From: Kevin Traynor <ktraynor@redhat.com>
To: Dariusz Sosnowski <dsosnowski@nvidia.com>
Cc: Suanming Mou <suanmingm@nvidia.com>, dpdk stable <stable@dpdk.org>
Subject: patch 'net/mlx5: fix VLAN handling in meter split' has been queued to stable release 21.11.7
Date: Fri, 8 Mar 2024 14:28:14 +0000 [thread overview]
Message-ID: <20240308142824.528417-26-ktraynor@redhat.com> (raw)
In-Reply-To: <20240308142824.528417-1-ktraynor@redhat.com>
Hi,
FYI, your patch has been queued to stable release 21.11.7
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 03/13/24. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable
This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/03c7f0a177554bf65966aa0bcd88295f3ad915e2
Thanks.
Kevin
---
From 03c7f0a177554bf65966aa0bcd88295f3ad915e2 Mon Sep 17 00:00:00 2001
From: Dariusz Sosnowski <dsosnowski@nvidia.com>
Date: Tue, 27 Feb 2024 14:58:15 +0100
Subject: [PATCH] net/mlx5: fix VLAN handling in meter split
[ upstream commit 5d2301a222d77e7bac3a085aa17f8ef7a3af7ffe ]
On the attempt to create a flow rule with:
- matching on REPRESENTED_PORT,
- matching on outer VLAN tag,
- matching on inner VLAN tag,
- METER action,
flow splitting mechanism for handling metering flows was causing
memory corruption. It was assumed that suffix flow will have a single
VLAN item (used for translation of OF_PUSH_VLAN/OF_SET_VLAN_VID
actions), however during flow_meter_split_prep() 2 VLAN items were
parsed. This caused the buffer overflow on allocated
suffix flow item buffer.
This patch fixes this overflow, by account for number of VLAN items
in flow rule pattern when allocating items for suffix flow.
Fixes: 50f576d657d7 ("net/mlx5: fix VLAN actions in meter")
Signed-off-by: Dariusz Sosnowski <dsosnowski@nvidia.com>
Acked-by: Suanming Mou <suanmingm@nvidia.com>
---
drivers/net/mlx5/mlx5_flow.c | 60 +++++++++++++++++++++++-------------
1 file changed, 39 insertions(+), 21 deletions(-)
diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
index 5d489c7f92..6399d93b93 100644
--- a/drivers/net/mlx5/mlx5_flow.c
+++ b/drivers/net/mlx5/mlx5_flow.c
@@ -5083,6 +5083,6 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
struct mlx5_rte_flow_item_tag *tag_item_mask;
uint32_t tag_id = 0;
- struct rte_flow_item *vlan_item_dst = NULL;
- const struct rte_flow_item *vlan_item_src = NULL;
+ bool vlan_actions;
+ struct rte_flow_item *orig_sfx_items = sfx_items;
const struct rte_flow_item *orig_items = items;
struct rte_flow_action *hw_mtr_action;
@@ -5101,4 +5101,5 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
/* Prepare the suffix subflow items. */
tag_item = sfx_items++;
+ tag_item->type = (enum rte_flow_item_type)MLX5_RTE_FLOW_ITEM_TYPE_TAG;
for (; items->type != RTE_FLOW_ITEM_TYPE_END; items++) {
int item_type = items->type;
@@ -5121,8 +5122,11 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
break;
case RTE_FLOW_ITEM_TYPE_VLAN:
- /* Determine if copy vlan item below. */
- vlan_item_src = items;
- vlan_item_dst = sfx_items++;
- vlan_item_dst->type = RTE_FLOW_ITEM_TYPE_VOID;
+ /*
+ * Copy VLAN items in case VLAN actions are performed.
+ * If there are no VLAN actions, these items will be VOID.
+ */
+ memcpy(sfx_items, items, sizeof(*sfx_items));
+ sfx_items->type = (enum rte_flow_item_type)MLX5_RTE_FLOW_ITEM_TYPE_VLAN;
+ sfx_items++;
break;
default:
@@ -5141,4 +5145,5 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
}
/* Prepare the actions for prefix and suffix flow. */
+ vlan_actions = false;
for (; actions->type != RTE_FLOW_ACTION_TYPE_END; actions++) {
struct rte_flow_action *action_cur = NULL;
@@ -5171,14 +5176,5 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
case RTE_FLOW_ACTION_TYPE_OF_PUSH_VLAN:
case RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_VID:
- if (vlan_item_dst && vlan_item_src) {
- memcpy(vlan_item_dst, vlan_item_src,
- sizeof(*vlan_item_dst));
- /*
- * Convert to internal match item, it is used
- * for vlan push and set vid.
