From e71e90938bef6012dea460d3d94fbd0ee643e132 Mon Sep 17 00:00:00 2001 From: Michael Baum Date: Tue, 21 Jul 2020 11:59:04 +0000 Subject: [PATCH] net/mlx5: fix crash in NVGRE item translation The flow_dv_translate_item_nvgre function add NVGRE item to matcher and to the value. It defines a pointer named nvrge_m that receives the item's mask into it, and then copies some of it to the matcher. Before copying, it checks for mask validation, and in case the mask is NULL the function gives it a pointer to rte_flow_item_nvgre_mask. However, the function calls from the vni mask's field before the check, and if there is no mask, it actually does dereference to the NULL pointer and indeed the program crashes with segfault. Move the call from the vni field to post-validation. Fixes: cd18e1b72f73 ("net/mlx5: fix build on Arm") Cc: stable@dpdk.org Signed-off-by: Michael Baum Acked-by: Matan Azrad --- drivers/net/mlx5/mlx5_flow_dv.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c index 0909cb6614..2ba320d2dd 100644 --- a/drivers/net/mlx5/mlx5_flow_dv.c +++ b/drivers/net/mlx5/mlx5_flow_dv.c @@ -6544,8 +6544,8 @@ flow_dv_translate_item_nvgre(void *matcher, void *key, const struct rte_flow_item_nvgre *nvgre_v = item->spec; void *misc_m = MLX5_ADDR_OF(fte_match_param, matcher, misc_parameters); void *misc_v = MLX5_ADDR_OF(fte_match_param, key, misc_parameters); - const char *tni_flow_id_m = (const char *)nvgre_m->tni; - const char *tni_flow_id_v = (const char *)nvgre_v->tni; + const char *tni_flow_id_m; + const char *tni_flow_id_v; char *gre_key_m; char *gre_key_v; int size; @@ -6570,6 +6570,8 @@ flow_dv_translate_item_nvgre(void *matcher, void *key, return; if (!nvgre_m) nvgre_m = &rte_flow_item_nvgre_mask; + tni_flow_id_m = (const char *)nvgre_m->tni; + tni_flow_id_v = (const char *)nvgre_v->tni; size = sizeof(nvgre_m->tni) + sizeof(nvgre_m->flow_id); gre_key_m = MLX5_ADDR_OF(fte_match_set_misc, misc_m, gre_key_h); gre_key_v = MLX5_ADDR_OF(fte_match_set_misc, misc_v, gre_key_h); -- 2.20.1