From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A782AA00C5 for ; Wed, 20 Jul 2022 10:24:47 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9CF1641614; Wed, 20 Jul 2022 10:24:47 +0200 (CEST) Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1anam02on2078.outbound.protection.outlook.com [40.107.96.78]) by mails.dpdk.org (Postfix) with ESMTP id F05E34003C for ; Wed, 20 Jul 2022 10:24:45 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h+ZTaNRQmDNdMNw9vjN6sCs+/4TCaZS9epUpd2AG7qpsgHcGSePLmocwpVKkWjM9gqnSsiFjlIlBE6LdmwhlrLB0TgNo4r3ZAt3ak0PWSanyAJlg3mbKRjxCtPD1zKJshMFVHUKddsIIE3TXRuZhB/QLAiUMmnWrsvdI03IPrKpxz7RDF26ZpMhGmjsj7iA9Yfs9wxK9PvG192n29oneFrFXwAcsleRXEV63MmtEPMioXVTrPpsdEjsHeoemsTzhjbIg30Ick6X+WdmFtfr1zijiVpRsp9GSPO/cPJiRvAkI01iVRsSN9iEYmwgl6p4738k+bK7iSBN286Vn11hx5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bW5X99DPny8/WypW4H+S2Dt4LeFJcAcEenZGwoZB+1Q=; b=XesFcbxvqkhfDQ1IQX/msSKWORrhJUHSvmiJyfaQRQmywFShka+LqqvrnEPWmkemi8ZROXlXONm11wl0Io2F0pcGSnoSwExI/LD6Q+JLKBPlbAF/sR7ct4+rtDR1g156oyX5jrvi9NozUdCZ/vL2IxWK1U+iHKqYukX8jJHYS0pdBFvfEojrqUvpwOm20AZfPR87aFmupPybI5vLSKzVmdsruwh5Vt4DdWjIzhkVeaPoXnz1zUhCahkiN2RZfURwWK49oosUyqU90NtEjvN+1ZhgaF7Ft+6ncEVp9XU5snTtWMQPqNDaX86wJ5tXWXrzK75NxagjGUuVX26r9HpGfQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 12.22.5.238) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bW5X99DPny8/WypW4H+S2Dt4LeFJcAcEenZGwoZB+1Q=; b=p1x+RaTUgJVZ92fWTy+iLPJaw169lm5hgW11qHjPzBeT2OWTqgkpwCnTbMX8REQOGYKDNq/9p28hxEe2M4pgYnNNMnGDQfOmnmSYoGegkskBTjNTS2K2LtrHXeDsnkt2OZgARerzzhChMdwnkRWQz6xD5Yow+vcdfLXtRfyqJSEe8hu2HzdVA8puIznLVbmLEOGaLTDxerKsKGJBA50nKCtEeYzSTYG/UEDJ/eDZrFIh+2hD0O1Bb5olZX2f2YvwpagXdoxgZklEcrYfSp+XLEq+DVVrEHPuD2eAwk0erif8Oi6vCaJYcES3xY4WzpUfwjo2J4ZKOHQb8S0QnXUGRA== Received: from MW4PR04CA0067.namprd04.prod.outlook.com (2603:10b6:303:6b::12) by IA1PR12MB6257.namprd12.prod.outlook.com (2603:10b6:208:3e7::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.23; Wed, 20 Jul 2022 08:24:44 +0000 Received: from CO1NAM11FT034.eop-nam11.prod.protection.outlook.com (2603:10b6:303:6b:cafe::a4) by MW4PR04CA0067.outlook.office365.com (2603:10b6:303:6b::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.23 via Frontend Transport; Wed, 20 Jul 2022 08:24:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 12.22.5.238) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 12.22.5.238 as permitted sender) receiver=protection.outlook.com; client-ip=12.22.5.238; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (12.22.5.238) by CO1NAM11FT034.mail.protection.outlook.com (10.13.174.248) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.5458.17 via Frontend Transport; Wed, 20 Jul 2022 08:24:44 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by DRHQMAIL105.nvidia.com (10.27.9.14) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Wed, 20 Jul 2022 08:24:43 +0000 Received: from nvidia.com (10.126.231.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.26; Wed, 20 Jul 2022 01:24:42 -0700 From: Xueming Li To: Yunjian Wang CC: , Viacheslav Ovsiienko , "dpdk stable" Subject: patch 'net/mlx5: fix stack buffer overflow in drop action' has been queued to stable release 20.11.6 Date: Wed, 20 Jul 2022 11:21:03 +0300 Message-ID: <20220720082132.3954126-34-xuemingl@nvidia.