From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C65C846BAE for ; Fri, 18 Jul 2025 21:38:39 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C0F6740611; Fri, 18 Jul 2025 21:38:39 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mails.dpdk.org (Postfix) with ESMTP id 3464040B8F for ; Fri, 18 Jul 2025 21:38:38 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752867517; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2t0tpi98NZDAptgyze6Z85dp7rZpLMw/Js1ESrqY8NM=; b=dgyVIb+Yj9hUE6e97/TKmSbYLnOQFqhGvqBg9XbJFscAcVJXs8375v9gqOLGriGpV8uKVl YMMhXv9T8l+JVL0ebs5Db0teLYjXc4aBLLPd3GNdwZe7tRcKjqo4BJue/cc7Q41DNgsLAq 70zWxbzN70U3NJ3ZVNOsy7B8nGLklkY= Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-649-kHIyOvEqO_mtudmyl6EiEg-1; Fri, 18 Jul 2025 15:38:34 -0400 X-MC-Unique: kHIyOvEqO_mtudmyl6EiEg-1 X-Mimecast-MFC-AGG-ID: kHIyOvEqO_mtudmyl6EiEg_1752867513 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 5FD901800C36; Fri, 18 Jul 2025 19:38:33 +0000 (UTC) Received: from rh.redhat.com (unknown [10.44.32.40]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 74C0718003FC; Fri, 18 Jul 2025 19:38:31 +0000 (UTC) From: Kevin Traynor To: Radu Nicolau Cc: Fan Zhang , Yu Jiang , dpdk stable Subject: patch 'crypto/virtio: add request check on request side' has been queued to stable release 24.11.3 Date: Fri, 18 Jul 2025 20:31:38 +0100 Message-ID: <20250718193247.1008129-164-ktraynor@redhat.com> In-Reply-To: <20250718193247.1008129-1-ktraynor@redhat.com> References: <20250718193247.1008129-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: 1xnqb5iOqUNCCF1WzL4fWM68go-yGxfAscLieERlUbM_1752867513 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit content-type: text/plain; charset="US-ASCII"; x-default=true X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 24.11.3 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 07/23/25. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable/commit/e59b0a9a4005bef7085c5290a47044841dc41cfa Thanks. Kevin --- >From e59b0a9a4005bef7085c5290a47044841dc41cfa Mon Sep 17 00:00:00 2001 From: Radu Nicolau Date: Fri, 23 May 2025 14:04:50 +0000 Subject: [PATCH] crypto/virtio: add request check on request side [ upstream commit 9771f037ec8c6592126be49ca50953d1a14a0335 ] Add same request checks on the request side. Fixes: b2866f473369 ("vhost/crypto: fix missed request check for copy mode") Signed-off-by: Radu Nicolau Acked-by: Fan Zhang Tested-by: Yu Jiang --- drivers/crypto/virtio/virtio_rxtx.c | 41 +++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c index 01977c7ec4..b18b50428d 100644 --- a/drivers/crypto/virtio/virtio_rxtx.c +++ b/drivers/crypto/virtio/virtio_rxtx.c @@ -108,4 +108,39 @@ virtqueue_dequeue_burst_rx(struct virtqueue *vq, } + +static __rte_always_inline uint8_t +virtqueue_crypto_check_cipher_request(struct virtio_crypto_cipher_data_req *req) +{ + if (likely((req->para.iv_len <= VIRTIO_CRYPTO_MAX_IV_SIZE) && + (req->para.src_data_len <= RTE_MBUF_DEFAULT_BUF_SIZE) && + (req->para.dst_data_len >= req->para.src_data_len) && + (req->para.dst_data_len <= RTE_MBUF_DEFAULT_BUF_SIZE))) + return VIRTIO_CRYPTO_OK; + return VIRTIO_CRYPTO_BADMSG; +} + +static __rte_always_inline uint8_t +virtqueue_crypto_check_chain_request(struct virtio_crypto_alg_chain_data_req *req) +{ + if (likely((req->para.iv_len <= VIRTIO_CRYPTO_MAX_IV_SIZE) && + (req->para.src_data_len <= RTE_MBUF_DEFAULT_BUF_SIZE) && + (req->para.dst_data_len >= req->para.src_data_len) && + (req->para.dst_data_len <= RTE_MBUF_DEFAULT_BUF_SIZE) && + (req->para.cipher_start_src_offset < + RTE_MBUF_DEFAULT_BUF_SIZE) && + (req->para.len_to_cipher <= RTE_MBUF_DEFAULT_BUF_SIZE) && + (req->para.hash_start_src_offset < + RTE_MBUF_DEFAULT_BUF_SIZE) && + (req->para.len_to_hash <= RTE_MBUF_DEFAULT_BUF_SIZE) && + (req->para.cipher_start_src_offset + req->para.len_to_cipher <= + req->para.src_data_len) && + (req->para.hash_start_src_offset + req->para.len_to_hash <= + req->para.src_data_len) && + (req->para.dst_data_len + req->para.hash_result_len <= + RTE_MBUF_DEFAULT_BUF_SIZE))) + return VIRTIO_CRYPTO_OK; + return VIRTIO_CRYPTO_BADMSG; +} + static int virtqueue_crypto_sym_pkt_header_arrange( @@ -143,4 +178,7 @@ virtqueue_crypto_sym_pkt_header_arrange( req_data->u.sym_req.u.cipher.para.dst_data_len = req_data->u.sym_req.u.cipher.para.src_data_len; + if (virtqueue_crypto_check_cipher_request( + &req_data->u.sym_req.u.cipher) != VIRTIO_CRYPTO_OK) + return -1; break; case VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING: @@ -182,4 +220,7 @@ virtqueue_crypto_sym_pkt_header_arrange( req_data->u.sym_req.u.chain.para.hash_result_len = chain_para->u.mac_param.hash_result_len; + if (virtqueue_crypto_check_chain_request( + &req_data->u.sym_req.u.chain) != VIRTIO_CRYPTO_OK) + return -1; break; default: -- 2.50.0 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2025-07-18 20:29:16.722579738 +0100 +++ 0164-crypto-virtio-add-request-check-on-request-side.patch 2025-07-18 20:29:11.172908072 +0100 @@ -1 +1 @@ -From 9771f037ec8c6592126be49ca50953d1a14a0335 Mon Sep 17 00:00:00 2001 +From e59b0a9a4005bef7085c5290a47044841dc41cfa Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 9771f037ec8c6592126be49ca50953d1a14a0335 ] + @@ -9 +10,0 @@ -Cc: stable@dpdk.org @@ -15,2 +16,2 @@ - drivers/crypto/virtio/virtio_rxtx.c | 40 +++++++++++++++++++++++++++++ - 1 file changed, 40 insertions(+) + drivers/crypto/virtio/virtio_rxtx.c | 41 +++++++++++++++++++++++++++++ + 1 file changed, 41 insertions(+) @@ -19 +20 @@ -index a7f1bd9753..00988e18b1 100644 +index 01977c7ec4..b18b50428d 100644 @@ -22 +23 @@ -@@ -194,4 +194,38 @@ virtqueue_dequeue_burst_rx_packed(struct virtqueue *vq, +@@ -108,4 +108,39 @@ virtqueue_dequeue_burst_rx(struct virtqueue *vq, @@ -24,0 +26 @@ ++ @@ -59 +61 @@ - static inline int + static int @@ -61 +63 @@ -@@ -229,4 +263,7 @@ virtqueue_crypto_sym_pkt_header_arrange( +@@ -143,4 +178,7 @@ virtqueue_crypto_sym_pkt_header_arrange( @@ -69 +71 @@ -@@ -268,4 +305,7 @@ virtqueue_crypto_sym_pkt_header_arrange( +@@ -182,4 +220,7 @@ virtqueue_crypto_sym_pkt_header_arrange(