From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 83180A00C4 for ; Fri, 18 Nov 2022 00:10:14 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7F4874067B; Fri, 18 Nov 2022 00:10:14 +0100 (CET) Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com [209.85.221.42]) by mails.dpdk.org (Postfix) with ESMTP id 2B1C54021F for ; Fri, 18 Nov 2022 00:10:13 +0100 (CET) Received: by mail-wr1-f42.google.com with SMTP id j15so5744178wrq.3 for ; Thu, 17 Nov 2022 15:10:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8vpFeBnU19Qbjcd2WhWjgMOpJ6Mh1zwMZ7lvgtxPRdY=; b=GXk25cbeaz2peSZkjA4/FeLa34iNrqrxpndGyxqC9P446IEmmG0SKc+NCyBT9Ui4Da 8EPozALoZtQs9/Is642xYXns/fDvn1WBO70GBPN42KZy6JvoMoj96qXOfqoF4/pZQ0tv RxHpNN3UTpWKbpDO3i/nHBUQxWyqF+pKCBW50KHVf7OlXVCme9dRDg7T0QDgjLJAFMSS +SiofTlqAd5y0gEmFxkE3zXomLaEtmyIINwGrnqU7ArgX4daQSgYOZ3Q17972AZVYicI HCFx3mopMjoPrxIMcA9EQdOHXt7QMRgZC/zRbWjXh0arfTc7dCBY3iOIgTzqvyUjjtfU D/Rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8vpFeBnU19Qbjcd2WhWjgMOpJ6Mh1zwMZ7lvgtxPRdY=; b=Fub34W2tBvR3U5vIKW+Pr0rSqQSqDltONE7G37HEFYSehPxZRXzlLH0wiH117OV2g6 Y8uwWM6F01MiEu8UmAZzLAOcK5ugw8X1pVMBPE0PzzPPGvOor00zXTIslepf62T6nYWT MTKNf2Q7Eh4IA32dAKHpWw/XORjnX7XlxdvatdLX80Bk6Af0S5MKuQ7T8Kc/drWrm+n2 BEQmWU1ZWOT0CWIfLnAKAYPREzY6MoHTOqB/PwTj3VkYTTgONKoRMSEdsd9301g/Ieh1 XCpWksQZtV6550gwIppy7lw+JzEj2LXb6KfTFN1zqctbtQk8eZfEpNCmqvex7cbWEgZs 4R9w== X-Gm-Message-State: ANoB5pnoaNEdK+B/LyhDWhs3tfenHY4RpqYvms226TsUsYAQLxv+0SLC IsrNXFi7dILYA/0z8uRC5VauMufLdaA= X-Google-Smtp-Source: AA0mqf5+dN0V9IGate619D4FApJsvuKtNN0cbfvGleBqulsDglgYBW0cjgRYNEvQvJ8KijL56yKMow== X-Received: by 2002:adf:f00e:0:b0:22e:304b:cf66 with SMTP id j14-20020adff00e000000b0022e304bcf66mr2722795wro.308.1668726612889; Thu, 17 Nov 2022 15:10:12 -0800 (PST) Received: from localhost ([137.220.119.58]) by smtp.gmail.com with ESMTPSA id s23-20020a1cf217000000b003c6c5a5a651sm2483736wmc.28.2022.11.17.15.10.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Nov 2022 15:10:12 -0800 (PST) From: luca.boccassi@gmail.com To: Steve Yang Cc: Qi Zhang , dpdk stable Subject: patch 'net/iavf: fix tainted scalar' has been queued to stable release 20.11.7 Date: Thu, 17 Nov 2022 23:08:44 +0000 Message-Id: <20221117230859.611465-20-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221117230859.611465-1-luca.boccassi@gmail.com> References: <20221105171146.1520039-47-luca.boccassi@gmail.com> <20221117230859.611465-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 20.11.7 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 11/19/22. