From: bugzilla@dpdk.org
To: dev@dpdk.org
Subject: [dpdk-dev] [Bug 97] rte_memcpy() moves data incorrectly on Ubuntu 18.04 on Intel Skylake
Date: Fri, 10 Sep 2021 20:01:04 +0000 [thread overview]
Message-ID: <bug-97-3-26wy3frMrY@http.bugs.dpdk.org/> (raw)
In-Reply-To: <bug-97-3@http.bugs.dpdk.org/>
https://bugs.dpdk.org/show_bug.cgi?id=97
Thomas Monjalon (thomas@monjalon.net) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|CONFIRMED |RESOLVED
Resolution|--- |FIXED
Mehmet gelisin (mehmetgelisin@aol.com) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mehmetgelisin@aol.com
--- Comment #59 from Thomas Monjalon (thomas@monjalon.net) ---
AVX512 is disabled in DPDK if an affected version of binutils is used.
Bug was fixed in 17.11, 18.11 and upper.
--- Comment #60 from Thomas Monjalon (thomas@monjalon.net) ---
AVX512 is disabled in DPDK if an affected version of binutils is used.
Bug was fixed in 17.11, 18.11 and upper.
--- Comment #61 from Mehmet gelisin (mehmetgelisin@aol.com) ---
Description:
The vhost crypto library code contains a post message handler
(vhost_crypto_msg_post_handler) which calls vhost_crypto_create_sess()
which in turn calls transform_cipher_param() depending on the operation
type. It is transform_cipher_param() https://komiya-dental.com/ that handles
the payload data. The
payload contains a cipher key length and a static
VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH (64) byte key buffer. When
http://www.iu-bloomington.com/
transform_cipher_param() handles the payload data it does not check to
see if the buffer length doesn't exceed
VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH. This missing check can cause
https://www.webb-dev.co.uk/
out of bound reads which could trigger a crash or a potential
information leak. Also, the vhost crypto library code contains a post
message handler (vhost_crypto_msg_post_handler) which calls
https://waytowhatsnext.com/
vhost_crypto_create_sess() which in turn calls transform_chain_param()
depending on the operation type. It is transform_chain_param() that
handles the payload data. The payload contains a cipher key length and a
static VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH (64) byte key buffer, it
http://www.acpirateradio.co.uk/
also contains a digest length and a static authentication key buffer
(size: VHOST_USER_CRYPTO_MAX_HMAC_KEY_LENGTH(512)) and authentication
key buffer length. None of these length values are validated. Which can
lead to reading out of bound. http://www.logoarts.co.uk/
Description:
The vhost crypto library code contains a post message handler
(vhost_crypto_msg_post_handler) which calls vhost_crypto_create_sess()
which in turn calls transform_cipher_param() depending on the operation
http://www.slipstone.co.uk/
type. It is transform_cipher_param() that handles the payload data. The
payload contains a cipher key length and a static
VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH (64) byte key buffer. When
transform_cipher_param() handles the payload data it does not check to
see if the buffer length doesn't exceed
VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH. This missing check can cause
out of bound reads which could trigger a crash or a potential
http://embermanchester.uk/
information leak. Also, the vhost crypto library code contains a post
message handler (vhost_crypto_msg_post_handler) which calls
vhost_crypto_create_sess() which in turn calls transform_chain_param()
depending on the operation type. It is transform_chain_param() that
http://connstr.net/
handles the payload data. The payload contains a cipher key length and a
static VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH (64) byte key buffer, it
also contains a digest length and a static authentication key buffer
(size: VHOST_USER_CRYPTO_MAX_HMAC_KEY_LENGTH(512)) and authentication
key buffer length. None of these length values are validated. Which can
lead to reading out of bound.
Description: http://joerg.li/
The vhost crypto library code contains a post message handler
(vhost_crypto_msg_post_handler) which calls vhost_crypto_create_sess()
which in turn calls transform_cipher_param() depending on the operation
type. It is transform_cipher_param() that handles the payload data. The
payload contains a cipher key length and a static http://www.jopspeech.com/
VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH (64) byte key buffer. When
transform_cipher_param() handles the payload data it does not check to
see if the buffer length doesn't exceed
VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH. This missing check can cause
out of bound reads which could trigger a crash or a potential
http://www.wearelondonmade.com/
information leak. Also, the vhost crypto library code contains a post
message handler (vhost_crypto_msg_post_handler) which calls
vhost_crypto_create_sess() which in turn calls transform_chain_param()
depending on the operation type. It is transform_chain_param() that
http://www.compilatori.com/
handles the payload data. The payload contains a cipher key length and a
static VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH (64) byte key buffer, it
also contains a digest length and a static authentication key buffer
(size: VHOST_USER_CRYPTO_MAX_HMAC_KEY_LENGTH(512)) and authentication
http://www-look-4.com/
key buffer length. None of these length values are validated. Which can
lead to reading out of bound.
--
You are receiving this mail because:
You are the assignee for the bug.
prev parent reply other threads:[~2021-09-10 20:01 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-23 17:48 bugzilla
2021-09-10 20:01 ` bugzilla [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-97-3-26wy3frMrY@http.bugs.dpdk.org/ \
--to=bugzilla@dpdk.org \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).