GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/70382/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 70382,
    "url": "https://patches.dpdk.org/api/patches/70382/?format=api",
    "web_url": "https://patches.dpdk.org/project/dpdk/patch/20200518131704.715877-2-ferruh.yigit@intel.com/",
    "project": {
        "id": 1,
        "url": "https://patches.dpdk.org/api/projects/1/?format=api",
        "name": "DPDK",
        "link_name": "dpdk",
        "list_id": "dev.dpdk.org",
        "list_email": "dev@dpdk.org",
        "web_url": "http://core.dpdk.org",
        "scm_url": "git://dpdk.org/dpdk",
        "webscm_url": "http://git.dpdk.org/dpdk",
        "list_archive_url": "https://inbox.dpdk.org/dev",
        "list_archive_url_format": "https://inbox.dpdk.org/dev/{}",
        "commit_url_format": ""
    },
    "msgid": "<20200518131704.715877-2-ferruh.yigit@intel.com>",
    "list_archive_url": "https://inbox.dpdk.org/dev/20200518131704.715877-2-ferruh.yigit@intel.com",
    "date": "2020-05-18T13:16:59",
    "name": "[1/6] vhost: check log mmap offset and size overflow",
    "commit_ref": null,
    "pull_url": null,
    "state": "accepted",
    "archived": true,
    "hash": "835c3854531c56ea043859dc6d9053a83a9f1f6e",
    "submitter": {
        "id": 324,
        "url": "https://patches.dpdk.org/api/people/324/?format=api",
        "name": "Ferruh Yigit",
        "email": "ferruh.yigit@intel.com"
    },
    "delegate": {
        "id": 24651,
        "url": "https://patches.dpdk.org/api/users/24651/?format=api",
        "username": "dmarchand",
        "first_name": "David",
        "last_name": "Marchand",
        "email": "david.marchand@redhat.com"
    },
    "mbox": "https://patches.dpdk.org/project/dpdk/patch/20200518131704.715877-2-ferruh.yigit@intel.com/mbox/",
    "series": [
        {
            "id": 10129,
            "url": "https://patches.dpdk.org/api/series/10129/?format=api",
            "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=10129",
            "date": "2020-05-18T13:16:58",
            "name": "Fix vhost security issues",
            "version": 1,
            "mbox": "https://patches.dpdk.org/series/10129/mbox/"
        }
    ],
    "comments": "https://patches.dpdk.org/api/patches/70382/comments/",
    "check": "fail",
    "checks": "https://patches.dpdk.org/api/patches/70382/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<dev-bounces@dpdk.org>",
        "X-Original-To": "patchwork@inbox.dpdk.org",
        "Delivered-To": "patchwork@inbox.dpdk.org",
        "Received": [
            "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 74CD4A0093;\n\tMon, 18 May 2020 15:17:18 +0200 (CEST)",
            "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 0EB9C1D446;\n\tMon, 18 May 2020 15:17:13 +0200 (CEST)",
            "from mga09.intel.com (mga09.intel.com [134.134.136.24])\n by dpdk.org (Postfix) with ESMTP id 8C9681D418;\n Mon, 18 May 2020 15:17:10 +0200 (CEST)",
            "from orsmga003.jf.intel.com ([10.7.209.27])\n by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 18 May 2020 06:17:10 -0700",
            "from silpixa00399752.ir.intel.com (HELO\n silpixa00399752.ger.corp.intel.com) ([10.237.222.180])\n by orsmga003.jf.intel.com with ESMTP; 18 May 2020 06:17:08 -0700"
        ],
        "IronPort-SDR": [
            "\n uu55cpQa7Dp/cStYibgomS6vaBQ3yMhXH5qmVvrOgkPC3o/kU0EIvXd/Cqplh/QPJkLdAZUBhU\n 3muegQZOqsNQ==",
