From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0859BA046B for ; Tue, 23 Jul 2019 03:02:01 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 0035E1B998; Tue, 23 Jul 2019 03:02:01 +0200 (CEST) Received: from mellanox.co.il (mail-il-dmz.mellanox.com [193.47.165.129]) by dpdk.org (Postfix) with ESMTP id E4A651BEE6 for ; Tue, 23 Jul 2019 03:01:59 +0200 (CEST) Received: from Internal Mail-Server by MTLPINE2 (envelope-from yskoh@mellanox.com) with ESMTPS (AES256-SHA encrypted); 23 Jul 2019 04:01:58 +0300 Received: from scfae-sc-2.mti.labs.mlnx (scfae-sc-2.mti.labs.mlnx [10.101.0.96]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id x6N11HfA026580; Tue, 23 Jul 2019 04:01:57 +0300 From: Yongseok Koh To: Hyong Youb Kim Cc: John Daley , dpdk stable Date: Mon, 22 Jul 2019 17:59:51 -0700 Message-Id: <20190723010115.6446-24-yskoh@mellanox.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190723010115.6446-1-yskoh@mellanox.com> References: <20190723010115.6446-1-yskoh@mellanox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'net/enic: check for unsupported flow item types' has been queued to LTS release 17.11.7 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to LTS release 17.11.7 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objection by 07/27/19. So please shout if anyone has objection. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Thanks. Yongseok --- >From 7cbcd2e6094ce54346117291cdfcd7855b3bf17b Mon Sep 17 00:00:00 2001 From: Hyong Youb Kim Date: Sat, 2 Mar 2019 02:42:43 -0800 Subject: [PATCH] net/enic: check for unsupported flow item types [ upstream commit 4d8e9aa48328edb58f8a843a8e6bee327e12d181 ] Currently a pattern with an unsupported item type causes segfault, because the flow handler is using the type as an array index without checking bounds. Add an explicit check for unsupported item types and avoid out-of-bound accesses. Fixes: 6ced137607d0 ("net/enic: flow API for NICs with advanced filters enabled") Signed-off-by: Hyong Youb Kim Reviewed-by: John Daley --- drivers/net/enic/enic_flow.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/drivers/net/enic/enic_flow.c b/drivers/net/enic/enic_flow.c index 2eb68c985d..e8b6aa12ca 100644 --- a/drivers/net/enic/enic_flow.c +++ b/drivers/net/enic/enic_flow.c @@ -69,6 +69,8 @@ struct enic_items { struct enic_filter_cap { /** list of valid items and their handlers and attributes. */ const struct enic_items *item_info; + /* Max type in the above list, used to detect unsupported types */ + enum rte_flow_item_type max_item_type; }; /* functions for copying flow actions into enic actions */ @@ -286,12 +288,15 @@ static const struct enic_items enic_items_v3[] = { static const struct enic_filter_cap enic_filter_cap[] = { [FILTER_IPV4_5TUPLE] = { .item_info = enic_items_v1, + .max_item_type = RTE_FLOW_ITEM_TYPE_TCP, }, [FILTER_USNIC_IP] = { .item_info = enic_items_v2, + .max_item_type = RTE_FLOW_ITEM_TYPE_VXLAN, }, [FILTER_DPDK_1] = { .item_info = enic_items_v3, + .max_item_type = RTE_FLOW_ITEM_TYPE_VXLAN, }, }; @@ -945,7 +950,7 @@ item_stacking_valid(enum rte_flow_item_type prev_item, */ static int enic_copy_filter(const struct rte_flow_item pattern[], - const struct enic_items *items_info, + const struct enic_filter_cap *cap, struct filter_v2 *enic_filter, struct rte_flow_error *error) { @@ -968,7 +973,14 @@ enic_copy_filter(const