From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1504943699 for ; Thu, 7 Dec 2023 12:21:37 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1051942EEA; Thu, 7 Dec 2023 12:21:37 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mails.dpdk.org (Postfix) with ESMTP id 7F4AF4025C for ; Thu, 7 Dec 2023 12:21:35 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1701948095; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JJBRWTg80BhviQaI56/8gtimN9WCZMqTH3wbjLolOKw=; b=BBT2aQRKnTMa+EtJLAjm2kcBvmIYJWYOWZsYOQhtBGPahGzQjaXAsvMEFngLUjpmjkcJ7u pHrzJRZxs6kcyXsfz39HXS8lDU/PUje2HFzB8x0ED+GmlWBGUwEsfPQ4g/QvxtFxVHRV8v de5Qii+S/odj7kySC0X6QU8daBRMfKc= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-128-Lex7aFxXMFCU4B4R4hpNyA-1; Thu, 07 Dec 2023 06:21:31 -0500 X-MC-Unique: Lex7aFxXMFCU4B4R4hpNyA-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 23AE985A58C; Thu, 7 Dec 2023 11:21:31 +0000 (UTC) Received: from rh.Home (unknown [10.39.192.7]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4C82BC18572; Thu, 7 Dec 2023 11:21:30 +0000 (UTC) From: Kevin Traynor To: Brian Dooley Cc: dpdk stable Subject: patch 'examples/ipsec-secgw: fix partial overflow' has been queued to stable release 21.11.6 Date: Thu, 7 Dec 2023 11:20:58 +0000 Message-ID: <20231207112116.769502-6-ktraynor@redhat.com> In-Reply-To: <20231207112116.769502-1-ktraynor@redhat.com> References: <20231207112116.769502-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 21.11.6 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 12/12/23. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable/commit/e39929c86840f6941bd8274a41c2872916cd5ad9 Thanks. Kevin --- >From e39929c86840f6941bd8274a41c2872916cd5ad9 Mon Sep 17 00:00:00 2001 From: Brian Dooley Date: Wed, 15 Nov 2023 12:31:01 +0000 Subject: [PATCH] examples/ipsec-secgw: fix partial overflow [ upstream commit ae9267a67e9030c1b069b0df69924aaca17683bb ] Case of partial overflow detected with ASan. Added extra padding to cdev_key structure. This structure is used for the key in hash table. Padding is added to force the struct to use 8 bytes, to ensure memory is notread past this structs boundary (the hash key calculation reads 8 bytes if this struct is size 5 bytes). The padding should be zeroed. If fields are modified in this struct, the padding must be updated to ensure multiple of 8 bytes size overall. Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application") Signed-off-by: Brian Dooley --- examples/ipsec-secgw/ipsec.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index bc87b1a51d..080579c51a 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -233,4 +233,10 @@ struct ipsec_ctx { }; +/* + * This structure is used for the key in hash table. + * Padding is to force the struct to use 8 bytes, + * to ensure memory is not read past this structs boundary + * (hash key calculation reads 8 bytes if this struct is size 5 bytes). + */ struct cdev_key { uint16_t lcore_id; @@ -238,4 +244,5 @@ struct cdev_key { uint8_t auth_algo; uint8_t aead_algo; + uint8_t padding[3]; /* padding to 8-byte size should be zeroed */ }; -- 2.43.0 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2023-12-07 11:18:59.775295940 +0000 +++ 0006-examples-ipsec-secgw-fix-partial-overflow.patch 2023-12-07 11:18:59.615873886 +0000 @@ -1 +1 @@ -From ae9267a67e9030c1b069b0df69924aaca17683bb Mon Sep 17 00:00:00 2001 +From e39929c86840f6941bd8274a41c2872916cd5ad9 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit ae9267a67e9030c1b069b0df69924aaca17683bb ] + @@ -18 +19,0 @@ -Cc: stable@dpdk.org @@ -26 +27 @@ -index 5059418456..bdcada1c40 100644 +index bc87b1a51d..080579c51a 100644 @@ -29,2 +30,2 @@ -@@ -250,4 +250,10 @@ struct offloads { - extern struct offloads tx_offloads; +@@ -233,4 +233,10 @@ struct ipsec_ctx { + }; @@ -40 +41 @@ -@@ -255,4 +261,5 @@ struct cdev_key { +@@ -238,4 +244,5 @@ struct cdev_key {