From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2C66E433AC for ; Thu, 23 Nov 2023 17:17:23 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 26D9B42F99; Thu, 23 Nov 2023 17:17:23 +0100 (CET) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mails.dpdk.org (Postfix) with ESMTP id 4E50E42F0B for ; Thu, 23 Nov 2023 17:17:20 +0100 (CET) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-40907b82ab9so12192275e9.1 for ; Thu, 23 Nov 2023 08:17:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1700756240; x=1701361040; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dMhsf5hQGixC77Eu3VFBeu7tqpT0EccySipjcZbibC4=; b=kq1tL9FVRehA4MLMP3gJsHmtqzi7H02b9vMi+zEihA8gt2/gC+tP3XrpijMjqiWLCE N+LqrKuaOdhPIaVDs+M/8rBU6hHuA+Ld9dBZw/hDRId77KUONZWYuqTeH04Y4yebTOJO VJPZXqeL0PwvYDUP9+22YPOx4ZXRqbK37frKmi16Q6nm+6V32IT/EwINgpGk70ZchE9I ZA+VLT3GVBsdepa4xV7Iv4+E1MDzx4auWL9v4jtW9y0pytHQQS8UhYf9AguSs2B95cZ3 raVQM6BvBfOCLih18BD9cjrlYT/+R3Pbzk+N32C+TBzBl3nLHzuHqdjPPw5pEASpk5uY YbMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700756240; x=1701361040; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dMhsf5hQGixC77Eu3VFBeu7tqpT0EccySipjcZbibC4=; b=u5vayBl3jD2ln6oRwoGiA+jrTxHNSuI0J9ThXTWlWwRHeSJ6NxwTLfkemGOu63u18R cwjVI8rPeRffqml4zVG1TOkb68yvi7LkGi4txd6LdWSIsUqce/qOQ/FvTgcTKnnYY65X lV1gel0XBn/uVTj3hDW0sjo7mTwODVKT9a15hHOU81pRffj2eTX0tThItfOZuCfWfiKc XuhrJ7+9UM3Yoz9r/VlUii7f/Zdhqi9te252Bslm5thevHecs6/mY5vzvHbz3FSCig9U tWo88PDpm0sWbBfLp0FI1ihwN9jBiNu8OuPbPA7FpOLlYsQEHrxvKBw794OmCNffIMcA ICmQ== X-Gm-Message-State: AOJu0YyNiPbwrTEZuCODhQeKteZQL4K42zijb8+vB3l7itpTO5K8nztz o9kTmUV2EIaoQmvj3Hxfc4g= X-Google-Smtp-Source: AGHT+IFfL27dMHUoxRYEjWblpOkdC5WYJCErXH7716cc7XXAAjgxbIwKHtXSHYwqOmZOdonawQKjNw== X-Received: by 2002:a05:600c:46d4:b0:3ff:516b:5c4c with SMTP id q20-20020a05600c46d400b003ff516b5c4cmr2995189wmo.18.1700756239837; Thu, 23 Nov 2023 08:17:19 -0800 (PST) Received: from localhost ([2a01:4b00:d307:1000:f1d3:eb5e:11f4:a7d9]) by smtp.gmail.com with ESMTPSA id r4-20020a05600c458400b0040648217f4fsm3101990wmo.39.2023.11.23.08.17.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Nov 2023 08:17:19 -0800 (PST) From: luca.boccassi@gmail.com To: Brian Dooley Cc: dpdk stable Subject: patch 'examples/ipsec-secgw: fix partial overflow' has been queued to stable release 20.11.10 Date: Thu, 23 Nov 2023 16:17:04 +0000 Message-Id: <20231123161709.670852-4-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20231123161709.670852-1-luca.boccassi@gmail.com> References: <20231115114515.2355140-16-luca.boccassi@gmail.com> <20231123161709.670852-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 20.11.10 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 11/25/23. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/bluca/dpdk-stable This queued commit can be viewed at: https://github.com/bluca/dpdk-stable/commit/b7030fdd80bc8f64af4d5ec43c89f1658e1b49ce Thanks. Luca Boccassi --- >From b7030fdd80bc8f64af4d5ec43c89f1658e1b49ce Mon Sep 17 00:00:00 2001 From: Brian Dooley Date: Wed, 15 Nov 2023 12:31:01 +0000 Subject: [PATCH] examples/ipsec-secgw: fix partial overflow [ upstream commit ae9267a67e9030c1b069b0df69924aaca17683bb ] Case of partial overflow detected with ASan. Added extra padding to cdev_key structure. This structure is used for the key in hash table. Padding is added to force the struct to use 8 bytes, to ensure memory is notread past this structs boundary (the hash key calculation reads 8 bytes if this struct is size 5 bytes). The padding should be zeroed. If fields are modified in this struct, the padding must be updated to ensure multiple of 8 bytes size overall. Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application") Signed-off-by: Brian Dooley --- examples/ipsec-secgw/ipsec.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index 7031e28c46..19d94519b1 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -224,11 +224,18 @@ struct ipsec_ctx { uint64_t ipv6_offloads; }; +/* + * This structure is used for the key in hash table. + * Padding is to force the struct to use 8 bytes, + * to ensure memory is not read past this structs boundary + * (hash key calculation reads 8 bytes if this struct is size 5 bytes). + */ struct cdev_key { uint16_t lcore_id; uint8_t cipher_algo; uint8_t auth_algo; uint8_t aead_algo; + uint8_t padding[3]; /* padding to 8-byte size should be zeroed */ }; struct socket_ctx { -- 2.39.2 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2023-11-23 16:15:19.381887126 +0000 +++ 0004-examples-ipsec-secgw-fix-partial-overflow.patch 2023-11-23 16:15:19.215058380 +0000 @@ -1 +1 @@ -From ae9267a67e9030c1b069b0df69924aaca17683bb Mon Sep 17 00:00:00 2001 +From b7030fdd80bc8f64af4d5ec43c89f1658e1b49ce Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit ae9267a67e9030c1b069b0df69924aaca17683bb ] + @@ -18 +19,0 @@ -Cc: stable@dpdk.org @@ -26 +27 @@ -index 5059418456..bdcada1c40 100644 +index 7031e28c46..19d94519b1 100644 @@ -29,3 +30,3 @@ -@@ -249,11 +249,18 @@ struct offloads { - - extern struct offloads tx_offloads; +@@ -224,11 +224,18 @@ struct ipsec_ctx { + uint64_t ipv6_offloads; + };