From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 03F60A0C3F for ; Sat, 12 Jun 2021 01:05:35 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id F3043406A2; Sat, 12 Jun 2021 01:05:34 +0200 (CEST) Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2056.outbound.protection.outlook.com [40.107.93.56]) by mails.dpdk.org (Postfix) with ESMTP id 72B144003F for ; Sat, 12 Jun 2021 01:05:34 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lAqYCbQ9wdXkVZvjJYvpNBvmH6BWKZmatUCVHj+QQzmxAiTLOtZzpDSs9pE3hEzVkRyx1z+kDh5uCN77fRr7o674pGkAEesKjl8D2cdlw1L0u8ggMkt0URwqoGYfq8+AYMk7eLoQR6GoPXbV7JNgTlAMdY0YMEd5NI7EMuOSi2/FVapVG/j5w64ABamqdr+WBKVa4ppttEt1W6l929i1/OOyPzKf/t/9PSrWnQdxfyX6rzIrXHiGgzhwu4r2hpR04Hg525D8VrpCG2JP8mj9JNLpIys8wLKCEd0b6hT6NL8hEoqvCcNzCsXJs88sbM9YcKnEILRGW5O6x2j+Pi/xUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=thwxYxr8HciaTXbyueMI2sTRiHKFhLHgmw+JJ5prNHc=; b=IwIQN90DPCFObjdr2KsuoqUqv1L20AJaQT1lIcfVSis4RZx9q/PRs58vAUscu8i4ti2eS394E/mCnFJWDLD9k/RBJPCa9kxkCk1pK1ATw11o4RwkvoBb8V9QYW3vtmWAMC2rAKYpd9SvfTGh+1b74i0cwKIUBVbM8ov7IQ1rH6FjI4lefpzQ/89dq7/fb0QhWExDVw6zV8KsPSK/e7MoB6jTOaLH39itZlFgKvcLhJKP8R0+2o5yGSlC/gLVH8oL8VLfXnZW+Nhj5F6R4dyRHyFHmenebL5+p/yCYTytamGaYlHEKIBFJ0AWH0MdtlpPkmD7hRLKMsuGAfyNQ4e5Vg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.112.34) smtp.rcpttodomain=marvell.com smtp.mailfrom=nvidia.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=thwxYxr8HciaTXbyueMI2sTRiHKFhLHgmw+JJ5prNHc=; b=f1lL18p9dgDldAjgMsaYUIUt0GiQ0R9Hf6DfbbxfvjY6bmvKBEjU2j3CNGddVeBxmk2AW8NsaEui7ByvfQPplA0kH47fMPogC0/89jQQTqJUUOkukpVNG/VfH+t+lxrq2WFsZJGpw/n9YRY+6kF9xqlJkJ0RDhTseLOOt2fwVFocE5iPQey6KDOwAMwQAo6D+LeHGENyQtJzAnIHRMLZMGnYQZzHUmUm/mpAfJCYL9dqW63VvcX0EbTilaYsGLQvLa3jahlgG3MYMpJ7RuKtFJrWEV9koES1Uh9xB20u4gcHptjXdCC8A+WtJfzQmm7ciUeZdp3p739y5zynBCP+tQ== Received: from MWHPR22CA0056.namprd22.prod.outlook.com (2603:10b6:300:12a::18) by MN2PR12MB3871.namprd12.prod.outlook.com (2603:10b6:208:16a::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.21; Fri, 11 Jun 2021 23:05:33 +0000 Received: from CO1NAM11FT007.eop-nam11.prod.protection.outlook.com (2603:10b6:300:12a:cafe::4a) by MWHPR22CA0056.outlook.office365.com (2603:10b6:300:12a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.20 via Frontend Transport; Fri, 11 Jun 2021 23:05:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.34) smtp.mailfrom=nvidia.com; marvell.com; dkim=none (message not signed) header.d=none;marvell.com; dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.34 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.34; helo=mail.nvidia.com; Received: from mail.nvidia.com (216.228.112.34) by CO1NAM11FT007.mail.protection.outlook.com (10.13.174.131) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4219.21 via Frontend Transport; Fri, 11 Jun 2021 23:05:32 +0000 Received: from nvidia.com (172.20.187.6) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 11 Jun 2021 23:05:31 +0000 From: Xueming Li To: "Min Hu (Connor)" CC: Luca Boccassi , Pavan Nikhilesh , dpdk stable Date: Sat, 12 Jun 2021 07:01:41 +0800 Message-ID: <20210611230433.8208-7-xuemingl@nvidia.