From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B090043829 for ; Fri, 8 Mar 2024 15:32:15 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A9D024337B; Fri, 8 Mar 2024 15:32:15 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mails.dpdk.org (Postfix) with ESMTP id 44DDD40E2D for ; Fri, 8 Mar 2024 15:32:13 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709908332; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Mi8rCwNkitxfWDPydvwvMxsSiPKkto063m24R1kUGZ8=; b=Zuzjvaqat73UxGfcMyxGpVgA/ZzCANhotT6RWqTi1Z+NJa0VP1E0ZJfRtJFHhFvQzvl1J2 1too+TVqdPmuwU6NFPjXNOsuEalddGmDi0yUvQJJVg00uccOXBKbJBN69YRFzsYdY3YlhE 0appx0iXiFjd5sQIOuXVpWS4jp5WDhQ= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-543-ykGP5_sxM8itzmLcj5kfYg-1; Fri, 08 Mar 2024 09:32:09 -0500 X-MC-Unique: ykGP5_sxM8itzmLcj5kfYg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2A11C3801F4D; Fri, 8 Mar 2024 14:32:09 +0000 (UTC) Received: from rh.redhat.com (unknown [10.39.194.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id 620FD37FC; Fri, 8 Mar 2024 14:32:05 +0000 (UTC) From: Kevin Traynor To: Satheesh Paul Cc: Harman Kalra , dpdk stable Subject: patch 'common/cnxk: fix possible out-of-bounds access' has been queued to stable release 21.11.7 Date: Fri, 8 Mar 2024 14:28:11 +0000 Message-ID: <20240308142824.528417-23-ktraynor@redhat.com> In-Reply-To: <20240308142824.528417-1-ktraynor@redhat.com> References: <20240308142824.528417-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 21.11.7 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 03/13/24. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable/commit/2556c2392211794f334b4ea6529c11be64d6f17b Thanks. Kevin --- >From 2556c2392211794f334b4ea6529c11be64d6f17b Mon Sep 17 00:00:00 2001 From: Satheesh Paul Date: Fri, 1 Mar 2024 09:05:34 +0530 Subject: [PATCH] common/cnxk: fix possible out-of-bounds access [ upstream commit 9a92937cf0c836b7f2b5e303523279ddf9473a35 ] The subtraction expression in mbox_memcpy() can wrap around causing an out-of-bounds access. Added a check on 'size' to fix this. Coverity issue: 384431, 384439 Fixes: 585bb3e538f9 ("common/cnxk: add VF support to base device class") Signed-off-by: Satheesh Paul Reviewed-by: Harman Kalra --- drivers/common/cnxk/roc_dev.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/common/cnxk/roc_dev.c b/drivers/common/cnxk/roc_dev.c index f45078568f..0fbfa8db7c 100644 --- a/drivers/common/cnxk/roc_dev.c +++ b/drivers/common/cnxk/roc_dev.c @@ -449,4 +449,6 @@ pf_vf_mbox_send_up_msg(struct dev *dev, void *rec_msg) size = PLT_ALIGN(mbox_id2size(msg->hdr.id), MBOX_MSG_ALIGN); + if (size < sizeof(struct mbox_msghdr)) + return; /* Send UP message to all VF's */ for (vf = 0; vf < vf_mbox->ndevs; vf++) { -- 2.43.2 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2024-03-08 13:47:49.713316282 +0000 +++ 0023-common-cnxk-fix-possible-out-of-bounds-access.patch 2024-03-08 13:47:49.021686672 +0000 @@ -1 +1 @@ -From 9a92937cf0c836b7f2b5e303523279ddf9473a35 Mon Sep 17 00:00:00 2001 +From 2556c2392211794f334b4ea6529c11be64d6f17b Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 9a92937cf0c836b7f2b5e303523279ddf9473a35 ] + @@ -12 +13,0 @@ -Cc: stable@dpdk.org @@ -21 +22 @@ -index 084343c3b4..14aff233d5 100644 +index f45078568f..0fbfa8db7c 100644 @@ -24 +25 @@ -@@ -503,4 +503,6 @@ pf_vf_mbox_send_up_msg(struct dev *dev, void *rec_msg) +@@ -449,4 +449,6 @@ pf_vf_mbox_send_up_msg(struct dev *dev, void *rec_msg)