[dpdk-dev] [PATCH 4/7] net/mlx5: fix validation of VLAN ID in flow spec

Ori Kam orika at mellanox.com
Tue Oct 9 09:47:34 CEST 2018



> -----Original Message-----
> From: Yongseok Koh
> Sent: Monday, October 8, 2018 9:02 PM
> To: Shahaf Shuler <shahafs at mellanox.com>
> Cc: dev at dpdk.org; Yongseok Koh <yskoh at mellanox.com>; Ori Kam
> <orika at mellanox.com>
> Subject: [PATCH 4/7] net/mlx5: fix validation of VLAN ID in flow spec
> 
> This can cause crash by null pointer reference.
> 
> Fixes: 4f07e13d6af5 ("net/mlx5: split flow validation to dedicated function")
> Cc: Ori Kam <orika at mellanox.com>
> 
> Signed-off-by: Yongseok Koh <yskoh at mellanox.com>
> ---
>  drivers/net/mlx5/mlx5_flow.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
> index 69afd4625..c497cacce 100644
> --- a/drivers/net/mlx5/mlx5_flow.c
> +++ b/drivers/net/mlx5/mlx5_flow.c
> @@ -1012,6 +1012,7 @@ mlx5_flow_validate_item_vlan(const struct
> rte_flow_item *item,
>  		.tci = RTE_BE16(0x0fff),
>  		.inner_type = RTE_BE16(0xffff),
>  	};
> +	uint16_t vlan_tag = 0;
>  	const int tunnel = !!(item_flags & MLX5_FLOW_LAYER_TUNNEL);
>  	int ret;
>  	const uint32_t l34m = tunnel ? (MLX5_FLOW_LAYER_INNER_L3 |
> @@ -1037,11 +1038,15 @@ mlx5_flow_validate_item_vlan(const struct
> rte_flow_item *item,
>  					error);
>  	if (ret)
>  		return ret;
> +	if (spec) {
> +		vlan_tag = spec->tci;
> +		vlan_tag &= mask->tci;
> +	}
>  	/*
>  	 * From verbs perspective an empty VLAN is equivalent
>  	 * to a packet without VLAN layer.
>  	 */
> -	if (!spec->tci)
> +	if (!vlan_tag)
>  		return rte_flow_error_set(error, EINVAL,
> 
> RTE_FLOW_ERROR_TYPE_ITEM_SPEC,
>  					  item->spec,
> --
> 2.11.0

Acked-by: Ori Kam <orika at mellanox.com>

Thanks,
Ori Kam


More information about the dev mailing list