From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 56F9E468E4
	for <public@inbox.dpdk.org>; Thu, 12 Jun 2025 23:10:50 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 5175142E5E;
	Thu, 12 Jun 2025 23:10:50 +0200 (CEST)
Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com
 [209.85.221.44]) by mails.dpdk.org (Postfix) with ESMTP id A306B42E0C
 for <stable@dpdk.org>; Thu, 12 Jun 2025 23:10:48 +0200 (CEST)
Received: by mail-wr1-f44.google.com with SMTP id
 ffacd0b85a97d-3a4fd1ba177so969128f8f.0
 for <stable@dpdk.org>; Thu, 12 Jun 2025 14:10:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1749762648; x=1750367448; darn=dpdk.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=FKU3/8wTcJXvHW37vyAY3cZcYWytKBc5DoqHGMnrWj4=;
 b=RhdMgBrU6DlsGpAPTVxXOQYWr9Ri+yCQCVR79ujnZB/oEUwzb6Z6VoJvzRcJaP2ovk
 no7APvYsq90BaheWyAu2bL7vi5m7zfxCxgxco4BEC4Qq/czkTHrV3QYfiqgGQKWwvPmD
 USMPMt0zSrIAb5n8T9OA6ktyoMzRtuAzUvOpNI6B9uKVWlFmnibVQXOJhHdRr/LqSan9
 eTPLpUmdf3EonsfTntKGhUbFf5WGW54ponb5pHUg7F5TJX+vpp6MuQH3eap4KbLuO2H0
 7f2Yd5sgLVomLEMwfRSGMjY9k8rrEpYoSshYp2TtaPcHprtxiL/X3vsFGLIVBTPWimRJ
 kiaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1749762648; x=1750367448;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=FKU3/8wTcJXvHW37vyAY3cZcYWytKBc5DoqHGMnrWj4=;
 b=ubYGriiaHyE+u7iNjHDl0EeO/S53YPxvTJQd2hhZ6kPZMTSx3wK+STAJIO9B5tVDmV
 vQkBh0D5YK+jClVQWRWe5g7itsHdEWslPH58P9DysYu7UN4ZEf0OIrwHOzWkaWhds63I
 PgHATA7DEhnONTkOFO3NrvCvUBR8SOHJCjdSNzLbW6SL0f9H9cjJqVJ+l4q86d3bedJX
 6DbYu1YKAIj6oP+/LIhJiGZ3IBBAjyDVGrS1gwI4XxQ1P5fPm3TnqfHBpKXbwm2oaS6m
 G7m22IRxgHNBYcNuyosAB6rs8T82IgMlc0ZXG1zjG3zsFEC1AsVqip38iFvCwJjpQMWE
 krDA==
X-Forwarded-Encrypted: i=1;
 AJvYcCWOFLp2I2ioHngsRbzJ46bZxf/kJPA4k05E0xgGsatM6Vc6rK2wg/uQ4vd3qJ4iPlC1DcO7Q+A=@dpdk.org
X-Gm-Message-State: AOJu0YyKBvQaV5oHmeo5b6yeT0Wbof5ahrlufYPKRd0OLI4QsP/4T6sS
 KF+AVA8GztaTtoNL4j7j/KU6tPxqhpkwRsdP8+358ZoXo3MJhBFilili
X-Gm-Gg: ASbGncsnCqwRBP92sGJVrKIKDMIhEqOswOmbD9mu7px0ppqpgWPfmF0y05OOVuZoqLO
 yC42ySfl1dFMEXyMZpfoyKgTZpUsp7KeG7nC+RnbOxbmgL0TaA96ma+gM67ZGbQnDwuP3PrjL4S
 U1zvMFCu3V36bhqX7pMTllmxzeDCf1W1ES1IhcB8w9vUpghRGIMqub3EZYTSl21XXYtUsfyV96T
 0n7q8Q+Bek7epv1hZBgkqsz/DVIa4tP9uiOk6Hr//qU3Di5dbT8/UWXgyRNs+gyJ7kotKHkAwBL
 MKDEo6KSMDj5ynA5HkQnn/h2QfyNZkEy9tYd6/O7GSC8SBlY53/+s1rjCl4ludUosVb/
X-Google-Smtp-Source: AGHT+IEyN191o6/HbOHATBoV728Qwv7A9Irlp7xDDFHaaZJGb1hwFE6dvjaXI1/odV6vBJug9heLKw==
X-Received: by 2002:a05:6000:430b:b0:3a4:d038:cb9b with SMTP id
 ffacd0b85a97d-3a56a2cb356mr53387f8f.7.1749762648201; 
 Thu, 12 Jun 2025 14:10:48 -0700 (PDT)
Received: from localhost ([2a01:4b00:d036:ae00:f2df:571a:ae4c:bef2])
 by smtp.gmail.com with UTF8SMTPSA id
 ffacd0b85a97d-3a568b08c7csm382951f8f.50.2025.06.12.14.10.47
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 12 Jun 2025 14:10:47 -0700 (PDT)
From: luca.boccassi@gmail.com
To: Radu Nicolau <radu.nicolau@intel.com>
Cc: Fan Zhang <fanzhang.oss@gmail.com>, Yu Jiang <yux.jiang@intel.com>,
 dpdk stable <stable@dpdk.org>
Subject: patch 'crypto/virtio: add request check on request side' has been
 queued to stable release 22.11.9
Date: Thu, 12 Jun 2025 22:07:14 +0100
Message-ID: <20250612210733.2506558-57-luca.boccassi@gmail.com>
X-Mailer: git-send-email 2.47.2
In-Reply-To: <20250612210733.2506558-1-luca.boccassi@gmail.com>
References: <20250612210733.2506558-1-luca.boccassi@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Hi,