            "\n CPDWDiSWEoQcE+IQ/SEYWao7N5J4c3rNiwI3Oj36UUS0WIpsqCRJrH0dPhdjm7dC/epksBLdJd\n CDEl3/c85PPQ=="
        ],
        "X-Amp-Result": "SKIPPED(no attachment in message)",
        "X-Amp-File-Uploaded": "False",
        "X-ExtLoop1": "1",
        "X-IronPort-AV": "E=Sophos;i=\"5.73,407,1583222400\"; d=\"scan'208\";a=\"263950671\"",
        "From": "Ferruh Yigit <ferruh.yigit@intel.com>",
        "To": "dev@dpdk.org",
        "Cc": "Ferruh Yigit <ferruh.yigit@intel.com>,\n Maxime Coquelin <maxime.coquelin@redhat.com>, stable@dpdk.org,\n Ilja Van Sprundel <ivansprundel@ioactive.com>,\n Xiaolong Ye <xiaolong.ye@intel.com>",
        "Date": "Mon, 18 May 2020 14:16:59 +0100",
        "Message-Id": "<20200518131704.715877-2-ferruh.yigit@intel.com>",
        "X-Mailer": "git-send-email 2.25.4",
        "In-Reply-To": "<20200518131704.715877-1-ferruh.yigit@intel.com>",
        "References": "<20200518131704.715877-1-ferruh.yigit@intel.com>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "Subject": "[dpdk-dev] [PATCH 1/6] vhost: check log mmap offset and size\n\toverflow",
        "X-BeenThere": "dev@dpdk.org",
        "X-Mailman-Version": "2.1.15",
        "Precedence": "list",
        "List-Id": "DPDK patches and discussions <dev.dpdk.org>",
        "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>",
        "List-Archive": "<http://mails.dpdk.org/archives/dev/>",
        "List-Post": "<mailto:dev@dpdk.org>",
        "List-Help": "<mailto:dev-request@dpdk.org?subject=help>",
        "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>",
        "Errors-To": "dev-bounces@dpdk.org",
        "Sender": "\"dev\" <dev-bounces@dpdk.org>"
    },
    "content": "From: Maxime Coquelin <maxime.coquelin@redhat.com>\n\nvhost_user_set_log_base() is a message handler that is\ncalled to handle the VHOST_USER_SET_LOG_BASE message.\nIts payload contains a 64 bit size and offset. Both are\nadded up and used as a size when calling mmap().\n\nThere is no integer overflow check. If an integer overflow\noccurs a smaller memory map would be created than\nrequested. Since the returned mapping is mapped as writable\nand used for logging, a memory corruption could occur.\n\nCVE-2020-10722\nFixes: fbc4d248b198 (\"vhost: fix offset while mmaping log base address\")\nCc: stable@dpdk.org\n\nReported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>\nSigned-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>\nReviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>\nReviewed-by: Ilja Van Sprundel <ivansprundel@ioactive.com>\n---\n lib/librte_vhost/vhost_user.c | 6 +++---\n 1 file changed, 3 insertions(+), 3 deletions(-)",
    "diff": "diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c\nindex bd1be01040..1eea371fc8 100644\n--- a/lib/librte_vhost/vhost_user.c\n+++ b/lib/librte_vhost/vhost_user.c\n@@ -2059,10 +2059,10 @@ vhost_user_set_log_base(struct virtio_net **pdev, struct VhostUserMsg *msg,\n \tsize = msg->payload.log.mmap_size;\n \toff  = msg->payload.log.mmap_offset;\n \n-\t/* Don't allow mmap_offset to point outside the mmap region */\n-\tif (off > size) {\n+\t/* Check for mmap size and offset overflow. */\n+\tif (off >= -size) {\n \t\tVHOST_LOG_CONFIG(ERR,\n-\t\t\t\"log offset %#\"PRIx64\" exceeds log size %#\"PRIx64\"\\n\",\n+\t\t\t\"log offset %#\"PRIx64\" and log size %#\"PRIx64\" overflow\\n\",\n \t\t\toff, size);\n \t\treturn RTE_VHOST_MSG_RESULT_ERR;\n \t}\n",
    "prefixes": [
        "1/6"
    ]
}