patches for DPDK stable branches
 help / color / mirror / Atom feed
* [dpdk-stable] [PATCH] net/mlx5: fix refuse empty VLAN validation
@ 2021-01-19 17:07 Shiri Kuzin
  2021-01-24 10:44 ` Raslan Darawsheh
  0 siblings, 1 reply; 2+ messages in thread
From: Shiri Kuzin @ 2021-01-19 17:07 UTC (permalink / raw)
  To: dev; +Cc: matan, viacheslavo, shahafs, rasland, stable

In verbs, an empty VLAN is equivalent to a packet without VLAN layer,
hence, the VLAN item should not be empty and this case is rejected.

However, the case for ether type of VLAN without following VLAN item
was not validated, allowing the creation of a flow with empty
VLAN item.

To fix this issue a validation was added requiring ether type of VLAN
will be followed with VLAN item.

Fixes: 0b1edd21cd78 ("net/mlx5: refuse empty VLAN flow specification")
Cc: stable@dpdk.org

Signed-off-by: Shiri Kuzin <shirik@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
---
 drivers/net/mlx5/mlx5_flow_verbs.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/net/mlx5/mlx5_flow_verbs.c b/drivers/net/mlx5/mlx5_flow_verbs.c
index 2d4381946d..827d2ecf9d 100644
--- a/drivers/net/mlx5/mlx5_flow_verbs.c
+++ b/drivers/net/mlx5/mlx5_flow_verbs.c
@@ -1253,6 +1253,7 @@ flow_verbs_validate(struct rte_eth_dev *dev,
 	uint64_t last_item = 0;
 	uint8_t next_protocol = 0xff;
 	uint16_t ether_type = 0;
+	bool is_empty_vlan = false;
 
 	if (items == NULL)
 		return -1;
@@ -1280,6 +1281,8 @@ flow_verbs_validate(struct rte_eth_dev *dev,
 				ether_type &=
 					((const struct rte_flow_item_eth *)
 					 items->mask)->type;
+				if (ether_type == RTE_BE16(RTE_ETHER_TYPE_VLAN))
+					is_empty_vlan = true;
 				ether_type = rte_be_to_cpu_16(ether_type);
 			} else {
 				ether_type = 0;
@@ -1305,6 +1308,7 @@ flow_verbs_validate(struct rte_eth_dev *dev,
 			} else {
 				ether_type = 0;
 			}
+			is_empty_vlan = false;
 			break;
 		case RTE_FLOW_ITEM_TYPE_IPV4:
 			ret = mlx5_flow_validate_item_ipv4
@@ -1416,6 +1420,10 @@ flow_verbs_validate(struct rte_eth_dev *dev,
 		}
 		item_flags |= last_item;
 	}
+	if (is_empty_vlan)
+		return rte_flow_error_set(error, ENOTSUP,
+						 RTE_FLOW_ERROR_TYPE_ITEM, NULL,
+		    "VLAN matching without vid specification is not supported");
 	for (; actions->type != RTE_FLOW_ACTION_TYPE_END; actions++) {
 		switch (actions->type) {
 		case RTE_FLOW_ACTION_TYPE_VOID:
-- 
2.21.0


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [dpdk-stable] [PATCH] net/mlx5: fix refuse empty VLAN validation
  2021-01-19 17:07 [dpdk-stable] [PATCH] net/mlx5: fix refuse empty VLAN validation Shiri Kuzin
@ 2021-01-24 10:44 ` Raslan Darawsheh
  0 siblings, 0 replies; 2+ messages in thread
From: Raslan Darawsheh @ 2021-01-24 10:44 UTC (permalink / raw)
  To: Shiri Kuzin, dev; +Cc: Matan Azrad, Slava Ovsiienko, Shahaf Shuler, stable

Hi,

> -----Original Message-----
> From: Shiri Kuzin <shirik@nvidia.com>
> Sent: Tuesday, January 19, 2021 7:07 PM
> To: dev@dpdk.org
> Cc: Matan Azrad <matan@nvidia.com>; Slava Ovsiienko
> <viacheslavo@nvidia.com>; Shahaf Shuler <shahafs@nvidia.com>; Raslan
> Darawsheh <rasland@nvidia.com>; stable@dpdk.org
> Subject: [PATCH] net/mlx5: fix refuse empty VLAN validation
> 
> In verbs, an empty VLAN is equivalent to a packet without VLAN layer,
> hence, the VLAN item should not be empty and this case is rejected.
> 
> However, the case for ether type of VLAN without following VLAN item
> was not validated, allowing the creation of a flow with empty
> VLAN item.
> 
> To fix this issue a validation was added requiring ether type of VLAN
> will be followed with VLAN item.
> 
> Fixes: 0b1edd21cd78 ("net/mlx5: refuse empty VLAN flow specification")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Shiri Kuzin <shirik@nvidia.com>
> Acked-by: Matan Azrad <matan@nvidia.com>
> ---

Patch applied to next-net-mlx,
Kindest regards,
Raslan Darawsheh

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-01-24 10:44 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-19 17:07 [dpdk-stable] [PATCH] net/mlx5: fix refuse empty VLAN validation Shiri Kuzin
2021-01-24 10:44 ` Raslan Darawsheh

patches for DPDK stable branches

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.dpdk.org/stable/0 stable/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 stable stable/ http://inbox.dpdk.org/stable \
		stable@dpdk.org
	public-inbox-index stable

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.stable


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git