From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id BECB9A051C for ; Tue, 11 Feb 2020 12:43:15 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 98E041C08C; Tue, 11 Feb 2020 12:43:15 +0100 (CET) Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by dpdk.org (Postfix) with ESMTP id BC3CD1C0D9 for ; Tue, 11 Feb 2020 12:43:13 +0100 (CET) Received: by mail-wm1-f50.google.com with SMTP id a5so3122759wmb.0 for ; Tue, 11 Feb 2020 03:43:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=+LlCadeMs6jC4AzQkDnt9J1BuJter9fqab51I43drSI=; b=ABxvmITKWGQfLIJcH7vMNEIrT8oYtiqF6XEnSZ/W724kfHMw8qszQB68lHPjIaID9u ldsvo0vnsKBO3SwBDbR+VlhcAeO1oWAqWfH2DUPA8s5A579+51qAKGy+ag8JIZgLtbc/ ikCvOfpVcZW9e8kmN8ceFKtH/ZV/UDz/Ms78MIQU0DjS0h6VXyG9VLqhP06Se9J57F7H /WEfxJ3+dSw03NWqPRtGMGz+NTM1I3wupXqkPI7u1EBxshPPbuvfmHZNheKJfu9KIV4r PW02kyREMCyGo4rgpkog3kY5JK6rAsePuePu5yaAp2oVV+mhLgirvSITlAUwryK/CqQj r47g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+LlCadeMs6jC4AzQkDnt9J1BuJter9fqab51I43drSI=; b=L9ByWMLD6Vjgn3e994vADR6pXn8ObBT8DJVTANQSOdbUClL83/46qNQ9/xMuy0p5WX eZF3/aaYnB+MtjkkYL7GvLA9BDvC5GG7meOB236WcOb5jkxzBXU+Zd8ndE79O0npX/PX fFb0r6nwfzRmDgAdPgwl0BCxJ1dAPqWpoc7yVD6a2+eqnqJHK4L8nP64Rh9PEQ9tabbN 17tSx1kxdRr/IWZj7luhKU8qJ5nU3e4ixp7YkyHp1dSFhGt1FbI64WD5iEfOPgVQ8JoX OERXaMozvtNqncy3wK6GAU4cOqxQwoXjPa5XZw9OZpAdXZh1LaFl3ddw4uWd7nzjRtje WDUg== X-Gm-Message-State: APjAAAUQxkcOji3gJKA7XwCJUC61HHUlCkCwqdX7RImHo1sh88uh8iRF e6oUlih5DzbFSm6IA3Q0RQg= X-Google-Smtp-Source: APXvYqzcZMonV3tq/SsCXT+0I4Le55MIL8YkDYu8HyBhMdVcZwR4ZVKA/oPbQKLFeONCPdWA/KVeRQ== X-Received: by 2002:a1c:7717:: with SMTP id t23mr5443478wmi.17.1581421393490; Tue, 11 Feb 2020 03:43:13 -0800 (PST) Received: from localhost ([88.98.246.218]) by smtp.gmail.com with ESMTPSA id k13sm4618404wrx.59.2020.02.11.03.43.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Feb 2020 03:43:13 -0800 (PST) From: luca.boccassi@gmail.com To: Vladimir Medvedkin Cc: dpdk stable Date: Tue, 11 Feb 2020 11:22:16 +0000 Message-Id: <20200211112216.3929-190-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200211112216.3929-1-luca.boccassi@gmail.com> References: <20200211112216.3929-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'fib: fix possible integer overflow' has been queued to stable release 19.11.1 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to stable release 19.11.1 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 02/13/20. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Thanks. Luca Boccassi --- >From fddb5b5cea39f543694928775f69892b369b6d51 Mon Sep 17 00:00:00 2001 From: Vladimir Medvedkin Date: Tue, 21 Jan 2020 15:07:09 +0000 Subject: [PATCH] fib: fix possible integer overflow [ upstream commit 247a38c52056f3255da357fc6501a1eec414aa23 ] This commit fixes possible integer overflow for prev_idx in build_common_root() CID 350596 and tbl8_idx in write_edge() CID 350597 Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN) overflow_before_widen: Potentially overflowing expression tbl8_idx * 256 with type int (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type uint64_t (64 bits, unsigned). Coverity issue: 350596, 350597 Fixes: c3e12e0f0354 ("fib: add dataplane algorithm for IPv6") Signed-off-by: Vladimir Medvedkin --- lib/librte_fib/trie.