From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 95908A0350 for ; Mon, 28 Feb 2022 22:21:44 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8FD5440140; Mon, 28 Feb 2022 22:21:44 +0100 (CET) Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49]) by mails.dpdk.org (Postfix) with ESMTP id 6A2AC411AB for ; Mon, 28 Feb 2022 22:21:41 +0100 (CET) Received: by mail-ed1-f49.google.com with SMTP id w3so19388837edu.8 for ; Mon, 28 Feb 2022 13:21:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=t4jQoAKkZmTtsWHKbYjpL0KmFhB7y5MswSY3AED08n4=; b=ND9tj+GeXRskZZFR/u1thHyzh974XyXsgucR4HF4Bw9EkRgK301BIcPp/6A1kZ6lTq /kTv6mA/1ciJffK+YJj0XHHHrQO6s75Xjaw4bgfpdwLJp20yLwfLw+JlcVOoqD89mHAO iH/AAxdWc8QtYJ7F3rTEuzQ9xOtVT5B8ztRizG/+PMCAGBPICGcGsXRVc/ux/5vZIJKi 0Dxkxz7Joz73gVij3qYkKzD3fmrjrgFRV0nTq/0A6ztfodfZPulBfV6uCu5KxyjynY/7 a4awhOrKL1WNJQXiV8NB3po0WbZjOJbSIxczIA+cXvqbsEUVaBblbkoWwHDWHlHGkP28 g9Fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=t4jQoAKkZmTtsWHKbYjpL0KmFhB7y5MswSY3AED08n4=; b=x5OKhoR2Oj+GlGaWgLB//R18ggD2z58DdYCTQwzM5b28JnS2VjJqV+1zlXAB7ESxcQ DAGpsBeeLdH0d1KhpedRKz72QfoZVr7SEHqdLgd/zarvMVWCli8rbsnJ7jGmQfeyCZED jegeaQ5cN+SMUq3VUtFV+vGrR0R2MRyBP2igVpLmfBhK2r7JfZLrUfDr7jwyDzaQMWVi CMT6SoJWON88byU9fjyAH7qrI4EO3GFCh0VEDbVVdSJ4pAVn2PFxcysKjzRPXy5oAByL hD5j05Q5DZkn+YEwbmeqElikkEeJLSndutEdvWdnkle/FHyf8TepgIyTgGfv5lY+Z5uv rjmg== X-Gm-Message-State: AOAM531ja48PO8rOd7TpkSca0qPnx+gSe2rECvIX1gvNthNyzxxJA5Sz krXVbnKPGIXBemt8tNe9MqU7M4Eywi033w== X-Google-Smtp-Source: ABdhPJxQpqvNCyAZRmN7RGaEHFr1mH06DDMkHoMyeVYu+5xnmbc7RdlpgPV3UgDNApn/GXobkQGPUg== X-Received: by 2002:a05:6402:4409:b0:412:aac5:4e48 with SMTP id y9-20020a056402440900b00412aac54e48mr21341178eda.75.1646083301160; Mon, 28 Feb 2022 13:21:41 -0800 (PST) Received: from localhost ([137.220.125.106]) by smtp.gmail.com with ESMTPSA id d2-20020a50cf42000000b004135b6eef60sm6441521edk.94.2022.02.28.13.21.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Feb 2022 13:21:40 -0800 (PST) From: luca.boccassi@gmail.com To: Brian Dooley Cc: Fan Zhang , dpdk stable Subject: patch 'crypto/virtio: fix out-of-bounds access' has been queued to stable release 20.11.5 Date: Mon, 28 Feb 2022 21:20:14 +0000 Message-Id: <20220228212047.3341966-18-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220228212047.3341966-1-luca.boccassi@gmail.com> References: <20220218123931.1749595-122-luca.boccassi@gmail.com> <20220228212047.3341966-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 20.11.5 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 03/02/22. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/bluca/dpdk-stable This queued commit can be viewed at: https://github.com/bluca/dpdk-stable/commit/2eb55ed0243f32abb1b089a7b771638100cbd413 Thanks. Luca Boccassi --- >From 2eb55ed0243f32abb1b089a7b771638100cbd413 Mon Sep 17 00:00:00 2001 From: Brian Dooley Date: Tue, 22 Feb 2022 09:54:51 +0000 Subject: [PATCH] crypto/virtio: fix out-of-bounds access [ upstream commit a965e768065ae496c9a1c7a77545bc0f0f0e38e2 ] Coverity flags an untrusted loop bound. Check length of session iv. Coverity issue: 375802 Fixes: b063e843fa03 ("crypto/virtio: fix IV physical address") Signed-off-by: Brian Dooley Acked-by: Fan Zhang --- drivers/crypto/virtio/virtio_rxtx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c index e1cb4ad104..8b391a4fce 100644 --- a/drivers/crypto/virtio/virtio_rxtx.c +++ b/drivers/crypto/virtio/virtio_rxtx.c @@ -264,6 +264,9 @@ virtqueue_crypto_sym_enqueue_xmit( if (cop->phys_addr) desc[idx].addr = cop->phys_addr + session->iv.offset; else { + if (session->iv.length > VIRTIO_CRYPTO_MAX_IV_SIZE) + return -ENOMEM; + rte_memcpy(crypto_op_cookie->iv, rte_crypto_op_ctod_offset(cop, uint8_t *, session->iv.offset), -- 2.30.2 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2022-02-28 21:17:55.451914896 +0000 +++ 0018-crypto-virtio-fix-out-of-bounds-access.patch 2022-02-28 21:17:53.856929582 +0000 @@ -1 +1 @@ -From a965e768065ae496c9a1c7a77545bc0f0f0e38e2 Mon Sep 17 00:00:00 2001 +From 2eb55ed0243f32abb1b089a7b771638100cbd413 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit a965e768065ae496c9a1c7a77545bc0f0f0e38e2 ] + @@ -10 +11,0 @@ -Cc: stable@dpdk.org @@ -19 +20 @@ -index a65524a306..08359b3a39 100644 +index e1cb4ad104..8b391a4fce 100644