[PATCH v2] net/ixgbe: fix MAC/VLAN item validation for ntuple

Bruce Richardson bruce.richardson at intel.com
Tue May 19 19:00:05 CEST 2026

Previous message (by thread): [PATCH 2/3] net/i40e/base: fix loop counter width in DCB parsing
Next message (by thread): [PATCH v2] net/ixgbe: fix MAC/VLAN item validation for ntuple
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, May 07, 2026 at 04:21:17PM +0300, Daniil Iskhakov wrote:
> When parsing an ntuple filter, the code attempts to ensure that if the
> first item is ETH or VLAN, its spec and mask are either absent or
> contain only zero fields. The current check is:
> 
>   if ((item->spec || item->mask) &&
>       (memcmp(spec, &null_struct, size) ||
>        memcmp(mask, &null_struct, size)))
> 
> This condition is logically incorrect. If item->spec points to a
> zero-filled structure and item->mask is NULL, memcmp(mask) would
> dereference a NULL pointer.
> 
> The intended behavior is to reject any non-zero spec or mask.
> 
> Guard each memcmp() call with a check of the corresponding pointer while
> keeping a single error path.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 46ea969177f3 ("net/ixgbe: add ntuple support to flow parser")
> Cc: stable at dpdk.org
> 
> Signed-off-by: Daniil Agalakov <ade at amicon.ru>
> Signed-off-by: Daniil Iskhakov <dish at amicon.ru>
> ---
Acked-by: Bruce Richardson <bruce.richardson at intel.com>

Applied to dpdk-next-net-intel.
Thanks,
/Bruce

Previous message (by thread): [PATCH 2/3] net/i40e/base: fix loop counter width in DCB parsing
Next message (by thread): [PATCH v2] net/ixgbe: fix MAC/VLAN item validation for ntuple
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list