struct rte_flow_item pattern[], if (item->type == RTE_FLOW_ITEM_TYPE_VOID) continue; - item_info = &items_info[item->type]; + item_info = &cap->item_info[item->type]; + if (item->type > cap->max_item_type || + item_info->copy_item == NULL) { + rte_flow_error_set(error, ENOTSUP, + RTE_FLOW_ERROR_TYPE_ITEM, + NULL, "Unsupported item."); + return -rte_errno; + } /* check to see if item stacking is valid */ if (!item_stacking_valid(prev_item, item_info, is_first_item)) @@ -1368,7 +1380,7 @@ enic_flow_parse(struct rte_eth_dev *dev, return -rte_errno; } enic_filter->type = enic->flow_filter_mode; - ret = enic_copy_filter(pattern, enic_filter_cap->item_info, + ret = enic_copy_filter(pattern, enic_filter_cap, enic_filter, error); return ret; } -- 2.21.0 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2019-07-22 17:55:07.798179710 -0700 +++ 0024-net-enic-check-for-unsupported-flow-item-types.patch 2019-07-22 17:55:05.890469000 -0700 @@ -1,15 +1,16 @@ -From 4d8e9aa48328edb58f8a843a8e6bee327e12d181 Mon Sep 17 00:00:00 2001 +From 7cbcd2e6094ce54346117291cdfcd7855b3bf17b Mon Sep 17 00:00:00 2001 From: Hyong Youb Kim Date: Sat, 2 Mar 2019 02:42:43 -0800 Subject: [PATCH] net/enic: check for unsupported flow item types +[ upstream commit 4d8e9aa48328edb58f8a843a8e6bee327e12d181 ] + Currently a pattern with an unsupported item type causes segfault, because the flow handler is using the type as an array index without checking bounds. Add an explicit check for unsupported item types and avoid out-of-bound accesses. Fixes: 6ced137607d0 ("net/enic: flow API for NICs with advanced filters enabled") -Cc: stable@dpdk.org Signed-off-by: Hyong Youb Kim Reviewed-by: John Daley @@ -18,10 +19,10 @@ 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/drivers/net/enic/enic_flow.c b/drivers/net/enic/enic_flow.c -index e12a6ec733..c60476c8c7 100644 +index 2eb68c985d..e8b6aa12ca 100644 --- a/drivers/net/enic/enic_flow.c +++ b/drivers/net/enic/enic_flow.c -@@ -40,6 +40,8 @@ struct enic_items { +@@ -69,6 +69,8 @@ struct enic_items { struct enic_filter_cap { /** list of valid items and their handlers and attributes. */ const struct enic_items *item_info; @@ -30,7 +31,7 @@ }; /* functions for copying flow actions into enic actions */ -@@ -257,12 +259,15 @@ static const struct enic_items enic_items_v3[] = { +@@ -286,12 +288,15 @@ static const struct enic_items enic_items_v3[] = { static const struct enic_filter_cap enic_filter_cap[] = { [FILTER_IPV4_5TUPLE] = { .item_info = enic_items_v1, @@ -46,7 +47,7 @@ }, }; -@@ -946,7 +951,7 @@ item_stacking_valid(enum rte_flow_item_type prev_item, +@@ -945,7 +950,7 @@ item_stacking_valid(enum rte_flow_item_type prev_item, */ static int enic_copy_filter(const struct rte_flow_item pattern[], @@ -55,7 +56,7 @@ struct filter_v2 *enic_filter, struct rte_flow_error *error) { -@@ -969,7 +974,14 @@ enic_copy_filter(const struct rte_flow_item pattern[], +@@ -968,7 +973,14 @@ enic_copy_filter(const struct rte_flow_item pattern[], if (item->type == RTE_FLOW_ITEM_TYPE_VOID) continue; @@ -71,7 +72,7 @@ /* check to see if item stacking is valid */ if (!item_stacking_valid(prev_item, item_info, is_first_item)) -@@ -1423,7 +1435,7 @@ enic_flow_parse(struct rte_eth_dev *dev, +@@ -1368,7 +1380,7 @@ enic_flow_parse(struct rte_eth_dev *dev, return -rte_errno; } enic_filter->type = enic->flow_filter_mode;