From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 7B88FA0C47
	for <public@inbox.dpdk.org>; Tue, 10 Aug 2021 17:41:10 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 72B2C411CA;
	Tue, 10 Aug 2021 17:41:10 +0200 (CEST)
Received: from smtp-relay-canonical-0.canonical.com
 (smtp-relay-canonical-0.canonical.com [185.125.188.120])
 by mails.dpdk.org (Postfix) with ESMTP id 21F934114F
 for <stable@dpdk.org>; Tue, 10 Aug 2021 17:41:09 +0200 (CEST)
Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com
 [209.85.218.69])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPS id 057913F0A1
 for <stable@dpdk.org>; Tue, 10 Aug 2021 15:41:09 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
 s=20210705; t=1628610069;
 bh=OkUKoVA0AorjA/fqwAYLNWiJtAx5woov7Gwblx8xg/k=;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
 MIME-Version;
 b=fsIPIKPeECgvjZyQ5nR755FuUmmJBWCTg5pdhaiWp/AP6aQLBGCC0xTQ3C0NsYjt4
 0CsA4E9hKDdzn/BtUSUnMJ6HURwujM3NZxgdsRM5zk/E3UBoTRTCYS+dSspKwMzNGO
 LUoBS522JQz5vdTPQ6R9ITalALxHwpKNCNZCAUTC5dk/Fa3K23KBIrLk0nx6e25Gp+
 ZwFtcQyrxeTdRrCviZ9M2C0YPid6UXtyYM+7he/kpxIB0RIzjsUnynYgAIXoSsgaij
 egxtMNF0Uu9BIQbZl3pJX6oSrqXT7Qs2Zw/KYXrWUNVIaGGEFFA6AAKaBKYFYYojp7
 n4d32xMbDxMSg==
Received: by mail-ej1-f69.google.com with SMTP id
 k12-20020a170906680cb02905aeccdbd1efso2101156ejr.9
 for <stable@dpdk.org>; Tue, 10 Aug 2021 08:41:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=OkUKoVA0AorjA/fqwAYLNWiJtAx5woov7Gwblx8xg/k=;
 b=ucuQHw2LXuE3m/FsXD48AZRmdWwHGkXHV2pCbdn2yADBUIrkhOObW+F0XqbLAOw945
 i4EzDjL204B8bOxbckhW+U/cijDX1VL1AhtNXRAlvt4gxgSXgmRdj8WigQQz5/c2emLG
 ihkdstSYgmKspJLUOEGQKwOA0Qhq15k5TQKhMaxXOGYgLlulMiTAEaquHG9jkxlYjPS/
 7VQquMVIaBlfH2By7oEPqLC4qnWJuDiArxgZgsdXQI95VY1cZKuLnJVzn04hMExa3IxV
 nzDgmUd71RQqgTpXbWfwz31MCIW931lCDV/RDDh2KlUH+QsB8Kcl0K4R++HoU70nXFFZ
 pwag==
X-Gm-Message-State: AOAM5310KtGxyJQ6P/Br2o9s8qHVT2xIrEniU55FwNEqwRKVZ8DL+2JU
 wB5Nza5wUwp5Xj8Vb/d5rba1f8rEeDabdrhEkQjGYHHAqZNqZtAEBrYidt6eu08VAx6VqLrZ3yz
 x2LEkjqlmMcVqshw0c/+YCXMb
X-Received: by 2002:a05:6402:270a:: with SMTP id
 y10mr5654725edd.385.1628610068692; 
 Tue, 10 Aug 2021 08:41:08 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxB1VuFc1hIMU1ZnHnlJb9jvCr4J/ST+O48BoosBsYiMQc/+JIksuuqEuN2WYyItjCQcLRvrQ==
X-Received: by 2002:a05:6402:270a:: with SMTP id
 y10mr5654708edd.385.1628610068523; 
 Tue, 10 Aug 2021 08:41:08 -0700 (PDT)
Received: from Keschdeichel.fritz.box ([2001:67c:1560:8007::aac:c4ad])
 by smtp.gmail.com with ESMTPSA id r19sm2113142edd.49.2021.08.10.08.41.07
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 10 Aug 2021 08:41:08 -0700 (PDT)
From: christian.ehrhardt@canonical.com
To: Thierry Herbelot <thierry.herbelot@6wind.com>
Cc: Maxime Coquelin <maxime.coquelin@redhat.com>, dpdk stable <stable@dpdk.org>
Date: Tue, 10 Aug 2021 17:38:54 +0200
Message-Id: <20210810154022.749358-14-christian.ehrhardt@canonical.com>
X-Mailer: git-send-email 2.32.0
In-Reply-To: <20210810154022.749358-1-christian.ehrhardt@canonical.com>
References: <20210810154022.749358-1-christian.ehrhardt@canonical.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [dpdk-stable] patch 'vhost/crypto: check request pointer before
 dereference' has been queued to stable release 19.11.10
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org
Sender: "stable" <stable-bounces@dpdk.org>

