* [dpdk-dev] [PATCH 3/4] i40e: fix out-of-bounds access
@ 2016-06-30 7:35 Beilei Xing
0 siblings, 0 replies; only message in thread
From: Beilei Xing @ 2016-06-30 7:35 UTC (permalink / raw)
To: jingjing.wu, michalx.k.jastrzebski; +Cc: dev, Beilei Xing
When calling i40e_flowtype_to_pctype in
i40e_get_hash_filter_global_config and
i40e_set_hash_filter_global_config, function
i40e_flowtype_to_pctype will be possibly
out-of-bounds accessed, because size of callee's array
is 15. So judge flow type before calling
i40e_flowtype_to_pctype.
Meanwhile do the same change in other functions.
Fixes: 782c8c92f13f ("i40e: add hash configuration")
Fixes: f2b2e2354bbd ("i40e: split function for hash and flow director input")
Fixes: 98f055707685 ("i40e: configure input fields for RSS or flow director")
Signed-off-by: Beilei Xing <beilei.xing@intel.com>
---
drivers/net/i40e/i40e_ethdev.c | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index 78ed6d0..678e23a 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -6625,6 +6625,9 @@ i40e_get_hash_filter_global_config(struct i40e_hw *hw,
mask &= ~(1UL << i);
/* Bit set indicats the coresponding flow type is supported */
g_cfg->valid_bit_mask[0] |= (1UL << i);
+ /* if flowtype is invalid, continue */
+ if (!I40E_VALID_FLOW(i))
+ continue;
pctype = i40e_flowtype_to_pctype(i);
reg = i40e_read_rx_ctl(hw, I40E_GLQF_HSYM(pctype));
if (reg & I40E_GLQF_HSYM_SYMH_ENA_MASK)
@@ -6696,6 +6699,9 @@ i40e_set_hash_filter_global_config(struct i40e_hw *hw,
if (!(mask0 & (1UL << i)))
continue;
mask0 &= ~(1UL << i);
+ /* if flowtype is invalid, continue */
+ if (!I40E_VALID_FLOW(i))
+ continue;
pctype = i40e_flowtype_to_pctype(i);
reg = (g_cfg->sym_hash_enable_mask[0] & (1UL << i)) ?
I40E_GLQF_HSYM_SYMH_ENA_MASK : 0;
@@ -7258,13 +7264,11 @@ i40e_hash_filter_inset_select(struct i40e_hw *hw,
return -EINVAL;
}
- pctype = i40e_flowtype_to_pctype(conf->flow_type);
- if (pctype == 0 || pctype > I40E_FILTER_PCTYPE_L2_PAYLOAD) {
- PMD_DRV_LOG(ERR, "Not supported flow type (%u)",
- conf->flow_type);
+ if (!I40E_VALID_FLOW(conf->flow_type)) {
+ PMD_DRV_LOG(ERR, "invalid flow_type input.");
return -EINVAL;
}
-
+ pctype = i40e_flowtype_to_pctype(conf->flow_type);
ret = i40e_parse_input_set(&input_set, pctype, conf->field,
conf->inset_size);
if (ret) {
@@ -7329,12 +7333,11 @@ i40e_fdir_filter_inset_select(struct i40e_pf *pf,
return -EINVAL;
}
- pctype = i40e_flowtype_to_pctype(conf->flow_type);
- if (pctype == 0 || pctype > I40E_FILTER_PCTYPE_L2_PAYLOAD) {
- PMD_DRV_LOG(ERR, "Not supported flow type (%u)",
- conf->flow_type);
+ if (!I40E_VALID_FLOW(conf->flow_type)) {
+ PMD_DRV_LOG(ERR, "invalid flow_type input.");
return -EINVAL;
}
+ pctype = i40e_flowtype_to_pctype(conf->flow_type);
ret = i40e_parse_input_set(&input_set, pctype, conf->field,
conf->inset_size);
if (ret) {
--
2.5.0
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-06-30 7:35 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-30 7:35 [dpdk-dev] [PATCH 3/4] i40e: fix out-of-bounds access Beilei Xing
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).