[dpdk-dev] [PATCH] i40e: fix segfault when using custom RSS key

[Elena Carasec]

&out->conf and in can point to the same memory area. Reinitialization of
out->conf leads to setting in->key to NULL, but leaves key_len 40. This
leads to segfault on destruction of the RSS flow action. The segfault
happens inside i40e_action_rss_same(), when comparing comp->key and
with->key, because both comp->key_len and with->key_len are 40 (should
be 0).

Reproduction steps (testpmd):

port stop 0
flow create 0 ingress pattern end actions rss func default level 0\
  key 6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a\
  key_len 40 queues 0 end / end
port start 0
set link-up port 0
start
stop
set link-down port 0
port stop 0
flow destroy 0 rule 0
(Segmentation fault)

Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow API")

Signed-off-by: Elena Carasec <xcaras00 at stud.fit.vutbr.cz>
Signed-off-by: Jan Viktorin <viktorin at cesnet.cz>
---
 drivers/net/i40e/i40e_ethdev.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index 11c02b1..a5fe130 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -13211,6 +13211,8 @@ struct i40e_customized_pctype*
 		return -EINVAL;
 	if (!in->key && in->key_len)
 		return -EINVAL;
+	if (&out->conf == in)
+		return 0;
 	out->conf = (struct rte_flow_action_rss){
 		.func = in->func,
 		.level = in->level,
-- 
1.8.3.1