Hi,

FYI, your patch has been queued to stable release 19.11.10

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 08/12/21. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/cpaelzer/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/cpaelzer/dpdk-stable-queue/commit/a8400e9443c5265694ef13eb7f8786e4438da4e1

Thanks.

Christian Ehrhardt <christian.ehrhardt@canonical.com>

---
>From a8400e9443c5265694ef13eb7f8786e4438da4e1 Mon Sep 17 00:00:00 2001
From: Thierry Herbelot <thierry.herbelot@6wind.com>
Date: Mon, 24 May 2021 11:08:21 +0200
Subject: [PATCH] vhost/crypto: check request pointer before dereference

[ upstream commit 9cfbe67691f02e3f66f6a6804a5ce266830e1f3f ]

Use vc_req only after it was checked not to be NULL.

Fixes: 2d962bb736521 ("vhost/crypto: fix possible TOCTOU attack")

Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
 lib/librte_vhost/vhost_crypto.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/librte_vhost/vhost_crypto.c b/lib/librte_vhost/vhost_crypto.c
index e08f9c6d75..0439b12bc7 100644
--- a/lib/librte_vhost/vhost_crypto.c
+++ b/lib/librte_vhost/vhost_crypto.c
@@ -1338,13 +1338,15 @@ vhost_crypto_finalize_one_request(struct rte_crypto_op *op,
 	struct rte_mbuf *m_src = op->sym->m_src;
 	struct rte_mbuf *m_dst = op->sym->m_dst;
 	struct vhost_crypto_data_req *vc_req = rte_mbuf_to_priv(m_src);
-	struct vhost_virtqueue *vq = vc_req->vq;
-	uint16_t used_idx = vc_req->desc_idx, desc_idx;
+	struct vhost_virtqueue *vq;
+	uint16_t used_idx, desc_idx;
 
 	if (unlikely(!vc_req)) {
 		VC_LOG_ERR("Failed to retrieve vc_req");
 		return NULL;
 	}
+	vq = vc_req->vq;
+	used_idx = vc_req->desc_idx;
 
 	if (old_vq && (vq != old_vq))
 		return vq;
-- 
2.32.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2021-08-10 15:11:13.629367131 +0200
+++ 0014-vhost-crypto-check-request-pointer-before-dereferenc.patch	2021-08-10 15:11:12.914637350 +0200
@@ -1 +1 @@
-From 9cfbe67691f02e3f66f6a6804a5ce266830e1f3f Mon Sep 17 00:00:00 2001
+From a8400e9443c5265694ef13eb7f8786e4438da4e1 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 9cfbe67691f02e3f66f6a6804a5ce266830e1f3f ]
+
@@ -9 +10,0 @@
-Cc: stable@dpdk.org
@@ -14 +15 @@
- lib/vhost/vhost_crypto.c | 6 ++++--
+ lib/librte_vhost/vhost_crypto.c | 6 ++++--
@@ -17,5 +18,5 @@
-diff --git a/lib/vhost/vhost_crypto.c b/lib/vhost/vhost_crypto.c
-index 6689c52df2..926b5c0bd9 100644
---- a/lib/vhost/vhost_crypto.c
-+++ b/lib/vhost/vhost_crypto.c
-@@ -1337,13 +1337,15 @@ vhost_crypto_finalize_one_request(struct rte_crypto_op *op,
+diff --git a/lib/librte_vhost/vhost_crypto.c b/lib/librte_vhost/vhost_crypto.c
+index e08f9c6d75..0439b12bc7 100644
+--- a/lib/librte_vhost/vhost_crypto.c
++++ b/lib/librte_vhost/vhost_crypto.c
+@@ -1338,13 +1338,15 @@ vhost_crypto_finalize_one_request(struct rte_crypto_op *op,