[dpdk-dev] [PATCH 04/11] net/qede: fix coverity detected defects

Rasesh Mody rasesh.mody at cavium.com
Tue Apr 25 09:28:39 CEST 2017


From: Harish Patil <harish.patil at qlogic.com>

This defect is a functional issue where the RX CQE pointer remains
uninitialized in the LRO code path which can cause null pointer exception
while accessing VLAN or RSS hash value from CQE.

Fixes: 29540be7efce ("net/qede: support LRO/TSO offloads")
Coverity issue: 143474

Signed-off-by: Harish Patil <harish.patil at qlogic.com>
---
 drivers/net/qede/qede_rxtx.c |   32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/drivers/net/qede/qede_rxtx.c b/drivers/net/qede/qede_rxtx.c
index ec045b0..b180c0b 100644
--- a/drivers/net/qede/qede_rxtx.c
+++ b/drivers/net/qede/qede_rxtx.c
@@ -991,6 +991,7 @@ static inline uint32_t qede_rx_cqe_to_tunn_pkt_type(uint16_t flags)
 	uint8_t bitfield_val;
 	uint8_t offset, tpa_agg_idx, flags;
 	struct qede_agg_info *tpa_info;
+	uint32_t rss_hash;
 
 	hw_comp_cons = rte_le_to_cpu_16(*rxq->hw_cons_ptr);
 	sw_comp_cons = ecore_chain_get_cons_idx(&rxq->rx_comp_ring);
@@ -1005,6 +1006,7 @@ static inline uint32_t qede_rx_cqe_to_tunn_pkt_type(uint16_t flags)
 		packet_type = RTE_PTYPE_UNKNOWN;
 		vlan_tci = 0;
 		tpa_start_flg = false;
+		rss_hash = 0;
 
 		/* Get the CQE from the completion ring */
 		cqe =
@@ -1068,6 +1070,10 @@ static inline uint32_t qede_rx_cqe_to_tunn_pkt_type(uint16_t flags)
 			offset = fp_cqe->placement_offset;
 			len = rte_le_to_cpu_16(fp_cqe->len_on_first_bd);
 			pkt_len = rte_le_to_cpu_16(fp_cqe->pkt_len);
+			vlan_tci = rte_le_to_cpu_16(fp_cqe->vlan_tag);
+			rss_hash = rte_le_to_cpu_32(fp_cqe->rss_hash);
+			htype = (uint8_t)GET_FIELD(bitfield_val,
+					ETH_FAST_PATH_RX_REG_CQE_RSS_HASH_TYPE);
 		} else {
 			parse_flag =
 			    rte_le_to_cpu_16(cqe_start_tpa->pars_flags.flags);
@@ -1075,6 +1081,10 @@ static inline uint32_t qede_rx_cqe_to_tunn_pkt_type(uint16_t flags)
 			offset = cqe_start_tpa->placement_offset;
 			/* seg_len = len_on_first_bd */
 			len = rte_le_to_cpu_16(cqe_start_tpa->len_on_first_bd);
+			vlan_tci = rte_le_to_cpu_16(cqe_start_tpa->vlan_tag);
+			htype = (uint8_t)GET_FIELD(bitfield_val,
+				ETH_FAST_PATH_RX_TPA_START_CQE_RSS_HASH_TYPE);
+			rss_hash = rte_le_to_cpu_32(cqe_start_tpa->rss_hash);
 		}
 		if (qede_tunn_exist(parse_flag)) {
 			PMD_RX_LOG(INFO, rxq, "Rx tunneled packet\n");
@@ -1121,24 +1131,18 @@ static inline uint32_t qede_rx_cqe_to_tunn_pkt_type(uint16_t flags)
 		}
 
 		if (CQE_HAS_VLAN(parse_flag)) {
-			vlan_tci = rte_le_to_cpu_16(fp_cqe->vlan_tag);
 			ol_flags |= PKT_RX_VLAN_PKT;
+			rx_mb->vlan_tci = vlan_tci;
 		}
-
 		if (CQE_HAS_OUTER_VLAN(parse_flag)) {
-			vlan_tci = rte_le_to_cpu_16(fp_cqe->vlan_tag);
 			ol_flags |= PKT_RX_QINQ_PKT;
+			rx_mb->vlan_tci = vlan_tci;
 			rx_mb->vlan_tci_outer = 0;
 		}
-
 		/* RSS Hash */
-		htype = (uint8_t)GET_FIELD(bitfield_val,
-					ETH_FAST_PATH_RX_REG_CQE_RSS_HASH_TYPE);
-		if (qdev->rss_enable && htype) {
+		if (qdev->rss_enable) {
 			ol_flags |= PKT_RX_RSS_HASH;
-			rx_mb->hash.rss = rte_le_to_cpu_32(fp_cqe->rss_hash);
-			PMD_RX_LOG(INFO, rxq, "Hash result 0x%x\n",
-				   rx_mb->hash.rss);
+			rx_mb->hash.rss = rss_hash;
 		}
 
 		if (unlikely(qede_alloc_rx_buffer(rxq) != 0)) {
@@ -1185,10 +1189,12 @@ static inline uint32_t qede_rx_cqe_to_tunn_pkt_type(uint16_t flags)
 		rx_mb->port = rxq->port_id;
 		rx_mb->ol_flags = ol_flags;
 		rx_mb->data_len = len;
-		rx_mb->vlan_tci = vlan_tci;
 		rx_mb->packet_type = packet_type;
-		PMD_RX_LOG(INFO, rxq, "pkt_type %04x len %04x flags %04lx\n",
-			   packet_type, len, (unsigned long)ol_flags);
+		PMD_RX_LOG(INFO, rxq,
+			   "pkt_type 0x%04x len %u hash_type %d hash_val 0x%x"
+			   " ol_flags 0x%04lx\n",
+			   packet_type, len, htype, rx_mb->hash.rss,
+			   (unsigned long)ol_flags);
 		if (!tpa_start_flg) {
 			rx_mb->nb_segs = fp_cqe->bd_num;
 			rx_mb->pkt_len = pkt_len;
-- 
1.7.10.3



More information about the dev mailing list