[dpdk-stable] patch 'vhost: fix batch dequeue potential buffer overflow' has been queued to stable release 19.11.9

Christian Ehrhardt christian.ehrhardt at canonical.com
Mon May 17 18:08:24 CEST 2021

Previous message (by thread): [dpdk-stable] patch 'vhost: fix packed ring potential buffer overflow' has been queued to stable release 19.11.9
Next message (by thread): [dpdk-stable] patch 'examples/vhost_crypto: remove unused short option' has been queued to stable release 19.11.9
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 19.11.9

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 05/19/21. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/cpaelzer/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/cpaelzer/dpdk-stable-queue/commit/ec59dc5b89ecc7806b20e1a72e6246106072dc65

Thanks.

Christian Ehrhardt <christian.ehrhardt at canonical.com>

---
>From ec59dc5b89ecc7806b20e1a72e6246106072dc65 Mon Sep 17 00:00:00 2001
From: Marvin Liu <yong.liu at intel.com>
Date: Wed, 31 Mar 2021 14:49:39 +0800
Subject: [PATCH] vhost: fix batch dequeue potential buffer overflow

[ upstream commit af584d21bf66047e36ad3b9ccdcfd83ecdccd5db ]

Similar as single dequeue, the multiple accesses of descriptor length
will lead to potential risk. One-time access of descriptor length can
eliminate this risk.

Fixes: 75ed51697820 ("vhost: add packed ring batch dequeue")

Signed-off-by: Marvin Liu <yong.liu at intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin at redhat.com>
---
 lib/librte_vhost/virtio_net.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c
index d93c448811..a01a5c8d99 100644
--- a/lib/librte_vhost/virtio_net.c
+++ b/lib/librte_vhost/virtio_net.c
@@ -1865,7 +1865,7 @@ vhost_reserve_avail_batch_packed(struct virtio_net *dev,
 	}
 
 	vhost_for_each_try_unroll(i, 0, PACKED_BATCH_SIZE) {
-		pkts[i]->pkt_len = descs[avail_idx + i].len - buf_offset;
+		pkts[i]->pkt_len = lens[i] - buf_offset;
 		pkts[i]->data_len = pkts[i]->pkt_len;
 		ids[i] = descs[avail_idx + i].id;
 	}
-- 
2.31.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2021-05-17 17:40:32.449527103 +0200
+++ 0075-vhost-fix-batch-dequeue-potential-buffer-overflow.patch	2021-05-17 17:40:29.243810043 +0200
@@ -1 +1 @@
-From af584d21bf66047e36ad3b9ccdcfd83ecdccd5db Mon Sep 17 00:00:00 2001
+From ec59dc5b89ecc7806b20e1a72e6246106072dc65 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit af584d21bf66047e36ad3b9ccdcfd83ecdccd5db ]
+
@@ -11 +12,0 @@
-Cc: stable at dpdk.org
@@ -20 +21 @@
-index d07b30ed7f..7f621fb6dd 100644
+index d93c448811..a01a5c8d99 100644
@@ -23 +24 @@
-@@ -2318,7 +2318,7 @@ vhost_reserve_avail_batch_packed(struct virtio_net *dev,
+@@ -1865,7 +1865,7 @@ vhost_reserve_avail_batch_packed(struct virtio_net *dev,

Previous message (by thread): [dpdk-stable] patch 'vhost: fix packed ring potential buffer overflow' has been queued to stable release 19.11.9
Next message (by thread): [dpdk-stable] patch 'examples/vhost_crypto: remove unused short option' has been queued to stable release 19.11.9
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list