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable/commit/37255d7be5d69fed1f4d0a56fee72fcd711237bf Thanks. Luca Boccassi --- >From 37255d7be5d69fed1f4d0a56fee72fcd711237bf Mon Sep 17 00:00:00 2001 From: Steve Yang Date: Thu, 10 Nov 2022 08:30:52 +0000 Subject: [PATCH] net/iavf: fix tainted scalar [ upstream commit b125c0e721ac7803ee2fa16cd6b3d97bc575de6f ] tainted_data_downcast: Downcasting match_item->meta from void * to struct virtchnl_proto_hdrs implies that the data that this pointer points to is tainted. var_assign_var: Assigning: proto_hdrs = match_item->meta. Both are now tainted. var_assign_var: Assigning: rss_meta->proto_hdrs = *proto_hdrs. Both are now tainted. Passing tainted expression "rss_meta->proto_hdrs.count" to "iavf_refine_proto_hdrs", which uses it as a loop boundary. Removed temporary variable 'proto_hdrs', and copied whole memory of match_item meta with exact structure size to avoid data downcast. Coverity issue: 381131 Fixes: 91f27b2e39ab ("net/iavf: refactor RSS") Signed-off-by: Steve Yang Acked-by: Qi Zhang --- drivers/net/iavf/iavf_hash.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/net/iavf/iavf_hash.c b/drivers/net/iavf/iavf_hash.c index eb7fd3f66f..81b1bd9ec0 100644 --- a/drivers/net/iavf/iavf_hash.c +++ b/drivers/net/iavf/iavf_hash.c @@ -904,7 +904,6 @@ iavf_hash_parse_action(struct iavf_pattern_match_item *match_item, uint64_t pattern_hint, struct iavf_rss_meta *rss_meta, struct rte_flow_error *error) { - struct virtchnl_proto_hdrs *proto_hdrs; enum rte_flow_action_type action_type; const struct rte_flow_action_rss *rss; const struct rte_flow_action *action; @@ -961,8 +960,10 @@ iavf_hash_parse_action(struct iavf_pattern_match_item *match_item, return rte_flow_error_set(error, ENOTSUP, RTE_FLOW_ERROR_TYPE_ACTION, action, "RSS type not supported"); - proto_hdrs = match_item->meta; - rss_meta->proto_hdrs = *proto_hdrs; + + memcpy(&rss_meta->proto_hdrs, match_item->meta, + sizeof(struct virtchnl_proto_hdrs)); + iavf_refine_proto_hdrs(&rss_meta->proto_hdrs, rss_type, pattern_hint); break; -- 2.34.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2022-11-17 23:07:56.376852430 +0000 +++ 0020-net-iavf-fix-tainted-scalar.patch 2022-11-17 23:07:55.524331088 +0000 @@ -1 +1 @@ -From b125c0e721ac7803ee2fa16cd6b3d97bc575de6f Mon Sep 17 00:00:00 2001 +From 37255d7be5d69fed1f4d0a56fee72fcd711237bf Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit b125c0e721ac7803ee2fa16cd6b3d97bc575de6f ] + @@ -24 +25,0 @@ -Cc: stable@dpdk.org @@ -29,2 +30,2 @@ - drivers/net/iavf/iavf_hash.c | 22 +++++++++------------- - 1 file changed, 9 insertions(+), 13 deletions(-) + drivers/net/iavf/iavf_hash.