DPDK patches and discussions
 help / color / mirror / Atom feed
* [PATCH 1/2] crypto/ionic: fix buffer overrun when writing session
@ 2024-07-01 15:22 Andrew Boyer
  2024-07-01 15:22 ` [PATCH 2/2] crypto/ionic: fix sign extension in queue allocation Andrew Boyer
  2024-07-03 17:30 ` [EXTERNAL] [PATCH 1/2] crypto/ionic: fix buffer overrun when writing session Akhil Goyal
  0 siblings, 2 replies; 3+ messages in thread
From: Andrew Boyer @ 2024-07-01 15:22 UTC (permalink / raw)
  To: dev; +Cc: Andrew Boyer

Coverity pointed out that, if the final segment of the session key being
written is not a full segment, the loop could potentially read past the
end of the source buffer. Use RTE_MIN() to make sure to only copy as much
of the key as is left.

Coverity issue: 426432
Fixes: 6bc7f2cf6687 ("crypto/ionic: support sessions")

Signed-off-by: Andrew Boyer <andrew.boyer@amd.com>
---
 drivers/crypto/ionic/ionic_crypto_main.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/ionic/ionic_crypto_main.c b/drivers/crypto/ionic/ionic_crypto_main.c
index d4810e3617..9960dc3a6d 100644
--- a/drivers/crypto/ionic/ionic_crypto_main.c
+++ b/drivers/crypto/ionic/ionic_crypto_main.c
@@ -193,7 +193,7 @@ iocpt_session_write(struct iocpt_session_priv *priv,
 	};
 	struct iocpt_sess_control_cmd *cmd = &ctx.cmd.sess_control;
 	uint16_t key_offset;
-	uint8_t key_segs, seg;
+	uint8_t key_segs, seg, seg_len;
 	int err;
 
 	key_segs = ((priv->key_len - 1) >> IOCPT_SESS_KEY_SEG_SHFT) + 1;
@@ -202,8 +202,9 @@ iocpt_session_write(struct iocpt_session_priv *priv,
 		ctx.pending_work = true;
 
 		key_offset = seg * cmd->key_seg_len;
-		memcpy(cmd->key, &priv->key[key_offset],
-			IOCPT_SESS_KEY_SEG_LEN);
+		seg_len = (uint8_t)RTE_MIN(priv->key_len - key_offset,
+					IOCPT_SESS_KEY_SEG_LEN);
+		memcpy(cmd->key, &priv->key[key_offset], seg_len);
 		cmd->key_seg_idx = seg;
 
 		/* Mark final segment */
-- 
2.17.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH 2/2] crypto/ionic: fix sign extension in queue allocation
  2024-07-01 15:22 [PATCH 1/2] crypto/ionic: fix buffer overrun when writing session Andrew Boyer
@ 2024-07-01 15:22 ` Andrew Boyer
  2024-07-03 17:30 ` [EXTERNAL] [PATCH 1/2] crypto/ionic: fix buffer overrun when writing session Akhil Goyal
  1 sibling, 0 replies; 3+ messages in thread
From: Andrew Boyer @ 2024-07-01 15:22 UTC (permalink / raw)
  To: dev; +Cc: Andrew Boyer

(uint16_t * uint16_t) promoted to uint64_t has a sign extension
problem reported by Coverity. Cast one arg to uint64_t first
to eliminate the sign extension.

Coverity issue: 426422
Coverity issue: 426427
Fixes: 2c1662bb53ca ("crypto/ionic: add adminq command")

Signed-off-by: Andrew Boyer <andrew.boyer@amd.com>
---
 drivers/crypto/ionic/ionic_crypto_main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/ionic/ionic_crypto_main.c b/drivers/crypto/ionic/ionic_crypto_main.c
index 9960dc3a6d..f670d6e658 100644
--- a/drivers/crypto/ionic/ionic_crypto_main.c
+++ b/drivers/crypto/ionic/ionic_crypto_main.c
@@ -88,7 +88,7 @@ iocpt_q_init(struct iocpt_queue *q, uint8_t type, uint32_t index,
 	q->tail_idx = 0;
 
 	q->info = rte_calloc_socket("iocpt",
-				num_descs * num_segs, sizeof(void *),
+				(uint64_t)num_descs * num_segs, sizeof(void *),
 				rte_mem_page_size(), socket_id);
 	if (q->info == NULL) {
 		IOCPT_PRINT(ERR, "Cannot allocate queue info");
-- 
2.17.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* RE: [EXTERNAL] [PATCH 1/2] crypto/ionic: fix buffer overrun when writing session
  2024-07-01 15:22 [PATCH 1/2] crypto/ionic: fix buffer overrun when writing session Andrew Boyer
  2024-07-01 15:22 ` [PATCH 2/2] crypto/ionic: fix sign extension in queue allocation Andrew Boyer
@ 2024-07-03 17:30 ` Akhil Goyal
  1 sibling, 0 replies; 3+ messages in thread
From: Akhil Goyal @ 2024-07-03 17:30 UTC (permalink / raw)
  To: Andrew Boyer, dev

> Coverity pointed out that, if the final segment of the session key being
> written is not a full segment, the loop could potentially read past the
> end of the source buffer. Use RTE_MIN() to make sure to only copy as much
> of the key as is left.
> 
> Coverity issue: 426432
> Fixes: 6bc7f2cf6687 ("crypto/ionic: support sessions")
> 
> Signed-off-by: Andrew Boyer <andrew.boyer@amd.com>
Series applied to dpdk-next-crypto
Thanks.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-07-03 17:30 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-07-01 15:22 [PATCH 1/2] crypto/ionic: fix buffer overrun when writing session Andrew Boyer
2024-07-01 15:22 ` [PATCH 2/2] crypto/ionic: fix sign extension in queue allocation Andrew Boyer
2024-07-03 17:30 ` [EXTERNAL] [PATCH 1/2] crypto/ionic: fix buffer overrun when writing session Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).