patch 'examples/ipsec-secgw: fix partial overflow' has been queued to stable release 21.11.6

[Kevin Traynor <ktraynor@redhat.com>]

Hi,

FYI, your patch has been queued to stable release 21.11.6

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 12/12/23. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/e39929c86840f6941bd8274a41c2872916cd5ad9

Thanks.

Kevin

---
From e39929c86840f6941bd8274a41c2872916cd5ad9 Mon Sep 17 00:00:00 2001
From: Brian Dooley <brian.dooley@intel.com>
Date: Wed, 15 Nov 2023 12:31:01 +0000
Subject: [PATCH] examples/ipsec-secgw: fix partial overflow

[ upstream commit ae9267a67e9030c1b069b0df69924aaca17683bb ]

Case of partial overflow detected with ASan.
Added extra padding to cdev_key structure.

This structure is used for the key in hash table.
Padding is added to force the struct to use 8 bytes,
to ensure memory is notread past this structs boundary
(the hash key calculation reads 8 bytes if this struct is size 5 bytes).
The padding should be zeroed.
If fields are modified in this struct, the padding must be updated to
ensure multiple of 8 bytes size overall.

Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
 examples/ipsec-secgw/ipsec.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index bc87b1a51d..080579c51a 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -233,4 +233,10 @@ struct ipsec_ctx {
 };
 
+/*
+ * This structure is used for the key in hash table.
+ * Padding is to force the struct to use 8 bytes,
+ * to ensure memory is not read past this structs boundary
+ * (hash key calculation reads 8 bytes if this struct is size 5 bytes).
+ */
 struct cdev_key {
 	uint16_t lcore_id;
@@ -238,4 +244,5 @@ struct cdev_key {
 	uint8_t auth_algo;
 	uint8_t aead_algo;
+	uint8_t padding[3]; /* padding to 8-byte size should be zeroed */
 };
 
-- 
2.43.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2023-12-07 11:18:59.775295940 +0000
+++ 0006-examples-ipsec-secgw-fix-partial-overflow.patch	2023-12-07 11:18:59.615873886 +0000
@@ -1 +1 @@
-From ae9267a67e9030c1b069b0df69924aaca17683bb Mon Sep 17 00:00:00 2001
+From e39929c86840f6941bd8274a41c2872916cd5ad9 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit ae9267a67e9030c1b069b0df69924aaca17683bb ]
+
@@ -18 +19,0 @@
-Cc: stable@dpdk.org
@@ -26 +27 @@
-index 5059418456..bdcada1c40 100644
+index bc87b1a51d..080579c51a 100644
@@ -29,2 +30,2 @@
-@@ -250,4 +250,10 @@ struct offloads {
- extern struct offloads tx_offloads;
+@@ -233,4 +233,10 @@ struct ipsec_ctx {
+ };
@@ -40 +41 @@
-@@ -255,4 +261,5 @@ struct cdev_key {
+@@ -238,4 +244,5 @@ struct cdev_key {