[PATCH] cryptodev: fix memory corruption in secondary process

public inbox for dev@dpdk.org
 help / color / mirror / Atom feed

* [PATCH] cryptodev: fix memory corruption in secondary process
@ 2026-02-26 13:57 Piotr Krzewinski
  2026-02-26 14:53 ` Burakov, Anatoly
  0 siblings, 1 reply; 4+ messages in thread
From: Piotr Krzewinski @ 2026-02-26 13:57 UTC (permalink / raw)
  To: Akhil Goyal, Fan Zhang, Anatoly Burakov; +Cc: dev, Piotr Krzewinski

When secondary process runs with --no-pci, it skips hardware device
probing, causing different cryptodev dev_id assignments than in primary.
Since memzone lookup is based on dev_id, it leads to secondary
attaching to wrong memzone and corrupting primary's device
data structures.

Fix by making secondary process search for devices by name in existing
memzones instead of using local dev_id allocation.

Signed-off-by: Piotr Krzewinski <piotr.krzewinski@ericsson.com>
---
 lib/cryptodev/rte_cryptodev.c | 37 +++++++++++++++++++++++++++++++----
 1 file changed, 33 insertions(+), 4 deletions(-)

diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 7bddb154c2..50071935c2 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -1177,6 +1177,27 @@ rte_cryptodev_find_free_device_index(void)
 	return RTE_CRYPTO_MAX_DEVS;
 }
 
+static uint8_t
+rte_cryptodev_find_device_by_name(const char *name)
+{
+	char mz_name[RTE_MEMZONE_NAMESIZE];
+	const struct rte_memzone *mz;
+	struct rte_cryptodev_data *data;
+	uint8_t dev_id;
+
+	for (dev_id = 0; dev_id < RTE_CRYPTO_MAX_DEVS; dev_id++) {
+		snprintf(mz_name, sizeof(mz_name), "rte_cryptodev_data_%u", dev_id);
+		mz = rte_memzone_lookup(mz_name);
+		if (mz == NULL)
+			continue;
+
+		data = mz->addr;
+		if (strncmp(data->name, name, RTE_CRYPTODEV_NAME_MAX_LEN) == 0)
+			return dev_id;
+	}
+	return RTE_CRYPTO_MAX_DEVS;
+}
+
 RTE_EXPORT_INTERNAL_SYMBOL(rte_cryptodev_pmd_allocate)
 struct rte_cryptodev *
 rte_cryptodev_pmd_allocate(const char *name, int socket_id)
@@ -1190,10 +1211,18 @@ rte_cryptodev_pmd_allocate(const char *name, int socket_id)
 		return NULL;
 	}
 
-	dev_id = rte_cryptodev_find_free_device_index();
-	if (dev_id == RTE_CRYPTO_MAX_DEVS) {
-		CDEV_LOG_ERR("Reached maximum number of crypto devices");
-		return NULL;
+	if (rte_eal_process_type() == RTE_PROC_SECONDARY) {
+		dev_id = rte_cryptodev_find_device_by_name(name);
+		if (dev_id == RTE_CRYPTO_MAX_DEVS) {
+			CDEV_LOG_ERR("Device %s does not exist in primary process", name);
+			return NULL;
+		}
+	} else {
+		dev_id = rte_cryptodev_find_free_device_index();
+		if (dev_id == RTE_CRYPTO_MAX_DEVS) {
+			CDEV_LOG_ERR("Reached maximum number of crypto devices");
+			return NULL;
+		}
 	}
 
 	cryptodev = rte_cryptodev_pmd_get_dev(dev_id);
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] cryptodev: fix memory corruption in secondary process
  2026-02-26 13:57 [PATCH] cryptodev: fix memory corruption in secondary process Piotr Krzewinski
@ 2026-02-26 14:53 ` Burakov, Anatoly
  2026-02-27  7:54   ` Piotr Krzewinski
  0 siblings, 1 reply; 4+ messages in thread
From: Burakov, Anatoly @ 2026-02-26 14:53 UTC (permalink / raw)
  To: Piotr Krzewinski, Akhil Goyal, Fan Zhang; +Cc: dev

On 2/26/2026 2:57 PM, Piotr Krzewinski wrote:
> When secondary process runs with --no-pci, it skips hardware device
> probing, causing different cryptodev dev_id assignments than in primary.
> Since memzone lookup is based on dev_id, it leads to secondary
> attaching to wrong memzone and corrupting primary's device
> data structures.

