From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E2F2842941; Fri, 14 Apr 2023 15:28:51 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id AC441410F6; Fri, 14 Apr 2023 15:28:51 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mails.dpdk.org (Postfix) with ESMTP id 27F7A410F6 for ; Fri, 14 Apr 2023 15:28:49 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1681478930; x=1713014930; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=lztAmb2v+M8xyb40X3PXQvbhasDQZVVYsUkY5NQQIuU=; b=cCyWz5lVv3QtM3ZjGrRHKIG6BAr0rCABvg3ooVwtTU6pMPzbG8fwZECa 5fWmWiNEB3dLPvngHYmud5CF9XjxuuY2toixIoOv0ZvgyJ8vMn/G1bq/A kGa1vsFgQDkJurksnRB7P6MCHZv68F285PmJRV0YO3YDQ+BpjYnNxqlDw LnD3xc2G6xX7utrID4d1Jbtt+zYFVyT5vbDRmj5aa+iCw0Mbio4hzYtGg XxQ+Y6XNVeEZIgJUimoZiWYK3PIbEY4ZvFY1XoF8ZlLg/bZCg4u/4R2YD bm1+8NWI30UbFwKT1UZDXPnhoepwGRlIMg6FWGQ0U/VrQ3K+0kPKikJDK A==; X-IronPort-AV: E=McAfee;i="6600,9927,10679"; a="409663850" X-IronPort-AV: E=Sophos;i="5.99,195,1677571200"; d="scan'208";a="409663850" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Apr 2023 06:28:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10679"; a="722443656" X-IronPort-AV: E=Sophos;i="5.99,195,1677571200"; d="scan'208";a="722443656" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orsmga001.jf.intel.com with ESMTP; 14 Apr 2023 06:28:49 -0700 Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Fri, 14 Apr 2023 06:28:48 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Fri, 14 Apr 2023 06:28:48 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.104) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Fri, 14 Apr 2023 06:28:48 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=evwtzf0sMQ68Rhh4zxpwtyCGT2EB9/VwGJfL0lsv02IrTWNndT0aBi7YhLkNdlbs8LY73urGX6DcGZgC7yugf0xcLN5RY/bqPWEIkZzp9Mdwxa/xeOU41C3w05By4WdDWLdcLXkITGFOZQm2mp72KtmJxDp1oZIbDxsSCqQ8thZBF8/nccRk/1qkg2V1Ih8kNR4AATrI1QQj2uwSe7MHTSTbdQLTa1/zbfsp/oVDq4Y19uWl3XuPGRrDB+Vj9jI/Y3iKrmGMxdg/NHiAR/8/aoxnol2bIvjGdacZsznU+bA1tfMcO+EPobFhaR4qdtuXAJAX1TTml3Ztkh9IsuMQbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SDvUozc+EXt75V6QyP286VqFxmV13inqNcvjuAgnSE4=; b=MeC3zoDMqjpxyq/bppiKJUkkVkkGNl/a3Z4c0UWa/D3jOcIikRRmyHLEEWJg0v0BgFeEjW9zZt2l1MW4nHj3J/4kYVz0z3/POiNhPsEflPV2ZzPUyvKvPcRsKAWGzoXBS4RsTZJtJ9Cl3bfsP/Q5zkubusJcMX71j9lqr6vuTQfdGYWeuwLUe6mQSJ3JG+aPQEOdGbfhUKfHbDWKPahnmLjHvv3VPtWPDACFM0nzzG8eGty4i2npXwNjUHx/lUsMobOs1KBywEYdAaTNQJWaUvOKszpEMgV5U1Q5aNTPtXFHnEIDLBLvot/5jQU0iKkgNsn/d/9+RC3RTgezqk2HUA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from SJ0PR11MB5056.namprd11.prod.outlook.com (2603:10b6:a03:2d5::6) by MN2PR11MB4629.namprd11.prod.outlook.com (2603:10b6:208:264::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6298.30; Fri, 14 Apr 2023 13:28:45 +0000 Received: from SJ0PR11MB5056.namprd11.prod.outlook.com ([fe80::e281:877:8b7e:b2b6]) by SJ0PR11MB5056.namprd11.prod.outlook.com ([fe80::e281:877:8b7e:b2b6%2]) with mapi id 15.20.6298.030; Fri, 14 Apr 2023 13:28:45 +0000 From: "Dooley, Brian" To: "Power, Ciara" , "Ji, Kai" CC: "dev@dpdk.org" , "Power, Ciara" , "stable@dpdk.org" Subject: RE: [PATCH] crypto/qat: fix stack buffer overflow in SGL loop Thread-Topic: [PATCH] crypto/qat: fix stack buffer overflow in SGL loop Thread-Index: AQHZbs0grM0354A+50ucbdf54HvvYa8qzEYg Date: Fri, 14 Apr 2023 13:28:45 +0000 Message-ID: References: <20230414123131.575412-1-ciara.power@intel.com> In-Reply-To: <20230414123131.575412-1-ciara.power@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SJ0PR11MB5056:EE_|MN2PR11MB4629:EE_ x-ms-office365-filtering-correlation-id: cbc8d95a-e11e-4700-f2ed-08db3cec2c3e x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: AVXuBJR4mMfgzFp5xunzYpYgtrXntTWGgSrOrvYMhCvoJDjWZTjJMETy5/jKjNRgL44JG0Hb7mdolLwF9lfDlsh4mK5DDTcaVRp74cch/lyaVKgz7v9jYwDD9z2ZS5y8HNmqHHbbJOwKHqi9Y+eUmMQSX4+ZWkeHr0Z1Gw4uDJS77cdSGsll+wGSgXMQx23h2PIrYiAVxjCgUIS8McCkED1//dA7T6fAOz75NyuFQZa2YeRx0Gi789S+9VQlTUrPcSJoyy0a5yeXG6hQatATw8fSMmr5Pds69sbT+74WwzlZ3sNZMDpXIWQRJqu1ffyh90P+7ACIEk8Jq0GFPciAOzDdc2AeoGVpRHEKlaC9cmLNrdvhhlMCK+zoOghsTzwPf+YLv3e85/u7VUB6OLqMQRcu98DnnGvsU9Gc3P2wcHvCXY1NkSB57o/sytWb+zVHDnH+oYY5SFLIkgd+KWwxVznYE/CLh2oyH2ueDTf+O6ltZqY/knIiepdC+A8YbSgrnnpCg8EigYNEY/3gAnzDE/YRkmo9zMdjA6qAFCUiqoTnsOGq1ox/dsh1AfH1z+GkTB5T+Jzy4gVnaTtp1U+6untmW08cgHPJ5CtjMefypV6lE59QKe2gelx9+veSyC9m x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR11MB5056.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(39860400002)(136003)(346002)(396003)(366004)(376002)(451199021)(8676002)(7696005)(83380400001)(71200400001)(86362001)(38070700005)(26005)(6506007)(53546011)(9686003)(76116006)(450100002)(54906003)(110136005)(316002)(478600001)(186003)(6636002)(4326008)(64756008)(82960400001)(66556008)(66946007)(66446008)(66476007)(122000001)(38100700002)(52536014)(33656002)(8936002)(5660300002)(2906002)(41300700001)(55016003); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?GolLuz68JAx4EK6x2u028spisq3xrDA6nK6MqaZc1Bnb44D9k8n8I0aRE4U3?= =?us-ascii?Q?ImmpeN/f+eEu1rU3CLMdE/ilIFBb4+B50cjok8l3S+2Px9zFfn3lJGT59LJA?= =?us-ascii?Q?SO5rohlkrD9cEKhFHA2krpqis3BHvLdnwXyCm92oylVe08Kbe/wydy8ljBY0?= =?us-ascii?Q?F6UxC8RjCMyTDcYqyy3TWDOWar+e6o+ALDKO/eBr+ML6iOwuSc/oD/MIHpn6?= =?us-ascii?Q?OWCCMF1yq3HnFLqAMiGmmMEzfVj7aR4H2tEeDfTT+KARg8ikAJHLyuUiODTv?= =?us-ascii?Q?uHi8juylGpcD0oJSihFNOihhhOAOH3NjGfwup9wLlSWRxdXxtsFgsuGjLEQ4?= =?us-ascii?Q?VpUM8POW0IJWlHcRf/izHqbVx3a17S12f6AhmcZhW4KdM2fkhKUhO4RMEDAc?= =?us-ascii?Q?1q5nG57ZRgYfaqcw5V9Ex5WlfiAE0bUP2iumh22gB7PvP6OeeT9xBYRKD5yk?= =?us-ascii?Q?3ojIxFkXrBkzh4HNPIldAmyfNDtow7Vfot+Wr8fO/9q4l5JmHsrfAPWuZfwn?= =?us-ascii?Q?WxJ6T8V3yiVBGH3DXXsiTot1mthIdD2wnHKlpqQktMSQ1YsA6Qr5CqUs7Z8r?= =?us-ascii?Q?bK9EnYsQqvp5wcT+8ppDBpHsCByiyPEL8gPf8ZNjFQWdWaoyWC1FejXScVgg?= =?us-ascii?Q?t5i/Jg1Itf5NMiLIvf9S3KicCzJxiDqXk3zRXevuvhakwBWsICGeONYPFtwB?= =?us-ascii?Q?9+WTRKryVc0VMySbKPvJPxaGGGz3H56QpVOMqflpFbDqyvSVtrRkn4HjnC9L?= =?us-ascii?Q?QFW8ZW1+oLOrAIj4mpnrA12nTW5JhadXGYwxyNCY8c3Hmfsnqm3VBc50FiIK?