patch 'crypto/virtio: fix out-of-bounds access' has been queued to stable release 20.11.5

luca.boccassi at gmail.com luca.boccassi at gmail.com
Mon Feb 28 22:20:14 CET 2022

Previous message (by thread): patch 'baseband/acc100: avoid out-of-bounds access' has been queued to stable release 20.11.5
Next message (by thread): patch 'crypto/ipsec_mb: fix ZUC authentication verify' has been queued to stable release 20.11.5
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 20.11.5

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 03/02/22. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/bluca/dpdk-stable

This queued commit can be viewed at:
https://github.com/bluca/dpdk-stable/commit/2eb55ed0243f32abb1b089a7b771638100cbd413

Thanks.

Luca Boccassi

---
>From 2eb55ed0243f32abb1b089a7b771638100cbd413 Mon Sep 17 00:00:00 2001
From: Brian Dooley <brian.dooley at intel.com>
Date: Tue, 22 Feb 2022 09:54:51 +0000
Subject: [PATCH] crypto/virtio: fix out-of-bounds access

[ upstream commit a965e768065ae496c9a1c7a77545bc0f0f0e38e2 ]

Coverity flags an untrusted loop bound. Check length of session iv.

Coverity issue: 375802
Fixes: b063e843fa03 ("crypto/virtio: fix IV physical address")

Signed-off-by: Brian Dooley <brian.dooley at intel.com>
Acked-by: Fan Zhang <roy.fan.zhang at intel.com>
---
 drivers/crypto/virtio/virtio_rxtx.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
index e1cb4ad104..8b391a4fce 100644
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -264,6 +264,9 @@ virtqueue_crypto_sym_enqueue_xmit(
 		if (cop->phys_addr)
 			desc[idx].addr = cop->phys_addr + session->iv.offset;
 		else {
+			if (session->iv.length > VIRTIO_CRYPTO_MAX_IV_SIZE)
+				return -ENOMEM;
+
 			rte_memcpy(crypto_op_cookie->iv,
 					rte_crypto_op_ctod_offset(cop,
 					uint8_t *, session->iv.offset),
-- 
2.30.2

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2022-02-28 21:17:55.451914896 +0000
+++ 0018-crypto-virtio-fix-out-of-bounds-access.patch	2022-02-28 21:17:53.856929582 +0000
@@ -1 +1 @@
-From a965e768065ae496c9a1c7a77545bc0f0f0e38e2 Mon Sep 17 00:00:00 2001
+From 2eb55ed0243f32abb1b089a7b771638100cbd413 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit a965e768065ae496c9a1c7a77545bc0f0f0e38e2 ]
+
@@ -10 +11,0 @@
-Cc: stable at dpdk.org
@@ -19 +20 @@
-index a65524a306..08359b3a39 100644
+index e1cb4ad104..8b391a4fce 100644

Previous message (by thread): patch 'baseband/acc100: avoid out-of-bounds access' has been queued to stable release 20.11.5
Next message (by thread): patch 'crypto/ipsec_mb: fix ZUC authentication verify' has been queued to stable release 20.11.5
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list