From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B2EDEA0C45 for ; Thu, 10 Jun 2021 14:07:02 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id ADB8E4069B; Thu, 10 Jun 2021 14:07:02 +0200 (CEST) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) by mails.dpdk.org (Postfix) with ESMTP id B5E34410FB for ; Thu, 10 Jun 2021 14:07:01 +0200 (CEST) Received: from 2.general.paelzer.uk.vpn ([10.172.196.173] helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1lrJSc-0008PG-Pb; Thu, 10 Jun 2021 12:06:58 +0000 From: Christian Ehrhardt To: Hongbo Zheng Cc: Min Hu , Reshma Pattan , David Hunt , dpdk stable Date: Thu, 10 Jun 2021 14:05:56 +0200 Message-Id: <20210610120641.885862-8-christian.ehrhardt@canonical.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210610120641.885862-1-christian.ehrhardt@canonical.com> References: <20210610120641.885862-1-christian.ehrhardt@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'power: fix sanity checks for guest channel read' has been queued to stable release 19.11.9 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to stable release 19.11.9 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 06/12/21. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/cpaelzer/dpdk-stable-queue This queued commit can be viewed at: https://github.com/cpaelzer/dpdk-stable-queue/commit/ae9f70495f3eee5376e9587dccc5a12313de5683 Thanks. Christian Ehrhardt --- >From ae9f70495f3eee5376e9587dccc5a12313de5683 Mon Sep 17 00:00:00 2001 From: Hongbo Zheng Date: Wed, 12 May 2021 10:19:19 +0800 Subject: [PATCH] power: fix sanity checks for guest channel read [ upstream commit 1fe00fd358c0b5cab798010a69e758bfead9fd84 ] In function power_guest_channel_read_msg, 'lcore_id' is used before validity check, which may cause buffer 'global_fds' accessed by index 'lcore_id' overflow. This patch moves the validity check of 'lcore_id' before the 'lcore_id' being used for the first time. Fixes: 9dc843eb273b ("power: extend guest channel API for reading") Signed-off-by: Hongbo Zheng Signed-off-by: Min Hu (Connor) Reviewed-by: Reshma Pattan Acked-by: David Hunt --- lib/librte_power/guest_channel.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/lib/librte_power/guest_channel.c b/lib/librte_power/guest_channel.c index 4dadf5ef9f..6cf93f4bec 100644 --- a/lib/librte_power/guest_channel.c +++ b/lib/librte_power/guest_channel.c @@ -140,6 +140,17 @@ int power_guest_channel_read_msg(void *pkt, if (pkt_len == 0 || pkt == NULL) return -1; + if (lcore_id >= RTE_MAX_LCORE) { + RTE_LOG(ERR, GUEST_CHANNEL, "Channel(%u) is out of range 0...%d\n", + lcore_id, RTE_MAX_LCORE-1); + return -1; + } + + if (global_fds[lcore_id] < 0) { + RTE_LOG(ERR, GUEST_CHANNEL, "Channel is not connected\n"); + return -1; + } + fds.fd = global_fds[lcore_id]; fds.events = POLLIN; @@ -153,17 +164,6 @@ int power_guest_channel_read_msg(void *pkt, return -1; } - if (lcore_id >= RTE_MAX_LCORE) { - RTE_LOG(ERR, GUEST_CHANNEL, "Channel(%u) is out of range 0...%d\n", - lcore_id, RTE_MAX_LCORE-1); - return -1; - } - - if (global_fds[lcore_id] < 0) { - RTE_LOG(ERR, GUEST_CHANNEL, "Channel is not connected\n"); - return -1; - } - while (pkt_len > 0) { ret = read(global_fds[lcore_id], pkt, pkt_len); -- 2.31.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2021-06-10 14:04:58.476958833 +0200 +++ 0008-power-fix-sanity-checks-for-guest-channel-read.patch 2021-06-10 14:04:58.014024257 +0200 @@ -1 +1 @@ -From 1fe00fd358c0b5cab798010a69e758bfead9fd84 Mon Sep 17 00:00:00 2001 +From ae9f70495f3eee5376e9587dccc5a12313de5683 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 1fe00fd358c0b5cab798010a69e758bfead9fd84 ] + @@ -14 +15,0 @@ -Cc: stable@dpdk.org @@ -21 +22 @@ - lib/power/guest_channel.c | 22 +++++++++++----------- + lib/librte_power/guest_channel.c | 22 +++++++++++----------- @@ -24,5 +25,5 @@ -diff --git a/lib/power/guest_channel.c b/lib/power/guest_channel.c -index 2f7507a03c..474dd92998 100644 ---- a/lib/power/guest_channel.c -+++ b/lib/power/guest_channel.c -@@ -166,6 +166,17 @@ int power_guest_channel_read_msg(void *pkt, +diff --git a/lib/librte_power/guest_channel.c b/lib/librte_power/guest_channel.c +index 4dadf5ef9f..6cf93f4bec 100644 +--- a/lib/librte_power/guest_channel.c ++++ b/lib/librte_power/guest_channel.c +@@ -140,6 +140,17 @@ int power_guest_channel_read_msg(void *pkt, @@ -46 +47 @@ -@@ -179,17 +190,6 @@ int power_guest_channel_read_msg(void *pkt, +@@ -153,17 +164,6 @@ int power_guest_channel_read_msg(void *pkt,