i40e: fix segfault when using custom RSS key
Checks
Commit Message
&out->conf and in can point to the same memory area. Reinitialization of
out->conf leads to setting in->key to NULL, but leaves key_len 40. This
leads to segfault on destruction of the RSS flow action. The segfault
happens inside i40e_action_rss_same(), when comparing comp->key and
with->key, because both comp->key_len and with->key_len are 40 (should
be 0).
Reproduction steps (testpmd):
port stop 0
flow create 0 ingress pattern end actions rss func default level 0\
key 6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a\
key_len 40 queues 0 end / end
port start 0
set link-up port 0
start
stop
set link-down port 0
port stop 0
flow destroy 0 rule 0
(Segmentation fault)
Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow API")
Signed-off-by: Elena Carasec <xcaras00@stud.fit.vutbr.cz>
Signed-off-by: Jan Viktorin <viktorin@cesnet.cz>
---
drivers/net/i40e/i40e_ethdev.c | 2 ++
1 file changed, 2 insertions(+)
Comments
> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Elena Carasec
> Sent: Wednesday, August 26, 2020 7:28 PM
> To: dev@dpdk.org
> Cc: Elena Carasec <xcaras00@stud.fit.vutbr.cz>; stable@dpdk.org; Xing, Beilei
> <beilei.xing@intel.com>; Zhang, Qi Z <qi.z.zhang@intel.com>; Adrien
> Mazarguil <adrien.mazarguil@6wind.com>; Andrew Rybchenko
> <arybchenko@solarflare.com>; Luca Boccassi <bluca@debian.org>; Jan
> Viktorin <viktorin@cesnet.cz>
> Subject: [dpdk-dev] [PATCH] i40e: fix segfault when using custom RSS key
>
> &out->conf and in can point to the same memory area. Reinitialization of
> out->conf leads to setting in->key to NULL, but leaves key_len 40. This
> leads to segfault on destruction of the RSS flow action. The segfault happens
> inside i40e_action_rss_same(), when comparing comp->key and
> with->key, because both comp->key_len and with->key_len are 40 (should
> be 0).
>
> Reproduction steps (testpmd):
>
> port stop 0
> flow create 0 ingress pattern end actions rss func default level 0\
> key
> 6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5
> a6d5a6d5a6d5a6d5a\
> key_len 40 queues 0 end / end
> port start 0
> set link-up port 0
> start
> stop
> set link-down port 0
> port stop 0
> flow destroy 0 rule 0
> (Segmentation fault)
Hi,
Thanks for the fix.
But according to Chenxu and Shougang's test, this issue doesn't exist after DPDK 20.05,
where RSS configuration has been refactored.
Could you please retry with the latest DPDK?
BR,
Beilei
>
> Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow API")
>
> Signed-off-by: Elena Carasec <xcaras00@stud.fit.vutbr.cz>
> Signed-off-by: Jan Viktorin <viktorin@cesnet.cz>
> ---
> drivers/net/i40e/i40e_ethdev.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
> index 11c02b1..a5fe130 100644
> --- a/drivers/net/i40e/i40e_ethdev.c
> +++ b/drivers/net/i40e/i40e_ethdev.c
> @@ -13211,6 +13211,8 @@ struct i40e_customized_pctype*
> return -EINVAL;
> if (!in->key && in->key_len)
> return -EINVAL;
> + if (&out->conf == in)
> + return 0;
> out->conf = (struct rte_flow_action_rss){
> .func = in->func,
> .level = in->level,
> --
> 1.8.3.1
Hello,
We admit that the mistake was from our part.
New tests' results have revealed that from DPDK v20.05 this issue
does not exist anymore. So, this patch is applicable for DPDK
v20.02 and older.
Kind regards,
Elena Carasec
-------- Original Message --------
Subject: RE: [dpdk-dev] [PATCH] i40e: fix segfault when using custom RSS
key
Date: 2020-08-28 08:38
From: "Xing, Beilei" <beilei.xing@intel.com>
To: Elena Carasec <xcaras00@stud.fit.vutbr.cz>, "dev@dpdk.org"
<dev@dpdk.org>
> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Elena Carasec
> Sent: Wednesday, August 26, 2020 7:28 PM
> To: dev@dpdk.org
> Cc: Elena Carasec <xcaras00@stud.fit.vutbr.cz>; stable@dpdk.org; Xing,
> Beilei
> <beilei.xing@intel.com>; Zhang, Qi Z <qi.z.zhang@intel.com>; Adrien
> Mazarguil <adrien.mazarguil@6wind.com>; Andrew Rybchenko
> <arybchenko@solarflare.com>; Luca Boccassi <bluca@debian.org>; Jan
> Viktorin <viktorin@cesnet.cz>
> Subject: [dpdk-dev] [PATCH] i40e: fix segfault when using custom RSS
> key
>
> &out->conf and in can point to the same memory area. Reinitialization
> of
> out->conf leads to setting in->key to NULL, but leaves key_len 40. This
> leads to segfault on destruction of the RSS flow action. The segfault
> happens
> inside i40e_action_rss_same(), when comparing comp->key and
> with->key, because both comp->key_len and with->key_len are 40 (should
> be 0).
