[dpdk-dev] [PATCH 2/6] vhost/crypto: fix incorrect descriptor deduction

Ferruh Yigit ferruh.yigit at intel.com
Mon Sep 28 12:59:14 CEST 2020

Previous message: [dpdk-dev] [PATCH 1/6] vhost/crypto: fix pool allocation
Next message: [dpdk-dev] [PATCH 3/6] vhost/crypto: fix missed request check for copy mode
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Fan Zhang <roy.fan.zhang at intel.com>

This patch fixes the incorrect descriptor deduction for vhost crypto.

CVE-2020-14378
Fixes: 16d2e718b8ce ("vhost/crypto: fix possible out of bound access")
Cc: stable at dpdk.org

Signed-off-by: Fan Zhang <roy.fan.zhang at intel.com>
Acked-by: Chenbo Xia <chenbo.xia at intel.com>
---
 lib/librte_vhost/vhost_crypto.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/librte_vhost/vhost_crypto.c b/lib/librte_vhost/vhost_crypto.c
index 0f9df4059d..86747dd5f3 100644
--- a/lib/librte_vhost/vhost_crypto.c
+++ b/lib/librte_vhost/vhost_crypto.c
@@ -530,13 +530,14 @@ move_desc(struct vring_desc *head, struct vring_desc **cur_desc,
 	int left = size - desc->len;
 
 	while ((desc->flags & VRING_DESC_F_NEXT) && left > 0) {
-		(*nb_descs)--;
 		if (unlikely(*nb_descs == 0 || desc->next >= vq_size))
 			return -1;
 
 		desc = &head[desc->next];
 		rte_prefetch0(&head[desc->next]);
 		left -= desc->len;
+		if (left > 0)
+			(*nb_descs)--;
 	}
 
 	if (unlikely(left > 0))
-- 
2.26.2

Previous message: [dpdk-dev] [PATCH 1/6] vhost/crypto: fix pool allocation
Next message: [dpdk-dev] [PATCH 3/6] vhost/crypto: fix missed request check for copy mode
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list