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) @@ -33 +34 @@ -index 67b05313eb..ae6fb38594 100644 +index eb7fd3f66f..81b1bd9ec0 100644 @@ -36,73 +37 @@ -@@ -992,10 +992,9 @@ iavf_refine_proto_hdrs_l234(struct virtchnl_proto_hdrs *proto_hdrs, - uint64_t rss_type) - { - struct virtchnl_proto_hdr *hdr; -- int phdrs_count = proto_hdrs->count; - int i; - -- for (i = 0; i < phdrs_count; i++) { -+ for (i = 0; i < proto_hdrs->count; i++) { - hdr = &proto_hdrs->proto_hdr[i]; - switch (hdr->type) { - case VIRTCHNL_PROTO_HDR_ETH: -@@ -1184,13 +1183,12 @@ iavf_refine_proto_hdrs_gtpu(struct virtchnl_proto_hdrs *proto_hdrs, - uint64_t rss_type) - { - struct virtchnl_proto_hdr *hdr; -- int phdrs_count = proto_hdrs->count; - int i; - - if (!(rss_type & RTE_ETH_RSS_GTPU)) - return; - -- for (i = 0; i < phdrs_count; i++) { -+ for (i = 0; i < proto_hdrs->count; i++) { - hdr = &proto_hdrs->proto_hdr[i]; - switch (hdr->type) { - case VIRTCHNL_PROTO_HDR_GTPU_IP: -@@ -1210,7 +1208,6 @@ iavf_refine_proto_hdrs_by_pattern(struct virtchnl_proto_hdrs *proto_hdrs, - struct virtchnl_proto_hdr *hdr2; - int i, shift_count = 1; - int tun_lvl = proto_hdrs->tunnel_level; -- int phdrs_count = 0; - - if (!(phint & IAVF_PHINT_GTPU_MSK) && !(phint & IAVF_PHINT_GRE)) - return; -@@ -1219,9 +1216,8 @@ iavf_refine_proto_hdrs_by_pattern(struct virtchnl_proto_hdrs *proto_hdrs, - if (phint & IAVF_PHINT_LAYERS_MSK) - shift_count = 2; - -- phdrs_count = proto_hdrs->count; - /* shift headers layer */ -- for (i = phdrs_count - 1 + shift_count; -+ for (i = proto_hdrs->count - 1 + shift_count; - i > shift_count - 1; i--) { - hdr1 = &proto_hdrs->proto_hdr[i]; - hdr2 = &proto_hdrs->proto_hdr[i - shift_count]; -@@ -1282,7 +1278,6 @@ iavf_refine_proto_hdrs_l2tpv2(struct virtchnl_proto_hdrs *proto_hdrs, - uint64_t phint) - { - struct virtchnl_proto_hdr *hdr, *hdr1; -- int phdrs_count = proto_hdrs->count; - int i; - - if (!(phint & IAVF_PHINT_L2TPV2) && !(phint & IAVF_PHINT_L2TPV2_LEN)) -@@ -1290,7 +1285,7 @@ iavf_refine_proto_hdrs_l2tpv2(struct virtchnl_proto_hdrs *proto_hdrs, - - if (proto_hdrs->tunnel_level == TUNNEL_LEVEL_INNER) { - /* shift headers layer */ -- for (i = phdrs_count; i > 0; i--) -+ for (i = proto_hdrs->count; i > 0; i--) - proto_hdrs->proto_hdr[i] = proto_hdrs->proto_hdr[i - 1]; - - /* adding outer ip header at layer 0 */ -@@ -1303,7 +1298,7 @@ iavf_refine_proto_hdrs_l2tpv2(struct virtchnl_proto_hdrs *proto_hdrs, - else if (phint & IAVF_PHINT_OUTER_IPV6) - VIRTCHNL_SET_PROTO_HDR_TYPE(hdr1, IPV6); - } else { -- for (i = 0; i < phdrs_count; i++) { -+ for (i = 0; i < proto_hdrs->count; i++) { - hdr = &proto_hdrs->proto_hdr[i]; - if (hdr->type == VIRTCHNL_PROTO_HDR_L2TPV2) { - if (phint & IAVF_PHINT_L2TPV2) { -@@ -1427,7 +1422,6 @@ iavf_hash_parse_action(struct iavf_pattern_match_item *match_item, +@@ -904,7 +904,6 @@ iavf_hash_parse_action(struct iavf_pattern_match_item *match_item, @@ -116 +45 @@ -@@ -1488,8 +1482,10 @@ iavf_hash_parse_action(struct iavf_pattern_match_item *match_item, +@@ -961,8 +960,10 @@ iavf_hash_parse_action(struct iavf_pattern_match_item *match_item,