This defect is a functional issue where the RX CQE pointer remains
uninitialized in the LRO code path which can cause null pointer exception
while accessing VLAN or RSS hash value from CQE.
Coverity issue: 143474
Fixes:
29540be7efce ("net/qede: support LRO/TSO offloads")
Signed-off-by: Harish Patil <harish.patil@cavium.com>
uint8_t bitfield_val;
uint8_t offset, tpa_agg_idx, flags;
struct qede_agg_info *tpa_info;
uint8_t bitfield_val;
uint8_t offset, tpa_agg_idx, flags;
struct qede_agg_info *tpa_info;
hw_comp_cons = rte_le_to_cpu_16(*rxq->hw_cons_ptr);
sw_comp_cons = ecore_chain_get_cons_idx(&rxq->rx_comp_ring);
hw_comp_cons = rte_le_to_cpu_16(*rxq->hw_cons_ptr);
sw_comp_cons = ecore_chain_get_cons_idx(&rxq->rx_comp_ring);
packet_type = RTE_PTYPE_UNKNOWN;
vlan_tci = 0;
tpa_start_flg = false;
packet_type = RTE_PTYPE_UNKNOWN;
vlan_tci = 0;
tpa_start_flg = false;
/* Get the CQE from the completion ring */
cqe =
/* Get the CQE from the completion ring */
cqe =
offset = fp_cqe->placement_offset;
len = rte_le_to_cpu_16(fp_cqe->len_on_first_bd);
pkt_len = rte_le_to_cpu_16(fp_cqe->pkt_len);
offset = fp_cqe->placement_offset;
len = rte_le_to_cpu_16(fp_cqe->len_on_first_bd);
pkt_len = rte_le_to_cpu_16(fp_cqe->pkt_len);
+ vlan_tci = rte_le_to_cpu_16(fp_cqe->vlan_tag);
+ rss_hash = rte_le_to_cpu_32(fp_cqe->rss_hash);
+ htype = (uint8_t)GET_FIELD(bitfield_val,
+ ETH_FAST_PATH_RX_REG_CQE_RSS_HASH_TYPE);
} else {
parse_flag =
rte_le_to_cpu_16(cqe_start_tpa->pars_flags.flags);
} else {
parse_flag =
rte_le_to_cpu_16(cqe_start_tpa->pars_flags.flags);
offset = cqe_start_tpa->placement_offset;
/* seg_len = len_on_first_bd */
len = rte_le_to_cpu_16(cqe_start_tpa->len_on_first_bd);
offset = cqe_start_tpa->placement_offset;
/* seg_len = len_on_first_bd */
len = rte_le_to_cpu_16(cqe_start_tpa->len_on_first_bd);
+ vlan_tci = rte_le_to_cpu_16(cqe_start_tpa->vlan_tag);
+ htype = (uint8_t)GET_FIELD(bitfield_val,
+ ETH_FAST_PATH_RX_TPA_START_CQE_RSS_HASH_TYPE);
+ rss_hash = rte_le_to_cpu_32(cqe_start_tpa->rss_hash);
}
if (qede_tunn_exist(parse_flag)) {
PMD_RX_LOG(INFO, rxq, "Rx tunneled packet\n");
}
if (qede_tunn_exist(parse_flag)) {
PMD_RX_LOG(INFO, rxq, "Rx tunneled packet\n");
}
if (CQE_HAS_VLAN(parse_flag)) {
}
if (CQE_HAS_VLAN(parse_flag)) {
- vlan_tci = rte_le_to_cpu_16(fp_cqe->vlan_tag);
ol_flags |= PKT_RX_VLAN_PKT;
ol_flags |= PKT_RX_VLAN_PKT;
+ rx_mb->vlan_tci = vlan_tci;
if (CQE_HAS_OUTER_VLAN(parse_flag)) {
if (CQE_HAS_OUTER_VLAN(parse_flag)) {
- vlan_tci = rte_le_to_cpu_16(fp_cqe->vlan_tag);
ol_flags |= PKT_RX_QINQ_PKT;
ol_flags |= PKT_RX_QINQ_PKT;
+ rx_mb->vlan_tci = vlan_tci;
rx_mb->vlan_tci_outer = 0;
}
rx_mb->vlan_tci_outer = 0;
}
- htype = (uint8_t)GET_FIELD(bitfield_val,
- ETH_FAST_PATH_RX_REG_CQE_RSS_HASH_TYPE);
- if (qdev->rss_enable && htype) {
+ if (qdev->rss_enable) {
ol_flags |= PKT_RX_RSS_HASH;
ol_flags |= PKT_RX_RSS_HASH;
- rx_mb->hash.rss = rte_le_to_cpu_32(fp_cqe->rss_hash);
- PMD_RX_LOG(INFO, rxq, "Hash result 0x%x\n",
- rx_mb->hash.rss);
+ rx_mb->hash.rss = rss_hash;
}
if (unlikely(qede_alloc_rx_buffer(rxq) != 0)) {
}
if (unlikely(qede_alloc_rx_buffer(rxq) != 0)) {
rx_mb->port = rxq->port_id;
rx_mb->ol_flags = ol_flags;
rx_mb->data_len = len;
rx_mb->port = rxq->port_id;
rx_mb->ol_flags = ol_flags;
rx_mb->data_len = len;
- rx_mb->vlan_tci = vlan_tci;
rx_mb->packet_type = packet_type;
rx_mb->packet_type = packet_type;
- PMD_RX_LOG(INFO, rxq, "pkt_type %04x len %04x flags %04lx\n",
- packet_type, len, (unsigned long)ol_flags);
+ PMD_RX_LOG(INFO, rxq,
+ "pkt_type 0x%04x len %u hash_type %d hash_val 0x%x"
+ " ol_flags 0x%04lx\n",
+ packet_type, len, htype, rx_mb->hash.rss,
+ (unsigned long)ol_flags);
if (!tpa_start_flg) {
rx_mb->nb_segs = fp_cqe->bd_num;
rx_mb->pkt_len = pkt_len;
if (!tpa_start_flg) {
rx_mb->nb_segs = fp_cqe->bd_num;
rx_mb->pkt_len = pkt_len;