FYI, your patch has been queued to stable release 22.11.9

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 06/14/25. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/bluca/dpdk-stable

This queued commit can be viewed at:
https://github.com/bluca/dpdk-stable/commit/1bb460c2f84aecae79002005fd5a5b1196e817ac

Thanks.

Luca Boccassi

---
>From 1bb460c2f84aecae79002005fd5a5b1196e817ac Mon Sep 17 00:00:00 2001
From: Radu Nicolau <radu.nicolau@intel.com>
Date: Fri, 23 May 2025 14:04:50 +0000
Subject: [PATCH] crypto/virtio: add request check on request side

[ upstream commit 9771f037ec8c6592126be49ca50953d1a14a0335 ]

Add same request checks on the request side.

Fixes: b2866f473369 ("vhost/crypto: fix missed request check for copy mode")

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Fan Zhang <fanzhang.oss@gmail.com>
Tested-by: Yu Jiang <yux.jiang@intel.com>
---
 drivers/crypto/virtio/virtio_rxtx.c | 41 +++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
index 01977c7ec4..b18b50428d 100644
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -107,6 +107,41 @@ virtqueue_dequeue_burst_rx(struct virtqueue *vq,
 	return i;
 }
 
+
+static __rte_always_inline uint8_t
+virtqueue_crypto_check_cipher_request(struct virtio_crypto_cipher_data_req *req)
+{
+	if (likely((req->para.iv_len <= VIRTIO_CRYPTO_MAX_IV_SIZE) &&
+		(req->para.src_data_len <= RTE_MBUF_DEFAULT_BUF_SIZE) &&
+		(req->para.dst_data_len >= req->para.src_data_len) &&
+		(req->para.dst_data_len <= RTE_MBUF_DEFAULT_BUF_SIZE)))
+		return VIRTIO_CRYPTO_OK;
+	return VIRTIO_CRYPTO_BADMSG;
+}
+
+static __rte_always_inline uint8_t
+virtqueue_crypto_check_chain_request(struct virtio_crypto_alg_chain_data_req *req)
+{
+	if (likely((req->para.iv_len <= VIRTIO_CRYPTO_MAX_IV_SIZE) &&
+		(req->para.src_data_len <= RTE_MBUF_DEFAULT_BUF_SIZE) &&
+		(req->para.dst_data_len >= req->para.src_data_len) &&
+		(req->para.dst_data_len <= RTE_MBUF_DEFAULT_BUF_SIZE) &&
+		(req->para.cipher_start_src_offset <
+			RTE_MBUF_DEFAULT_BUF_SIZE) &&
+		(req->para.len_to_cipher <= RTE_MBUF_DEFAULT_BUF_SIZE) &&
+		(req->para.hash_start_src_offset <
+			RTE_MBUF_DEFAULT_BUF_SIZE) &&
+		(req->para.len_to_hash <= RTE_MBUF_DEFAULT_BUF_SIZE) &&
+		(req->para.cipher_start_src_offset + req->para.len_to_cipher <=
+			req->para.src_data_len) &&
+		(req->para.hash_start_src_offset + req->para.len_to_hash <=
