From 5da37ab56e144686e5cc87153c9bd929db7c11b7 Mon Sep 17 00:00:00 2001 From: Ivan Malov Date: Wed, 6 Jan 2021 13:06:01 +0300 Subject: [PATCH] common/sfc_efx/base: enhance field ID check in field set API A field ID passed to the API may point to a gap in the array of field descriptors. Turn down such invocations as improper. Fixes: 370ed675a952 ("common/sfc_efx/base: support setting PPORT in match spec") Cc: stable@dpdk.org Reviewed-by: Andy Moreton Reviewed-by: Andrew Rybchenko Signed-off-by: Ivan Malov --- drivers/common/sfc_efx/base/efx_mae.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/common/sfc_efx/base/efx_mae.c b/drivers/common/sfc_efx/base/efx_mae.c index eb91753ec5..cc5d8cfc4f 100644 --- a/drivers/common/sfc_efx/base/efx_mae.c +++ b/drivers/common/sfc_efx/base/efx_mae.c @@ -690,16 +690,22 @@ efx_mae_match_spec_field_set( goto fail2; } - if (value_size != descp->emmd_value_size) { + if (descp->emmd_mask_size == 0) { + /* The ID points to a gap in the array of field descriptors. */ rc = EINVAL; goto fail3; } - if (mask_size != descp->emmd_mask_size) { + if (value_size != descp->emmd_value_size) { rc = EINVAL; goto fail4; } + if (mask_size != descp->emmd_mask_size) { + rc = EINVAL; + goto fail5; + } + if (descp->emmd_endianness == EFX_MAE_FIELD_BE) { /* * The mask/value are in network (big endian) order. @@ -741,6 +747,8 @@ efx_mae_match_spec_field_set( return (0); +fail5: + EFSYS_PROBE(fail5); fail4: EFSYS_PROBE(fail4); fail3: -- 2.20.1