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20220720082132.3954126-1-xuemingl@nvidia.com> References: <20220621080301.2315720-1-xuemingl@nvidia.com> <20220720082132.3954126-1-xuemingl@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.126.231.35] X-ClientProxiedBy: rnnvmail202.nvidia.com (10.129.68.7) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: bad6f56c-915a-450d-9140-08da6a294cfa X-MS-TrafficTypeDiagnostic: IA1PR12MB6257:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?e29DwBTdm5j+2VuhOeQNGTX7t7aHPwWOp6OAR/hI87eL7Rau7NGD2FjrTdar?= =?us-ascii?Q?Gm5TTkQxADnZZORqVUI8oz/8dcW4GgDvUGbekL4pP5y97X6RBMiXJO4BJBb0?= =?us-ascii?Q?eGuZR6L8lP/VuexB5vc16BByDeBDMMaNplEjRWPNoDxLuJfdr6+MEidP9zL2?= =?us-ascii?Q?yGQ9vlFUedC95xDx3//TRZP0HjxJvGqYynqFGiKFdFrE+8UuzcMEi6GOkbts?= =?us-ascii?Q?w9j8WkYOjtnIYsN8tNeoEIPM44ES8hfKb6RduEvZaQ6NsC/RLXOrATsEhfmu?= =?us-ascii?Q?lzdWvWF/kWbi05WFYa5m5DdDUD92DluJSvrBzf757fOl11IUQxHuzXlOoLP+?= =?us-ascii?Q?pafupZwKEzbBuXAbCmf4knpyZ1SFnigA28Mo+VnMjUO9Lg7mZFXVOkimlkRK?= =?us-ascii?Q?j9cmwxCl5SKBdCnlSHy2kiigD/GI+khrgLwr3EvGlGQz7jfy9LGUDoXk3MnS?= =?us-ascii?Q?gmz1HyvJH/pWDzvEecWId1GXG4R/PTY31aY4lr6GrDMkT4WYi50hVPjzt3PL?= =?us-ascii?Q?uExdZ48Jp785XzMKhMH15ZbjsygRTaaJNSMIgNEzPINRI+QlfZ1sO/7lu6s1?= =?us-ascii?Q?U/qr6/PmgvfCkBvRFTA009EzmtRs6+hYlOz38yWG0AwycW97km2Z7npJpQJR?= =?us-ascii?Q?0bR1JrD6pllJv8DmBLa8jVfm4Ce9V8eFpp6cg4IAkeyOm3hnsf0ApCfk5oba?= =?us-ascii?Q?XTJJd6rjFvS6qe2tPkVj4iPEsE0FGJmjAVyqeWA625XadQfbTx/qi0NB7/qJ?= =?us-ascii?Q?+R1UyMJavOb9+JtvPKmqUDcXa/rJ9f7L2OQ4xx9eNNj13dh37SvyZB8OKJfl?= =?us-ascii?Q?zEBlh2LuU+HgXGVjcJqptVvB25wHPCsB8B0NYXr6j3mKix0uLqHIf9dRMOAk?= =?us-ascii?Q?+I5eLRukEkQhrcGOoSEEeUqAOqso0U4UP0JESMK0C92yPjjG9lCy+opncSc9?= =?us-ascii?Q?nzlKsCrLAUgBQO+fe05TuQ=3D=3D?= X-Forefront-Antispam-Report: CIP:12.22.5.238; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:InfoNoRecords; CAT:NONE; SFS:(13230016)(4636009)(136003)(396003)(39860400002)(376002)(346002)(46966006)(40470700004)(36840700001)(40460700003)(5660300002)(2906002)(83380400001)(86362001)(8936002)(55016003)(53546011)(40480700001)(26005)(36860700001)(81166007)(6286002)(7696005)(82740400003)(966005)(6666004)(41300700001)(70206006)(478600001)(356005)(186003)(2616005)(1076003)(6916009)(336012)(54906003)(16526019)(316002)(8676002)(36756003)(4326008)(47076005)(70586007)(82310400005)(426003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jul 2022 08:24:44.2945 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bad6f56c-915a-450d-9140-08da6a294cfa X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[12.22.5.238]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT034.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6257 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 20.11.6 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 07/22/22. