From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 88364A04C1; Tue, 26 Nov 2019 15:08:43 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 1FDD72B96; Tue, 26 Nov 2019 15:08:43 +0100 (CET) Received: from git-send-mailer.rdmz.labs.mlnx (unknown [37.142.13.130]) by dpdk.org (Postfix) with ESMTP id 16DA2CF3 for ; Tue, 26 Nov 2019 15:08:42 +0100 (CET) From: Suanming Mou To: viacheslavo@mellanox.com, matan@mellanox.com Cc: orika@mellanox.com, rasland@mellanox.com, dev@dpdk.org, jackmin@mellanox.com Date: Tue, 26 Nov 2019 16:08:35 +0200 Message-Id: <1574777315-10627-1-git-send-email-suanmingm@mellanox.com> X-Mailer: git-send-email 1.8.3.1 Subject: [dpdk-dev] [PATCH] net/mlx5: fix GRE key handle before GRE header issue X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" When set the GRE item, GRE key should follow after GRE header, or the header gre_item pointer used by the key will be invalid. Currently in the mlx5_flow_validate_item_gre_key() function, the header gre_item pointer is access before checking if the key is after the header or not. Once the key item is before the header, invalid gre_item pointer access happens. Move the gre_item pointer access after the GRE header check to avoid the crash issue. Fixes: a7a0365565a4 ("net/mlx5: match GRE key and present bits") Cc: jackmin@mellanox.com Signed-off-by: Suanming Mou Acked-by: Ori Kam --- drivers/net/mlx5/mlx5_flow.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c index 65a0e65..5c78ea7 100644 --- a/drivers/net/mlx5/mlx5_flow.c +++ b/drivers/net/mlx5/mlx5_flow.c @@ -1998,8 +1998,8 @@ uint32_t mlx5_flow_adjust_priority(struct rte_eth_dev *dev, int32_t priority, const rte_be32_t *mask = item->mask; int ret = 0; rte_be32_t gre_key_default_mask = RTE_BE32(UINT32_MAX); - const struct rte_flow_item_gre *gre_spec = gre_item->spec; - const struct rte_flow_item_gre *gre_mask = gre_item->mask; + const struct rte_flow_item_gre *gre_spec; + const struct rte_flow_item_gre *gre_mask; if (item_flags & MLX5_FLOW_LAYER_GRE_KEY) return rte_flow_error_set(error, ENOTSUP, @@ -2013,8 +2013,10 @@ uint32_t mlx5_flow_adjust_priority(struct rte_eth_dev *dev, int32_t priority, return rte_flow_error_set(error, ENOTSUP, RTE_FLOW_ERROR_TYPE_ITEM, item, "GRE key following a wrong item"); + gre_mask = gre_item->mask; if (!gre_mask) gre_mask = &rte_flow_item_gre_mask; + gre_spec = gre_item->spec; if (gre_spec && (gre_mask->c_rsvd0_ver & RTE_BE16(0x2000)) && !(gre_spec->c_rsvd0_ver & RTE_BE16(0x2000))) return rte_flow_error_set(error, EINVAL, -- 1.8.3.1