[dpdk-stable] patch 'net/ice: fix double free ACL flow entry' has been queued to stable release 20.11.4

Xueming Li xuemingl at nvidia.com
Wed Nov 10 07:29:37 CET 2021


Hi,

FYI, your patch has been queued to stable release 20.11.4

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/12/21. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/steevenlee/dpdk

This queued commit can be viewed at:
https://github.com/steevenlee/dpdk/commit/cd90c7a5b2ed9bb585579e387b6832c219ccb1da

Thanks.

Xueming Li <xuemingl at nvidia.com>

---
>From cd90c7a5b2ed9bb585579e387b6832c219ccb1da Mon Sep 17 00:00:00 2001
From: Dapeng Yu <dapengx.yu at intel.com>
Date: Fri, 3 Sep 2021 18:04:11 +0800
Subject: [PATCH] net/ice: fix double free ACL flow entry
Cc: Xueming Li <xuemingl at nvidia.com>

[ upstream commit e360df56477a0b5963a743d82f399efd468ec10c ]

If call ice_flow_rem_entry() directly without checking entry_id, may
cause an ACL flow entry to be freed more than once.

This patch tries to find entry_id first, then call ice_flow_rem_entry()
to avoid the defect.

Fixes: 40d466fa9f76 ("net/ice: support ACL filter in DCF")

Signed-off-by: Dapeng Yu <dapengx.yu at intel.com>
Reviewed-by: Simei Su <simei.su at intel.com>
---
 drivers/net/ice/ice_acl_filter.c | 33 +++++++++++++++++++++-----------
 1 file changed, 22 insertions(+), 11 deletions(-)

diff --git a/drivers/net/ice/ice_acl_filter.c b/drivers/net/ice/ice_acl_filter.c
index 95b235e470..7e44751d64 100644
--- a/drivers/net/ice/ice_acl_filter.c
+++ b/drivers/net/ice/ice_acl_filter.c
@@ -45,7 +45,7 @@ static struct ice_flow_parser ice_acl_parser;
 
 struct acl_rule {
 	enum ice_fltr_ptype flow_type;
-	uint32_t entry_id[4];
+	uint64_t entry_id[4];
 };
 
 static struct
@@ -440,7 +440,7 @@ ice_acl_hw_set_conf(struct ice_pf *pf, struct ice_fdir_fltr *input,
 			PMD_DRV_LOG(ERR, "Fail to add entry.");
 			return ret;
 		}
-		rule->entry_id[entry_idx] = slot_id;
+		rule->entry_id[entry_idx] = entry_id;
 		pf->acl.hw_entry_id[slot_id] = hw_entry;
 	} else {
 		PMD_DRV_LOG(ERR, "Exceed the maximum entry number(%d)"
@@ -451,18 +451,28 @@ ice_acl_hw_set_conf(struct ice_pf *pf, struct ice_fdir_fltr *input,
 	return 0;
 }
 
+static inline void
+ice_acl_del_entry(struct ice_hw *hw, uint64_t entry_id)
+{
+	uint64_t hw_entry;
+
+	hw_entry = ice_flow_find_entry(hw, ICE_BLK_ACL, entry_id);
+	ice_flow_rem_entry(hw, ICE_BLK_ACL, hw_entry);
+}
+
 static inline void
 ice_acl_hw_rem_conf(struct ice_pf *pf, struct acl_rule *rule, int32_t entry_idx)
 {
 	uint32_t slot_id;
 	int32_t i;
+	uint64_t entry_id;
 	struct ice_hw *hw = ICE_PF_TO_HW(pf);
 
 	for (i = 0; i < entry_idx; i++) {
-		slot_id = rule->entry_id[i];
+		entry_id = rule->entry_id[i];
+		slot_id = ICE_LO_DWORD(entry_id);
 		rte_bitmap_set(pf->acl.slots, slot_id);
-		ice_flow_rem_entry(hw, ICE_BLK_ACL,
-				   pf->acl.hw_entry_id[slot_id]);
+		ice_acl_del_entry(hw, entry_id);
 	}
 }
 
@@ -562,6 +572,7 @@ ice_acl_destroy_filter(struct ice_adapter *ad,
 {
 	struct acl_rule *rule = (struct acl_rule *)flow->rule;
 	uint32_t slot_id, i;
+	uint64_t entry_id;
 	struct ice_pf *pf = &ad->pf;
 	struct ice_hw *hw = ICE_PF_TO_HW(pf);
 	int ret = 0;
@@ -569,19 +580,19 @@ ice_acl_destroy_filter(struct ice_adapter *ad,
 	switch (rule->flow_type) {
 	case ICE_FLTR_PTYPE_NONF_IPV4_OTHER:
 		for (i = 0; i < 4; i++) {
-			slot_id = rule->entry_id[i];
+			entry_id = rule->entry_id[i];
+			slot_id = ICE_LO_DWORD(entry_id);
 			rte_bitmap_set(pf->acl.slots, slot_id);
-			ice_flow_rem_entry(hw, ICE_BLK_ACL,
-					   pf->acl.hw_entry_id[slot_id]);
+			ice_acl_del_entry(hw, entry_id);
 		}
 		break;
 	case ICE_FLTR_PTYPE_NONF_IPV4_UDP:
 	case ICE_FLTR_PTYPE_NONF_IPV4_TCP:
 	case ICE_FLTR_PTYPE_NONF_IPV4_SCTP:
-		slot_id = rule->entry_id[0];
+		entry_id = rule->entry_id[0];
+		slot_id = ICE_LO_DWORD(entry_id);
 		rte_bitmap_set(pf->acl.slots, slot_id);
-		ice_flow_rem_entry(hw, ICE_BLK_ACL,
-				   pf->acl.hw_entry_id[slot_id]);
+		ice_acl_del_entry(hw, entry_id);
 		break;
 	default:
 		rte_flow_error_set(error, EINVAL,
-- 
2.33.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2021-11-10 14:17:06.158587552 +0800
+++ 0093-net-ice-fix-double-free-ACL-flow-entry.patch	2021-11-10 14:17:01.850746254 +0800
@@ -1 +1 @@
-From e360df56477a0b5963a743d82f399efd468ec10c Mon Sep 17 00:00:00 2001
+From cd90c7a5b2ed9bb585579e387b6832c219ccb1da Mon Sep 17 00:00:00 2001
@@ -4,0 +5,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit e360df56477a0b5963a743d82f399efd468ec10c ]
@@ -13 +15,0 @@
-Cc: stable at dpdk.org
@@ -22 +24 @@
-index 614bd44e23..8fe6f5aeb0 100644
+index 95b235e470..7e44751d64 100644


More information about the stable mailing list