From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 74727A0093
	for <public@inbox.dpdk.org>; Tue, 19 May 2020 15:15:18 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 6AA031D68B;
	Tue, 19 May 2020 15:15:18 +0200 (CEST)
Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com
 [209.85.221.49]) by dpdk.org (Postfix) with ESMTP id 49BEB1D93C
 for <stable@dpdk.org>; Tue, 19 May 2020 15:15:15 +0200 (CEST)
Received: by mail-wr1-f49.google.com with SMTP id v12so15808012wrp.12
 for <stable@dpdk.org>; Tue, 19 May 2020 06:15:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=LrlOIWatxMO507Hq1Eav6PnRj0FVdkWZUHbgVYweXJ8=;
 b=OxzNdt6e/5kck3oVg4tyyMTPkAiMxP+hkTfyFJE6u4sPta2+o/8k+7++69wmnyIzME
 wjVyuo8Nz6lLpv/T2CSCix7wRPlSf/6wGx6ZlxoPz8NtDYX5WSC9hdIMXHIxnkB4iqmX
 whFxPq+x3wFF1LrrBWALUpRufnQQ+XtQZeKGtAZSG5QOKBPQUDfE2Wen+fD3dDmF4krI
 hQGY3An5zrIlPv0DY6JwEpfKt3pyAE+ssSwxaeBVpLLLUqz2y74dWULfDqnZJnGKBrsD
 Bml2/co4Ly1iJSSu4fSDGiLjSio+K6fWxIHSE2zf9ctAhR5e37MmZ9827nL/UjyR9mBi
 4gyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=LrlOIWatxMO507Hq1Eav6PnRj0FVdkWZUHbgVYweXJ8=;
 b=aBNjoX87cE6G1djfCOPsPRSSRFS9aSPQyQYh65/3sCTqigJc3UqT+GlGBHs/86BDDe
 WLrwXYKHln10bJgewBStUIAoUcwBJoRXk/7krtabkG9hH9JsAv9pNibNWritqDcCym2n
 U0BkC03IGRDD+6ZOi1y92WoM3Y0ACJ4DcNY2B67JFaxWWXV6U2ag9vElPnJzsjb1brT0
 6Md/Nx1ytktrSEpH/L5ZAWYmc13mt/WL4As0LbqOD0ApAZ6+qX2dX/HH/GD8/wND3lis
 F4YkWqmIfBHoW/MB6aQCYHHAY9IFlCCNY5VKniJ3lyphxU0Q958SUzUYRdW1k1xD6Y4c
 N86A==
X-Gm-Message-State: AOAM533iHo9kD9s/4uy+LNDbTkKNZ+/WDxQXzEHSwXTYLmjJp1InZaCV
 vi9KuH1eNmR9OVc4NpU/MFE=
X-Google-Smtp-Source: ABdhPJxPCi2Djs0GMxCQ719UtCcZD1QOksOOZS5kCrLpanwuHHVscaOPyR0tR8Zx2xbJy4N6s83g5g==
X-Received: by 2002:adf:8403:: with SMTP id 3mr24683549wrf.186.1589894115019; 
 Tue, 19 May 2020 06:15:15 -0700 (PDT)
Received: from localhost ([88.98.246.218])
 by smtp.gmail.com with ESMTPSA id h74sm21985861wrh.76.2020.05.19.06.15.14
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 19 May 2020 06:15:14 -0700 (PDT)
From: luca.boccassi@gmail.com
To: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Cc: Konstantin Ananyev <konstantin.ananyev@intel.com>,
 dpdk stable <stable@dpdk.org>
Date: Tue, 19 May 2020 14:05:15 +0100
Message-Id: <20200519130549.112823-180-luca.boccassi@gmail.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20200519130549.112823-1-luca.boccassi@gmail.com>
References: <20200519125804.104349-1-luca.boccassi@gmail.com>
 <20200519130549.112823-1-luca.boccassi@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [dpdk-stable] patch 'ipsec: check SAD lookup error' has been queued
	to stable release 19.11.3
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org
Sender: "stable" <stable-bounces@dpdk.org>

Hi,

FYI, your patch has been queued to stable release 19.11.3

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 05/21/20. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Thanks.

Luca Boccassi

---
>From 47bd1f0ad23fa4d71509ccb23af1a382a0d6a64f Mon Sep 17 00:00:00 2001
From: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Date: Mon, 11 May 2020 10:23:06 +0100
Subject: [PATCH] ipsec: check SAD lookup error

[ upstream commit e62893f5ec27a361e74b3961edb808fb3d420bb1 ]

Explicitly check return value in add_specific()
CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS)
8. negative_returns: Using variable ret as an index to array sad->cnt_arr

Coverity issue: 357760
Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation")

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
 lib/librte_ipsec/ipsec_sad.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c
index db2c44c804..31b5956d89 100644
--- a/lib/librte_ipsec/ipsec_sad.c
+++ b/lib/librte_ipsec/ipsec_sad.c
@@ -94,6 +94,8 @@ add_specific(struct rte_ipsec_sad *sad, const void *key,
 
 	/* Update a counter for a given SPI */
 	ret = rte_hash_lookup(sad->hash[RTE_IPSEC_SAD_SPI_ONLY], key);
+	if (ret < 0)
+		return ret;
 	if (key_type == RTE_IPSEC_SAD_SPI_DIP)
 		sad->cnt_arr[ret].cnt_dip += notexist;
 	else
-- 
2.20.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2020-05-19 14:04:51.870105974 +0100
+++ 0180-ipsec-check-SAD-lookup-error.patch	2020-05-19 14:04:44.520653884 +0100
@@ -1,15 +1,16 @@
-From e62893f5ec27a361e74b3961edb808fb3d420bb1 Mon Sep 17 00:00:00 2001
+From 47bd1f0ad23fa4d71509ccb23af1a382a0d6a64f Mon Sep 17 00:00:00 2001
 From: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
 Date: Mon, 11 May 2020 10:23:06 +0100
 Subject: [PATCH] ipsec: check SAD lookup error
 
+[ upstream commit e62893f5ec27a361e74b3961edb808fb3d420bb1 ]
+
 Explicitly check return value in add_specific()
 CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS)
 8. negative_returns: Using variable ret as an index to array sad->cnt_arr
 
 Coverity issue: 357760
 Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation")
-Cc: stable@dpdk.org
 
 Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
 Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
@@ -18,13 +19,13 @@
  1 file changed, 2 insertions(+)
 
 diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c
-index 6c95240578..3f9533c80a 100644
+index db2c44c804..31b5956d89 100644
 --- a/lib/librte_ipsec/ipsec_sad.c
 +++ b/lib/librte_ipsec/ipsec_sad.c
-@@ -104,6 +104,8 @@ add_specific(struct rte_ipsec_sad *sad, const void *key,
- 	ret = rte_hash_lookup_with_hash(sad->hash[RTE_IPSEC_SAD_SPI_ONLY], key,
- 		rte_hash_crc(key, sad->keysize[RTE_IPSEC_SAD_SPI_ONLY],
- 		sad->init_val));
+@@ -94,6 +94,8 @@ add_specific(struct rte_ipsec_sad *sad, const void *key,
+ 
+ 	/* Update a counter for a given SPI */
+ 	ret = rte_hash_lookup(sad->hash[RTE_IPSEC_SAD_SPI_ONLY], key);
 +	if (ret < 0)
 +		return ret;
  	if (key_type == RTE_IPSEC_SAD_SPI_DIP)