patch 'crypto/virtio: add request check on request side' has been queued to stable release 23.11.5

[Xueming Li]

Hi,

FYI, your patch has been queued to stable release 23.11.5

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 06/28/25. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://git.dpdk.org/dpdk-stable/log/?h=23.11-staging

This queued commit can be viewed at:
https://git.dpdk.org/dpdk-stable/commit/?h=23.11-staging&id=1356ebb2564d202abc4d80a33fc601bef7674432

Thanks.

Xueming Li <xuemingl at nvidia.com>

---
>From 1356ebb2564d202abc4d80a33fc601bef7674432 Mon Sep 17 00:00:00 2001
From: Radu Nicolau <radu.nicolau at intel.com>
Date: Fri, 23 May 2025 14:04:50 +0000
Subject: [PATCH] crypto/virtio: add request check on request side
Cc: Xueming Li <xuemingl at nvidia.com>

[ upstream commit 9771f037ec8c6592126be49ca50953d1a14a0335 ]

Add same request checks on the request side.

Fixes: b2866f473369 ("vhost/crypto: fix missed request check for copy mode")

Signed-off-by: Radu Nicolau <radu.nicolau at intel.com>
Acked-by: Fan Zhang <fanzhang.oss at gmail.com>
Tested-by: Yu Jiang <yux.jiang at intel.com>
---
 drivers/crypto/virtio/virtio_rxtx.c | 40 +++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
index 01977c7ec4..d645e757f5 100644
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -107,6 +107,40 @@ virtqueue_dequeue_burst_rx(struct virtqueue *vq,
 	return i;
 }
 
+static __rte_always_inline uint8_t
+virtqueue_crypto_check_cipher_request(struct virtio_crypto_cipher_data_req *req)
+{
+	if (likely((req->para.iv_len <= VIRTIO_CRYPTO_MAX_IV_SIZE) &&
+		(req->para.src_data_len <= RTE_MBUF_DEFAULT_BUF_SIZE) &&
+		(req->para.dst_data_len >= req->para.src_data_len) &&
+		(req->para.dst_data_len <= RTE_MBUF_DEFAULT_BUF_SIZE)))
+		return VIRTIO_CRYPTO_OK;
+	return VIRTIO_CRYPTO_BADMSG;
+}
+
+static __rte_always_inline uint8_t
+virtqueue_crypto_check_chain_request(struct virtio_crypto_alg_chain_data_req *req)
+{
+	if (likely((req->para.iv_len <= VIRTIO_CRYPTO_MAX_IV_SIZE) &&
+		(req->para.src_data_len <= RTE_MBUF_DEFAULT_BUF_SIZE) &&
+		(req->para.dst_data_len >= req->para.src_data_len) &&
+		(req->para.dst_data_len <= RTE_MBUF_DEFAULT_BUF_SIZE) &&
+		(req->para.cipher_start_src_offset <
+			RTE_MBUF_DEFAULT_BUF_SIZE) &&
+		(req->para.len_to_cipher <= RTE_MBUF_DEFAULT_BUF_SIZE) &&
+		(req->para.hash_start_src_offset <
+			RTE_MBUF_DEFAULT_BUF_SIZE) &&
+		(req->para.len_to_hash <= RTE_MBUF_DEFAULT_BUF_SIZE) &&
+		(req->para.cipher_start_src_offset + req->para.len_to_cipher <=
+			req->para.src_data_len) &&
+		(req->para.hash_start_src_offset + req->para.len_to_hash <=
+			req->para.src_data_len) &&
+		(req->para.dst_data_len + req->para.hash_result_len <=
+			RTE_MBUF_DEFAULT_BUF_SIZE)))
+		return VIRTIO_CRYPTO_OK;
+	return VIRTIO_CRYPTO_BADMSG;
+}
+
 static int
 virtqueue_crypto_sym_pkt_header_arrange(
 		struct rte_crypto_op *cop,
@@ -142,6 +176,9 @@ virtqueue_crypto_sym_pkt_header_arrange(
 				sym_op->cipher.data.offset);
 		req_data->u.sym_req.u.cipher.para.dst_data_len =
 			req_data->u.sym_req.u.cipher.para.src_data_len;
+		if (virtqueue_crypto_check_cipher_request(
+			&req_data->u.sym_req.u.cipher) != VIRTIO_CRYPTO_OK)
+			return -1;
 		break;
 	case VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING:
 		req_data->u.sym_req.op_type =
@@ -181,6 +218,9 @@ virtqueue_crypto_sym_pkt_header_arrange(
 			VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH)
 			req_data->u.sym_req.u.chain.para.hash_result_len =
 				chain_para->u.mac_param.hash_result_len;
+		if (virtqueue_crypto_check_chain_request(
+			&req_data->u.sym_req.u.chain) != VIRTIO_CRYPTO_OK)
+			return -1;
 		break;
 	default:
 		return -1;
-- 
2.34.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2025-06-26 19:59:20.302178122 +0800
+++ 0067-crypto-virtio-add-request-check-on-request-side.patch	2025-06-26 19:59:17.466418041 +0800
@@ -1 +1 @@
-From 9771f037ec8c6592126be49ca50953d1a14a0335 Mon Sep 17 00:00:00 2001
+From 1356ebb2564d202abc4d80a33fc601bef7674432 Mon Sep 17 00:00:00 2001
@@ -4,0 +5,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit 9771f037ec8c6592126be49ca50953d1a14a0335 ]
@@ -9 +11,0 @@
-Cc: stable at dpdk.org
@@ -19 +21 @@
-index a7f1bd9753..00988e18b1 100644
+index 01977c7ec4..d645e757f5 100644
@@ -22 +24 @@
-@@ -193,6 +193,40 @@ virtqueue_dequeue_burst_rx_packed(struct virtqueue *vq,
+@@ -107,6 +107,40 @@ virtqueue_dequeue_burst_rx(struct virtqueue *vq,
@@ -60 +62 @@
- static inline int
+ static int
@@ -63 +65 @@
-@@ -228,6 +262,9 @@ virtqueue_crypto_sym_pkt_header_arrange(
+@@ -142,6 +176,9 @@ virtqueue_crypto_sym_pkt_header_arrange(
@@ -73 +75 @@
-@@ -267,6 +304,9 @@ virtqueue_crypto_sym_pkt_header_arrange(
+@@ -181,6 +218,9 @@ virtqueue_crypto_sym_pkt_header_arrange(