From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id ADB02A04B1 for ; Fri, 28 Aug 2020 12:14:25 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id A58BDA3; Fri, 28 Aug 2020 12:14:25 +0200 (CEST) Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) by dpdk.org (Postfix) with ESMTP id A2D4F1C117 for ; Fri, 28 Aug 2020 12:14:23 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1598609663; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7ty+tnmAiWRO+KXC/N4zDWtcv+nh/fhr/Ff97JtK4RY=; b=anPPEZOQMocFl2XZ5EF9OppNPyfvhE8Rk6Me2KNFmUt8cAcOnHSrJodRFJRJGs7FajTRWW XESsjhysZHYYzRAtPf/HLXEeSH/6q71mApdrlAAA+Y1c0q6L+1ap7Yj2Uf+oWH+Ye8WuXh 2F6TAekU0S5Qvr1fwvyR3ZzsnWq1FM8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-38-wcyUuJa2Omm1DjOdcMGlpw-1; Fri, 28 Aug 2020 06:14:19 -0400 X-MC-Unique: wcyUuJa2Omm1DjOdcMGlpw-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5A42510ABDBF; Fri, 28 Aug 2020 10:14:18 +0000 (UTC) Received: from rh.redhat.com (unknown [10.33.36.20]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7106319D7C; Fri, 28 Aug 2020 10:14:17 +0000 (UTC) From: Kevin Traynor To: Michael Baum Cc: Matan Azrad , dpdk stable Date: Fri, 28 Aug 2020 11:12:54 +0100 Message-Id: <20200828101308.223767-28-ktraynor@redhat.com> In-Reply-To: <20200828101308.223767-1-ktraynor@redhat.com> References: <20200828101308.223767-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=ktraynor@redhat.com X-Mimecast-Spam-Score: 0.001 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'net/mlx5: fix crash in NVGRE item translation' has been queued to LTS release 18.11.10 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to LTS release 18.11.10 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 09/02/20. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable-queue This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable-queue/commit/6c119752c93daeab97d82163fa5b184fd2da751c Thanks. Kevin. --- >From 6c119752c93daeab97d82163fa5b184fd2da751c Mon Sep 17 00:00:00 2001 From: Michael Baum Date: Tue, 21 Jul 2020 11:59:04 +0000 Subject: [PATCH] net/mlx5: fix crash in NVGRE item translation [ upstream commit e71e90938bef6012dea460d3d94fbd0ee643e132 ] The flow_dv_translate_item_nvgre function add NVGRE item to matcher and to the value. It defines a pointer named nvrge_m that receives the item's mask into it, and then copies some of it to the matcher. Before copying, it checks for mask validation, and in case the mask is NULL the function gives it a pointer to rte_flow_item_nvgre_mask. However, the function calls from the vni mask's field before the check, and if there is no mask, it actually does dereference to the NULL pointer and indeed the program crashes with segfault. Move the call from the vni field to post-validation. Fixes: cd18e1b72f73 ("net/mlx5: fix build on Arm") Signed-off-by: Michael Baum Acked-by: Matan Azrad --- drivers/net/mlx5/mlx5_flow_dv.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c index aa8f5977fa..aee0546b8e 100644 --- a/drivers/net/mlx5/mlx5_flow_dv.c +++ b/drivers/net/mlx5/mlx5_flow_dv.c @@ -1611,6 +1611,6 @@ flow_dv_translate_item_nvgre(void *matcher, void *key, void *misc_m = MLX5_ADDR_OF(fte_match_param, matcher, misc_parameters); void *misc_v = MLX5_ADDR_OF(fte_match_param, key, misc_parameters); - const char *tni_flow_id_m = (const char *)nvgre_m->tni; - const char *tni_flow_id_v = (const char *)nvgre_v->tni; + const char *tni_flow_id_m; + const char *tni_flow_id_v; char *gre_key_m; char *gre_key_v; @@ -1623,4 +1623,6 @@ flow_dv_translate_item_nvgre(void *matcher, void *key, if (!nvgre_m) nvgre_m = &rte_flow_item_nvgre_mask; + tni_flow_id_m = (const char *)nvgre_m->tni; + tni_flow_id_v = (const char *)nvgre_v->tni; size = sizeof(nvgre_m->tni) + sizeof(nvgre_m->flow_id); gre_key_m = MLX5_ADDR_OF(fte_match_set_misc, misc_m, gre_key_h); -- 2.26.2 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2020-08-28 11:03:26.593294031 +0100 +++ 0028-net-mlx5-fix-crash-in-NVGRE-item-translation.patch 2020-08-28 11:03:25.956955708 +0100 @@ -1 +1 @@ -From e71e90938bef6012dea460d3d94fbd0ee643e132 Mon Sep 17 00:00:00 2001 +From 6c119752c93daeab97d82163fa5b184fd2da751c Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit e71e90938bef6012dea460d3d94fbd0ee643e132 ] + @@ -20 +21,0 @@ -Cc: stable@dpdk.org @@ -29 +30 @@ -index 0909cb6614..2ba320d2dd 100644 +index aa8f5977fa..aee0546b8e 100644 @@ -32 +33 @@ -@@ -6545,6 +6545,6 @@ flow_dv_translate_item_nvgre(void *matcher, void *key, +@@ -1611,6 +1611,6 @@ flow_dv_translate_item_nvgre(void *matcher, void *key, @@ -41 +42 @@ -@@ -6571,4 +6571,6 @@ flow_dv_translate_item_nvgre(void *matcher, void *key, +@@ -1623,4 +1623,6 @@ flow_dv_translate_item_nvgre(void *matcher, void *key,