* [dpdk-dev] [PATCH] net/mlx5: fix NVGRE item mask handling
@ 2020-07-21 11:59 Michael Baum
  2020-07-22 15:30 ` Raslan Darawsheh
  0 siblings, 1 reply; 2+ messages in thread
From: Michael Baum @ 2020-07-21 11:59 UTC (permalink / raw)
  To: dev; +Cc: matan, viacheslavo, stable
The flow_dv_translate_item_nvgre function add NVGRE item to matcher and
to the value.
It defines a pointer named nvrge_m that receives the item's mask into
it, and then copies some of it to the matcher.
Before copying, it checks for mask validation, and in case the mask is
NULL the function gives it a pointer to rte_flow_item_nvgre_mask.
However, the function calls from the vni mask's field before the check,
and if there is no mask, it actually does dereference to the NULL
pointer and indeed the program crashes with segfault.
Move the call from the vni field to post-validation.
Fixes: cd18e1b72f73 ("net/mlx5: fix build on Arm")
Cc: stable@dpdk.org
Signed-off-by: Michael Baum <michaelba@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
---
 drivers/net/mlx5/mlx5_flow_dv.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c
index f0cc7ad..caeafd9 100644
--- a/drivers/net/mlx5/mlx5_flow_dv.c
+++ b/drivers/net/mlx5/mlx5_flow_dv.c
@@ -6469,8 +6469,8 @@ struct field_modify_info modify_tcp[] = {
 	const struct rte_flow_item_nvgre *nvgre_v = item->spec;
 	void *misc_m = MLX5_ADDR_OF(fte_match_param, matcher, misc_parameters);
 	void *misc_v = MLX5_ADDR_OF(fte_match_param, key, misc_parameters);
-	const char *tni_flow_id_m = (const char *)nvgre_m->tni;
-	const char *tni_flow_id_v = (const char *)nvgre_v->tni;
+	const char *tni_flow_id_m;
+	const char *tni_flow_id_v;
 	char *gre_key_m;
 	char *gre_key_v;
 	int size;
@@ -6495,6 +6495,8 @@ struct field_modify_info modify_tcp[] = {
 		return;
 	if (!nvgre_m)
 		nvgre_m = &rte_flow_item_nvgre_mask;
+	tni_flow_id_m = (const char *)nvgre_m->tni;
+	tni_flow_id_v = (const char *)nvgre_v->tni;
 	size = sizeof(nvgre_m->tni) + sizeof(nvgre_m->flow_id);
 	gre_key_m = MLX5_ADDR_OF(fte_match_set_misc, misc_m, gre_key_h);
 	gre_key_v = MLX5_ADDR_OF(fte_match_set_misc, misc_v, gre_key_h);
-- 
1.8.3.1
^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [dpdk-dev] [PATCH] net/mlx5: fix NVGRE item mask handling
  2020-07-21 11:59 [dpdk-dev] [PATCH] net/mlx5: fix NVGRE item mask handling Michael Baum
@ 2020-07-22 15:30 ` Raslan Darawsheh
  0 siblings, 0 replies; 2+ messages in thread
From: Raslan Darawsheh @ 2020-07-22 15:30 UTC (permalink / raw)
  To: Michael Baum, dev; +Cc: Matan Azrad, Slava Ovsiienko, stable
Hi,
> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Michael Baum
> Sent: Tuesday, July 21, 2020 2:59 PM
> To: dev@dpdk.org
> Cc: Matan Azrad <matan@mellanox.com>; Slava Ovsiienko
> <viacheslavo@mellanox.com>; stable@dpdk.org
> Subject: [dpdk-dev] [PATCH] net/mlx5: fix NVGRE item mask handling
> 
> The flow_dv_translate_item_nvgre function add NVGRE item to matcher
> and
> to the value.
> It defines a pointer named nvrge_m that receives the item's mask into
> it, and then copies some of it to the matcher.
> 
> Before copying, it checks for mask validation, and in case the mask is
> NULL the function gives it a pointer to rte_flow_item_nvgre_mask.
> However, the function calls from the vni mask's field before the check,
> and if there is no mask, it actually does dereference to the NULL
> pointer and indeed the program crashes with segfault.
> 
> Move the call from the vni field to post-validation.
> 
> Fixes: cd18e1b72f73 ("net/mlx5: fix build on Arm")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Michael Baum <michaelba@mellanox.com>
> Acked-by: Matan Azrad <matan@mellanox.com>
> ---
>  drivers/net/mlx5/mlx5_flow_dv.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/mlx5/mlx5_flow_dv.c
> b/drivers/net/mlx5/mlx5_flow_dv.c
> index f0cc7ad..caeafd9 100644
> --- a/drivers/net/mlx5/mlx5_flow_dv.c
> +++ b/drivers/net/mlx5/mlx5_flow_dv.c
> @@ -6469,8 +6469,8 @@ struct field_modify_info modify_tcp[] = {
>  	const struct rte_flow_item_nvgre *nvgre_v = item->spec;
>  	void *misc_m = MLX5_ADDR_OF(fte_match_param, matcher,
> misc_parameters);
>  	void *misc_v = MLX5_ADDR_OF(fte_match_param, key,
> misc_parameters);
> -	const char *tni_flow_id_m = (const char *)nvgre_m->tni;
> -	const char *tni_flow_id_v = (const char *)nvgre_v->tni;
> +	const char *tni_flow_id_m;
> +	const char *tni_flow_id_v;
>  	char *gre_key_m;
>  	char *gre_key_v;
>  	int size;
> @@ -6495,6 +6495,8 @@ struct field_modify_info modify_tcp[] = {
>  		return;
>  	if (!nvgre_m)
>  		nvgre_m = &rte_flow_item_nvgre_mask;
> +	tni_flow_id_m = (const char *)nvgre_m->tni;
> +	tni_flow_id_v = (const char *)nvgre_v->tni;
>  	size = sizeof(nvgre_m->tni) + sizeof(nvgre_m->flow_id);
>  	gre_key_m = MLX5_ADDR_OF(fte_match_set_misc, misc_m,
> gre_key_h);
>  	gre_key_v = MLX5_ADDR_OF(fte_match_set_misc, misc_v,
> gre_key_h);
> --
> 1.8.3.1
Patch applied to next-net-mlx,
Kindest regards,
Raslan Darawsheh
^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-07-22 15:31 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-21 11:59 [dpdk-dev] [PATCH] net/mlx5: fix NVGRE item mask handling Michael Baum
2020-07-22 15:30 ` Raslan Darawsheh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).