From: Alexander Kozyrev <akozyrev@nvidia.com>
To: dev@dpdk.org
Cc: rasland@nvidia.com, viacheslavo@nvidia.com, matan@nvidia.com,
orika@nvidia.com, stable@dpdk.org
Subject: [dpdk-stable] [PATCH v2 1/6] net/mlx5: check for a field size in modify field action
Date: Wed, 24 Mar 2021 15:04:34 +0000 [thread overview]
Message-ID: <20210324150439.9247-2-akozyrev@nvidia.com> (raw)
In-Reply-To: <20210324150439.9247-1-akozyrev@nvidia.com>
Add a validation check to make sure that the specified width
for MODIFY_FIELD RTE action is not bigger than a field size.
Fixes: 641dbe4fb0 ("net/mlx5: support modify field flow action")
Cc: stable@dpdk.org
Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
---
drivers/net/mlx5/mlx5_flow_dv.c | 23 ++++++++++++++++-------
1 file changed, 16 insertions(+), 7 deletions(-)
diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c
index 23e5849783..84e1bb6892 100644
--- a/drivers/net/mlx5/mlx5_flow_dv.c
+++ b/drivers/net/mlx5/mlx5_flow_dv.c
@@ -4608,9 +4608,22 @@ flow_dv_validate_action_modify_field(const uint64_t action_flags,
if (ret)
return ret;
+ if (action_modify_field->width == 0)
+ return rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_ACTION,
+ NULL,
+ "no bits are requested to be modified");
+ else if (action_modify_field->width > dst_width ||
+ action_modify_field->width > src_width)
+ return rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_ACTION,
+ NULL,
+ "cannot modify more bits than"
+ " the width of a field");
if (action_modify_field->dst.field != RTE_FLOW_FIELD_VALUE &&
action_modify_field->dst.field != RTE_FLOW_FIELD_POINTER) {
- if (action_modify_field->dst.offset >= dst_width ||
+ if ((action_modify_field->dst.offset +
+ action_modify_field->width > dst_width) ||
(action_modify_field->dst.offset % 32))
return rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
@@ -4626,7 +4639,8 @@ flow_dv_validate_action_modify_field(const uint64_t action_flags,
}
if (action_modify_field->src.field != RTE_FLOW_FIELD_VALUE &&
action_modify_field->src.field != RTE_FLOW_FIELD_POINTER) {
- if (action_modify_field->src.offset >= src_width ||
+ if ((action_modify_field->src.offset +
+ action_modify_field->width > src_width) ||
(action_modify_field->src.offset % 32))
return rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
@@ -4640,11 +4654,6 @@ flow_dv_validate_action_modify_field(const uint64_t action_flags,
NULL,
"cannot copy from inner headers");
}
- if (action_modify_field->width == 0)
- return rte_flow_error_set(error, EINVAL,
- RTE_FLOW_ERROR_TYPE_ACTION,
- NULL,
- "width is required for modify action");
if (action_modify_field->dst.field ==
action_modify_field->src.field)
return rte_flow_error_set(error, EINVAL,
--
2.24.1
next parent reply other threads:[~2021-03-24 15:04 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20210324150439.9247-1-akozyrev@nvidia.com>
2021-03-24 15:04 ` Alexander Kozyrev [this message]
2021-03-30 7:09 ` Slava Ovsiienko
2021-03-24 15:04 ` [dpdk-stable] [PATCH v2 2/6] net/mlx5: adjust modify field action endianess Alexander Kozyrev
2021-03-30 7:09 ` Slava Ovsiienko
2021-03-24 15:04 ` [dpdk-stable] [PATCH v2 3/6] net/mlx5: check extended metadata for mark modififcation Alexander Kozyrev
2021-03-30 7:09 ` Slava Ovsiienko
2021-03-24 15:04 ` [dpdk-stable] [PATCH v2 6/6] net/mlx5: reject VXLAN ID's modifications Alexander Kozyrev
2021-03-30 7:10 ` Slava Ovsiienko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210324150439.9247-2-akozyrev@nvidia.com \
--to=akozyrev@nvidia.com \
--cc=dev@dpdk.org \
--cc=matan@nvidia.com \
--cc=orika@nvidia.com \
--cc=rasland@nvidia.com \
--cc=stable@dpdk.org \
--cc=viacheslavo@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).