This probably would be the case even if you didn't use `--no-pci` but 
instead were using block-lists/allow-lists to only probe different 
devices in secondary processes? Maybe the problem is more general than that.

> 
> Fix by making secondary process search for devices by name in existing
> memzones instead of using local dev_id allocation.
> 
> Signed-off-by: Piotr Krzewinski <piotr.krzewinski@ericsson.com>
> ---
>   lib/cryptodev/rte_cryptodev.c | 37 +++++++++++++++++++++++++++++++----
>   1 file changed, 33 insertions(+), 4 deletions(-)
> 
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
> index 7bddb154c2..50071935c2 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -1177,6 +1177,27 @@ rte_cryptodev_find_free_device_index(void)
>   	return RTE_CRYPTO_MAX_DEVS;
>   }
>   
> +static uint8_t
> +rte_cryptodev_find_device_by_name(const char *name)
> +{
> +	char mz_name[RTE_MEMZONE_NAMESIZE];
> +	const struct rte_memzone *mz;
> +	struct rte_cryptodev_data *data;
> +	uint8_t dev_id;
> +
> +	for (dev_id = 0; dev_id < RTE_CRYPTO_MAX_DEVS; dev_id++) {
> +		snprintf(mz_name, sizeof(mz_name), "rte_cryptodev_data_%u", dev_id);
> +		mz = rte_memzone_lookup(mz_name);
> +		if (mz == NULL)
> +			continue;
> +
> +		data = mz->addr;
> +		if (strncmp(data->name, name, RTE_CRYPTODEV_NAME_MAX_LEN) == 0)
> +			return dev_id;
> +	}
> +	return RTE_CRYPTO_MAX_DEVS;
> +}

Nitpicking, but why not return `int` and -1? Returning 
RTE_CRYPTO_MAX_DEVS seems like an odd choice here. You can always cast 
the valid value to uint8_t at the caller.

That said,

Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>

> +
>   RTE_EXPORT_INTERNAL_SYMBOL(rte_cryptodev_pmd_allocate)
>   struct rte_cryptodev *
>   rte_cryptodev_pmd_allocate(const char *name, int socket_id)
> @@ -1190,10 +1211,18 @@ rte_cryptodev_pmd_allocate(const char *name, int socket_id)
>   		return NULL;
>   	}
>   
> -	dev_id = rte_cryptodev_find_free_device_index();
> -	if (dev_id == RTE_CRYPTO_MAX_DEVS) {
> -		CDEV_LOG_ERR("Reached maximum number of crypto devices");
> -		return NULL;
> +	if (rte_eal_process_type() == RTE_PROC_SECONDARY) {
> +		dev_id = rte_cryptodev_find_device_by_name(name);
> +		if (dev_id == RTE_CRYPTO_MAX_DEVS) {
> +			CDEV_LOG_ERR("Device %s does not exist in primary process", name);
> +			return NULL;
> +		}
> +	} else {
> +		dev_id = rte_cryptodev_find_free_device_index();
> +		if (dev_id == RTE_CRYPTO_MAX_DEVS) {
> +			CDEV_LOG_ERR("Reached maximum number of crypto devices");
> +			return NULL;
> +		}
>   	}
>   
>   	cryptodev = rte_cryptodev_pmd_get_dev(dev_id);


-- 
Thanks,
Anatoly

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] cryptodev: fix memory corruption in secondary process
  2026-02-26 14:53 ` Burakov, Anatoly
@ 2026-02-27  7:54   ` Piotr Krzewinski
  2026-03-10  5:54     ` [EXTERNAL] " Akhil Goyal
  0 siblings, 1 reply; 4+ messages in thread
From: Piotr Krzewinski @ 2026-02-27  7:54 UTC (permalink / raw)
  To: Burakov, Anatoly, Piotr Krzewinski, Akhil Goyal, Fan Zhang; +Cc: dev

