[dpdk-dev] [PATCH] net/mlx5: fix meter color register consideration

Raslan Darawsheh rasland at mellanox.com
Mon May 11 14:33:03 CEST 2020


Hi,

> -----Original Message-----
> From: dev <dev-bounces at dpdk.org> On Behalf Of Michael Baum
> Sent: Wednesday, May 6, 2020 7:24 PM
> To: dev at dpdk.org
> Cc: Matan Azrad <matan at mellanox.com>; Slava Ovsiienko
> <viacheslavo at mellanox.com>; stable at dpdk.org
> Subject: [dpdk-dev] [PATCH] net/mlx5: fix meter color register consideration
> 
> The mlx5_flow_get_reg_id() function translates tag ID to register
> from the registers that are supported and available for use. The
> user does not know which register is available at a time and therefore
> there is an array that represents mapping to the available registers.
> Usually the free registers are continuous in the flow_mreg_c array but
> sometimes the mtr_color_reg register is between them and it must be
> skipped and the next register returned, in which case the function
> returns the mapping of the next entity in the array.
> 
> When the function reads from the next entity in the array, it does not
> check whether such an entity exists and in some situation invalid access
> to memory occurs beyond the array boundaries.
> 
> So, when all the registers are valid from HW perspective and the meter
> color register is not the default, the tag id 5 causes an out of bound
> access.
> 
> Validate registers availability when meter color register is not the
> default.
> 
> Coverity issue: 146355
> Fixes: 792e749e92d5 ("net/mlx5: fix register usage in meter")
> Cc: stable at dpdk.org
> 
> Signed-off-by: Michael Baum <michaelba at mellanox.com>
> Acked-by: Matan Azrad <matan at mellanox.com>
> ---
>  drivers/net/mlx5/mlx5_flow.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
> index 01376f3..08c7cdf 100644
> --- a/drivers/net/mlx5/mlx5_flow.c
> +++ b/drivers/net/mlx5/mlx5_flow.c
> @@ -442,6 +442,10 @@ struct mlx5_flow_tunnel_info {
>  		 */
>  		if (skip_mtr_reg && config->flow_mreg_c
>  		    [id + start_reg - REG_C_0] >= priv->mtr_color_reg) {
> +			if (id >= (REG_C_7 - start_reg))
> +				return rte_flow_error_set(error, EINVAL,
> +
> RTE_FLOW_ERROR_TYPE_ITEM,
> +							NULL, "invalid tag
> id");
>  			if (config->flow_mreg_c
>  			    [id + 1 + start_reg - REG_C_0] != REG_NONE)
>  				return config->flow_mreg_c
> --
> 1.8.3.1


Patch applied to next-net-mlx,

Kindest regards
Raslan Darawsheh


More information about the dev mailing list