git.droids-corp.org / dpdk.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4acb96f)
net/mlx5: fix crash on GRE flow rule parsing
authorSuanming Mou <suanmingm@mellanox.com>
Tue, 26 Nov 2019 14:08:35 +0000 (16:08 +0200)
committerFerruh Yigit <ferruh.yigit@intel.com>
Tue, 26 Nov 2019 17:22:27 +0000 (18:22 +0100)
When set the GRE item, GRE key should follow after GRE header, or the
header gre_item pointer used by the key will be invalid.

Currently in the mlx5_flow_validate_item_gre_key() function, the header
gre_item pointer is access before checking if the key is after the
header or not. Once the key item is before the header, invalid gre_item
pointer access happens.

Move the gre_item pointer access after the GRE header check to avoid the
crash issue.

Fixes: a7a0365565a4 ("net/mlx5: match GRE key and present bits")
Cc: stable@dpdk.org
Signed-off-by: Suanming Mou <suanmingm@mellanox.com>
Acked-by: Ori Kam <orika@mellanox.com>
drivers/net/mlx5/mlx5_flow.c patch | blob | history

diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
index 65a0e65..5c78ea7 100644 (file)
--- a/drivers/net/mlx5/mlx5_flow.c
+++ b/drivers/net/mlx5/mlx5_flow.c
@@ -1998,8 +1998,8 @@ mlx5_flow_validate_item_gre_key(const struct rte_flow_item *item,
        const rte_be32_t *mask = item->mask;
        int ret = 0;
        rte_be32_t gre_key_default_mask = RTE_BE32(UINT32_MAX);
-       const struct rte_flow_item_gre *gre_spec = gre_item->spec;
-       const struct rte_flow_item_gre *gre_mask = gre_item->mask;
+       const struct rte_flow_item_gre *gre_spec;
+       const struct rte_flow_item_gre *gre_mask;
 
        if (item_flags & MLX5_FLOW_LAYER_GRE_KEY)
                return rte_flow_error_set(error, ENOTSUP,
@@ -2013,8 +2013,10 @@ mlx5_flow_validate_item_gre_key(const struct rte_flow_item *item,
                return rte_flow_error_set(error, ENOTSUP,
                                          RTE_FLOW_ERROR_TYPE_ITEM, item,
                                          "GRE key following a wrong item");
+       gre_mask = gre_item->mask;
        if (!gre_mask)
                gre_mask = &rte_flow_item_gre_mask;
+       gre_spec = gre_item->spec;
        if (gre_spec && (gre_mask->c_rsvd0_ver & RTE_BE16(0x2000)) &&
                         !(gre_spec->c_rsvd0_ver & RTE_BE16(0x2000)))
                return rte_flow_error_set(error, EINVAL,
DPDK repo used for reviews