From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Zhao1, Wei" <wei.zhao1@intel.com>
Subject: Re: [PATCH] app/testpmd: fix invalid memory access
Date: Tue, 8 May 2018 06:24:28 +0000
Message-ID: <A2573D2ACFCADC41BB3BE09C6DE313CA07D1D7C2@PGSMSX101.gar.corp.intel.com>
References: <20180507095044.48038-1-qi.z.zhang@intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Cc: "Peng, Yuan" <yuan.peng@intel.com>, "dev@dpdk.org" <dev@dpdk.org>
To: "Zhang, Qi Z" <qi.z.zhang@intel.com>, "adrien.mazarguil@6wind.com"
 <adrien.mazarguil@6wind.com>
Return-path: <dev-bounces@dpdk.org>
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 by dpdk.org (Postfix) with ESMTP id 705355688
 for <dev@dpdk.org>; Tue,  8 May 2018 08:24:32 +0200 (CEST)
In-Reply-To: <20180507095044.48038-1-qi.z.zhang@intel.com>
Content-Language: en-US
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Hi, zhang qi=20
  This  fix patch to DPDK.or is also useful for igb flex byte core dump iss=
ue.
I have validation it. But there is some patch check warning.
https://dpdk.org/dev/patchwork/patch/39417/



> -----Original Message-----
> From: Zhang, Qi Z
> Sent: Monday, May 7, 2018 5:51 PM
> To: adrien.mazarguil@6wind.com
> Cc: Peng, Yuan <yuan.peng@intel.com>; Zhao1, Wei <wei.zhao1@intel.com>;
> dev@dpdk.org; Zhang, Qi Z <qi.z.zhang@intel.com>
> Subject: [PATCH] app/testpmd: fix invalid memory access
>=20
> When calulate memory size of an RTE_FLOW_ITEM_TYPE_RAW 's mask
> mask->length is not the real size of binary pattern, it should take
> spec->length, or memory size will be over counted (0xffff) and invalid
> memory be access during following memcpy.
>=20
> Fixes: d0ad8648b1c5 ("app/testpmd: fix RSS flow action configuration")
>=20
> Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
> ---
>  app/test-pmd/config.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>=20
> diff --git a/app/test-pmd/config.c b/app/test-pmd/config.c index
> 16fc481ce..bcaf429c4 100644
> --- a/app/test-pmd/config.c
> +++ b/app/test-pmd/config.c
> @@ -1077,7 +1077,8 @@ flow_item_spec_copy(void *buf, const struct
> rte_flow_item *item,
>  		dst.raw =3D buf;
>  		off =3D RTE_ALIGN_CEIL(sizeof(struct rte_flow_item_raw),
>  				     sizeof(*src.raw->pattern));
> -		size =3D off + src.raw->length * sizeof(*src.raw->pattern);
> +		size =3D off + ((const struct rte_flow_item_raw *)item->spec)->
> +			length * sizeof(*src.raw->pattern);
>  		if (dst.raw) {
>  			memcpy(dst.raw, src.raw, sizeof(*src.raw));
>  			dst.raw->pattern =3D memcpy((uint8_t *)dst.raw + off,
> --
> 2.13.6