From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id 225FB1B455 for ; Thu, 31 Jan 2019 16:50:22 +0100 (CET) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8886E20B09; Thu, 31 Jan 2019 15:50:21 +0000 (UTC) Received: from ktraynor.remote.csb (ovpn-117-200.ams2.redhat.com [10.36.117.200]) by smtp.corp.redhat.com (Postfix) with ESMTP id 12C045C21F; Thu, 31 Jan 2019 15:50:16 +0000 (UTC) From: Kevin Traynor To: Tiwei Bie Cc: Maxime Coquelin , dpdk stable Date: Thu, 31 Jan 2019 15:48:33 +0000 Message-Id: <20190131154901.5383-25-ktraynor@redhat.com> In-Reply-To: <20190131154901.5383-1-ktraynor@redhat.com> References: <20190131154901.5383-1-ktraynor@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Thu, 31 Jan 2019 15:50:21 +0000 (UTC) Subject: [dpdk-stable] patch 'vhost: fix possible out of bound access in vector filling' has been queued to LTS release 18.11.1 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2019 15:50:22 -0000 Hi, FYI, your patch has been queued to LTS release 18.11.1 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 02/07/19. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Thanks. Kevin Traynor --- >>From 98f3d3de13c66bba2234bc17447591d7102b9d38 Mon Sep 17 00:00:00 2001 From: Tiwei Bie Date: Fri, 4 Jan 2019 12:06:40 +0800 Subject: [PATCH] vhost: fix possible out of bound access in vector filling [ upstream commit 06fc8545fd6302f70de9ef5008a204e467d8cedb ] Fixes: 7f74b95c444f ("vhost: pre update used ring for Tx and Rx") Signed-off-by: Tiwei Bie Reviewed-by: Maxime Coquelin --- lib/librte_vhost/virtio_net.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c index 68b72e7a5..8ddee4ca5 100644 --- a/lib/librte_vhost/virtio_net.c +++ b/lib/librte_vhost/virtio_net.c @@ -339,4 +339,7 @@ fill_vec_buf_split(struct virtio_net *dev, struct vhost_virtqueue *vq, struct vring_desc *idesc = NULL; + if (unlikely(idx >= vq->size)) + return -1; + *desc_chain_head = idx; -- 2.19.0 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2019-01-31 15:44:06.330307530 +0000 +++ 0025-vhost-fix-possible-out-of-bound-access-in-vector-fil.patch 2019-01-31 15:44:05.000000000 +0000 @@ -1,10 +1,11 @@ -From 06fc8545fd6302f70de9ef5008a204e467d8cedb Mon Sep 17 00:00:00 2001 +From 98f3d3de13c66bba2234bc17447591d7102b9d38 Mon Sep 17 00:00:00 2001 From: Tiwei Bie Date: Fri, 4 Jan 2019 12:06:40 +0800 Subject: [PATCH] vhost: fix possible out of bound access in vector filling +[ upstream commit 06fc8545fd6302f70de9ef5008a204e467d8cedb ] + Fixes: 7f74b95c444f ("vhost: pre update used ring for Tx and Rx") -Cc: stable@dpdk.org Signed-off-by: Tiwei Bie Reviewed-by: Maxime Coquelin @@ -13,10 +14,10 @@ 1 file changed, 3 insertions(+) diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c -index 474acf64d..d64c355b9 100644 +index 68b72e7a5..8ddee4ca5 100644 --- a/lib/librte_vhost/virtio_net.c +++ b/lib/librte_vhost/virtio_net.c -@@ -313,4 +313,7 @@ fill_vec_buf_split(struct virtio_net *dev, struct vhost_virtqueue *vq, +@@ -339,4 +339,7 @@ fill_vec_buf_split(struct virtio_net *dev, struct vhost_virtqueue *vq, struct vring_desc *idesc = NULL; + if (unlikely(idx >= vq->size))