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/lib/librte_fib/trie.c b/lib/librte_fib/trie.c index 124aa8b98b..2ae2add4f3 100644 --- a/lib/librte_fib/trie.c +++ b/lib/librte_fib/trie.c @@ -240,9 +240,8 @@ tbl8_alloc(struct rte_trie_tbl *dp, uint64_t nh) tbl8_idx = tbl8_get(dp); if (tbl8_idx < 0) return tbl8_idx; - tbl8_ptr = (uint8_t *)dp->tbl8 + - ((tbl8_idx * TRIE_TBL8_GRP_NUM_ENT) << - dp->nh_sz); + tbl8_ptr = get_tbl_p_by_idx(dp->tbl8, + tbl8_idx * TRIE_TBL8_GRP_NUM_ENT, dp->nh_sz); /*Init tbl8 entries with nexthop from tbl24*/ write_to_dp((void *)tbl8_ptr, nh, dp->nh_sz, TRIE_TBL8_GRP_NUM_ENT); @@ -317,7 +316,7 @@ get_idx(const uint8_t *ip, uint32_t prev_idx, int bytes, int first_byte) bitshift = (int8_t)(((first_byte + bytes - 1) - i)*BYTE_SIZE); idx |= ip[i] << bitshift; } - return (prev_idx * 256) + idx; + return (prev_idx * TRIE_TBL8_GRP_NUM_ENT) + idx; } static inline uint64_t @@ -354,8 +353,8 @@ recycle_root_path(struct rte_trie_tbl *dp, const uint8_t *ip_part, return; if (common_tbl8 != 0) { - p = get_tbl_p_by_idx(dp->tbl8, (val >> 1) * 256 + *ip_part, - dp->nh_sz); + p = get_tbl_p_by_idx(dp->tbl8, (val >> 1) * + TRIE_TBL8_GRP_NUM_ENT + *ip_part, dp->nh_sz); recycle_root_path(dp, ip_part + 1, common_tbl8 - 1, p); } tbl8_recycle(dp, prev, val >> 1); @@ -388,7 +387,8 @@ build_common_root(struct rte_trie_tbl *dp, const uint8_t *ip, j = i; cur_tbl = dp->tbl8; } - *tbl = get_tbl_p_by_idx(cur_tbl, prev_idx * 256, dp->nh_sz); + *tbl = get_tbl_p_by_idx(cur_tbl, prev_idx * TRIE_TBL8_GRP_NUM_ENT, + dp->nh_sz); return 0; } @@ -411,8 +411,8 @@ write_edge(struct rte_trie_tbl *dp, const uint8_t *ip_part, uint64_t next_hop, return tbl8_idx; val = (tbl8_idx << 1)|TRIE_EXT_ENT; } - p = get_tbl_p_by_idx(dp->tbl8, (tbl8_idx * 256) + *ip_part, - dp->nh_sz); + p = get_tbl_p_by_idx(dp->tbl8, (tbl8_idx * + TRIE_TBL8_GRP_NUM_ENT) + *ip_part, dp->nh_sz); ret = write_edge(dp, ip_part + 1, next_hop, len - 1, edge, p); if (ret < 0) return ret; @@ -420,8 +420,8 @@ write_edge(struct rte_trie_tbl *dp, const uint8_t *ip_part, uint64_t next_hop, write_to_dp((uint8_t *)p + (1 << dp->nh_sz), next_hop << 1, dp->nh_sz, UINT8_MAX - *ip_part); } else { - write_to_dp(get_tbl_p_by_idx(dp->tbl8, tbl8_idx * 256, - dp->nh_sz), + write_to_dp(get_tbl_p_by_idx(dp->tbl8, tbl8_idx * + TRIE_TBL8_GRP_NUM_ENT, dp->nh_sz), next_hop << 1, dp->nh_sz, *ip_part); } tbl8_recycle(dp, &val, tbl8_idx); -- 2.20.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2020-02-11 11:17:45.089401763 +0000 +++ 0190-fib-fix-possible-integer-overflow.patch 2020-02-11 11:17:38.844009649 +0000 @@ -1,8 +1,10 @@ -From 247a38c52056f3255da357fc6501a1eec414aa23 Mon Sep 17 00:00:00 2001 +From fddb5b5cea39f543694928775f69892b369b6d51 Mon Sep 17 00:00:00 2001 From: Vladimir Medvedkin Date: Tue, 21 Jan 2020 15:07:09 +0000 Subject: [PATCH] fib: fix possible integer overflow +[ upstream commit 247a38c52056f3255da357fc6501a1eec414aa23 ] + This commit fixes possible integer overflow for prev_idx in build_common_root() CID 350596 and @@ -16,7 +18,6 @@ Coverity issue: 350596, 350597 Fixes: c3e12e0f0354 ("fib: add dataplane algorithm for IPv6") -Cc: stable@dpdk.org Signed-off-by: Vladimir Medvedkin ---