patch 'crypto/qat: fix stack buffer overflow in SGL loop' has been queued to stable release 22.11.3

Xueming Li xuemingl at nvidia.com
Sun Jun 25 08:34:49 CEST 2023


Hi,

FYI, your patch has been queued to stable release 22.11.3

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 06/27/23. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://git.dpdk.org/dpdk-stable/log/?h=22.11-staging

This queued commit can be viewed at:
https://git.dpdk.org/dpdk-stable/commit/?h=22.11-staging&id=44137441387c0d04698e0b1083c0b90cff131d42

Thanks.

Xueming Li <xuemingl at nvidia.com>

---
>From 44137441387c0d04698e0b1083c0b90cff131d42 Mon Sep 17 00:00:00 2001
From: Ciara Power <ciara.power at intel.com>
Date: Fri, 14 Apr 2023 12:31:31 +0000
Subject: [PATCH] crypto/qat: fix stack buffer overflow in SGL loop
Cc: Xueming Li <xuemingl at nvidia.com>

[ upstream commit ff6e69e935ddc460bffdcfe7431dcf914fdfdb3f ]

The cvec pointer was incremented incorrectly in the case where the
length of remaining_off equals cvec len, and there is no next cvec.
This led to cvec->iova being invalid memory to access.

Instead, only increment the cvec pointer when we know there is a next
cvec to point to, by checking the i value, which represents the number
of cvecs available.
If i is 0, then no need to increment as the current cvec is the last one.

Fixes: a815a04cea05 ("crypto/qat: support symmetric build op request")

Signed-off-by: Ciara Power <ciara.power at intel.com>
Acked-by: Kai Ji <kai.ji at intel.com>
Acked-by: Brian Dooley <brian.dooley at intel.com>
---
 drivers/crypto/qat/dev/qat_crypto_pmd_gens.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
index 524c291340..092265631b 100644
--- a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
+++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
@@ -682,7 +682,8 @@ enqueue_one_chain_job_gen1(struct qat_sym_session *ctx,
 		while (remaining_off >= cvec->len && i >= 1) {
 			i--;
 			remaining_off -= cvec->len;
-			cvec++;
+			if (i)
+				cvec++;
 		}
 
 		auth_iova_end = cvec->iova + remaining_off;
-- 
2.25.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2023-06-25 14:32:00.420530400 +0800
+++ 0071-crypto-qat-fix-stack-buffer-overflow-in-SGL-loop.patch	2023-06-25 14:31:58.435773900 +0800
@@ -1 +1 @@
-From ff6e69e935ddc460bffdcfe7431dcf914fdfdb3f Mon Sep 17 00:00:00 2001
+From 44137441387c0d04698e0b1083c0b90cff131d42 Mon Sep 17 00:00:00 2001
@@ -4,0 +5,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit ff6e69e935ddc460bffdcfe7431dcf914fdfdb3f ]
@@ -16 +18,0 @@
-Cc: stable at dpdk.org


More information about the stable mailing list