patch 'examples/ipsec-secgw: fix partial overflow' has been queued to stable release 22.11.4

Xueming Li xuemingl at nvidia.com
Mon Dec 11 11:12:08 CET 2023

Previous message (by thread): patch 'net/mlx5: fix offset size in conntrack flow action' has been queued to stable release 22.11.4
Next message (by thread): patch 'config: fix RISC-V native build' has been queued to stable release 22.11.4
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 22.11.4

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 12/13/23. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://git.dpdk.org/dpdk-stable/log/?h=22.11-staging

This queued commit can be viewed at:
https://git.dpdk.org/dpdk-stable/commit/?h=22.11-staging&id=2a720ab686c4645c3dc7c8c0b5c60adadbc29094

Thanks.

Xueming Li <xuemingl at nvidia.com>

---
>From 2a720ab686c4645c3dc7c8c0b5c60adadbc29094 Mon Sep 17 00:00:00 2001
From: Brian Dooley <brian.dooley at intel.com>
Date: Wed, 15 Nov 2023 12:31:01 +0000
Subject: [PATCH] examples/ipsec-secgw: fix partial overflow
Cc: Xueming Li <xuemingl at nvidia.com>

[ upstream commit ae9267a67e9030c1b069b0df69924aaca17683bb ]

Case of partial overflow detected with ASan.
Added extra padding to cdev_key structure.

This structure is used for the key in hash table.
Padding is added to force the struct to use 8 bytes,
to ensure memory is notread past this structs boundary
(the hash key calculation reads 8 bytes if this struct is size 5 bytes).
The padding should be zeroed.
If fields are modified in this struct, the padding must be updated to
ensure multiple of 8 bytes size overall.

Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")

Signed-off-by: Brian Dooley <brian.dooley at intel.com>
---
 examples/ipsec-secgw/ipsec.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 6bef2a7285..2890e6e267 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -249,11 +249,18 @@ struct offloads {
 
 extern struct offloads tx_offloads;
 
+/*
+ * This structure is used for the key in hash table.
+ * Padding is to force the struct to use 8 bytes,
+ * to ensure memory is not read past this structs boundary
+ * (hash key calculation reads 8 bytes if this struct is size 5 bytes).
+ */
 struct cdev_key {
 	uint16_t lcore_id;
 	uint8_t cipher_algo;
 	uint8_t auth_algo;
 	uint8_t aead_algo;
+	uint8_t padding[3]; /* padding to 8-byte size should be zeroed */
 };
 
 struct socket_ctx {
-- 
2.25.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2023-12-11 17:56:26.426334000 +0800
+++ 0103-examples-ipsec-secgw-fix-partial-overflow.patch	2023-12-11 17:56:23.217652300 +0800
@@ -1 +1 @@
-From ae9267a67e9030c1b069b0df69924aaca17683bb Mon Sep 17 00:00:00 2001
+From 2a720ab686c4645c3dc7c8c0b5c60adadbc29094 Mon Sep 17 00:00:00 2001
@@ -4,0 +5,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit ae9267a67e9030c1b069b0df69924aaca17683bb ]
@@ -18 +20,0 @@
-Cc: stable at dpdk.org
@@ -26 +28 @@
-index 5059418456..bdcada1c40 100644
+index 6bef2a7285..2890e6e267 100644

Previous message (by thread): patch 'net/mlx5: fix offset size in conntrack flow action' has been queued to stable release 22.11.4
Next message (by thread): patch 'config: fix RISC-V native build' has been queued to stable release 22.11.4
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list