From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 86A8642941 for ; Fri, 14 Apr 2023 15:28:50 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 819C6410FA; Fri, 14 Apr 2023 15:28:50 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id 7DD75400D5 for ; Fri, 14 Apr 2023 15:28:49 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1681478929; x=1713014929; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=COZIgFqsWVZ834isD/q/pa/roHee9xzYxvPjx3hdI/c=; b=TNEtK3ChZZwQW6l1zJuLEg523t4FyFXTqI/nI+KjJVrSGLSUQwwI/3ip GwohkuvpwcYPP43PbYq96nTMs5rZzcDb54Bs4mo6gXuX12m+a1fRazxpr 3Bn645Lq3WcTXroT96DOsRqS8HaKhN9qm7iirjzLUCIe0cDKtXv0Lx0qV HiQ54NjxAnQmDCyf71yuWXkfdCQA+GhIxRcEmHJUO4UAb+I+QoAcGeNGs hKthu1/Kf81D2NI6WSkkFksKB+cdYRPrrNNofkvsI8PU55ShA4/ud0H1U a9ExKocCtU2/ixNC/Z9IwlRGJdqd3Ph8ujHjzu/SbfA514IIlZFAi0ncA g==; X-IronPort-AV: E=McAfee;i="6600,9927,10679"; a="346297948" X-IronPort-AV: E=Sophos;i="5.99,195,1677571200"; d="scan'208";a="346297948" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Apr 2023 06:28:48 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10679"; a="667195203" X-IronPort-AV: E=Sophos;i="5.99,195,1677571200"; d="scan'208";a="667195203" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga006.jf.intel.com with ESMTP; 14 Apr 2023 06:28:48 -0700 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Fri, 14 Apr 2023 06:28:48 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Fri, 14 Apr 2023 06:28:48 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.104) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Fri, 14 Apr 2023 06:28:47 -0700 Received: from SJ0PR11MB5056.namprd11.prod.outlook.com (2603:10b6:a03:2d5::6) by MN2PR11MB4629.namprd11.prod.outlook.com (2603:10b6:208:264::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6298.30; Fri, 14 Apr 2023 13:28:45 +0000 Received: from SJ0PR11MB5056.namprd11.prod.outlook.com ([fe80::e281:877:8b7e:b2b6]) by SJ0PR11MB5056.namprd11.prod.outlook.com ([fe80::e281:877:8b7e:b2b6%2]) with mapi id 15.20.6298.030; Fri, 14 Apr 2023 13:28:45 +0000 From: "Dooley, Brian" To: "Power, Ciara" , "Ji, Kai" CC: "dev@dpdk.org" , "Power, Ciara" , "stable@dpdk.org" Subject: RE: [PATCH] crypto/qat: fix stack buffer overflow in SGL loop Thread-Topic: [PATCH] crypto/qat: fix stack buffer overflow in SGL loop Thread-Index: AQHZbs0grM0354A+50ucbdf54HvvYa8qzEYg Date: Fri, 14 Apr 2023 13:28:45 +0000 Message-ID: References: <20230414123131.575412-1-ciara.power@intel.com> In-Reply-To: <20230414123131.575412-1-ciara.power@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SJ0PR11MB5056:EE_|MN2PR11MB4629:EE_ x-ms-office365-filtering-correlation-id: cbc8d95a-e11e-4700-f2ed-08db3cec2c3e x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: AVXuBJR4mMfgzFp5xunzYpYgtrXntTWGgSrOrvYMhCvoJDjWZTjJMETy5/jKjNRgL44JG0Hb7mdolLwF9lfDlsh4mK5DDTcaVRp74cch/lyaVKgz7v9jYwDD9z2ZS5y8HNmqHHbbJOwKHqi9Y+eUmMQSX4+ZWkeHr0Z1Gw4uDJS77cdSGsll+wGSgXMQx23h2PIrYiAVxjCgUIS8McCkED1//dA7T6fAOz75NyuFQZa2YeRx0Gi789S+9VQlTUrPcSJoyy0a5yeXG6hQatATw8fSMmr5Pds69sbT+74WwzlZ3sNZMDpXIWQRJqu1ffyh90P+7ACIEk8Jq0GFPciAOzDdc2AeoGVpRHEKlaC9cmLNrdvhhlMCK+zoOghsTzwPf+YLv3e85/u7VUB6OLqMQRcu98DnnGvsU9Gc3P2wcHvCXY1NkSB57o/sytWb+zVHDnH+oYY5SFLIkgd+KWwxVznYE/CLh2oyH2ueDTf+O6ltZqY/knIiepdC+A8YbSgrnnpCg8EigYNEY/3gAnzDE/YRkmo9zMdjA6qAFCUiqoTnsOGq1ox/dsh1AfH1z+GkTB5T+Jzy4gVnaTtp1U+6untmW08cgHPJ5CtjMefypV6lE59QKe2gelx9+veSyC9m x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR11MB5056.