summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorGabriel Oginski <gabrielx.oginski@intel.com>2021-10-26 07:43:33 +0100
committerDamjan Marion <dmarion@me.com>2021-10-26 16:30:50 +0000
commitc12d48f4e61cabe4352b2ab3e23618cabb7fae06 (patch)
treec167992bafe384a6e79638c69ee483ae96988840 /src
parentdec79ecf39c95054f3c7fbbf6019a032410a0231 (diff)
crypto: add barrier in crypto key add
Originally the pool of keys can be expand and cache with pointer for key can be invalid. For example in Wireguard during handshake process this pool can be expand and pointer for these keys in cache can be invalid for workers or can has incorrect value (poison memory). The fixes add barrier if the pool needs be to expand to ensure that cache in function will be valid and avoid situation when cache has invalid pointer for these keys. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Ida8f300213dfebb91ecaf1937fb08de81c20ba7b
Diffstat (limited to 'src')
-rw-r--r--src/vnet/crypto/crypto.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/vnet/crypto/crypto.c b/src/vnet/crypto/crypto.c
index 3b1505ad448..7903f88b7cb 100644
--- a/src/vnet/crypto/crypto.c
+++ b/src/vnet/crypto/crypto.c
@@ -365,10 +365,22 @@ vnet_crypto_key_add (vlib_main_t * vm, vnet_crypto_alg_t alg, u8 * data,
vnet_crypto_engine_t *engine;
vnet_crypto_key_t *key;
+ u8 need_barrier_sync = 0;
+
if (!vnet_crypto_key_len_check (alg, length))
return ~0;
+ pool_get_aligned_will_expand (cm->keys, need_barrier_sync,
+ CLIB_CACHE_LINE_BYTES);
+ /* If the cm->keys will expand, stop the parade. */
+ if (need_barrier_sync)
+ vlib_worker_thread_barrier_sync (vm);
+
pool_get_zero (cm->keys, key);
+
+ if (need_barrier_sync)
+ vlib_worker_thread_barrier_release (vm);
+
index = key - cm->keys;
key->type = VNET_CRYPTO_KEY_TYPE_DATA;
key->alg = alg;