[dpdk-stable] patch 'ipsec: check SAD lookup error' has been queued to stable release 19.11.3
luca.boccassi at gmail.com
luca.boccassi at gmail.com
Tue May 19 15:05:15 CEST 2020
Hi,
FYI, your patch has been queued to stable release 19.11.3
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 05/21/20. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Thanks.
Luca Boccassi
---
>From 47bd1f0ad23fa4d71509ccb23af1a382a0d6a64f Mon Sep 17 00:00:00 2001
From: Vladimir Medvedkin <vladimir.medvedkin at intel.com>
Date: Mon, 11 May 2020 10:23:06 +0100
Subject: [PATCH] ipsec: check SAD lookup error
[ upstream commit e62893f5ec27a361e74b3961edb808fb3d420bb1 ]
Explicitly check return value in add_specific()
CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS)
8. negative_returns: Using variable ret as an index to array sad->cnt_arr
Coverity issue: 357760
Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation")
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin at intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
---
lib/librte_ipsec/ipsec_sad.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c
index db2c44c804..31b5956d89 100644
--- a/lib/librte_ipsec/ipsec_sad.c
+++ b/lib/librte_ipsec/ipsec_sad.c
@@ -94,6 +94,8 @@ add_specific(struct rte_ipsec_sad *sad, const void *key,
/* Update a counter for a given SPI */
ret = rte_hash_lookup(sad->hash[RTE_IPSEC_SAD_SPI_ONLY], key);
+ if (ret < 0)
+ return ret;
if (key_type == RTE_IPSEC_SAD_SPI_DIP)
sad->cnt_arr[ret].cnt_dip += notexist;
else
--
2.20.1
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2020-05-19 14:04:51.870105974 +0100
+++ 0180-ipsec-check-SAD-lookup-error.patch 2020-05-19 14:04:44.520653884 +0100
@@ -1,15 +1,16 @@
-From e62893f5ec27a361e74b3961edb808fb3d420bb1 Mon Sep 17 00:00:00 2001
+From 47bd1f0ad23fa4d71509ccb23af1a382a0d6a64f Mon Sep 17 00:00:00 2001
From: Vladimir Medvedkin <vladimir.medvedkin at intel.com>
Date: Mon, 11 May 2020 10:23:06 +0100
Subject: [PATCH] ipsec: check SAD lookup error
+[ upstream commit e62893f5ec27a361e74b3961edb808fb3d420bb1 ]
+
Explicitly check return value in add_specific()
CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS)
8. negative_returns: Using variable ret as an index to array sad->cnt_arr
Coverity issue: 357760
Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation")
-Cc: stable at dpdk.org
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin at intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
@@ -18,13 +19,13 @@
1 file changed, 2 insertions(+)
diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c
-index 6c95240578..3f9533c80a 100644
+index db2c44c804..31b5956d89 100644
--- a/lib/librte_ipsec/ipsec_sad.c
+++ b/lib/librte_ipsec/ipsec_sad.c
-@@ -104,6 +104,8 @@ add_specific(struct rte_ipsec_sad *sad, const void *key,
- ret = rte_hash_lookup_with_hash(sad->hash[RTE_IPSEC_SAD_SPI_ONLY], key,
- rte_hash_crc(key, sad->keysize[RTE_IPSEC_SAD_SPI_ONLY],
- sad->init_val));
+@@ -94,6 +94,8 @@ add_specific(struct rte_ipsec_sad *sad, const void *key,
+
+ /* Update a counter for a given SPI */
+ ret = rte_hash_lookup(sad->hash[RTE_IPSEC_SAD_SPI_ONLY], key);
+ if (ret < 0)
+ return ret;
if (key_type == RTE_IPSEC_SAD_SPI_DIP)
More information about the stable
mailing list