[dpdk-stable] [PATCH] net/ice: fix double free ACL flow entry
Su, Simei
simei.su at intel.com
Fri Sep 24 07:40:53 CEST 2021
> -----Original Message-----
> From: Yu, DapengX <dapengx.yu at intel.com>
> Sent: Friday, September 3, 2021 6:04 PM
> To: Yang, Qiming <qiming.yang at intel.com>; Zhang, Qi Z
> <qi.z.zhang at intel.com>
> Cc: dev at dpdk.org; Su, Simei <simei.su at intel.com>; Yu, DapengX
> <dapengx.yu at intel.com>; stable at dpdk.org
> Subject: [PATCH] net/ice: fix double free ACL flow entry
>
> From: Dapeng Yu <dapengx.yu at intel.com>
>
> If call ice_flow_rem_entry() directly without checking entry_id, may cause an
> ACL flow entry to be freed more than once.
>
> This patch tries to find entry_id first, then call ice_flow_rem_entry() to avoid
> the defect.
>
> Fixes: 40d466fa9f76 ("net/ice: support ACL filter in DCF")
> Cc: stable at dpdk.org
>
> Signed-off-by: Dapeng Yu <dapengx.yu at intel.com>
> ---
> drivers/net/ice/ice_acl_filter.c | 33 +++++++++++++++++++++-----------
> 1 file changed, 22 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/net/ice/ice_acl_filter.c b/drivers/net/ice/ice_acl_filter.c
> index 0c15a7036c..f44ce5d77e 100644
> --- a/drivers/net/ice/ice_acl_filter.c
> +++ b/drivers/net/ice/ice_acl_filter.c
> @@ -45,7 +45,7 @@ static struct ice_flow_parser ice_acl_parser;
>
> struct acl_rule {
> enum ice_fltr_ptype flow_type;
> - uint32_t entry_id[4];
> + uint64_t entry_id[4];
> };
>
> static struct
> @@ -440,7 +440,7 @@ ice_acl_hw_set_conf(struct ice_pf *pf, struct
> ice_fdir_fltr *input,
> PMD_DRV_LOG(ERR, "Fail to add entry.");
> return ret;
> }
> - rule->entry_id[entry_idx] = slot_id;
> + rule->entry_id[entry_idx] = entry_id;
> pf->acl.hw_entry_id[slot_id] = hw_entry;
> } else {
> PMD_DRV_LOG(ERR, "Exceed the maximum entry number(%d)"
> @@ -451,18 +451,28 @@ ice_acl_hw_set_conf(struct ice_pf *pf, struct
> ice_fdir_fltr *input,
> return 0;
> }
>
> +static inline void
> +ice_acl_del_entry(struct ice_hw *hw, uint64_t entry_id) {
> + uint64_t hw_entry;
> +
> + hw_entry = ice_flow_find_entry(hw, ICE_BLK_ACL, entry_id);
> + ice_flow_rem_entry(hw, ICE_BLK_ACL, hw_entry); }
> +
> static inline void
> ice_acl_hw_rem_conf(struct ice_pf *pf, struct acl_rule *rule, int32_t entry_idx)
> {
> uint32_t slot_id;
> int32_t i;
> + uint64_t entry_id;
> struct ice_hw *hw = ICE_PF_TO_HW(pf);
>
> for (i = 0; i < entry_idx; i++) {
> - slot_id = rule->entry_id[i];
> + entry_id = rule->entry_id[i];
> + slot_id = ICE_LO_DWORD(entry_id);
> rte_bitmap_set(pf->acl.slots, slot_id);
> - ice_flow_rem_entry(hw, ICE_BLK_ACL,
> - pf->acl.hw_entry_id[slot_id]);
> + ice_acl_del_entry(hw, entry_id);
> }
> }
>
> @@ -562,6 +572,7 @@ ice_acl_destroy_filter(struct ice_adapter *ad, {
> struct acl_rule *rule = (struct acl_rule *)flow->rule;
> uint32_t slot_id, i;
> + uint64_t entry_id;
> struct ice_pf *pf = &ad->pf;
> struct ice_hw *hw = ICE_PF_TO_HW(pf);
> int ret = 0;
> @@ -569,19 +580,19 @@ ice_acl_destroy_filter(struct ice_adapter *ad,
> switch (rule->flow_type) {
> case ICE_FLTR_PTYPE_NONF_IPV4_OTHER:
> for (i = 0; i < 4; i++) {
> - slot_id = rule->entry_id[i];
> + entry_id = rule->entry_id[i];
> + slot_id = ICE_LO_DWORD(entry_id);
> rte_bitmap_set(pf->acl.slots, slot_id);
> - ice_flow_rem_entry(hw, ICE_BLK_ACL,
> - pf->acl.hw_entry_id[slot_id]);
> + ice_acl_del_entry(hw, entry_id);
> }
> break;
> case ICE_FLTR_PTYPE_NONF_IPV4_UDP:
> case ICE_FLTR_PTYPE_NONF_IPV4_TCP:
> case ICE_FLTR_PTYPE_NONF_IPV4_SCTP:
> - slot_id = rule->entry_id[0];
> + entry_id = rule->entry_id[0];
> + slot_id = ICE_LO_DWORD(entry_id);
> rte_bitmap_set(pf->acl.slots, slot_id);
> - ice_flow_rem_entry(hw, ICE_BLK_ACL,
> - pf->acl.hw_entry_id[slot_id]);
> + ice_acl_del_entry(hw, entry_id);
> break;
> default:
> rte_flow_error_set(error, EINVAL,
> --
> 2.27.0
Reviewed-by: Simei Su <simei.su at intel.com>
More information about the stable
mailing list