From: Hyong Youb Kim <hyonkim@cisco.com>
To: Ferruh Yigit <ferruh.yigit@intel.com>
Cc: dev@dpdk.org, John Daley <johndale@cisco.com>,
Hyong Youb Kim <hyonkim@cisco.com>,
stable@dpdk.org
Subject: [PATCH 05/15] net/enic: check for unsupported flow item types
Date: Wed, 27 Feb 2019 23:03:07 -0800 [thread overview]
Message-ID: <20190228070317.17002-6-hyonkim@cisco.com> (raw)
In-Reply-To: <20190228070317.17002-1-hyonkim@cisco.com>
Currently a pattern with an unsupported item type causes segfault,
because the flow handler is using the type as an array index without
checking bounds. Add an explicit check for unsupported item types and
avoid out-of-bound accesses.
Fixes: 6ced137607d0 ("net/enic: flow API for NICs with advanced filters enabled")
Cc: stable@dpdk.org
Signed-off-by: Hyong Youb Kim <hyonkim@cisco.com>
Reviewed-by: John Daley <johndale@cisco.com>
---
drivers/net/enic/enic_flow.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/drivers/net/enic/enic_flow.c b/drivers/net/enic/enic_flow.c
index e12a6ec73..c60476c8c 100644
--- a/drivers/net/enic/enic_flow.c
+++ b/drivers/net/enic/enic_flow.c
@@ -40,6 +40,8 @@ struct enic_items {
struct enic_filter_cap {
/** list of valid items and their handlers and attributes. */
const struct enic_items *item_info;
+ /* Max type in the above list, used to detect unsupported types */
+ enum rte_flow_item_type max_item_type;
};
/* functions for copying flow actions into enic actions */
@@ -257,12 +259,15 @@ static const struct enic_items enic_items_v3[] = {
static const struct enic_filter_cap enic_filter_cap[] = {
[FILTER_IPV4_5TUPLE] = {
.item_info = enic_items_v1,
+ .max_item_type = RTE_FLOW_ITEM_TYPE_TCP,
},
[FILTER_USNIC_IP] = {
.item_info = enic_items_v2,
+ .max_item_type = RTE_FLOW_ITEM_TYPE_VXLAN,
},
[FILTER_DPDK_1] = {
.item_info = enic_items_v3,
+ .max_item_type = RTE_FLOW_ITEM_TYPE_VXLAN,
},
};
@@ -946,7 +951,7 @@ item_stacking_valid(enum rte_flow_item_type prev_item,
*/
static int
enic_copy_filter(const struct rte_flow_item pattern[],
- const struct enic_items *items_info,
+ const struct enic_filter_cap *cap,
struct filter_v2 *enic_filter,
struct rte_flow_error *error)
{
@@ -969,7 +974,14 @@ enic_copy_filter(const struct rte_flow_item pattern[],
if (item->type == RTE_FLOW_ITEM_TYPE_VOID)
continue;
- item_info = &items_info[item->type];
+ item_info = &cap->item_info[item->type];
+ if (item->type > cap->max_item_type ||
+ item_info->copy_item == NULL) {
+ rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_ITEM,
+ NULL, "Unsupported item.");
+ return -rte_errno;
+ }
/* check to see if item stacking is valid */
if (!item_stacking_valid(prev_item, item_info, is_first_item))
@@ -1423,7 +1435,7 @@ enic_flow_parse(struct rte_eth_dev *dev,
return -rte_errno;
}
enic_filter->type = enic->flow_filter_mode;
- ret = enic_copy_filter(pattern, enic_filter_cap->item_info,
+ ret = enic_copy_filter(pattern, enic_filter_cap,
enic_filter, error);
return ret;
}
--
2.16.2
next prev parent reply other threads:[~2019-02-28 7:03 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-28 7:03 [PATCH 00/15] net/enic: 19.05 updates Hyong Youb Kim
2019-02-28 7:03 ` [PATCH 01/15] net/enic: remove unused code Hyong Youb Kim
2019-02-28 7:03 ` [PATCH 02/15] net/enic: fix flow director SCTP matching Hyong Youb Kim
2019-02-28 7:03 ` [PATCH 03/15] net/enic: fix SCTP match for flow API Hyong Youb Kim
2019-02-28 7:03 ` [PATCH 04/15] net/enic: allow flow mark ID 0 Hyong Youb Kim
2019-02-28 7:03 ` Hyong Youb Kim [this message]
2019-02-28 7:03 ` [PATCH 06/15] net/enic: enable limited RSS flow action Hyong Youb Kim
2019-02-28 7:03 ` [PATCH 07/15] net/enic: enable limited PASSTHRU " Hyong Youb Kim
2019-02-28 7:03 ` [PATCH 08/15] net/enic: move arguments into struct Hyong Youb Kim
2019-02-28 7:03 ` [PATCH 09/15] net/enic: enable limited support for RAW flow item Hyong Youb Kim
2019-02-28 7:03 ` [PATCH 10/15] net/enic: initialize VXLAN port regardless of overlay offload Hyong Youb Kim
2019-02-28 7:03 ` [PATCH 11/15] net/enic: fix a couple issues with VXLAN match Hyong Youb Kim
2019-02-28 7:03 ` [PATCH 12/15] net/enic: fix an endian bug in VLAN match Hyong Youb Kim
2019-02-28 7:03 ` [PATCH 13/15] net/enic: fix several issues with inner packet matching Hyong Youb Kim
2019-02-28 7:03 ` [PATCH 14/15] doc: update enic guide Hyong Youb Kim
2019-02-28 7:03 ` [PATCH 15/15] doc: update release notes for enic Hyong Youb Kim
2019-03-01 14:26 ` [PATCH 00/15] net/enic: 19.05 updates Thomas Monjalon
2019-03-01 14:56 ` Hyong Youb Kim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190228070317.17002-6-hyonkim@cisco.com \
--to=hyonkim@cisco.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=johndale@cisco.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.