Hi Thierry,
On 5/24/21 11:08 AM, Thierry Herbelot wrote:
> Use vc_req only after it was checked not to be NULL.
>
> Fixes: 2d962bb736521 ("vhost/crypto: fix possible TOCTOU attack")
> Cc: sta...@dpdk.org
> Cc: Maxime Coquelin <maxime.coque...@redhat.com>
> Cc: Chenbo Xia <chenbo....@intel.com>
>
> Signed-off-by: Thierry Herbelot <thierry.herbe...@6wind.com>
> --
> V2: fix copy/paste typo
> ---
> lib/vhost/vhost_crypto.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/lib/vhost/vhost_crypto.c b/lib/vhost/vhost_crypto.c
> index 6689c52df239..926b5c0bd94a 100644
> --- a/lib/vhost/vhost_crypto.c
> +++ b/lib/vhost/vhost_crypto.c
> @@ -1337,13 +1337,15 @@ vhost_crypto_finalize_one_request(struct
> rte_crypto_op *op,
> struct rte_mbuf *m_src = op->sym->m_src;
> struct rte_mbuf *m_dst = op->sym->m_dst;
> struct vhost_crypto_data_req *vc_req = rte_mbuf_to_priv(m_src);
> - struct vhost_virtqueue *vq = vc_req->vq;
> - uint16_t used_idx = vc_req->desc_idx, desc_idx;
> + struct vhost_virtqueue *vq;
> + uint16_t used_idx, desc_idx;
>
> if (unlikely(!vc_req)) {
> VC_LOG_ERR("Failed to retrieve vc_req");
> return NULL;
> }
> + vq = vc_req->vq;
> + used_idx = vc_req->desc_idx;
>
> if (old_vq && (vq != old_vq))
> return vq;
>
Reviewed-by: Maxime Coquelin <maxime.coque...@redhat.com>
Thanks,
Maxime