>
> Reproduction steps (testpmd):
>
> port stop 0
> flow create 0 ingress pattern end actions rss func default level 0\
> key
> 6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5
> a6d5a6d5a6d5a6d5a\
> key_len 40 queues 0 end / end
> port start 0
> set link-up port 0
> start
> stop
> set link-down port 0
> port stop 0
> flow destroy 0 rule 0
> (Segmentation fault)
Hi,
Thanks for the fix.
But according to Chenxu and Shougang's test, this issue doesn't exist
after DPDK 20.05,
where RSS configuration has been refactored.
Could you please retry with the latest DPDK?
BR,
Beilei
>
> Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow API")
>
> Signed-off-by: Elena Carasec <xcaras00@stud.fit.vutbr.cz>
> Signed-off-by: Jan Viktorin <viktorin@cesnet.cz>
> ---
> drivers/net/i40e/i40e_ethdev.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/net/i40e/i40e_ethdev.c
> b/drivers/net/i40e/i40e_ethdev.c
> index 11c02b1..a5fe130 100644
> --- a/drivers/net/i40e/i40e_ethdev.c
> +++ b/drivers/net/i40e/i40e_ethdev.c
> @@ -13211,6 +13211,8 @@ struct i40e_customized_pctype*
> return -EINVAL;
> if (!in->key && in->key_len)
> return -EINVAL;
> + if (&out->conf == in)
> + return 0;
> out->conf = (struct rte_flow_action_rss){
> .func = in->func,
> .level = in->level,
> --
> 1.8.3.1
Hi,
On 28/08/2020 13:52, Carasec Elena wrote:
> Hello,
>
> We admit that the mistake was from our part.
> New tests' results have revealed that from DPDK v20.05 this issue
> does not exist anymore. So, this patch is applicable for DPDK
> v20.02 and older.
>
The "Fixed:" commit is first in 18.05, so looks like this is valid for
18.11 and 19.11 LTS branches. Please confirm, and it will need i40e
maintainers ack too.
thanks,
Kevin.
> Kind regards,
> Elena Carasec
>
>
>
> -------- Original Message --------
> Subject: RE: [dpdk-dev] [PATCH] i40e: fix segfault when using custom RSS
> key
> Date: 2020-08-28 08:38
> From: "Xing, Beilei" <beilei.xing@intel.com>
> To: Elena Carasec <xcaras00@stud.fit.vutbr.cz>, "dev@dpdk.org"
> <dev@dpdk.org>
>
>> -----Original Message-----
>> From: dev <dev-bounces@dpdk.org> On Behalf Of Elena Carasec
>> Sent: Wednesday, August 26, 2020 7:28 PM
>> To: dev@dpdk.org
>> Cc: Elena Carasec <xcaras00@stud.fit.vutbr.cz>; stable@dpdk.org; Xing,
>> Beilei
>> <beilei.xing@intel.com>; Zhang, Qi Z <qi.z.zhang@intel.com>; Adrien
>> Mazarguil <adrien.mazarguil@6wind.com>; Andrew Rybchenko
>> <arybchenko@solarflare.com>; Luca Boccassi <bluca@debian.org>; Jan
>> Viktorin <viktorin@cesnet.cz>
>> Subject: [dpdk-dev] [PATCH] i40e: fix segfault when using custom RSS
>> key
>>
>> &out->conf and in can point to the same memory area. Reinitialization
>> of
>> out->conf leads to setting in->key to NULL, but leaves key_len 40. This
>> leads to segfault on destruction of the RSS flow action. The segfault
>> happens
>> inside i40e_action_rss_same(), when comparing comp->key and
>> with->key, because both comp->key_len and with->key_len are 40 (should
>> be 0).
>>
>> Reproduction steps (testpmd):
>>
>> port stop 0
>> flow create 0 ingress pattern end actions rss func default level 0\
>> key
>> 6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5
>> a6d5a6d5a6d5a6d5a\
>> key_len 40 queues 0 end / end
>> port start 0
>> set link-up port 0
>> start
>> stop
>> set link-down port 0
>> port stop 0
>> flow destroy 0 rule 0
>> (Segmentation fault)
>
> Hi,
>
> Thanks for the fix.
> But according to Chenxu and Shougang's test, this issue doesn't exist
> after DPDK 20.05,
> where RSS configuration has been refactored.
> Could you please retry with the latest DPDK?
>
> BR,
> Beilei
>
>>
>> Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow API")
>>
>> Signed-off-by: Elena Carasec <xcaras00@stud.fit.vutbr.cz>
>> Signed-off-by: Jan Viktorin <viktorin@cesnet.cz>
>> ---
>> drivers/net/i40e/i40e_ethdev.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/drivers/net/i40e/i40e_ethdev.c
>> b/drivers/net/i40e/i40e_ethdev.c
>> index 11c02b1..a5fe130 100644
>> --- a/drivers/net/i40e/i40e_ethdev.c
>> +++ b/drivers/net/i40e/i40e_ethdev.c
>> @@ -13211,6 +13211,8 @@ struct i40e_customized_pctype*
>> return -EINVAL;
>> if (!in->key && in->key_len)
>> return -EINVAL;
>> + if (&out->conf == in)
>> + return 0;
>> out->conf = (struct rte_flow_action_rss){
>> .func = in->func,
>> .level = in->level,
>> --
>> 1.8.3.1
>
Hi,
Yes, it is valid for the branches 18.11 and 19.11 LTS.
