From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 20B7942941; Fri, 14 Apr 2023 15:22:25 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5969742BC9; Fri, 14 Apr 2023 15:22:24 +0200 (CEST) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mails.dpdk.org (Postfix) with ESMTP id 69F2541144; Fri, 14 Apr 2023 15:22:21 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1681478541; x=1713014541; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=6atNdbFCWdnCT2i1/rfmPeVChR7PDN7zzihL3EnaJ2w=; b=DC6H3PRsLI4y1I3uX5SOkxbfzy//fxhhG07n4445giFWhhBlskqt58Yz aU1wqlT5ttVjU92rH1EnwzmpQzyWarKzgbJUVw+my+EEWDfOhU+hAEMKw zPMul5tmACERA/1WnItbNx6RQXZAtBoOdB1UdPONKFg88mdDBUJjcOJRG A0qqvqOP6xymrqvMoOM+YCKIQgxJ0JBWcUzn6U2vzXThXWsIHiS6WyqXQ E7AyxWFQAPtoa3HPOEBEZMLDPeCI9fxiAabQoMDa5sUY+bHRBOeZAkRK+ /L+tthsc29grR9WvHpMvKm6KOrDiPy056qt9JJ4OsX7/W3z1qtD3nq02z Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10679"; a="324813081" X-IronPort-AV: E=Sophos;i="5.99,195,1677571200"; d="scan'208";a="324813081" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Apr 2023 06:22:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10679"; a="813869796" X-IronPort-AV: E=Sophos;i="5.99,195,1677571200"; d="scan'208";a="813869796" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga004.jf.intel.com with ESMTP; 14 Apr 2023 06:22:20 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Fri, 14 Apr 2023 06:22:19 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Fri, 14 Apr 2023 06:22:19 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.170) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Fri, 14 Apr 2023 06:22:19 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TDqBqHhQf+19DGuBZ2/836B70h45vvg1EWu9lrOQiS9QPiXLo/CL297OGKY7FFBlK9CAaEhS9Ba9AZksrPs3GygcClL7Q01fNJbyctoeGyfq4PtFopfWM/YcaAvXnMGlgNh7fOaHCX64G5lwpwnYlqqQS0NzYZgNpIBOKJTYzG96KgRbuP7JvZumex3wmvXbwTR65CYhidccHURnJ1t+jE0+nAWlFuPufqKZWSXhBXMnrAaOC24SnXOk9h2tRK3Fem5x0L5BSy0ZwzB+30MseXav0oJeYykyTO9kTLzQm7fOqdu+nZilXCjgb/3VhSY1QSLzGFMt/r005+DD2JZAcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rUaJZNdDxQig76Wcsh3B6lTYwwTjL4EsLdaw8u8amBA=; b=GupnkE3I+L84TVRIJHVcf9+x2C3/n3sj8N0aZ+USTQkfCoNv5DJtBa71Dlrz7L8qws394QtEzFEqwdoX+bSav8KyokVuEexcup21oLzbtkO9tHed/EedIiGkh9MoSXSAI0s+dQ3jchd0toCovt7GavFsImwX0mqJtYKl2jkcMFH2jIbK27NVbOrloN1Wz8+fp+staofkNWu8VshCWQhZSeLMf0HIJlBVlziA58bfyW+Ymm7yLd5MuAuiN7PYJbo7IQ76emxHILCPCjeQmEP0vAn5OiveYG58F8DaznIuOrlxXxXsoNCZUUdut+bZ3cghdtgY99DDdWKrekNNEkmVgw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from SN6PR11MB3408.namprd11.prod.outlook.com (2603:10b6:805:bc::22) by PH7PR11MB7513.namprd11.prod.outlook.com (2603:10b6:510:270::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6298.30; Fri, 14 Apr 2023 13:22:18 +0000 Received: from SN6PR11MB3408.namprd11.prod.outlook.com ([fe80::5b23:5882:d3f8:1085]) by SN6PR11MB3408.namprd11.prod.outlook.com ([fe80::5b23:5882:d3f8:1085%6]) with mapi id 15.20.6298.030; Fri, 14 Apr 2023 13:22:18 +0000 From: "Ji, Kai" To: "Power, Ciara" CC: "dev@dpdk.org" , "stable@dpdk.org" Subject: RE: [PATCH] crypto/qat: fix stack buffer overflow in SGL loop Thread-Topic: [PATCH] crypto/qat: fix stack buffer overflow in SGL loop Thread-Index: AQHZbs0TbfUo9lsib0+vJ+Fqsba2Bq8qyqZQ Date: Fri, 14 Apr 2023 13:22:17 +0000 Message-ID: References: <20230414123131.575412-1-ciara.power@intel.com> In-Reply-To: <20230414123131.575412-1-ciara.power@intel.com> Accept-Language: en-IE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SN6PR11MB3408:EE_|PH7PR11MB7513:EE_ x-ms-office365-filtering-correlation-id: 86192ad4-fe09-4c98-6413-08db3ceb453d x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: gHY8Vot3J7bg1S4OhcQh/MyM/xR2NpNWWdCRc0NL4bsusaJvd9l8eqTeSiUB3OsMgenJ8e5emnpo7B5OlJp3mP6Cu7gfC8hq4PN0hdk4VSr/+HhmZ2L5CFujMhHq/G0u/j3pildXBtHZqTgiO5Ylr9dN/YzaLazO5qPH+pxCoJL6bvJ6IdOOXdox65ziG6KDZHifiFL+h6o0R9S6DzmUxGrYaZrfCDTtATCd73uaj7+lQaT9xxQEasz/LxwPVzdGiuzBooWA9rMnN6sX9IvZ2accBH3b8hzYo4q7jiA3R7U3059Fvqp4ItArdI0ZtSnjXuJAemg7UZefYvBLvMbLwbdSJ8ORcAqCKvsglUwpWPbnYvUErR2SdYM7Fq8y8+3QTRN3LGDQBfbqAVbVM/DMn8LGj0xC1sdeiw9TyZBnED9//LnWYD+Q8YWkybOjf4RaJaFJv+k2Udfip2J4Eh+SMuhC+184mfDabanMcxuMGwHFFd8yGntPWEhqz4mynmMYL0cQ+M/a81gPoIjfycCH1UstD2TJSs74CWZO48pprYCP67jUMdsKoOWscXmMcSCN2v4dt4CRX1Hx5zXn9LdwXyFRD8ztFYdLppMPex35ARXIeSQEIY5QYn66FFbc/b9f x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR11MB3408.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(366004)(136003)(376002)(39860400002)(346002)(396003)(451199021)(86362001)(54906003)(6636002)(316002)(82960400001)(478600001)(33656002)(41300700001)(8936002)(6862004)(38100700002)(122000001)(8676002)(52536014)(5660300002)(66476007)(64756008)(76116006)(55016003)(66446008)(66556008)(450100002)(53546011)(6506007)(9686003)(38070700005)(26005)(186003)(66946007)(4326008)(83380400001)(71200400001)(2906002)(7696005); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?u8CqHcuoaiO2k+SzZMW4Q2+sheG9/uAicjz06+1EC6ZcCY+eWCcUMt5vni74?= =?us-ascii?Q?gqdfkSV52T+pRYo/Uum670L4IsYsZlU8uLLnYJmJAz9bRgJOUjz6OXmuPrO2?= =?us-ascii?Q?rkTsIPRwMKSPjRtTbau92JUTdYK13yv+rArqSUDp3Wd152No8qCtcS30fTU0?= =?us-ascii?Q?zEY4whYz2mhB/pwL5z9pELL7BfRzs5MoieUFhjV4l8+oRzhzs8wzqh4JuH08?= =?us-ascii?Q?7eGaZmzXCqcCv2gqdV0QtlRbSQQ3lHe3j6NbAzvIVeHhYd1xI4xHsF/utvbQ?= =?us-ascii?Q?YqF7r5SbfUgG88sX0J1ImYqsdS6cfhNRdRYB1J3dtxWLuxaqlP7EZaEnBDud?= =?us-ascii?Q?d9chpvVEb79rFEM88k2YP+zFONM7Z4+e36gwiKEEngbNFiCAg3jaWMZY1If7?= =?us-ascii?Q?z42NKuJUNtODafDw5jBQTZO6xykS04oBmdh6nD8TW4BAQV9eE5UE43WOU5S/?= =?us-ascii?Q?KtJGpsw6zZHeP836DQ7Gxws8FjFhi9eHCpXA9cE2L0IAtRxeJXDF0UKmRgwD?= =?us-ascii?Q?3ZaNbFijZWeURmiAUlLAQJCdTmvLfbr4RvPj4ntv+MbS38c8InU+JfCopThZ?= =?us-ascii?Q?9fe8C70aKmqcISxtmmfCv/WkTvaD/QqQ18sf5vePU45XHErl0yOfsP47UiEE?= =?us-ascii?Q?TXn2xGwE373N1zuINUVJGsVGK7qqGG+tgLupSX7xqp0cQ2uhMkmh4Uefxknh?= =?us-ascii?Q?sTiG/gp1SMoU/uZ10/esUK11AGZqi/0UyeKZMuSHgRsx3hHd4/8N28j80dQb?= =?us-ascii?Q?m86YUAB1Q/Z95hMTeNUgU3EOeELS2t54viNdvKn9mmrI874xLqQrK1Ew8D0R?