diff options
author | Gabriel Oginski <gabrielx.oginski@intel.com> | 2021-10-26 07:43:33 +0100 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2021-10-26 16:30:50 +0000 |
commit | c12d48f4e61cabe4352b2ab3e23618cabb7fae06 (patch) | |
tree | c167992bafe384a6e79638c69ee483ae96988840 /src | |
parent | dec79ecf39c95054f3c7fbbf6019a032410a0231 (diff) |
crypto: add barrier in crypto key add
Originally the pool of keys can be expand and cache with pointer for
key can be invalid.
For example in Wireguard during handshake process this pool can be
expand and pointer for these keys in cache can be invalid for workers
or can has incorrect value (poison memory).
The fixes add barrier if the pool needs be to expand to ensure that
cache in function will be valid and avoid situation when cache has
invalid pointer for these keys.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ida8f300213dfebb91ecaf1937fb08de81c20ba7b
Diffstat (limited to 'src')
-rw-r--r-- | src/vnet/crypto/crypto.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/vnet/crypto/crypto.c b/src/vnet/crypto/crypto.c index 3b1505ad448..7903f88b7cb 100644 --- a/src/vnet/crypto/crypto.c +++ b/src/vnet/crypto/crypto.c @@ -365,10 +365,22 @@ vnet_crypto_key_add (vlib_main_t * vm, vnet_crypto_alg_t alg, u8 * data, vnet_crypto_engine_t *engine; vnet_crypto_key_t *key; + u8 need_barrier_sync = 0; + if (!vnet_crypto_key_len_check (alg, length)) return ~0; + pool_get_aligned_will_expand (cm->keys, need_barrier_sync, + CLIB_CACHE_LINE_BYTES); + /* If the cm->keys will expand, stop the parade. */ + if (need_barrier_sync) + vlib_worker_thread_barrier_sync (vm); + pool_get_zero (cm->keys, key); + + if (need_barrier_sync) + vlib_worker_thread_barrier_release (vm); + index = key - cm->keys; key->type = VNET_CRYPTO_KEY_TYPE_DATA; key->alg = alg; |