diff mbox

[dpdk-dev,v2,2/2] ethdev: fix shallow copy of flow API RAW item

Message ID 20180521114345.690-2-adrien.mazarguil@6wind.com (mailing list archive)
State Accepted, archived
Delegated to: Ferruh Yigit
Headers

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK

Commit Message

Adrien Mazarguil May 21, 2018, 11:44 a.m. UTC 
  Like original commit mentioned below, this fix synchronizes flow rule copy
function with testpmd's own implementation following "app/testpmd: fix copy
of raw flow item (revisited)".

It addresses a crash that occurs when feeding a RAW pattern item to
rte_flow_copy(). Besides external applications, two PMDs (bonding and
failsafe) rely on this function internally.

Note the scope of this patch is limited to the RAW pattern item and has no
impact on all others.

Fixes: 972bf3610611 ("ethdev: fix shallow copy of flow API RSS action")
Cc: stable@dpdk.org
Cc: Qi Zhang <qi.z.zhang@intel.com>

Signed-off-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>

---

v2 changes:

- Fixed commit ID on "Fixes" line.
- Described the crash addressed by this patch so people do not have to
  derive this information from the referenced commits.
---
 lib/librte_ethdev/rte_flow.c | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)
diff mbox

Patch

diff --git a/lib/librte_ethdev/rte_flow.c b/lib/librte_ethdev/rte_flow.c
index 7947529da..b2afba089 100644
--- a/lib/librte_ethdev/rte_flow.c
+++ b/lib/librte_ethdev/rte_flow.c
@@ -300,17 +300,26 @@  flow_item_spec_copy(void *buf, const struct rte_flow_item *item,
 		    enum item_spec_type type)
 {
 	size_t size = 0;
-	const void *item_spec =
+	const void *data =
 		type == ITEM_SPEC ? item->spec :
 		type == ITEM_LAST ? item->last :
 		type == ITEM_MASK ? item->mask :
 		NULL;
 
-	if (!item_spec)
+	if (!item->spec || !data)
 		goto empty;
 	switch (item->type) {
 		union {
 			const struct rte_flow_item_raw *raw;
+		} spec;
+		union {
+			const struct rte_flow_item_raw *raw;
+		} last;
+		union {
+			const struct rte_flow_item_raw *raw;
+		} mask;
+		union {
+			const struct rte_flow_item_raw *raw;
 		} src;
 		union {
 			struct rte_flow_item_raw *raw;
@@ -318,11 +327,21 @@  flow_item_spec_copy(void *buf, const struct rte_flow_item *item,
 		size_t off;
 
 	case RTE_FLOW_ITEM_TYPE_RAW:
-		src.raw = item_spec;
+		spec.raw = item->spec;
+		last.raw = item->last ? item->last : item->spec;
+		mask.raw = item->mask ? item->mask : &rte_flow_item_raw_mask;
+		src.raw = data;
 		dst.raw = buf;
 		off = RTE_ALIGN_CEIL(sizeof(struct rte_flow_item_raw),
 				     sizeof(*src.raw->pattern));
-		size = off + src.raw->length * sizeof(*src.raw->pattern);
+		if (type == ITEM_SPEC ||
+		    (type == ITEM_MASK &&
+		     ((spec.raw->length & mask.raw->length) >=
+		      (last.raw->length & mask.raw->length))))
+			size = spec.raw->length & mask.raw->length;
+		else
+			size = last.raw->length & mask.raw->length;
+		size = off + size * sizeof(*src.raw->pattern);
 		if (dst.raw) {
 			memcpy(dst.raw, src.raw, sizeof(*src.raw));
 			dst.raw->pattern = memcpy((uint8_t *)dst.raw + off,
@@ -333,7 +352,7 @@  flow_item_spec_copy(void *buf, const struct rte_flow_item *item,
 	default:
 		size = rte_flow_desc_item[item->type].size;
 		if (buf)
-			memcpy(buf, item_spec, size);
+			memcpy(buf, data, size);
 		break;
 	}
 empty: