Re: [dpdk-dev] [PATCH] net/mlx5: fix GRE key handle before GRE header issue

Tue, 26 Nov 2019 07:31:08 -0800 

Hi,

> -----Original Message-----
> From: Suanming Mou <suanmi...@mellanox.com>
> Sent: Tuesday, November 26, 2019 4:09 PM
> To: Slava Ovsiienko <viachesl...@mellanox.com>; Matan Azrad
> <ma...@mellanox.com>
> Cc: Ori Kam <or...@mellanox.com>; Raslan Darawsheh
> <rasl...@mellanox.com>; dev@dpdk.org; Jack Min
> <jack...@mellanox.com>
> Subject: [PATCH] net/mlx5: fix GRE key handle before GRE header issue
> 
> When set the GRE item, GRE key should follow after GRE header, or the
> header gre_item pointer used by the key will be invalid.
> 
> Currently in the mlx5_flow_validate_item_gre_key() function, the header
> gre_item pointer is access before checking if the key is after the header or
> not. Once the key item is before the header, invalid gre_item pointer access
> happens.
> 
> Move the gre_item pointer access after the GRE header check to avoid the
> crash issue.
> 
> Fixes: a7a0365565a4 ("net/mlx5: match GRE key and present bits")
> Cc: jack...@mellanox.com
> 
> Signed-off-by: Suanming Mou <suanmi...@mellanox.com>
> Acked-by: Ori Kam <or...@mellanox.com>
> ---
>  drivers/net/mlx5/mlx5_flow.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
> index 65a0e65..5c78ea7 100644
> --- a/drivers/net/mlx5/mlx5_flow.c
> +++ b/drivers/net/mlx5/mlx5_flow.c
> @@ -1998,8 +1998,8 @@ uint32_t mlx5_flow_adjust_priority(struct
> rte_eth_dev *dev, int32_t priority,
>       const rte_be32_t *mask = item->mask;
>       int ret = 0;
>       rte_be32_t gre_key_default_mask = RTE_BE32(UINT32_MAX);
> -     const struct rte_flow_item_gre *gre_spec = gre_item->spec;
> -     const struct rte_flow_item_gre *gre_mask = gre_item->mask;
> +     const struct rte_flow_item_gre *gre_spec;
> +     const struct rte_flow_item_gre *gre_mask;
> 
>       if (item_flags & MLX5_FLOW_LAYER_GRE_KEY)
>               return rte_flow_error_set(error, ENOTSUP, @@ -2013,8
> +2013,10 @@ uint32_t mlx5_flow_adjust_priority(struct rte_eth_dev *dev,
> int32_t priority,
>               return rte_flow_error_set(error, ENOTSUP,
>                                         RTE_FLOW_ERROR_TYPE_ITEM,
> item,
>                                         "GRE key following a wrong item");
> +     gre_mask = gre_item->mask;
>       if (!gre_mask)
>               gre_mask = &rte_flow_item_gre_mask;
> +     gre_spec = gre_item->spec;
>       if (gre_spec && (gre_mask->c_rsvd0_ver & RTE_BE16(0x2000)) &&
>                        !(gre_spec->c_rsvd0_ver & RTE_BE16(0x2000)))
>               return rte_flow_error_set(error, EINVAL,
> --
> 1.8.3.1


Patch applied to net-net-mlx,

Kindest regards,
Raslan Darawsheh

Reply via email to