[dpdk-dev] [PATCH 4/7] net/mlx5: fix validation of VLAN ID in flow spec

Yongseok Koh yskoh at mellanox.com
Mon Oct 8 20:02:14 CEST 2018


This can cause crash by null pointer reference.

Fixes: 4f07e13d6af5 ("net/mlx5: split flow validation to dedicated function")
Cc: Ori Kam <orika at mellanox.com>

Signed-off-by: Yongseok Koh <yskoh at mellanox.com>
---
 drivers/net/mlx5/mlx5_flow.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
index 69afd4625..c497cacce 100644
--- a/drivers/net/mlx5/mlx5_flow.c
+++ b/drivers/net/mlx5/mlx5_flow.c
@@ -1012,6 +1012,7 @@ mlx5_flow_validate_item_vlan(const struct rte_flow_item *item,
 		.tci = RTE_BE16(0x0fff),
 		.inner_type = RTE_BE16(0xffff),
 	};
+	uint16_t vlan_tag = 0;
 	const int tunnel = !!(item_flags & MLX5_FLOW_LAYER_TUNNEL);
 	int ret;
 	const uint32_t l34m = tunnel ? (MLX5_FLOW_LAYER_INNER_L3 |
@@ -1037,11 +1038,15 @@ mlx5_flow_validate_item_vlan(const struct rte_flow_item *item,
 					error);
 	if (ret)
 		return ret;
+	if (spec) {
+		vlan_tag = spec->tci;
+		vlan_tag &= mask->tci;
+	}
 	/*
 	 * From verbs perspective an empty VLAN is equivalent
 	 * to a packet without VLAN layer.
 	 */
-	if (!spec->tci)
+	if (!vlan_tag)
 		return rte_flow_error_set(error, EINVAL,
 					  RTE_FLOW_ERROR_TYPE_ITEM_SPEC,
 					  item->spec,
-- 
2.11.0



More information about the dev mailing list