+			req->para.src_data_len) &&
+		(req->para.dst_data_len + req->para.hash_result_len <=
+			RTE_MBUF_DEFAULT_BUF_SIZE)))
+		return VIRTIO_CRYPTO_OK;
+	return VIRTIO_CRYPTO_BADMSG;
+}
+
 static int
 virtqueue_crypto_sym_pkt_header_arrange(
 		struct rte_crypto_op *cop,
@@ -142,6 +177,9 @@ virtqueue_crypto_sym_pkt_header_arrange(
 				sym_op->cipher.data.offset);
 		req_data->u.sym_req.u.cipher.para.dst_data_len =
 			req_data->u.sym_req.u.cipher.para.src_data_len;
+		if (virtqueue_crypto_check_cipher_request(
+			&req_data->u.sym_req.u.cipher) != VIRTIO_CRYPTO_OK)
+			return -1;
 		break;
 	case VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING:
 		req_data->u.sym_req.op_type =
@@ -181,6 +219,9 @@ virtqueue_crypto_sym_pkt_header_arrange(
 			VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH)
 			req_data->u.sym_req.u.chain.para.hash_result_len =
 				chain_para->u.mac_param.hash_result_len;
+		if (virtqueue_crypto_check_chain_request(
+			&req_data->u.sym_req.u.chain) != VIRTIO_CRYPTO_OK)
+			return -1;
 		break;
 	default:
 		return -1;
-- 
2.47.2

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2025-06-12 22:06:25.953490628 +0100
+++ 0057-crypto-virtio-add-request-check-on-request-side.patch	2025-06-12 22:06:23.886044975 +0100
@@ -1 +1 @@
-From 9771f037ec8c6592126be49ca50953d1a14a0335 Mon Sep 17 00:00:00 2001
+From 1bb460c2f84aecae79002005fd5a5b1196e817ac Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 9771f037ec8c6592126be49ca50953d1a14a0335 ]
+
@@ -9 +10,0 @@
-Cc: stable@dpdk.org
@@ -15,2 +16,2 @@
- drivers/crypto/virtio/virtio_rxtx.c | 40 +++++++++++++++++++++++++++++
- 1 file changed, 40 insertions(+)
+ drivers/crypto/virtio/virtio_rxtx.c | 41 +++++++++++++++++++++++++++++
+ 1 file changed, 41 insertions(+)
@@ -19 +20 @@
-index a7f1bd9753..00988e18b1 100644
+index 01977c7ec4..b18b50428d 100644
@@ -22 +23 @@
-@@ -193,6 +193,40 @@ virtqueue_dequeue_burst_rx_packed(struct virtqueue *vq,
+@@ -107,6 +107,41 @@ virtqueue_dequeue_burst_rx(struct virtqueue *vq,
@@ -25,0 +27 @@
++
@@ -60 +62 @@
- static inline int
+ static int
@@ -63 +65 @@
-@@ -228,6 +262,9 @@ virtqueue_crypto_sym_pkt_header_arrange(
+@@ -142,6 +177,9 @@ virtqueue_crypto_sym_pkt_header_arrange(
@@ -73 +75 @@
-@@ -267,6 +304,9 @@ virtqueue_crypto_sym_pkt_header_arrange(
+@@ -181,6 +219,9 @@ virtqueue_crypto_sym_pkt_header_arrange(