From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A89AFA0093 for ; Wed, 9 Mar 2022 12:02:11 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A4F1440395; Wed, 9 Mar 2022 12:02:11 +0100 (CET) Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by mails.dpdk.org (Postfix) with ESMTP id 8BCBD40150 for ; Wed, 9 Mar 2022 12:02:09 +0100 (CET) Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 63A8A3F4C2 for ; Wed, 9 Mar 2022 11:02:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1646823729; bh=OxS86fVmBt7znYDnFhTVAAPfOJRebCIBpehNB/wdIf0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=AVynCL73V+BJ5hKul7z0uIWlAUVEW1wnO1TXmktlvJpxGIJU7ejVDeQUuMsp1nd/8 zGXih1xCeGBrfxFvkAYgFht1IFJxkSS8JQaZzC4auq/gctLlOK7iHdOgR9PdGmf+9A jYLnBsDy5yRKSCPyx95QdU0rngO4riHZQHlTGogNi3yMIzuTQUmAhqyfKLFkaOjQ78 px+EKBMYgwOsMoVorocpym4mQDWj26f9WKfn4ivUG0s+QRbdWc7GVGjYUi29dmPKSq RZTY0xjbbHTpiLlpsEm+n7z5Lh4yuOtF+vGY5AqI+VWQL8OC187X4z/i1Q/U27MbXJ l0MXIcUiSORTQ== Received: by mail-wm1-f71.google.com with SMTP id 187-20020a1c19c4000000b0037cc0d56524so2455658wmz.2 for ; Wed, 09 Mar 2022 03:02:09 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=OxS86fVmBt7znYDnFhTVAAPfOJRebCIBpehNB/wdIf0=; b=ydlofMAHbZjTQGV+YJ9Pao3dzSw9W+Qx5/XH2nXJ0XAAV3VnSgwZittkDxOFrLy1cA CmrcGmTlYbaMjBW9gbOwS+BbsIo3CZTBm/Dyx8ZQstx4hbnGkwqi4V1FHrcDjdvtUp0t KxnTZCdglKYh/C4vgpE+nqnrplJuoqmmYPdoGj5j1eHaenk5ptCXTDjWkrBVvtlpgdmP kPxeQzu/tlr1YiAMwPIp+t9U5HKPMWH5hp7q0mhBeeG/fwgHUXEawjz6qEgyWKNB/r0b mbftu2RdEQ6BIt14tePhB3SI4BkjEzJK/jJUYajgTMkuroPTiK2Jtk05g9iiLI+3NnKm 9EAg== X-Gm-Message-State: AOAM531xrfULNzYqUBGjxqI+sjj6AALWLbJAAJKZPu0OHEaEFrSZ0GfV XQOvn6NjdmelBb8rtomb7qAWQrbyEJRHyoEkSZYCMNxOyujU0V0jw+cs84Dd8YJrHag6dcpKID2 VCPFlNY6hHa9/mc72Doghg0Ph X-Received: by 2002:a05:6000:186d:b0:1ea:8e14:21c5 with SMTP id d13-20020a056000186d00b001ea8e1421c5mr15006450wri.635.1646823729058; Wed, 09 Mar 2022 03:02:09 -0800 (PST) X-Google-Smtp-Source: ABdhPJxmTreaJmKUIBxFPZnSQ0l2iAATRVwCla69bL0I0Ef2UN373Yv9YJxXEtG3yIMfyhzVx3Er7w== X-Received: by 2002:a05:6000:186d:b0:1ea:8e14:21c5 with SMTP id d13-20020a056000186d00b001ea8e1421c5mr15006431wri.635.1646823728800; Wed, 09 Mar 2022 03:02:08 -0800 (PST) Received: from localhost.localdomain (068-133-067-156.ip-addr.inexio.net. [156.67.133.68]) by smtp.gmail.com with ESMTPSA id l12-20020a05600012cc00b001f059bcbd7asm1332253wrx.31.2022.03.09.03.02.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Mar 2022 03:02:08 -0800 (PST) From: christian.ehrhardt@canonical.com To: Brian Dooley Cc: Fan Zhang , dpdk stable Subject: patch 'crypto/virtio: fix out-of-bounds access' has been queued to stable release 19.11.12 Date: Wed, 9 Mar 2022 12:00:42 +0100 Message-Id: <20220309110116.1295395-11-christian.ehrhardt@canonical.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220309110116.1295395-1-christian.ehrhardt@canonical.com> References: <20220309110116.1295395-1-christian.ehrhardt@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 19.11.12 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 03/11/22. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/cpaelzer/dpdk-stable-queue This queued commit can be viewed at: https://github.com/cpaelzer/dpdk-stable-queue/commit/c641b9a173db73e754e3870125c3279257790df5 Thanks. Christian Ehrhardt --- >From c641b9a173db73e754e3870125c3279257790df5 Mon Sep 17 00:00:00 2001 From: Brian Dooley Date: Tue, 22 Feb 2022 09:54:51 +0000 Subject: [PATCH] crypto/virtio: fix out-of-bounds access [ upstream commit a965e768065ae496c9a1c7a77545bc0f0f0e38e2 ] Coverity flags an untrusted loop bound. Check length of session iv. Coverity issue: 375802 Fixes: b063e843fa03 ("crypto/virtio: fix IV physical address") Signed-off-by: Brian Dooley Acked-by: Fan Zhang --- drivers/crypto/virtio/virtio_rxtx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c index e9a63cb5a0..89e544e59c 100644 --- a/drivers/crypto/virtio/virtio_rxtx.c +++ b/drivers/crypto/virtio/virtio_rxtx.c @@ -264,6 +264,9 @@ virtqueue_crypto_sym_enqueue_xmit( if (cop->phys_addr) desc[idx].addr = cop->phys_addr + session->iv.offset; else { + if (session->iv.length > VIRTIO_CRYPTO_MAX_IV_SIZE) + return -ENOMEM; + rte_memcpy(crypto_op_cookie->iv, rte_crypto_op_ctod_offset(cop, uint8_t *, session->iv.offset), -- 2.35.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2022-03-09 11:57:43.960305307 +0100 +++ 0011-crypto-virtio-fix-out-of-bounds-access.patch 2022-03-09 11:57:43.336938030 +0100 @@ -1 +1 @@ -From a965e768065ae496c9a1c7a77545bc0f0f0e38e2 Mon Sep 17 00:00:00 2001 +From c641b9a173db73e754e3870125c3279257790df5 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit a965e768065ae496c9a1c7a77545bc0f0f0e38e2 ] + @@ -10 +11,0 @@ -Cc: stable@dpdk.org @@ -19 +20 @@ -index a65524a306..08359b3a39 100644 +index e9a63cb5a0..89e544e59c 100644