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210611230433.8208-1-xuemingl@nvidia.com> References: <20210510160258.30982-229-xuemingl@nvidia.com> <20210611230433.8208-1-xuemingl@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [172.20.187.6] X-ClientProxiedBy: HQMAIL105.nvidia.com (172.20.187.12) To HQMAIL107.nvidia.com (172.20.187.13) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 387fc2da-62de-4e18-e3a6-08d92d2d69e8 X-MS-TrafficTypeDiagnostic: MN2PR12MB3871: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: eC+XANL5GVIm73JRDPKnCBBeuUS8VZwL/TWgyDPmFA4u/57m9cK3oxrOmZxmSvEBSMG4ZSxsI0EDxqY5ZdwJt0xvDktbx+4uSnGmrfz+LxizpFvWaRp/z+8gLA51UGNsbeW+ekBjHn8jwDnfx5TLv5jm2VPkdp8ulQgRL/RDJYOQe9eitpkHrqBOBRmlgaD8e1sTBwm8SBih3tLSYv9x9YUL68MVLtx3+REtLke5EcRroPRrWDC1O7s/EYNhyeUABDJUDHCEzW4BTG7cFfLaWEigTgjqAHPifDRp7XbjjjhxuPeljFTP3EMwY8iXQnxrLoIBeMXHjGP3W8dsl8Qkn/UW9sZvVBumtkUJg88/lFOlPynSP3xEA5zHZ7QRHMvPGqiJ+2glzmFayoFwG4tQPWkwcjPC21iC8tpJ+Z80eNSy+lBJRO2Pt89yQbeolRT5Pk7cGx3y3dcKtQxBlkuD7Gb8jWG63HSYZhqhjflLkSU9hNdXLX+NcqQkdjfAo9b9tQSbsyh9nXApIPiCb8pLkpmb6WeV/vaatJnBHX8Iz7iXepQ+jTa58ACkC66B2OPimgT6VgHD8TGbOlvaPJh/z3gEWXLhjgWRvdCeZmlK5GlwnhNoqzE6Qp/NSU6wMaQuvL2LXQ6kqrzOf/tLtS5B5o54P2LymBA2ZGYhAE05lsu/hffB5brf7IfTZJ2mn35KTjWm+kJjw9e1q05jES7VnM1kRVP7DNZVsj2RfrJ8h6F/Ve/BbAAJNWtAOuceit5MmXpCs4ACgm8nobwCK7yPyOQkGnXNNFQkslozlEzdIpmTHrULNdDsqyZrgvz7Yxdi X-Forefront-Antispam-Report: CIP:216.228.112.34; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:schybrid03.nvidia.com; CAT:NONE; SFS:(4636009)(376002)(136003)(39860400002)(346002)(396003)(36840700001)(46966006)(2906002)(316002)(1076003)(83380400001)(82740400003)(82310400003)(54906003)(4326008)(55016002)(70206006)(36906005)(7696005)(6286002)(53546011)(70586007)(426003)(5660300002)(8936002)(7636003)(356005)(478600001)(336012)(8676002)(36756003)(6916009)(16526019)(86362001)(26005)(47076005)(6666004)(36860700001)(966005)(186003)(2616005); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jun 2021 23:05:32.2334 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 387fc2da-62de-4e18-e3a6-08d92d2d69e8 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.112.34]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT007.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB3871 Subject: [dpdk-stable] patch 'app/eventdev: fix overflow in lcore list parsing' has been queued to stable release 20.11.2 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to stable release 20.11.2 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 06/14/21. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/steevenlee/dpdk This queued commit can be viewed at: https://github.com/steevenlee/dpdk/commit/d173cc85c98dee2bbdfeaeb6b226fc2ee67bd18f Thanks. Xueming Li --- >From d173cc85c98dee2bbdfeaeb6b226fc2ee67bd18f Mon Sep 17 00:00:00 2001 From: "Min Hu (Connor)" Date: Fri, 23 Apr 2021 15:38:08 +0800 Subject: [PATCH] app/eventdev: fix overflow in lcore list parsing Cc: Luca Boccassi [ upstream commit 32d7dbf269be84cb906979d73ad81b40e28d377a ] Tainted and unvalidated integer 'idx' used as an index, which may lead to buffer overflow. This patch fixed it. Fixes: 89e5eb118017 ("app/testeventdev: add string parsing helpers") Signed-off-by: Min Hu (Connor) Acked-by: Pavan Nikhilesh --- app/test-eventdev/evt_options.c | 4 ++-- app/test-eventdev/parser.c | 6 ++++-- app/test-eventdev/parser.h | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/app/test-eventdev/evt_options.c b/app/test-eventdev/evt_options.c index 0d04ea9f8d..8c9d3fcdce 100644 --- a/app/test-eventdev/evt_options.c +++ b/app/test-eventdev/evt_options.c @@ -218,7 +218,7 @@ evt_parse_plcores(struct evt_options *opt, const char *corelist) { int ret; - ret = parse_lcores_list(opt->plcores, corelist); + ret = parse_lcores_list(opt->plcores, RTE_MAX_LCORE, corelist); if (ret == -E2BIG) evt_err("duplicate lcores in plcores"); @@ -230,7 +230,7 @@ evt_parse_work_lcores(struct evt_options *opt, const char *corelist) { int ret; - ret = parse_lcores_list(opt->wlcores, corelist); + ret = parse_lcores_list(opt->wlcores, RTE_MAX_LCORE, corelist); if (ret == -E2BIG) evt_err("duplicate lcores in wlcores"); diff --git a/app/test-eventdev/parser.c b/app/test-eventdev/parser.c index 24f1855e9a..7a973cbb23 100644 --- a/app/test-eventdev/parser.c +++ b/app/test-eventdev/parser.c @@ -310,7 +310,7 @@ parse_hex_string(char *src, uint8_t *dst, uint32_t *size) } int -parse_lcores_list(bool lcores[], const char *corelist) +parse_lcores_list(bool lcores[], int lcores_num, const char *corelist) { int i, idx = 0; int min, max; @@ -332,6 +332,8 @@ parse_lcores_list(bool lcores[], const char *corelist) if (*corelist == '\0') return -1; idx = strtoul(corelist, &end, 10); + if (idx < 0 || idx > lcores_num) + return -1; if (end == NULL) return -1; @@ -343,7 +345,7 @@ parse_lcores_list(bool lcores[], const char *corelist) max = idx; if (min == RTE_MAX_LCORE) min = idx; - for (idx = min; idx <= max; idx++) { + for (idx = min; idx < max; idx++) { if (lcores[idx] == 1) return -E2BIG; lcores[idx] = 1; diff --git a/app/test-eventdev/parser.h b/app/test-eventdev/parser.h index 673ff22d78..696b40a3e2 100644 --- a/app/test-eventdev/parser.h +++ b/app/test-eventdev/parser.h @@ -46,5 +46,5 @@ int parse_hex_string(char *src, uint8_t *dst, uint32_t *size); int parse_tokenize_string(char *string, char *tokens[], uint32_t *n_tokens); -int parse_lcores_list(bool lcores[], const char *corelist); +int parse_lcores_list(bool lcores[], int lcores_num, const char *corelist); #endif -- 2.25.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2021-06-12 06:53:56.882211000 +0800 +++ 0007-app-eventdev-fix-overflow-in-lcore-list-parsing.patch 2021-06-12 06:53:56.010000000 +0800 @@ -1 +1 @@ -From 32d7dbf269be84cb906979d73ad81b40e28d377a Mon Sep 17 00:00:00 2001 +From d173cc85c98dee2bbdfeaeb6b226fc2ee67bd18f Mon Sep 17 00:00:00 2001 @@ -4,0 +5,3 @@ +Cc: Luca Boccassi + +[ upstream commit 32d7dbf269be84cb906979d73ad81b40e28d377a ] @@ -12 +14,0 @@ -Cc: stable@dpdk.org @@ -23 +25 @@ -index 0d55405741..061b63e12e 100644 +index 0d04ea9f8d..8c9d3fcdce 100644 @@ -26 +28 @@ -@@ -221,7 +221,7 @@ evt_parse_plcores(struct evt_options *opt, const char *corelist) +@@ -218,7 +218,7 @@ evt_parse_plcores(struct evt_options *opt, const char *corelist) @@ -35 +37 @@ -@@ -233,7 +233,7 @@ evt_parse_work_lcores(struct evt_options *opt, const char *corelist) +@@ -230,7 +230,7 @@ evt_parse_work_lcores(struct evt_options *opt, const char *corelist)