- */
- vlan_item_dst->type = (enum rte_flow_item_type)
- MLX5_RTE_FLOW_ITEM_TYPE_VLAN;
- }
+ vlan_actions = true;
break;
case RTE_FLOW_ACTION_TYPE_COUNT:
@@ -5195,4 +5191,12 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
memcpy(action_cur, actions, sizeof(struct rte_flow_action));
}
+ /* If there are no VLAN actions, convert VLAN items to VOID in suffix flow items. */
+ if (!vlan_actions) {
+ struct rte_flow_item *it = orig_sfx_items;
+
+ for (; it->type != RTE_FLOW_ITEM_TYPE_END; it++)
+ if (it->type == (enum rte_flow_item_type)MLX5_RTE_FLOW_ITEM_TYPE_VLAN)
+ it->type = RTE_FLOW_ITEM_TYPE_VOID;
+ }
/* Add end action to the actions. */
actions_sfx->type = RTE_FLOW_ACTION_TYPE_END;
@@ -5284,6 +5288,4 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
MLX5_RTE_FLOW_ACTION_TYPE_TAG;
tag_action->conf = set_tag;
- tag_item->type = (enum rte_flow_item_type)
- MLX5_RTE_FLOW_ITEM_TYPE_TAG;
tag_item->spec = tag_item_spec;
tag_item->last = NULL;
@@ -6112,4 +6114,17 @@ flow_meter_create_drop_flow_with_org_pattern(struct rte_eth_dev *dev,
}
+static int
+flow_count_vlan_items(const struct rte_flow_item items[])
+{
+ int items_n = 0;
+
+ for (; items->type != RTE_FLOW_ITEM_TYPE_END; items++) {
+ if (items->type == RTE_FLOW_ITEM_TYPE_VLAN ||
+ items->type == (enum rte_flow_item_type)MLX5_RTE_FLOW_ITEM_TYPE_VLAN)
+ items_n++;
+ }
+ return items_n;
+}
+
/**
* The splitting for meter feature.
@@ -6167,4 +6182,5 @@ flow_create_split_meter(struct rte_eth_dev *dev,
size_t item_size;
int actions_n = 0;
+ int vlan_items_n = 0;
int ret = 0;
@@ -6228,7 +6244,9 @@ flow_create_split_meter(struct rte_eth_dev *dev,
(actions_n + METER_PREFIX_ACTION)) +
sizeof(struct mlx5_rte_flow_action_set_tag);
- /* Suffix items: tag, vlan, port id, end. */
-#define METER_SUFFIX_ITEM 4
- item_size = sizeof(struct rte_flow_item) * METER_SUFFIX_ITEM +
+ /* Flow can have multiple VLAN items. Account for them in suffix items. */
+ vlan_items_n = flow_count_vlan_items(items);
+ /* Suffix items: tag, [vlans], port id, end. */
+#define METER_SUFFIX_ITEM 3
+ item_size = sizeof(struct rte_flow_item) * (METER_SUFFIX_ITEM + vlan_items_n) +
sizeof(struct mlx5_rte_flow_item_tag) * 2;
sfx_actions = mlx5_malloc(MLX5_MEM_ZERO, (act_size + item_size),
--
2.43.2
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2024-03-08 13:47:49.795374787 +0000
+++ 0026-net-mlx5-fix-VLAN-handling-in-meter-split.patch 2024-03-08 13:47:49.032686705 +0000
@@ -1 +1 @@
-From 5d2301a222d77e7bac3a085aa17f8ef7a3af7ffe Mon Sep 17 00:00:00 2001
+From 03c7f0a177554bf65966aa0bcd88295f3ad915e2 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 5d2301a222d77e7bac3a085aa17f8ef7a3af7ffe ]
+
@@ -24 +25,0 @@
-Cc: stable@dpdk.org
@@ -33 +34 @@
-index c7d70b8c7b..f8943a60be 100644
+index 5d489c7f92..6399d93b93 100644
@@ -36 +37 @@
-@@ -5708,6 +5708,6 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
+@@ -5083,6 +5083,6 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
@@ -45 +46 @@
-@@ -5726,4 +5726,5 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
+@@ -5101,4 +5101,5 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
@@ -51 +52 @@
-@@ -5748,8 +5749,11 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
+@@ -5121,8 +5122,11 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
@@ -67 +68 @@
-@@ -5768,4 +5772,5 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
+@@ -5141,4 +5145,5 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
@@ -73 +74 @@
-@@ -5798,14 +5803,5 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
+@@ -5171,14 +5176,5 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
@@ -89 +90 @@
-@@ -5822,4 +5818,12 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
+@@ -5195,4 +5191,12 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
@@ -102 +103 @@
