From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 8DB31A0548;
	Fri, 10 Sep 2021 22:01:06 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 37B5D40041;
	Fri, 10 Sep 2021 22:01:06 +0200 (CEST)
Received: from inbox.dpdk.org (inbox.dpdk.org [95.142.172.178])
 by mails.dpdk.org (Postfix) with ESMTP id 1E0194003E
 for <dev@dpdk.org>; Fri, 10 Sep 2021 22:01:05 +0200 (CEST)
Received: by inbox.dpdk.org (Postfix, from userid 33)
 id 0855CA0C47; Fri, 10 Sep 2021 22:01:05 +0200 (CEST)
From: bugzilla@dpdk.org
To: dev@dpdk.org
Date: Fri, 10 Sep 2021 20:01:04 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: DPDK
X-Bugzilla-Component: core
X-Bugzilla-Version: 18.08
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: critical
X-Bugzilla-Who: mehmetgelisin@aol.com
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: dev@dpdk.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_status resolution cc
Message-ID: <bug-97-3-26wy3frMrY@http.bugs.dpdk.org/>
In-Reply-To: <bug-97-3@http.bugs.dpdk.org/>
References: <bug-97-3@http.bugs.dpdk.org/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://bugs.dpdk.org/
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All
MIME-Version: 1.0
Subject: [dpdk-dev] [Bug 97] rte_memcpy() moves data incorrectly on Ubuntu
 18.04 on Intel Skylake
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

https://bugs.dpdk.org/show_bug.cgi?id=3D97

Thomas Monjalon (thomas@monjalon.net) changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|CONFIRMED                   |RESOLVED
         Resolution|---                         |FIXED

Mehmet gelisin (mehmetgelisin@aol.com) changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mehmetgelisin@aol.com

--- Comment #59 from Thomas Monjalon (thomas@monjalon.net) ---
AVX512 is disabled in DPDK if an affected version of binutils is used.
Bug was fixed in 17.11, 18.11 and upper.

--- Comment #60 from Thomas Monjalon (thomas@monjalon.net) ---
AVX512 is disabled in DPDK if an affected version of binutils is used.
Bug was fixed in 17.11, 18.11 and upper.

--- Comment #61 from Mehmet gelisin (mehmetgelisin@aol.com) ---
Description:
  The vhost crypto library code contains a post message handler
(vhost_crypto_msg_post_handler) which calls vhost_crypto_create_sess()
which in turn calls transform_cipher_param() depending on the operation
type. It is transform_cipher_param() https://komiya-dental.com/ that handles
the payload data. The
payload contains a cipher key length and a static
VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH (64) byte key buffer. When
http://www.iu-bloomington.com/=20
transform_cipher_param() handles the payload data it does not check to
see if the buffer length doesn't exceed
VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH. This missing check can cause
https://www.webb-dev.co.uk/
out of bound reads which could trigger a crash or a potential
information leak. Also, the vhost crypto library code contains a post
message handler (vhost_crypto_msg_post_handler) which calls
https://waytowhatsnext.com/
vhost_crypto_create_sess() which in turn calls transform_chain_param()
depending on the operation type. It is transform_chain_param() that
handles the payload data. The payload contains a cipher key length and a
static VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH (64) byte key buffer, it
http://www.acpirateradio.co.uk/=20
also contains a digest length and a static authentication key buffer
(size: VHOST_USER_CRYPTO_MAX_HMAC_KEY_LENGTH(512)) and authentication
key buffer length. None of these length values are validated. Which can
lead to reading out of bound. http://www.logoarts.co.uk/=20

Description:
  The vhost crypto library code contains a post message handler
(vhost_crypto_msg_post_handler) which calls vhost_crypto_create_sess()
which in turn calls transform_cipher_param() depending on the operation
http://www.slipstone.co.uk/=20
type. It is transform_cipher_param() that handles the payload data. The
payload contains a cipher key length and a static
VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH (64) byte key buffer. When
transform_cipher_param() handles the payload data it does not check to
see if the buffer length doesn't exceed
VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH. This missing check can cause
out of bound reads which could trigger a crash or a potential
http://embermanchester.uk/=20
information leak. Also, the vhost crypto library code contains a post
message handler (vhost_crypto_msg_post_handler) which calls
vhost_crypto_create_sess() which in turn calls transform_chain_param()
depending on the operation type. It is transform_chain_param() that
http://connstr.net/
handles the payload data. The payload contains a cipher key length and a
static VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH (64) byte key buffer, it
also contains a digest length and a static authentication key buffer
(size: VHOST_USER_CRYPTO_MAX_HMAC_KEY_LENGTH(512)) and authentication
key buffer length. None of these length values are validated. Which can
lead to reading out of bound.

Description: http://joerg.li/=20
  The vhost crypto library code contains a post message handler
(vhost_crypto_msg_post_handler) which calls vhost_crypto_create_sess()
which in turn calls transform_cipher_param() depending on the operation
type. It is transform_cipher_param() that handles the payload data. The
payload contains a cipher key length and a static http://www.jopspeech.com/=
=20
VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH (64) byte key buffer. When
transform_cipher_param() handles the payload data it does not check to
see if the buffer length doesn't exceed
VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH. This missing check can cause
out of bound reads which could trigger a crash or a potential
http://www.wearelondonmade.com/
information leak. Also, the vhost crypto library code contains a post
message handler (vhost_crypto_msg_post_handler) which calls
vhost_crypto_create_sess() which in turn calls transform_chain_param()
depending on the operation type. It is transform_chain_param() that
http://www.compilatori.com/=20
handles the payload data. The payload contains a cipher key length and a
static VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH (64) byte key buffer, it
also contains a digest length and a static authentication key buffer
(size: VHOST_USER_CRYPTO_MAX_HMAC_KEY_LENGTH(512)) and authentication
http://www-look-4.com/=20
key buffer length. None of these length values are validated. Which can
lead to reading out of bound.

--=20
You are receiving this mail because:
You are the assignee for the bug.=