= =?us-ascii?Q?O0JPhHr0buMSuhBBbB5v47KF26Mx8NQElPm887zLnPCt7uoyqhnpvApXCcUo?= =?us-ascii?Q?Nd2dzgF90W5+FZYQJaqj2K24A0ucSSqDoSD4xMXYkHpKfDaz50qWQtfRvrR5?= =?us-ascii?Q?ZNzMCX0mfWdsIbTPslHUdT6JHgTJy2vcGQHjFiBVZdGrHlre7OynM12yoSti?= =?us-ascii?Q?Aw40CCVXK3pgPFlhKfU7Yv5HcCVizO7X3dVkI1zfSBwn25YItpE2PnGcqF18?= =?us-ascii?Q?7Z8U04c0ug34l3L408UMUDcN8P/PCux3iZrNep/LlMRd1nWq14/sKeTaz9Go?= =?us-ascii?Q?LEl8tnqQ335qQkMJVv6hky1A103tWN8JZGCMedxGSmzqltlPZ/j1Yw2C5mj4?= =?us-ascii?Q?3DVodp+eChVKix8q07Rp4LEN+jp4v6fTtnltz2CYwl/bIvYZtLQoLmT21R0j?= =?us-ascii?Q?ZPDmo4ahdOgwgvJyOICZ3sJi4Yqc8Fl7YIHccJ7TdPH9COly0gWEvdVg/if1?= =?us-ascii?Q?1mnjIW13QqJjv+1VSr7TirgqnEmWVx9a9k+FZCeAcSPgSq8EzAuKING7+Ogx?= =?us-ascii?Q?l1T008TaFuPRBiW6qJ7r6EKQ+f6sIYduI/P8mCDjsF3TtIUEAmF6e8JGy7cG?= =?us-ascii?Q?SEjcEOxXrR1NhfKdbuQiCfr92bM+qI9yVAoMpOxHXk/vdvjYPJKkuDmwQdc0?= =?us-ascii?Q?qp9N0sKVJ6zF2Vul3Su8gLANAHpmO77hG+AwQqlf8pShwSzNTqjO2vJzsLe0?= =?us-ascii?Q?ojHC4uVHYudCBHVUAOjo+3wV+KEeZ2w0q8EYcTMx?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SJ0PR11MB5056.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: cbc8d95a-e11e-4700-f2ed-08db3cec2c3e X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Apr 2023 13:28:45.5307 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hZwKkjSh0sUr5T9bV2RdEsIHB5bKgzwFFA46PtGsrh+ux6ucuJuw/jxrwNfEeNt2Vo2FqovZ27KAJvex1GGH6w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4629 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Hi Ciara, > -----Original Message----- > From: Ciara Power > Sent: Friday 14 April 2023 13:32 > To: Ji, Kai > Cc: dev@dpdk.org; Power, Ciara ; stable@dpdk.org > Subject: [PATCH] crypto/qat: fix stack buffer overflow in SGL loop >=20 > The cvec pointer was incremented incorrectly in the case where the length= of > remaining_off equals cvec len, and there is no next cvec. > This led to cvec->iova being invalid memory to access. >=20 > Instead, only increment the cvec pointer when we know there is a next cve= c > to point to, by checking the i value, which represents the number of cvec= s > available. > If i is 0, then no need to increment as the current cvec is the last one. >=20 > Fixes: a815a04cea05 ("crypto/qat: support symmetric build op request") > Cc: kai.ji@intel.com > Cc: stable@dpdk.org >=20 > Signed-off-by: Ciara Power > --- > drivers/crypto/qat/dev/qat_crypto_pmd_gens.h | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) >=20 > diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h > b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h > index 524c291340..092265631b 100644 > --- a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h > +++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h > @@ -682,7 +682,8 @@ enqueue_one_chain_job_gen1(struct > qat_sym_session *ctx, > while (remaining_off >=3D cvec->len && i >=3D 1) { > i--; > remaining_off -=3D cvec->len; > - cvec++; > + if (i) > + cvec++; > } >=20 > auth_iova_end =3D cvec->iova + remaining_off; > -- > 2.25.1 Acked-by: Brian Dooley