Best regards,
Elena
-------- Původní zpráva --------
Předmět: Re: [dpdk-stable] [dpdk-dev] [PATCH] i40e: fix segfault when
using custom RSS key
Datum: 2020-08-28 15:05
Odesílatel: Kevin Traynor <ktraynor@redhat.com>
Adresát: Carasec Elena <xcaras00@stud.fit.vutbr.cz>, "Xing, Beilei"
<beilei.xing@intel.com>
Hi,
On 28/08/2020 13:52, Carasec Elena wrote:
> Hello,
>
> We admit that the mistake was from our part.
> New tests' results have revealed that from DPDK v20.05 this issue
> does not exist anymore. So, this patch is applicable for DPDK
> v20.02 and older.
>
The "Fixed:" commit is first in 18.05, so looks like this is valid for
18.11 and 19.11 LTS branches. Please confirm, and it will need i40e
maintainers ack too.
thanks,
Kevin.
> Kind regards,
> Elena Carasec
>
>
>
> -------- Original Message --------
> Subject: RE: [dpdk-dev] [PATCH] i40e: fix segfault when using custom
> RSS
> key
> Date: 2020-08-28 08:38
> From: "Xing, Beilei" <beilei.xing@intel.com>
> To: Elena Carasec <xcaras00@stud.fit.vutbr.cz>, "dev@dpdk.org"
> <dev@dpdk.org>
>
>> -----Original Message-----
>> From: dev <dev-bounces@dpdk.org> On Behalf Of Elena Carasec
>> Sent: Wednesday, August 26, 2020 7:28 PM
>> To: dev@dpdk.org
>> Cc: Elena Carasec <xcaras00@stud.fit.vutbr.cz>; stable@dpdk.org; Xing,
>> Beilei
>> <beilei.xing@intel.com>; Zhang, Qi Z <qi.z.zhang@intel.com>; Adrien
>> Mazarguil <adrien.mazarguil@6wind.com>; Andrew Rybchenko
>> <arybchenko@solarflare.com>; Luca Boccassi <bluca@debian.org>; Jan
>> Viktorin <viktorin@cesnet.cz>
>> Subject: [dpdk-dev] [PATCH] i40e: fix segfault when using custom RSS
>> key
>>
>> &out->conf and in can point to the same memory area. Reinitialization
>> of
>> out->conf leads to setting in->key to NULL, but leaves key_len 40.
>> This
>> leads to segfault on destruction of the RSS flow action. The segfault
>> happens
>> inside i40e_action_rss_same(), when comparing comp->key and
>> with->key, because both comp->key_len and with->key_len are 40 (should
>> be 0).
>>
>> Reproduction steps (testpmd):
>>
>> port stop 0
>> flow create 0 ingress pattern end actions rss func default level 0\
>> key
>> 6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5
>> a6d5a6d5a6d5a6d5a\
>> key_len 40 queues 0 end / end
>> port start 0
>> set link-up port 0
>> start
>> stop
>> set link-down port 0
>> port stop 0
>> flow destroy 0 rule 0
>> (Segmentation fault)
>
> Hi,
>
> Thanks for the fix.
> But according to Chenxu and Shougang's test, this issue doesn't exist
> after DPDK 20.05,
> where RSS configuration has been refactored.
> Could you please retry with the latest DPDK?
>
> BR,
> Beilei
>
>>
>> Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow API")
>>
>> Signed-off-by: Elena Carasec <xcaras00@stud.fit.vutbr.cz>
>> Signed-off-by: Jan Viktorin <viktorin@cesnet.cz>
>> ---
>> drivers/net/i40e/i40e_ethdev.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/drivers/net/i40e/i40e_ethdev.c
>> b/drivers/net/i40e/i40e_ethdev.c
>> index 11c02b1..a5fe130 100644
>> --- a/drivers/net/i40e/i40e_ethdev.c
>> +++ b/drivers/net/i40e/i40e_ethdev.c
>> @@ -13211,6 +13211,8 @@ struct i40e_customized_pctype*
>> return -EINVAL;
>> if (!in->key && in->key_len)
>> return -EINVAL;
>> + if (&out->conf == in)
>> + return 0;
>> out->conf = (struct rte_flow_action_rss){
>> .func = in->func,
>> .level = in->level,
>> --
>> 1.8.3.1
>
@@ -13211,6 +13211,8 @@ struct i40e_customized_pctype*
return -EINVAL;
if (!in->key && in->key_len)
return -EINVAL;
+ if (&out->conf == in)
+ return 0;
out->conf = (struct rte_flow_action_rss){
.func = in->func,
.level = in->level,