From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id DF478A034F for ; Tue, 1 Mar 2022 11:44:05 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D95CD426DF; Tue, 1 Mar 2022 11:44:05 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mails.dpdk.org (Postfix) with ESMTP id 942A1407FF for ; Tue, 1 Mar 2022 11:44:04 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646131444; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rhuyarhIPDPl2m6QzHQIPu+h7uiKsMCiygB6QbDcC2U=; b=X19dyRg8LvSuXbcOZ1DyCSXw0sQGzsL8bPR13Gxt6V0yBxCc0yZefWDMBih11cBZ1S6WOL DeAzHk+fMiltAbGH4up+Mg6Kct1F88qZZ+zEdFbFCE1vZ3cOmjxSpE4gMK9Lxh2dhPfYJX hkOFexnAQhbB0NBXjd/BpWwJwxJTipo= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-647-k62wGURjPxydC7DPQKAd2Q-1; Tue, 01 Mar 2022 05:44:01 -0500 X-MC-Unique: k62wGURjPxydC7DPQKAd2Q-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A7F42801DDC; Tue, 1 Mar 2022 10:44:00 +0000 (UTC) Received: from rh.Home (unknown [10.39.194.142]) by smtp.corp.redhat.com (Postfix) with ESMTP id 84391752D1; Tue, 1 Mar 2022 10:43:59 +0000 (UTC) From: Kevin Traynor To: Brian Dooley Cc: Fan Zhang , dpdk stable Subject: patch 'crypto/virtio: fix out-of-bounds access' has been queued to stable release 21.11.1 Date: Tue, 1 Mar 2022 10:41:47 +0000 Message-Id: <20220301104300.334382-31-ktraynor@redhat.com> In-Reply-To: <20220301104300.334382-1-ktraynor@redhat.com> References: <20220301104300.334382-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=ktraynor@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 21.11.1 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 03/06/22. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable/commit/9c67637c8cd498e9275572170b5595c3c824015f Thanks. Kevin --- >From 9c67637c8cd498e9275572170b5595c3c824015f Mon Sep 17 00:00:00 2001 From: Brian Dooley Date: Tue, 22 Feb 2022 09:54:51 +0000 Subject: [PATCH] crypto/virtio: fix out-of-bounds access [ upstream commit a965e768065ae496c9a1c7a77545bc0f0f0e38e2 ] Coverity flags an untrusted loop bound. Check length of session iv. Coverity issue: 375802 Fixes: b063e843fa03 ("crypto/virtio: fix IV physical address") Signed-off-by: Brian Dooley Acked-by: Fan Zhang --- drivers/crypto/virtio/virtio_rxtx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c index a65524a306..08359b3a39 100644 --- a/drivers/crypto/virtio/virtio_rxtx.c +++ b/drivers/crypto/virtio/virtio_rxtx.c @@ -265,4 +265,7 @@ virtqueue_crypto_sym_enqueue_xmit( desc[idx].addr = cop->phys_addr + session->iv.offset; else { + if (session->iv.length > VIRTIO_CRYPTO_MAX_IV_SIZE) + return -ENOMEM; + rte_memcpy(crypto_op_cookie->iv, rte_crypto_op_ctod_offset(cop, -- 2.34.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2022-03-01 10:41:02.192034135 +0000 +++ 0031-crypto-virtio-fix-out-of-bounds-access.patch 2022-03-01 10:41:01.285244094 +0000 @@ -1 +1 @@ -From a965e768065ae496c9a1c7a77545bc0f0f0e38e2 Mon Sep 17 00:00:00 2001 +From 9c67637c8cd498e9275572170b5595c3c824015f Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit a965e768065ae496c9a1c7a77545bc0f0f0e38e2 ] + @@ -10 +11,0 @@ -Cc: stable@dpdk.org