-@@ -5911,6 +5915,4 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
+@@ -5284,6 +5288,4 @@ flow_meter_split_prep(struct rte_eth_dev *dev,
@@ -109 +110 @@
-@@ -6740,4 +6742,17 @@ flow_meter_create_drop_flow_with_org_pattern(struct rte_eth_dev *dev,
+@@ -6112,4 +6114,17 @@ flow_meter_create_drop_flow_with_org_pattern(struct rte_eth_dev *dev,
@@ -127 +128 @@
-@@ -6795,4 +6810,5 @@ flow_create_split_meter(struct rte_eth_dev *dev,
+@@ -6167,4 +6182,5 @@ flow_create_split_meter(struct rte_eth_dev *dev,
@@ -133 +134 @@
-@@ -6854,7 +6870,9 @@ flow_create_split_meter(struct rte_eth_dev *dev,
+@@ -6228,7 +6244,9 @@ flow_create_split_meter(struct rte_eth_dev *dev,
next prev parent reply other threads:[~2024-03-08 14:32 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-08 14:27 patch 'doc: fix configuration in baseband 5GNR driver guide' " Kevin Traynor
2024-03-08 14:27 ` patch 'event/dlb2: remove superfluous memcpy' " Kevin Traynor
2024-03-08 14:27 ` patch 'test/event: fix crash in Tx adapter freeing' " Kevin Traynor
2024-03-08 14:27 ` patch 'eventdev: improve Doxygen comments on configure struct' " Kevin Traynor
2024-03-08 14:27 ` patch 'eventdev: fix Doxygen processing of vector " Kevin Traynor
2024-03-08 14:27 ` patch 'app/crypto-perf: fix out-of-place mbuf size' " Kevin Traynor
2024-03-08 14:27 ` patch 'app/crypto-perf: add missing op resubmission' " Kevin Traynor
2024-03-08 14:27 ` patch 'doc: fix typos in cryptodev overview' " Kevin Traynor
2024-03-08 14:27 ` patch 'net/tap: do not overwrite flow API errors' " Kevin Traynor
2024-03-08 14:27 ` patch 'net/tap: fix traffic control handle calculation' " Kevin Traynor
2024-03-08 14:27 ` patch 'net/bnxt: fix null pointer dereference' " Kevin Traynor
2024-03-08 14:28 ` patch 'net/ixgbevf: fix RSS init for x550 NICs' " Kevin Traynor
2024-03-08 14:28 ` patch 'net/iavf: remove error logs for VLAN offloading' " Kevin Traynor
2024-03-08 14:28 ` patch 'net/ixgbe: increase VF reset timeout' " Kevin Traynor
2024-03-08 14:28 ` patch 'net/i40e: remove incorrect 16B descriptor read block' " Kevin Traynor
2024-03-08 14:28 ` patch 'net/iavf: " Kevin Traynor
2024-03-08 14:28 ` patch 'net/ice: " Kevin Traynor
2024-03-08 14:28 ` patch 'net/bnx2x: fix warnings about memcpy lengths' " Kevin Traynor
2024-03-08 14:28 ` patch 'common/cnxk: fix Tx MTU configuration' " Kevin Traynor
2024-03-08 14:28 ` patch 'net/cnxk: fix MTU limit' " Kevin Traynor
2024-03-08 14:28 ` patch 'common/cnxk: fix RSS RETA configuration' " Kevin Traynor
2024-03-08 14:28 ` patch 'common/cnxk: fix mbox struct attributes' " Kevin Traynor
2024-03-08 14:28 ` patch 'common/cnxk: fix possible out-of-bounds access' " Kevin Traynor
2024-03-08 14:28 ` patch 'net/mlx5: fix use after free when releasing Tx queues' " Kevin Traynor
2024-03-08 14:28 ` patch 'net/mlx5: fix error packets drop in regular Rx' " Kevin Traynor
2024-03-08 14:28 ` Kevin Traynor [this message]
2024-03-08 14:28 ` patch 'net/mlx5: fix counters map in bonding mode' " Kevin Traynor
2024-03-08 14:28 ` patch 'test: fix probing in secondary process' " Kevin Traynor
2024-03-08 14:28 ` patch 'bus/vdev: fix devargs " Kevin Traynor
2024-03-08 14:28 ` patch 'config: fix CPU instruction set for cross-build' " Kevin Traynor
2024-03-08 14:28 ` patch 'test/mbuf: fix external mbuf case with assert enabled' " Kevin Traynor
2024-03-08 14:28 ` patch 'test: do not count skipped tests as executed' " Kevin Traynor
2024-03-08 14:28 ` patch 'examples/packet_ordering: fix Rx with reorder mode disabled' " Kevin Traynor
2024-03-08 14:28 ` patch 'examples/l3fwd: fix Rx over not ready port' " Kevin Traynor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240308142824.528417-26-ktraynor@redhat.com \
--to=ktraynor@redhat.com \
--cc=dsosnowski@nvidia.com \
--cc=stable@dpdk.org \
--cc=suanmingm@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).