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(39860400002)(136003)(346002)(396003)(366004)(376002)(451199021)(8676002)(7696005)(83380400001)(71200400001)(86362001)(38070700005)(26005)(6506007)(53546011)(9686003)(76116006)(450100002)(54906003)(110136005)(316002)(478600001)(186003)(6636002)(4326008)(64756008)(82960400001)(66556008)(66946007)(66446008)(66476007)(122000001)(38100700002)(52536014)(33656002)(8936002)(5660300002)(2906002)(41300700001)(55016003); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?GolLuz68JAx4EK6x2u028spisq3xrDA6nK6MqaZc1Bnb44D9k8n8I0aRE4U3?= =?us-ascii?Q?ImmpeN/f+eEu1rU3CLMdE/ilIFBb4+B50cjok8l3S+2Px9zFfn3lJGT59LJA?= =?us-ascii?Q?SO5rohlkrD9cEKhFHA2krpqis3BHvLdnwXyCm92oylVe08Kbe/wydy8ljBY0?= =?us-ascii?Q?F6UxC8RjCMyTDcYqyy3TWDOWar+e6o+ALDKO/eBr+ML6iOwuSc/oD/MIHpn6?= =?us-ascii?Q?OWCCMF1yq3HnFLqAMiGmmMEzfVj7aR4H2tEeDfTT+KARg8ikAJHLyuUiODTv?= =?us-ascii?Q?uHi8juylGpcD0oJSihFNOihhhOAOH3NjGfwup9wLlSWRxdXxtsFgsuGjLEQ4?= =?us-ascii?Q?VpUM8POW0IJWlHcRf/izHqbVx3a17S12f6AhmcZhW4KdM2fkhKUhO4RMEDAc?= =?us-ascii?Q?1q5nG57ZRgYfaqcw5V9Ex5WlfiAE0bUP2iumh22gB7PvP6OeeT9xBYRKD5yk?= =?us-ascii?Q?3ojIxFkXrBkzh4HNPIldAmyfNDtow7Vfot+Wr8fO/9q4l5JmHsrfAPWuZfwn?= =?us-ascii?Q?WxJ6T8V3yiVBGH3DXXsiTot1mthIdD2wnHKlpqQktMSQ1YsA6Qr5CqUs7Z8r?= =?us-ascii?Q?bK9EnYsQqvp5wcT+8ppDBpHsCByiyPEL8gPf8ZNjFQWdWaoyWC1FejXScVgg?= =?us-ascii?Q?t5i/Jg1Itf5NMiLIvf9S3KicCzJxiDqXk3zRXevuvhakwBWsICGeONYPFtwB?= =?us-ascii?Q?9+WTRKryVc0VMySbKPvJPxaGGGz3H56QpVOMqflpFbDqyvSVtrRkn4HjnC9L?= =?us-ascii?Q?QFW8ZW1+oLOrAIj4mpnrA12nTW5JhadXGYwxyNCY8c3Hmfsnqm3VBc50FiIK?= =?us-ascii?Q?O0JPhHr0buMSuhBBbB5v47KF26Mx8NQElPm887zLnPCt7uoyqhnpvApXCcUo?= =?us-ascii?Q?Nd2dzgF90W5+FZYQJaqj2K24A0ucSSqDoSD4xMXYkHpKfDaz50qWQtfRvrR5?= =?us-ascii?Q?ZNzMCX0mfWdsIbTPslHUdT6JHgTJy2vcGQHjFiBVZdGrHlre7OynM12yoSti?= =?us-ascii?Q?Aw40CCVXK3pgPFlhKfU7Yv5HcCVizO7X3dVkI1zfSBwn25YItpE2PnGcqF18?= =?us-ascii?Q?7Z8U04c0ug34l3L408UMUDcN8P/PCux3iZrNep/LlMRd1nWq14/sKeTaz9Go?= =?us-ascii?Q?LEl8tnqQ335qQkMJVv6hky1A103tWN8JZGCMedxGSmzqltlPZ/j1Yw2C5mj4?= =?us-ascii?Q?3DVodp+eChVKix8q07Rp4LEN+jp4v6fTtnltz2CYwl/bIvYZtLQoLmT21R0j?= =?us-ascii?Q?ZPDmo4ahdOgwgvJyOICZ3sJi4Yqc8Fl7YIHccJ7TdPH9COly0gWEvdVg/if1?= =?us-ascii?Q?1mnjIW13QqJjv+1VSr7TirgqnEmWVx9a9k+FZCeAcSPgSq8EzAuKING7+Ogx?= =?us-ascii?Q?l1T008TaFuPRBiW6qJ7r6EKQ+f6sIYduI/P8mCDjsF3TtIUEAmF6e8JGy7cG?= =?us-ascii?Q?SEjcEOxXrR1NhfKdbuQiCfr92bM+qI9yVAoMpOxHXk/vdvjYPJKkuDmwQdc0?= =?us-ascii?Q?qp9N0sKVJ6zF2Vul3Su8gLANAHpmO77hG+AwQqlf8pShwSzNTqjO2vJzsLe0?= =?us-ascii?Q?ojHC4uVHYudCBHVUAOjo+3wV+KEeZ2w0q8EYcTMx?= arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q7cRH0sTnhtoHfYlg0X/M16Zx+WfDMbjHwLGo2UIk9rUGqjP1Y4Lyal6RHC2M82uJ2p7eGXHymoZs8HNp0HT2dC8M453y+TS7M243QNBgRW4sq0kJwqrFDPDsPnMADbKqKCCp6SN0DwHyfJOz8kQ8K+D2/oQfMb36iJJayNBvhgXhSmG1e3q5FsEOK7WEDgUfmZv+W5KhBdnzIzvIIPQbOzZtVX6EFzyNKJsVAS+8E9V63bNuVPFbHSIFjX1tS++BfqQVQQbyOMjMR1oIraLbGzfpyb6zvMSWIKOeMLRggW9aysirpd/rXJEwUNMbe2L5LhB0QXmb0gu7vtbLVq2KQ== arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xmLAyvEjks5X38tx/c1VNmAQJl+yDNRFWziA9T8lqDw=; b=NLt0X2OGNMF3b5dMqqwesGy+8iykHKot3KVHyuMcBUoGAkz5jk94D4FlpdWRyqQmDbYe3jt2YRD2T9uecDMAkojVRlXDwir8mlUo/z/D+Pgi81rX26I+SxNDMGLM7yaDSqRF6B63F09lxWyfYdSH/tXWKKW2032+72o46tVTOmLb0DOfO+e57sVmCzexJOy1newQ5A/A1lb5ECXVII87XZPAQucygatSriRolQUA2OE6NzL6BuFMA8VcFY5qMj5jFeowgKaYTxTDXWdB4xGoUG0/XWWUQ46ak/ebjmQhEVHK6Xp0zOgBVWBfoAmByWWJPCbdPU3rhDJq26zxRXXcLA== arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none x-ms-exchange-crosstenant-authas: Internal x-ms-exchange-crosstenant-authsource: SJ0PR11MB5056.namprd11.prod.outlook.com x-ms-exchange-crosstenant-network-message-id: cbc8d95a-e11e-4700-f2ed-08db3cec2c3e x-ms-exchange-crosstenant-originalarrivaltime: 14 Apr 2023 13:28:45.5307 (UTC) x-ms-exchange-crosstenant-fromentityheader: Hosted x-ms-exchange-crosstenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d x-ms-exchange-crosstenant-mailboxtype: HOSTED x-ms-exchange-crosstenant-userprincipalname: hZwKkjSh0sUr5T9bV2RdEsIHB5bKgzwFFA46PtGsrh+ux6ucuJuw/jxrwNfEeNt2Vo2FqovZ27KAJvex1GGH6w== x-ms-exchange-transport-crosstenantheadersstamped: MN2PR11MB4629 x-originatororg: intel.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi Ciara, > -----Original Message----- > From: Ciara Power > Sent: Friday 14 April 2023 13:32 > To: Ji, Kai > Cc: dev@dpdk.org; Power, Ciara ; stable@dpdk.org > Subject: [PATCH] crypto/qat: fix stack buffer overflow in SGL loop > > The cvec pointer was incremented incorrectly in the case where the length= of > remaining_off equals cvec len, and there is no next cvec. > This led to cvec->iova being invalid memory to access. > > Instead, only increment the cvec pointer when we know there is a next cve= c > to point to, by checking the i value, which represents the number of cvec= s > available. > If i is 0, then no need to increment as the current cvec is the last one. > > Fixes: a815a04cea05 ("crypto/qat: support symmetric build op request") > Cc: kai.ji@intel.com > Cc: stable@dpdk.org > > Signed-off-by: Ciara Power > --- > drivers/crypto/qat/dev/qat_crypto_pmd_gens.h | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h > b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h > index 524c291340..092265631b 100644 > --- a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h > +++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h > @@ -682,7 +682,8 @@ enqueue_one_chain_job_gen1(struct > qat_sym_session *ctx, > while (remaining_off >=3D cvec->len && i >=3D 1) { > i--; > remaining_off -=3D cvec->len; > - cvec++; > + if (i) > + cvec++; > } > > auth_iova_end =3D cvec->iova + remaining_off; > -- > 2.25.1 Acked-by: Brian Dooley