fix

Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ida8f300213dfebb91ecaf1937fb08de81c20ba7b

diff --git a/src/vnet/crypto/crypto.c b/src/vnet/crypto/crypto.c
index 3b1505a..7903f88 100644 (file)
--- a/src/vnet/crypto/crypto.c
+++ b/src/vnet/crypto/crypto.c
@@ -365,10 +365,22 @@ vnet_crypto_key_add (vlib_main_t * vm, vnet_crypto_alg_t alg, u8 * data,
   vnet_crypto_engine_t *engine;
   vnet_crypto_key_t *key;
 
+  u8 need_barrier_sync = 0;
+
   if (!vnet_crypto_key_len_check (alg, length))
     return ~0;
 
+  pool_get_aligned_will_expand (cm->keys, need_barrier_sync,
+                               CLIB_CACHE_LINE_BYTES);
+  /* If the cm->keys will expand, stop the parade. */
+  if (need_barrier_sync)
+    vlib_worker_thread_barrier_sync (vm);
+
   pool_get_zero (cm->keys, key);
+
+  if (need_barrier_sync)
+    vlib_worker_thread_barrier_release (vm);
+
   index = key - cm->keys;
   key->type = VNET_CRYPTO_KEY_TYPE_DATA;
   key->alg = alg;