On 2/26/2026 3:53 PM, Burakov, Anatoly wrote:
> On 2/26/2026 2:57 PM, Piotr Krzewinski wrote:
>> When secondary process runs with --no-pci, it skips hardware device
>> probing, causing different cryptodev dev_id assignments than in primary.
>> Since memzone lookup is based on dev_id, it leads to secondary
>> attaching to wrong memzone and corrupting primary's device
>> data structures.
> 
> This probably would be the case even if you didn't use `--no-pci` but instead were using block-lists/allow-lists to only probe different devices in secondary processes? Maybe the problem is more general than that.
> 
Most probably yes, I focused on --no-pci as it is where it hit me.
Current memzone naming scheme forces all applications to have same dev_id assignment so any changes in the list in secondary would be a problem.
Another solution could be to store the cryptodev data for all devices in single memzone, similar to ethdev "rte_eth_dev_data". But it seemed more complex and had other drawbacks.
>>
>> Fix by making secondary process search for devices by name in existing
>> memzones instead of using local dev_id allocation.
>>
>> Signed-off-by: Piotr Krzewinski <piotr.krzewinski@ericsson.com>
>> ---
>>   lib/cryptodev/rte_cryptodev.c | 37 +++++++++++++++++++++++++++++++----
>>   1 file changed, 33 insertions(+), 4 deletions(-)
>>
>> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
>> index 7bddb154c2..50071935c2 100644
>> --- a/lib/cryptodev/rte_cryptodev.c
>> +++ b/lib/cryptodev/rte_cryptodev.c
>> @@ -1177,6 +1177,27 @@ rte_cryptodev_find_free_device_index(void)
>>       return RTE_CRYPTO_MAX_DEVS;
>>   }
>>   +static uint8_t
>> +rte_cryptodev_find_device_by_name(const char *name)
>> +{
>> +    char mz_name[RTE_MEMZONE_NAMESIZE];
>> +    const struct rte_memzone *mz;
>> +    struct rte_cryptodev_data *data;
>> +    uint8_t dev_id;
>> +
>> +    for (dev_id = 0; dev_id < RTE_CRYPTO_MAX_DEVS; dev_id++) {
>> +        snprintf(mz_name, sizeof(mz_name), "rte_cryptodev_data_%u", dev_id);
>> +        mz = rte_memzone_lookup(mz_name);
>> +        if (mz == NULL)
>> +            continue;
>> +
>> +        data = mz->addr;
>> +        if (strncmp(data->name, name, RTE_CRYPTODEV_NAME_MAX_LEN) == 0)
>> +            return dev_id;
>> +    }
>> +    return RTE_CRYPTO_MAX_DEVS;
>> +}
> 
> Nitpicking, but why not return `int` and -1? Returning RTE_CRYPTO_MAX_DEVS seems like an odd choice here. You can always cast the valid value to uint8_t at the caller.
Aligned with rte_cryptodev_get_dev_id and rte_cryptodev_find_device_by_name.
Both are returning RTE_CRYPTO_MAX_DEVS when the device or free index is not found (though the first one also has -1 as an error condition in some cases).
> 
> That said,
> 
> Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
> 
Thanks for quick review!
Best Regards,
Piotr
>> +
>>   RTE_EXPORT_INTERNAL_SYMBOL(rte_cryptodev_pmd_allocate)
>>   struct rte_cryptodev *
>>   rte_cryptodev_pmd_allocate(const char *name, int socket_id)
>> @@ -1190,10 +1211,18 @@ rte_cryptodev_pmd_allocate(const char *name, int socket_id)
>>           return NULL;
>>       }
>>   -    dev_id = rte_cryptodev_find_free_device_index();
>> -    if (dev_id == RTE_CRYPTO_MAX_DEVS) {
>> -        CDEV_LOG_ERR("Reached maximum number of crypto devices");
>> -        return NULL;
>> +    if (rte_eal_process_type() == RTE_PROC_SECONDARY) {
>> +        dev_id = rte_cryptodev_find_device_by_name(name);
>> +        if (dev_id == RTE_CRYPTO_MAX_DEVS) {
>> +            CDEV_LOG_ERR("Device %s does not exist in primary process", name);
>> +            return NULL;
>> +        }
>> +    } else {
>> +        dev_id = rte_cryptodev_find_free_device_index();
>> +        if (dev_id == RTE_CRYPTO_MAX_DEVS) {
>> +            CDEV_LOG_ERR("Reached maximum number of crypto devices");
>> +            return NULL;
>> +        }
>>       }
>>         cryptodev = rte_cryptodev_pmd_get_dev(dev_id);
> 
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread

* RE: [EXTERNAL] Re: [PATCH] cryptodev: fix memory corruption in secondary process
  2026-02-27  7:54   ` Piotr Krzewinski
@ 2026-03-10  5:54     ` Akhil Goyal
  0 siblings, 0 replies; 4+ messages in thread
From: Akhil Goyal @ 2026-03-10  5:54 UTC (permalink / raw)
  To: Piotr Krzewinski, Burakov, Anatoly, Piotr Krzewinski, Fan Zhang
  Cc: dev@dpdk.org, dpdk stable

> On 2/26/2026 3:53 PM, Burakov, Anatoly wrote:
> > On 2/26/2026 2:57 PM, Piotr Krzewinski wrote:
> >> When secondary process runs with --no-pci, it skips hardware device
> >> probing, causing different cryptodev dev_id assignments than in primary.
> >> Since memzone lookup is based on dev_id, it leads to secondary
> >> attaching to wrong memzone and corrupting primary's device
> >> data structures.
> >
> > This probably would be the case even if you didn't use `--no-pci` but instead
> were using block-lists/allow-lists to only probe different devices in secondary
> processes? Maybe the problem is more general than that.
> >
> Most probably yes, I focused on --no-pci as it is where it hit me.
> Current memzone naming scheme forces all applications to have same dev_id
> assignment so any changes in the list in secondary would be a problem.
> Another solution could be to store the cryptodev data for all devices in single
> memzone, similar to ethdev "rte_eth_dev_data". But it seemed more complex
> and had other drawbacks.
> >>
> >> Fix by making secondary process search for devices by name in existing
> >> memzones instead of using local dev_id allocation.
> >>
> >> Signed-off-by: Piotr Krzewinski <piotr.krzewinski@ericsson.com>
> >> ---
> >>   lib/cryptodev/rte_cryptodev.c | 37 +++++++++++++++++++++++++++++++----
> >>   1 file changed, 33 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
> >> index 7bddb154c2..50071935c2 100644
> >> --- a/lib/cryptodev/rte_cryptodev.c
> >> +++ b/lib/cryptodev/rte_cryptodev.c
> >> @@ -1177,6 +1177,27 @@ rte_cryptodev_find_free_device_index(void)
> >>       return RTE_CRYPTO_MAX_DEVS;
> >>   }
> >>   +static uint8_t
> >> +rte_cryptodev_find_device_by_name(const char *name)
> >> +{
> >> +    char mz_name[RTE_MEMZONE_NAMESIZE];
> >> +    const struct rte_memzone *mz;
> >> +    struct rte_cryptodev_data *data;
> >> +    uint8_t dev_id;
> >> +
> >> +    for (dev_id = 0; dev_id < RTE_CRYPTO_MAX_DEVS; dev_id++) {
> >> +        snprintf(mz_name, sizeof(mz_name), "rte_cryptodev_data_%u", dev_id);
> >> +        mz = rte_memzone_lookup(mz_name);
> >> +        if (mz == NULL)
> >> +            continue;
> >> +
> >> +        data = mz->addr;
> >> +        if (strncmp(data->name, name, RTE_CRYPTODEV_NAME_MAX_LEN) ==
> 0)
> >> +            return dev_id;
> >> +    }
> >> +    return RTE_CRYPTO_MAX_DEVS;
> >> +}
> >
> > Nitpicking, but why not return `int` and -1? Returning RTE_CRYPTO_MAX_DEVS
> seems like an odd choice here. You can always cast the valid value to uint8_t at
> the caller.
> Aligned with rte_cryptodev_get_dev_id and
> rte_cryptodev_find_device_by_name.
> Both are returning RTE_CRYPTO_MAX_DEVS when the device or free index is not
> found (though the first one also has -1 as an error condition in some cases).
> >
> > That said,
> >
> > Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
Applied to dpdk-next-crypto
Thanks.
    Fixes: d11b0f30df88 ("cryptodev: introduce API and framework for crypto devices")
    Cc: stable@dpdk.org

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-03-10  5:54 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-26 13:57 [PATCH] cryptodev: fix memory corruption in secondary process Piotr Krzewinski
2026-02-26 14:53 ` Burakov, Anatoly
2026-02-27  7:54   ` Piotr Krzewinski
2026-03-10  5:54     ` [EXTERNAL] " Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox