From c12d48f4e61cabe4352b2ab3e23618cabb7fae06 Mon Sep 17 00:00:00 2001 From: Gabriel Oginski Date: Tue, 26 Oct 2021 07:43:33 +0100 Subject: crypto: add barrier in crypto key add Originally the pool of keys can be expand and cache with pointer for key can be invalid. For example in Wireguard during handshake process this pool can be expand and pointer for these keys in cache can be invalid for workers or can has incorrect value (poison memory). The fixes add barrier if the pool needs be to expand to ensure that cache in function will be valid and avoid situation when cache has invalid pointer for these keys. Type: fix Signed-off-by: Gabriel Oginski Change-Id: Ida8f300213dfebb91ecaf1937fb08de81c20ba7b --- src/vnet/crypto/crypto.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'src/vnet/crypto') diff --git a/src/vnet/crypto/crypto.c b/src/vnet/crypto/crypto.c index 3b1505ad448..7903f88b7cb 100644 --- a/src/vnet/crypto/crypto.c +++ b/src/vnet/crypto/crypto.c @@ -365,10 +365,22 @@ vnet_crypto_key_add (vlib_main_t * vm, vnet_crypto_alg_t alg, u8 * data, vnet_crypto_engine_t *engine; vnet_crypto_key_t *key; + u8 need_barrier_sync = 0; + if (!vnet_crypto_key_len_check (alg, length)) return ~0; + pool_get_aligned_will_expand (cm->keys, need_barrier_sync, + CLIB_CACHE_LINE_BYTES); + /* If the cm->keys will expand, stop the parade. */ + if (need_barrier_sync) + vlib_worker_thread_barrier_sync (vm); + pool_get_zero (cm->keys, key); + + if (need_barrier_sync) + vlib_worker_thread_barrier_release (vm); + index = key - cm->keys; key->type = VNET_CRYPTO_KEY_TYPE_DATA; key->alg = alg; -- cgit 1.2.3-korg