common/sfc_efx/base: enhance field ID check in field set API

A field ID passed to the API may point to a gap in the array
of field descriptors. Turn down such invocations as improper.

Fixes: 370ed675a952 ("common/sfc_efx/base: support setting PPORT in match spec")
Cc: stable@dpdk.org
Reviewed-by: Andy Moreton <amoreton@xilinx.com>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>

diff --git a/drivers/common/sfc_efx/base/efx_mae.c b/drivers/common/sfc_efx/base/efx_mae.c
index eb91753..cc5d8cf 100644 (file)
--- a/drivers/common/sfc_efx/base/efx_mae.c
+++ b/drivers/common/sfc_efx/base/efx_mae.c
@@ -690,16 +690,22 @@ efx_mae_match_spec_field_set(
                goto fail2;
        }
 
-       if (value_size != descp->emmd_value_size) {
+       if (descp->emmd_mask_size == 0) {
+               /* The ID points to a gap in the array of field descriptors. */
                rc = EINVAL;
                goto fail3;
        }
 
-       if (mask_size != descp->emmd_mask_size) {
+       if (value_size != descp->emmd_value_size) {
                rc = EINVAL;
                goto fail4;
        }
 
+       if (mask_size != descp->emmd_mask_size) {
+               rc = EINVAL;
+               goto fail5;
+       }
+
        if (descp->emmd_endianness == EFX_MAE_FIELD_BE) {
                /*
                 * The mask/value are in network (big endian) order.
@@ -741,6 +747,8 @@ efx_mae_match_spec_field_set(
 
        return (0);
 
+fail5:
+       EFSYS_PROBE(fail5);
 fail4:
        EFSYS_PROBE(fail4);
 fail3: