net/i40e: fix out-of-bounds access

When calling i40e_flowtype_to_pctype in i40e_get_hash_filter_global_config
and i40e_set_hash_filter_global_config, function i40e_flowtype_to_pctype
will be possibly make an out-of-bounds access, because size of the array
is 15. So check the flow type is valid before calling
i40e_flowtype_to_pctype.
In the process fix other occurances of the same problem

Coverity issue: 37793, 37794
Fixes: 782c8c92f13f ("i40e: add hash configuration")
Fixes: f2b2e2354bbd ("i40e: split function for hash and flow director input")
Fixes: 98f055707685 ("i40e: configure input fields for RSS or flow director")

Signed-off-by: Beilei Xing <beilei.xing@intel.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>

diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index 1e54dfc..31c2e11 100644 (file)
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -6921,6 +6921,9 @@ i40e_get_hash_filter_global_config(struct i40e_hw *hw,
                mask &= ~(1UL << i);
                /* Bit set indicats the coresponding flow type is supported */
                g_cfg->valid_bit_mask[0] |= (1UL << i);
+               /* if flowtype is invalid, continue */
+               if (!I40E_VALID_FLOW(i))
+                       continue;
                pctype = i40e_flowtype_to_pctype(i);
                reg = i40e_read_rx_ctl(hw, I40E_GLQF_HSYM(pctype));
                if (reg & I40E_GLQF_HSYM_SYMH_ENA_MASK)
@@ -6992,6 +6995,9 @@ i40e_set_hash_filter_global_config(struct i40e_hw *hw,
                if (!(mask0 & (1UL << i)))
                        continue;
                mask0 &= ~(1UL << i);
+               /* if flowtype is invalid, continue */
+               if (!I40E_VALID_FLOW(i))
+                       continue;
                pctype = i40e_flowtype_to_pctype(i);
                reg = (g_cfg->sym_hash_enable_mask[0] & (1UL << i)) ?
                                I40E_GLQF_HSYM_SYMH_ENA_MASK : 0;
@@ -7554,13 +7560,11 @@ i40e_hash_filter_inset_select(struct i40e_hw *hw,
                return -EINVAL;
        }
 
-       pctype = i40e_flowtype_to_pctype(conf->flow_type);
-       if (pctype == 0 || pctype > I40E_FILTER_PCTYPE_L2_PAYLOAD) {
-               PMD_DRV_LOG(ERR, "Not supported flow type (%u)",
-                           conf->flow_type);
+       if (!I40E_VALID_FLOW(conf->flow_type)) {
+               PMD_DRV_LOG(ERR, "invalid flow_type input.");
                return -EINVAL;
        }
-
+       pctype = i40e_flowtype_to_pctype(conf->flow_type);
        ret = i40e_parse_input_set(&input_set, pctype, conf->field,
                                   conf->inset_size);
        if (ret) {
@@ -7625,12 +7629,11 @@ i40e_fdir_filter_inset_select(struct i40e_pf *pf,
                return -EINVAL;
        }
 
-       pctype = i40e_flowtype_to_pctype(conf->flow_type);
-       if (pctype == 0 || pctype > I40E_FILTER_PCTYPE_L2_PAYLOAD) {
-               PMD_DRV_LOG(ERR, "Not supported flow type (%u)",
-                           conf->flow_type);
+       if (!I40E_VALID_FLOW(conf->flow_type)) {
+               PMD_DRV_LOG(ERR, "invalid flow_type input.");
                return -EINVAL;
        }
+       pctype = i40e_flowtype_to_pctype(conf->flow_type);
        ret = i40e_parse_input_set(&input_set, pctype, conf->field,
                                   conf->inset_size);
        if (ret) {