From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 638E8A0A0E for ; Mon, 10 May 2021 18:15:27 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5D26C40140; Mon, 10 May 2021 18:15:27 +0200 (CEST) Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2045.outbound.protection.outlook.com [40.107.236.45]) by mails.dpdk.org (Postfix) with ESMTP id 9A58340395 for ; Mon, 10 May 2021 18:15:25 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JchfzRRvxCmCn/I64QVkZA9H99w8q6S7hPVq/PzL6aJgx9rNEzKKS93zVJbzXVcL/krR9lp7umKSH6J0JCreOH6C0r2eFyZ3GjlfrKhRpvC8mP8Ef/EWAWvNuZiiuuimY0V7KtrLTvg+kYPw5szCODI7w6IxsKmyxPY3m09n10bH/yDzVvY7OM0HziFNCgVF9K5Bk81+vPHBcSsAO9VUT03Qko5MEjYl+w8z2g1LIMKZnAirFwOE6fC7viZkPgUm2/i+qmSydLIPPcxkJgsl9F6d37V7MqUgklJ3vDJho0+cbKEdlsZrs7cSMCI+bnA5WwTFSyT5/D4Nz4aeTTwXMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YN+e8WBS8pONlGxWlwN2+oYR3hulX76ci7nBpgjqYMU=; b=J0MsF8jxvg030KzM6QHw8QbR3Z4B4dFYSYzXhso9YrCfZislNBnmkqrznsnZBkgwjQr6GwNVw8NPWFOEUK5A18/BA9ZXLQvQURHONqFn8LqDw7FiJze8epcAeee31igxEi/8iFpkfR0js8kmwPCzIbTDJTwX0GgOtuPk8eZ5nq+CUXv8AVPwEu/PqR88E2bdwA4F4ZcqMDJjTNmDaf/1I03GA2vFBUEYZ0cDl4a06Dz6nThwVpkVSOsHu4zWoEsKmC29ias+bDdNJeqIJhNqEbXp7v4Z123Zpdn63nXAyY9Vf80f/gFvBbq/Ij8nJX43Lc4Nbl7pglT2xP1TWuDUGA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.112.34) smtp.rcpttodomain=redhat.com smtp.mailfrom=nvidia.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YN+e8WBS8pONlGxWlwN2+oYR3hulX76ci7nBpgjqYMU=; b=I6qIER+xZkZoHlX0+QkRixnMuAqQKGslE5lQgP4QA9lGtc9SWhnzjRODQ/pkdsnh3NsdPF7h5a5l6wm0U0t8nCZzQwXHidJ2f3CJVpvk/IgS/zyzp76i7BaLnFtUrEQaFVYEf+6ySkfAF6SN6GSqN19dvPLyl2kYhQidruIfO8iktNR1yPf6K1v7V4tcLnHr3YSww0Styp72dqfjdL4ExC0Hfa5cVAzHFiKOhB7n2nZMadaOxc+TXii8dQ1mxvor+OlDI5kvEEaQCTQycANbtOyBFWTK7lnzCV6FSklpoxxsXUQRPZHX8011ZPjzdr5zp7VqHwBOz2c7epSvfO2i0Q== Received: from MWHPR2001CA0010.namprd20.prod.outlook.com (2603:10b6:301:15::20) by BYAPR12MB3624.namprd12.prod.outlook.com (2603:10b6:a03:aa::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.26; Mon, 10 May 2021 16:15:24 +0000 Received: from CO1NAM11FT061.eop-nam11.prod.protection.outlook.com (2603:10b6:301:15:cafe::27) by MWHPR2001CA0010.outlook.office365.com (2603:10b6:301:15::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.25 via Frontend Transport; Mon, 10 May 2021 16:15:24 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.34) smtp.mailfrom=nvidia.com; redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.34 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.34; helo=mail.nvidia.com; Received: from mail.nvidia.com (216.228.112.34) by CO1NAM11FT061.mail.protection.outlook.com (10.13.175.200) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4108.25 via Frontend Transport; Mon, 10 May 2021 16:15:22 +0000 Received: from nvidia.com (172.20.145.6) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 10 May 2021 16:15:20 +0000 From: Xueming Li To: Marvin Liu CC: Luca Boccassi , Maxime Coquelin , dpdk stable Date: Tue, 11 May 2021 00:01:12 +0800 Message-ID: <20210510160258.30982-123-xuemingl@nvidia.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210510160258.30982-1-xuemingl@nvidia.com> References: <20210510160258.30982-1-xuemingl@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [172.20.145.6] X-ClientProxiedBy: HQMAIL111.nvidia.com (172.20.187.18) To HQMAIL107.nvidia.com (172.20.187.13) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 52bb20a1-8fde-44f9-b717-08d913ced072 X-MS-TrafficTypeDiagnostic: BYAPR12MB3624: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: vYCEBpj6QyWYzLfXtWWmaeG8/y62nrOIBnpzBK6S9qDWgN9VKlM2wrB1W1+vY7FAo9UtkrjzPgHoNRtxi/HRjSYW84AxGh76HgfZV6YOVIQfaBwvQ01CciJwRauhSJmYf+VwPVaqZgZHJqcX/03BA7TxbTUla2S8MXBQiFjofFzCc3B9AjXtxhnGl9TDJ1L9xKCOfiGatemPZIu9QFjdUoBnYzpOxjUaDjhfb4LI/bVGq59WO5u4EhNDugWtisKowDrz9b5SH8U2RrpCg9r73cZbBaFpv2iU9cCAZT4ncgBxHNFLjJyUFxDdlnBlfor0ACzrsZaHfHJekah2SnTzXblg6P4jSoWwyH8iCjo5nWEGKp5MhJL/efquOsBanPWWk3b4071gFSu6MVe/q2jWhaL6VzXfBiPDuEYflIZq7RubgdHf7C3RWNBr9dYYJOO87jV9lIMQ9OOiFE1RFmU04joRlF70SR+6ia/CausGWdpMUbVpnAekRNBZ+5SNdKeh7rGSf9jQArW2zZlYUQUy4YiRahyUzBVaHVvGvjSftM9xqVWVDOP7NRej36pO75Kn1ZloJFsY5PzdCUtZ3D13Wq2rig44bzkDeIkTYbEzQTVuvdBeOFdf0prX1RAClgL5ZKseQXnjs30pMeyCgiHmj3fB0sCymeVizNjU7s6EUBVVADbxiyZFAgtT9CcSB5U4Cym8qqUWSEJ44PgUsITMz9Tx7G7zpdm9FRE9TVnNGNBWd/LJin4xIlZjsoDGY7q8PtiFVx4eW+69iatvIdpTMw== X-Forefront-Antispam-Report: CIP:216.228.112.34; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:schybrid03.nvidia.com; CAT:NONE; SFS:(4636009)(396003)(136003)(39860400002)(346002)(376002)(36840700001)(46966006)(1076003)(26005)(186003)(16526019)(4326008)(356005)(316002)(82740400003)(82310400003)(6286002)(36906005)(54906003)(47076005)(8936002)(8676002)(55016002)(83380400001)(70206006)(336012)(70586007)(2906002)(966005)(36860700001)(86362001)(478600001)(53546011)(36756003)(7636003)(7696005)(2616005)(6916009)(6666004)(426003)(5660300002); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 May 2021 16:15:22.7077 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 52bb20a1-8fde-44f9-b717-08d913ced072 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.112.34]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT061.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3624 Subject: [dpdk-stable] patch 'vhost: fix batch dequeue potential buffer overflow' has been queued to stable release 20.11.2 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to stable release 20.11.2 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 05/12/21. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/steevenlee/dpdk This queued commit can be viewed at: https://github.com/steevenlee/dpdk/commit/429dd550359c68bdf5821ab08601f15ca2b41a80 Thanks. Xueming Li --- >From 429dd550359c68bdf5821ab08601f15ca2b41a80 Mon Sep 17 00:00:00 2001 From: Marvin Liu Date: Wed, 31 Mar 2021 14:49:39 +0800 Subject: [PATCH] vhost: fix batch dequeue potential buffer overflow Cc: Luca Boccassi [ upstream commit af584d21bf66047e36ad3b9ccdcfd83ecdccd5db ] Similar as single dequeue, the multiple accesses of descriptor length will lead to potential risk. One-time access of descriptor length can eliminate this risk. Fixes: 75ed51697820 ("vhost: add packed ring batch dequeue") Signed-off-by: Marvin Liu Reviewed-by: Maxime Coquelin --- lib/librte_vhost/virtio_net.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c index 8baabe75ec..bd92f45886 100644 --- a/lib/librte_vhost/virtio_net.c +++ b/lib/librte_vhost/virtio_net.c @@ -2287,7 +2287,7 @@ vhost_reserve_avail_batch_packed(struct virtio_net *dev, } vhost_for_each_try_unroll(i, 0, PACKED_BATCH_SIZE) { - pkts[i]->pkt_len = descs[avail_idx + i].len - buf_offset; + pkts[i]->pkt_len = lens[i] - buf_offset; pkts[i]->data_len = pkts[i]->pkt_len; ids[i] = descs[avail_idx + i].id; } -- 2.25.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2021-05-10 23:59:29.796271800 +0800 +++ 0124-vhost-fix-batch-dequeue-potential-buffer-overflow.patch 2021-05-10 23:59:26.520000000 +0800 @@ -1 +1 @@ -From af584d21bf66047e36ad3b9ccdcfd83ecdccd5db Mon Sep 17 00:00:00 2001 +From 429dd550359c68bdf5821ab08601f15ca2b41a80 Mon Sep 17 00:00:00 2001 @@ -4,0 +5,3 @@ +Cc: Luca Boccassi + +[ upstream commit af584d21bf66047e36ad3b9ccdcfd83ecdccd5db ] @@ -11 +13,0 @@ -Cc: stable@dpdk.org @@ -20 +22 @@ -index d07b30ed7f..7f621fb6dd 100644 +index 8baabe75ec..bd92f45886 100644 @@ -23 +25 @@ -@@ -2318,7 +2318,7 @@ vhost_reserve_avail_batch_packed(struct virtio_net *dev, +@@ -2287,7 +2287,7 @@ vhost_reserve_avail_batch_packed(struct virtio_net *dev,