[PATCH] examples/ipsec-secgw: fix partial overflow

DPDK patches and discussions
 help / color / mirror / Atom feed

* [PATCH] examples/ipsec-secgw: fix partial overflow
@ 2023-11-15 12:31 Brian Dooley
  2023-11-15 16:24 ` Power, Ciara
  0 siblings, 1 reply; 4+ messages in thread
From: Brian Dooley @ 2023-11-15 12:31 UTC (permalink / raw)
  To: dev
  Cc: Brian Dooley, sergio.gonzalez.monroy, stable, Radu Nicolau, Akhil Goyal

Case of partial overflow detected with ASan. Added extra padding
to cdev_key structure.

This structure is used for the key in hash table.
Padding is added to force the struct to use 8 bytes,
to ensure memory is notread past this structs boundary
(the hash key calculation reads 8 bytes if this struct is size 5 bytes).
The padding should be zeroed.
If fields are modified in this struct, the padding must be updated to
ensure multiple of 8 bytes size overall.

Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Cc: sergio.gonzalez.monroy@intel.com
Cc: stable@dpdk.org

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
 examples/ipsec-secgw/ipsec.h | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 5059418456..10e7fc179b 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -249,11 +249,21 @@ struct offloads {
 
 extern struct offloads tx_offloads;
 
+/*
+ * This structure is used for the key in hash table.
+ * Padding is added to force the struct to use 8 bytes,
+ * to ensure memory is notread past this structs boundary
+ * (the hash key calculation reads 8 bytes if this struct is size 5 bytes).
+ * The padding should be zeroed.
+ * If fields are modified in this struct, the padding must be updated to
+ * ensure multiple of 8 bytes size overall.
+ */
 struct cdev_key {
 	uint16_t lcore_id;
 	uint8_t cipher_algo;
 	uint8_t auth_algo;
 	uint8_t aead_algo;
+	uint8_t padding[3];
 };
 
 struct socket_ctx {
-- 
2.25.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* RE: [PATCH] examples/ipsec-secgw: fix partial overflow
  2023-11-15 12:31 [PATCH] examples/ipsec-secgw: fix partial overflow Brian Dooley
@ 2023-11-15 16:24 ` Power, Ciara
  2023-11-22 16:37   ` Thomas Monjalon
  0 siblings, 1 reply; 4+ messages in thread
From: Power, Ciara @ 2023-11-15 16:24 UTC (permalink / raw)
  To: Dooley, Brian, dev
  Cc: Dooley, Brian, sergio.gonzalez.monroy, stable, Nicolau, Radu,
	Akhil Goyal



> -----Original Message-----
> From: Brian Dooley <brian.dooley@intel.com>
> Sent: Wednesday, November 15, 2023 12:31 PM
> To: dev@dpdk.org
> Cc: Dooley, Brian <brian.dooley@intel.com>;
> sergio.gonzalez.monroy@intel.com; stable@dpdk.org; Nicolau, Radu
> <radu.nicolau@intel.com>; Akhil Goyal <gakhil@marvell.com>
> Subject: [PATCH] examples/ipsec-secgw: fix partial overflow
> 
> Case of partial overflow detected with ASan. Added extra padding to cdev_key
> structure.
> 
> This structure is used for the key in hash table.
> Padding is added to force the struct to use 8 bytes, to ensure memory is
> notread past this structs boundary (the hash key calculation reads 8 bytes if
> this struct is size 5 bytes).
> The padding should be zeroed.
> If fields are modified in this struct, the padding must be updated to ensure
> multiple of 8 bytes size overall.
> 
> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
> Cc: sergio.gonzalez.monroy@intel.com
> Cc: stable@dpdk.org
> 
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>

Acked-by: Ciara Power <ciara.power@intel.com>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] examples/ipsec-secgw: fix partial overflow
  2023-11-15 16:24 ` Power, Ciara
@ 2023-11-22 16:37   ` Thomas Monjalon
  2023-11-23 10:48     ` Dooley, Brian
  0 siblings, 1 reply; 4+ messages in thread
From: Thomas Monjalon @ 2023-11-22 16:37 UTC (permalink / raw)
  To: Dooley, Brian; +Cc: dev, stable, Nicolau, Radu, Akhil Goyal, Power, Ciara

> > Case of partial overflow detected with ASan. Added extra padding to cdev_key
> > structure.
> > 
> > This structure is used for the key in hash table.
> > Padding is added to force the struct to use 8 bytes, to ensure memory is
> > notread past this structs boundary (the hash key calculation reads 8 bytes if
> > this struct is size 5 bytes).
> > The padding should be zeroed.
> > If fields are modified in this struct, the padding must be updated to ensure
> > multiple of 8 bytes size overall.
> > 
> > Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
> > Cc: sergio.gonzalez.monroy@intel.com
> > Cc: stable@dpdk.org
> > 
> > Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> 
> Acked-by: Ciara Power <ciara.power@intel.com>

Applied and made the comment simpler with this:

  uint8_t padding[3]; /* padding to 8-byte size should be zeroed */




^ permalink raw reply	[flat|nested] 4+ messages in thread

* RE: [PATCH] examples/ipsec-secgw: fix partial overflow
  2023-11-22 16:37   ` Thomas Monjalon
@ 2023-11-23 10:48     ` Dooley, Brian
  0 siblings, 0 replies; 4+ messages in thread
From: Dooley, Brian @ 2023-11-23 10:48 UTC (permalink / raw)
  To: Thomas Monjalon; +Cc: dev, stable, Nicolau, Radu, Akhil Goyal, Power, Ciara

Thanks Thomas, makes sense.

> -----Original Message-----
> From: Thomas Monjalon <thomas@monjalon.net>
> Sent: Wednesday, November 22, 2023 4:38 PM
> To: Dooley, Brian <brian.dooley@intel.com>
> Cc: dev@dpdk.org; stable@dpdk.org; Nicolau, Radu
> <radu.nicolau@intel.com>; Akhil Goyal <gakhil@marvell.com>; Power, Ciara
> <ciara.power@intel.com>
> Subject: Re: [PATCH] examples/ipsec-secgw: fix partial overflow
> 
> > > Case of partial overflow detected with ASan. Added extra padding to
> > > cdev_key structure.
> > >
> > > This structure is used for the key in hash table.
> > > Padding is added to force the struct to use 8 bytes, to ensure
> > > memory is notread past this structs boundary (the hash key
> > > calculation reads 8 bytes if this struct is size 5 bytes).
> > > The padding should be zeroed.
> > > If fields are modified in this struct, the padding must be updated
> > > to ensure multiple of 8 bytes size overall.
> > >
> > > Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample
> > > application")
> > > Cc: sergio.gonzalez.monroy@intel.com
> > > Cc: stable@dpdk.org
> > >
> > > Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> >
> > Acked-by: Ciara Power <ciara.power@intel.com>
> 
> Applied and made the comment simpler with this:
> 
>   uint8_t padding[3]; /* padding to 8-byte size should be zeroed */
> 
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-11-23 10:48 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-11-15 12:31 [PATCH] examples/ipsec-secgw: fix partial overflow Brian Dooley
2023-11-15 16:24 ` Power, Ciara
2023-11-22 16:37   ` Thomas Monjalon
2023-11-23 10:48     ` Dooley, Brian

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).