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/steevenlee/dpdk This queued commit can be viewed at: https://github.com/steevenlee/dpdk/commit/40538d0b04ca679aa426a4cfb20d1c7833be23b1 Thanks. Xueming Li --- >From 40538d0b04ca679aa426a4cfb20d1c7833be23b1 Mon Sep 17 00:00:00 2001 From: Yunjian Wang Date: Fri, 24 Dec 2021 11:06:19 +0800 Subject: [PATCH] net/mlx5: fix stack buffer overflow in drop action Cc: Xueming Li [ upstream commit a73b78554aee830605c8d8714239dc53fa443d5e ] The mlx5_drop_action_create function use mlx5_malloc for allocating 'hrxq', but don't allocate for 'rss_key'. This is wrong and it can cause buffer overflow. Detected with address sanitizer: 0 (/usr/lib64/libasan.so.4+0x7b8e2) 1 in mlx5_devx_tir_attr_set ../drivers/net/mlx5/mlx5_devx.c:765 2 in mlx5_devx_hrxq_new ../drivers/net/mlx5/mlx5_devx.c:800 3 in mlx5_devx_drop_action_create ../drivers/net/mlx5/mlx5_devx.c:1051 4 in mlx5_drop_action_create ../drivers/net/mlx5/mlx5_rxq.c:2846 5 in mlx5_dev_spawn ../drivers/net/mlx5/linux/mlx5_os.c:1743 6 in mlx5_os_pci_probe_pf ../drivers/net/mlx5/linux/mlx5_os.c:2501 7 in mlx5_os_pci_probe ../drivers/net/mlx5/linux/mlx5_os.c:2647 8 in mlx5_os_net_probe ../drivers/net/mlx5/linux/mlx5_os.c:2722 9 in drivers_probe ../drivers/common/mlx5/mlx5_common.c:657 10 in mlx5_common_dev_probe ../drivers/common/mlx5/mlx5_common.c:711 11 in mlx5_common_pci_probe ../drivers/common/mlx5/mlx5_common_pci.c:150 12 in rte_pci_probe_one_driver ../drivers/bus/pci/pci_common.c:269 13 in pci_probe_all_drivers ../drivers/bus/pci/pci_common.c:353 14 in pci_probe ../drivers/bus/pci/pci_common.c:380 15 in rte_bus_probe ../lib/eal/common/eal_common_bus.c:72 16 in rte_eal_init ../lib/eal/linux/eal.c:1286 17 in main ../app/test-pmd/testpmd.c:4112 Fixes: 0c762e81da9b ("net/mlx5: share Rx queue drop action code") Signed-off-by: Yunjian Wang Acked-by: Viacheslav Ovsiienko --- drivers/net/mlx5/mlx5_rxq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/mlx5/mlx5_rxq.c b/drivers/net/mlx5/mlx5_rxq.c index cb743a773c..ac7482c211 100644 --- a/drivers/net/mlx5/mlx5_rxq.c +++ b/drivers/net/mlx5/mlx5_rxq.c @@ -2554,7 +2554,7 @@ mlx5_drop_action_create(struct rte_eth_dev *dev) if (priv->drop_queue.hrxq) return priv->drop_queue.hrxq; - hrxq = mlx5_malloc(MLX5_MEM_ZERO, sizeof(*hrxq), 0, SOCKET_ID_ANY); + hrxq = mlx5_malloc(MLX5_MEM_ZERO, sizeof(*hrxq) + MLX5_RSS_HASH_KEY_LEN, 0, SOCKET_ID_ANY); if (!hrxq) { DRV_LOG(WARNING, "Port %u cannot allocate memory for drop queue.", -- 2.35.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2022-07-20 15:01:00.389183768 +0800 +++ 0034-net-mlx5-fix-stack-buffer-overflow-in-drop-action.patch 2022-07-20 15:00:58.741000448 +0800 @@ -1 +1 @@ -From a73b78554aee830605c8d8714239dc53fa443d5e Mon Sep 17 00:00:00 2001 +From 40538d0b04ca679aa426a4cfb20d1c7833be23b1 Mon Sep 17 00:00:00 2001 @@ -4,0 +5,3 @@ +Cc: Xueming Li + +[ upstream commit a73b78554aee830605c8d8714239dc53fa443d5e ] @@ -31 +33,0 @@ -Cc: stable@dpdk.org @@ -40 +42 @@ -index a2d03f9f67..eaf23d0df4 100644 +index cb743a773c..ac7482c211 100644 @@ -43 +45 @@ -@@ -3078,7 +3078,7 @@ mlx5_drop_action_create(struct rte_eth_dev *dev) +@@ -2554,7 +2554,7 @@ mlx5_drop_action_create(struct rte_eth_dev *dev)