[dpdk-stable] patch 'net/mlx5: fix crash in NVGRE item translation' has been queued to LTS release 18.11.10

[Kevin Traynor]

Hi,

FYI, your patch has been queued to LTS release 18.11.10

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 09/02/20. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable-queue/commit/6c119752c93daeab97d82163fa5b184fd2da751c

Thanks.

Kevin.

---
>From 6c119752c93daeab97d82163fa5b184fd2da751c Mon Sep 17 00:00:00 2001
From: Michael Baum <michaelba at mellanox.com>
Date: Tue, 21 Jul 2020 11:59:04 +0000
Subject: [PATCH] net/mlx5: fix crash in NVGRE item translation

[ upstream commit e71e90938bef6012dea460d3d94fbd0ee643e132 ]

The flow_dv_translate_item_nvgre function add NVGRE item to matcher and
to the value.
It defines a pointer named nvrge_m that receives the item's mask into
it, and then copies some of it to the matcher.

Before copying, it checks for mask validation, and in case the mask is
NULL the function gives it a pointer to rte_flow_item_nvgre_mask.
However, the function calls from the vni mask's field before the check,
and if there is no mask, it actually does dereference to the NULL
pointer and indeed the program crashes with segfault.

Move the call from the vni field to post-validation.

Fixes: cd18e1b72f73 ("net/mlx5: fix build on Arm")

Signed-off-by: Michael Baum <michaelba at mellanox.com>
Acked-by: Matan Azrad <matan at mellanox.com>
---
 drivers/net/mlx5/mlx5_flow_dv.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c
index aa8f5977fa..aee0546b8e 100644
--- a/drivers/net/mlx5/mlx5_flow_dv.c
+++ b/drivers/net/mlx5/mlx5_flow_dv.c
@@ -1611,6 +1611,6 @@ flow_dv_translate_item_nvgre(void *matcher, void *key,
 	void *misc_m = MLX5_ADDR_OF(fte_match_param, matcher, misc_parameters);
 	void *misc_v = MLX5_ADDR_OF(fte_match_param, key, misc_parameters);
-	const char *tni_flow_id_m = (const char *)nvgre_m->tni;
-	const char *tni_flow_id_v = (const char *)nvgre_v->tni;
+	const char *tni_flow_id_m;
+	const char *tni_flow_id_v;
 	char *gre_key_m;
 	char *gre_key_v;
@@ -1623,4 +1623,6 @@ flow_dv_translate_item_nvgre(void *matcher, void *key,
 	if (!nvgre_m)
 		nvgre_m = &rte_flow_item_nvgre_mask;
+	tni_flow_id_m = (const char *)nvgre_m->tni;
+	tni_flow_id_v = (const char *)nvgre_v->tni;
 	size = sizeof(nvgre_m->tni) + sizeof(nvgre_m->flow_id);
 	gre_key_m = MLX5_ADDR_OF(fte_match_set_misc, misc_m, gre_key_h);
-- 
2.26.2

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2020-08-28 11:03:26.593294031 +0100
+++ 0028-net-mlx5-fix-crash-in-NVGRE-item-translation.patch	2020-08-28 11:03:25.956955708 +0100
@@ -1 +1 @@
-From e71e90938bef6012dea460d3d94fbd0ee643e132 Mon Sep 17 00:00:00 2001
+From 6c119752c93daeab97d82163fa5b184fd2da751c Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit e71e90938bef6012dea460d3d94fbd0ee643e132 ]
+
@@ -20 +21,0 @@
-Cc: stable at dpdk.org
@@ -29 +30 @@
-index 0909cb6614..2ba320d2dd 100644
+index aa8f5977fa..aee0546b8e 100644
@@ -32 +33 @@
-@@ -6545,6 +6545,6 @@ flow_dv_translate_item_nvgre(void *matcher, void *key,
+@@ -1611,6 +1611,6 @@ flow_dv_translate_item_nvgre(void *matcher, void *key,
@@ -41 +42 @@
-@@ -6571,4 +6571,6 @@ flow_dv_translate_item_nvgre(void *matcher, void *key,
+@@ -1623,4 +1623,6 @@ flow_dv_translate_item_nvgre(void *matcher, void *key,