From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 09247A04C3; Mon, 28 Sep 2020 12:59:52 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 07CEA1D8E7; Mon, 28 Sep 2020 12:59:33 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id 9EEB51C19E; Mon, 28 Sep 2020 12:59:28 +0200 (CEST) IronPort-SDR: HfNCfYyEwc8nwFBNkO60DgHo+gk3rk2B+HR/LrkmsqQlWh62CWhGX8eRKMWWT05pUxv97mw+f2 KBiDVHfgQ7Wg== X-IronPort-AV: E=McAfee;i="6000,8403,9757"; a="226122006" X-IronPort-AV: E=Sophos;i="5.77,313,1596524400"; d="scan'208";a="226122006" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Sep 2020 03:59:26 -0700 IronPort-SDR: jbtQ12sOwJb9/0+FRe87AUK9/H9rZLNQSdUCH5rRk8QIXuunciO7UjGgyEYhmFo24bx4IWtaWn BjIEnTbhhGpQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,313,1596524400"; d="scan'208";a="514212861" Received: from silpixa00399752.ir.intel.com (HELO silpixa00399752.ger.corp.intel.com) ([10.237.222.180]) by fmsmga005.fm.intel.com with ESMTP; 28 Sep 2020 03:59:24 -0700 From: Ferruh Yigit To: Maxime Coquelin , Chenbo Xia , Zhihong Wang , Fan Zhang Cc: dev@dpdk.org, Ferruh Yigit , stable@dpdk.org Date: Mon, 28 Sep 2020 11:59:14 +0100 Message-Id: <20200928105918.740807-2-ferruh.yigit@intel.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200928105918.740807-1-ferruh.yigit@intel.com> References: <20200928105918.740807-1-ferruh.yigit@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH 2/6] vhost/crypto: fix incorrect descriptor deduction X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Fan Zhang This patch fixes the incorrect descriptor deduction for vhost crypto. CVE-2020-14378 Fixes: 16d2e718b8ce ("vhost/crypto: fix possible out of bound access") Cc: stable@dpdk.org Signed-off-by: Fan Zhang Acked-by: Chenbo Xia --- lib/librte_vhost/vhost_crypto.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/librte_vhost/vhost_crypto.c b/lib/librte_vhost/vhost_crypto.c index 0f9df4059d..86747dd5f3 100644 --- a/lib/librte_vhost/vhost_crypto.c +++ b/lib/librte_vhost/vhost_crypto.c @@ -530,13 +530,14 @@ move_desc(struct vring_desc *head, struct vring_desc **cur_desc, int left = size - desc->len; while ((desc->flags & VRING_DESC_F_NEXT) && left > 0) { - (*nb_descs)--; if (unlikely(*nb_descs == 0 || desc->next >= vq_size)) return -1; desc = &head[desc->next]; rte_prefetch0(&head[desc->next]); left -= desc->len; + if (left > 0) + (*nb_descs)--; } if (unlikely(left > 0)) -- 2.26.2