From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4D77C46BAE for ; Fri, 18 Jul 2025 21:33:42 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4847540E44; Fri, 18 Jul 2025 21:33:42 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mails.dpdk.org (Postfix) with ESMTP id A244640611 for ; Fri, 18 Jul 2025 21:33:40 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752867220; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0AQotcezltzOwOtJW3GhbEs3GxuRQSeH2Fp+1Z/p0Es=; b=VLRFgqw66aoVs+Z0etCOCXA5MZqiKQBLS5OTRgLmxvbK2uJmUWvXqp0vXrdrdUp7ZGmF5A 1KRoTAram8UDV/641IXY4eTUQ9aoC78CYqVet1U5VNd3xQa9SEg5gCsZb6G+T8U6fNeZpd YbC4nESyh6ecZef9a3IoI1ubnIn4Bas= Received: from mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-184-OBYFERWsPE6S8rTFrR4uKA-1; Fri, 18 Jul 2025 15:33:38 -0400 X-MC-Unique: OBYFERWsPE6S8rTFrR4uKA-1 X-Mimecast-MFC-AGG-ID: OBYFERWsPE6S8rTFrR4uKA_1752867218 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id EFC0519560A3; Fri, 18 Jul 2025 19:33:37 +0000 (UTC) Received: from rh.redhat.com (unknown [10.44.32.40]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 97475180045B; Fri, 18 Jul 2025 19:33:36 +0000 (UTC) From: Kevin Traynor To: Gowrishankar Muthukrishnan Cc: Akhil Goyal , dpdk stable Subject: patch 'crypto/cnxk: fix out-of-bounds access in SM2' has been queued to stable release 24.11.3 Date: Fri, 18 Jul 2025 20:29:14 +0100 Message-ID: <20250718193247.1008129-20-ktraynor@redhat.com> In-Reply-To: <20250718193247.1008129-1-ktraynor@redhat.com> References: <20250718193247.1008129-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: 2YjutTIVNLiOSoqgFX_VHlnMF6ciBcfouNK0r-tBCSo_1752867218 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit content-type: text/plain; charset="US-ASCII"; x-default=true X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 24.11.3 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 07/23/25. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable/commit/e9e52ecc9f1cf0c27eca9c190609da46098a53bf Thanks. Kevin --- >From e9e52ecc9f1cf0c27eca9c190609da46098a53bf Mon Sep 17 00:00:00 2001 From: Gowrishankar Muthukrishnan Date: Thu, 15 May 2025 13:35:25 +0530 Subject: [PATCH] crypto/cnxk: fix out-of-bounds access in SM2 [ upstream commit cfefc94a8c155aceb2da519b6b34a01b5caa65e3 ] Fix coverity issue on out-of-bounds access. Coverity issue: 403166, 403171, 403172 Fixes: 5686b573e4bb ("crypto/cnxk: support SM2") Signed-off-by: Gowrishankar Muthukrishnan Acked-by: Akhil Goyal --- drivers/crypto/cnxk/cnxk_ae.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h index 82dce507bd..8508ab8736 100644 --- a/drivers/crypto/cnxk/cnxk_ae.h +++ b/drivers/crypto/cnxk/cnxk_ae.h @@ -1091,4 +1091,7 @@ cnxk_ae_sm2_sign_prep(struct rte_crypto_sm2_op_param *sm2, order_len = ROC_AE_EC_DATA_MAX; + if (pkey_len > ROC_AE_EC_DATA_MAX) + pkey_len = ROC_AE_EC_DATA_MAX; + /* Truncate input length to curve prime length */ if (message_len > prime_len) @@ -1182,4 +1185,10 @@ cnxk_ae_sm2_verify_prep(struct rte_crypto_sm2_op_param *sm2, order_len = ROC_AE_EC_DATA_MAX; + if (qx_len > ROC_AE_EC_DATA_MAX) + qx_len = ROC_AE_EC_DATA_MAX; + + if (qy_len > ROC_AE_EC_DATA_MAX) + qy_len = ROC_AE_EC_DATA_MAX; + /* Truncate input length to curve prime length */ if (message_len > prime_len) -- 2.50.0 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2025-07-18 20:29:11.786900891 +0100 +++ 0020-crypto-cnxk-fix-out-of-bounds-access-in-SM2.patch 2025-07-18 20:29:10.823907003 +0100 @@ -1 +1 @@ -From cfefc94a8c155aceb2da519b6b34a01b5caa65e3 Mon Sep 17 00:00:00 2001 +From e9e52ecc9f1cf0c27eca9c190609da46098a53bf Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit cfefc94a8c155aceb2da519b6b34a01b5caa65e3 ] + @@ -10 +11,0 @@ -Cc: stable@dpdk.org