From: Raslan Darawsheh <rasland@mellanox.com>
To: Suanming Mou <suanmingm@mellanox.com>,
Slava Ovsiienko <viacheslavo@mellanox.com>,
Matan Azrad <matan@mellanox.com>
Cc: Ori Kam <orika@mellanox.com>, "dev@dpdk.org" <dev@dpdk.org>,
Jack Min <jackmin@mellanox.com>
Subject: Re: [dpdk-dev] [PATCH] net/mlx5: fix GRE key handle before GRE header issue
Date: Tue, 26 Nov 2019 15:30:16 +0000 [thread overview]
Message-ID: <DB3PR0502MB39640939E2AA29751C4E3C1AC2450@DB3PR0502MB3964.eurprd05.prod.outlook.com> (raw)
In-Reply-To: <1574777315-10627-1-git-send-email-suanmingm@mellanox.com>
Hi,
> -----Original Message-----
> From: Suanming Mou <suanmingm@mellanox.com>
> Sent: Tuesday, November 26, 2019 4:09 PM
> To: Slava Ovsiienko <viacheslavo@mellanox.com>; Matan Azrad
> <matan@mellanox.com>
> Cc: Ori Kam <orika@mellanox.com>; Raslan Darawsheh
> <rasland@mellanox.com>; dev@dpdk.org; Jack Min
> <jackmin@mellanox.com>
> Subject: [PATCH] net/mlx5: fix GRE key handle before GRE header issue
>
> When set the GRE item, GRE key should follow after GRE header, or the
> header gre_item pointer used by the key will be invalid.
>
> Currently in the mlx5_flow_validate_item_gre_key() function, the header
> gre_item pointer is access before checking if the key is after the header or
> not. Once the key item is before the header, invalid gre_item pointer access
> happens.
>
> Move the gre_item pointer access after the GRE header check to avoid the
> crash issue.
>
> Fixes: a7a0365565a4 ("net/mlx5: match GRE key and present bits")
> Cc: jackmin@mellanox.com
>
> Signed-off-by: Suanming Mou <suanmingm@mellanox.com>
> Acked-by: Ori Kam <orika@mellanox.com>
> ---
> drivers/net/mlx5/mlx5_flow.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
> index 65a0e65..5c78ea7 100644
> --- a/drivers/net/mlx5/mlx5_flow.c
> +++ b/drivers/net/mlx5/mlx5_flow.c
> @@ -1998,8 +1998,8 @@ uint32_t mlx5_flow_adjust_priority(struct
> rte_eth_dev *dev, int32_t priority,
> const rte_be32_t *mask = item->mask;
> int ret = 0;
> rte_be32_t gre_key_default_mask = RTE_BE32(UINT32_MAX);
> - const struct rte_flow_item_gre *gre_spec = gre_item->spec;
> - const struct rte_flow_item_gre *gre_mask = gre_item->mask;
> + const struct rte_flow_item_gre *gre_spec;
> + const struct rte_flow_item_gre *gre_mask;
>
> if (item_flags & MLX5_FLOW_LAYER_GRE_KEY)
> return rte_flow_error_set(error, ENOTSUP, @@ -2013,8
> +2013,10 @@ uint32_t mlx5_flow_adjust_priority(struct rte_eth_dev *dev,
> int32_t priority,
> return rte_flow_error_set(error, ENOTSUP,
> RTE_FLOW_ERROR_TYPE_ITEM,
> item,
> "GRE key following a wrong item");
> + gre_mask = gre_item->mask;
> if (!gre_mask)
> gre_mask = &rte_flow_item_gre_mask;
> + gre_spec = gre_item->spec;
> if (gre_spec && (gre_mask->c_rsvd0_ver & RTE_BE16(0x2000)) &&
> !(gre_spec->c_rsvd0_ver & RTE_BE16(0x2000)))
> return rte_flow_error_set(error, EINVAL,
> --
> 1.8.3.1
Patch applied to net-net-mlx,
Kindest regards,
Raslan Darawsheh
prev parent reply other threads:[~2019-11-26 15:30 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-26 14:08 Suanming Mou
2019-11-26 15:30 ` Raslan Darawsheh [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DB3PR0502MB39640939E2AA29751C4E3C1AC2450@DB3PR0502MB3964.eurprd05.prod.outlook.com \
--to=rasland@mellanox.com \
--cc=dev@dpdk.org \
--cc=jackmin@mellanox.com \
--cc=matan@mellanox.com \
--cc=orika@mellanox.com \
--cc=suanmingm@mellanox.com \
--cc=viacheslavo@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).