= =?us-ascii?Q?9QjH6qTlD3wYmJQWKbfltgSWlgFVFq+ljyk/1kc+r9y2cLPg9MGfAw82OXGQ?= =?us-ascii?Q?I5v1lF+z943xN4Df0AzcrOmPYcEZCIMOdzTemilBND0a5CtKf7bryqhI65Ej?= =?us-ascii?Q?TgxbSR/7cDPmSVm6NLWEUXye9504ySxrKqTjjKCe1aquJQ6qKWVF/iBK/PUI?= =?us-ascii?Q?OAIzX1IQ2Fb0yHiop6p4FO1n0ht2SHbz68YH3mrBAv1iTIJqFjWgDq8aFK+5?= =?us-ascii?Q?bgm7FwOQSYDvaqgwf6Pm/cM5CzM1lZFy3A8XKP3HFkNuEGeKIQv5m5c7bLAh?= =?us-ascii?Q?gfisviw+Ay2+irfTsunBXw8Z0ADD8ZBmNRfOpY4Scyr6B7Nbgbl/c5TptVC1?= =?us-ascii?Q?pu3QHFdW2cPBeIpwpEgPnXAItOTGssFlz8Fs2858YnsEW/ibkdpBiaeRBHgm?= =?us-ascii?Q?lw8bf+H/Lvn9vhKKNa3qkM5yb+w3AjxQEvfZSZLXrBt7PwIZ4mIwdJFRLZdU?= =?us-ascii?Q?3IuaNAiB/ffj3fHA2yY2nfL3oOGOCOKnImWfjQqGDZxIH3rXWLz8lguzhw90?= =?us-ascii?Q?hqwQz5wdlRoJEWtIbjii4nLkewGh9epkppVIvXOx/XlPDzqQkgzke2gnKAj0?= =?us-ascii?Q?A08Wb/pvRNBFTePjplSMwJAaLelJJE/pKv7XzAWwSzO/SxthuVX8/WvavRx5?= =?us-ascii?Q?90HyzYFIE4ZMhMrZfwkTMSGreFw4EJSglyAMYjbkNRDrl49uzsTWjXh9nPK3?= =?us-ascii?Q?M2sPUCmhdMs0Kj2zBS8=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN6PR11MB3408.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 86192ad4-fe09-4c98-6413-08db3ceb453d X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Apr 2023 13:22:17.9433 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 0lRBd7Fkn/Fyn+y089GET+9GYPyLIVqfE6EnkZPbIfa3/BtRMTk1Su5pEAOr8hJ/QR1e/Jrvo4k68z04Yv/0Jg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB7513 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Acked-by: Kai Ji > -----Original Message----- > From: Power, Ciara > Sent: Friday, April 14, 2023 1:32 PM > To: Ji, Kai > Cc: dev@dpdk.org; Power, Ciara ; stable@dpdk.org > Subject: [PATCH] crypto/qat: fix stack buffer overflow in SGL loop >=20 > The cvec pointer was incremented incorrectly in the case where the length > of remaining_off equals cvec len, and there is no next cvec. > This led to cvec->iova being invalid memory to access. >=20 > Instead, only increment the cvec pointer when we know there is a next cve= c > to point to, by checking the i value, which represents the number of cvec= s > available. > If i is 0, then no need to increment as the current cvec is the last one. >=20 > Fixes: a815a04cea05 ("crypto/qat: support symmetric build op request") > Cc: kai.ji@intel.com > Cc: stable@dpdk.org >=20 > Signed-off-by: Ciara Power > --- > drivers/crypto/qat/dev/qat_crypto_pmd_gens.h | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) >=20 > diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h > b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h > index 524c291340..092265631b 100644 > --- a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h > +++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h > @@ -682,7 +682,8 @@ enqueue_one_chain_job_gen1(struct qat_sym_session *ct= x, > while (remaining_off >=3D cvec->len && i >=3D 1) { > i--; > remaining_off -=3D cvec->len; > - cvec++; > + if (i) > + cvec++; > } >=20 > auth_iova_end =3D cvec->iova + remaining_off; > -- > 2.25.1