net/mlx5: fix use of local array for global error
Checks
Commit Message
Recent patch uses a local string array as input for function
rte_flow_error_set().
This stack memory may be later used by other code sections,
overwriting the desired error string.
This patch impelemnets an error string for the specific case
requested, of ICMP item not supported in Verbs flow engine.
Fixes: cb6a02dcea9d ("net/mlx5: support item type error message in flow Verbs")
Signed-off-by: Dekel Peled <dekelp@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
---
drivers/net/mlx5/mlx5_flow_verbs.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
Comments
Hi,
> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Dekel Peled
> Sent: Wednesday, November 4, 2020 4:25 PM
> To: Slava Ovsiienko <viacheslavo@nvidia.com>; Shahaf Shuler
> <shahafs@nvidia.com>; Matan Azrad <matan@nvidia.com>
> Cc: dev@dpdk.org
> Subject: [dpdk-dev] [PATCH] net/mlx5: fix use of local array for global error
>
> Recent patch uses a local string array as input for function
> rte_flow_error_set().
> This stack memory may be later used by other code sections,
> overwriting the desired error string.
>
> This patch impelemnets an error string for the specific case
> requested, of ICMP item not supported in Verbs flow engine.
>
> Fixes: cb6a02dcea9d ("net/mlx5: support item type error message in flow
> Verbs")
>
> Signed-off-by: Dekel Peled <dekelp@nvidia.com>
> Acked-by: Matan Azrad <matan@nvidia.com>
> ---
> drivers/net/mlx5/mlx5_flow_verbs.c | 16 ++++++++--------
> 1 file changed, 8 insertions(+), 8 deletions(-)
>
Patch applied to next-net-mlx,
Kindest regards,
Raslan Darawsheh
@@ -1247,7 +1247,6 @@
uint64_t last_item = 0;
uint8_t next_protocol = 0xff;
uint16_t ether_type = 0;
- char errstr[32];
if (items == NULL)
return -1;
@@ -1398,12 +1397,16 @@
return ret;
last_item = MLX5_FLOW_LAYER_MPLS;
break;
+ case RTE_FLOW_ITEM_TYPE_ICMP:
+ case RTE_FLOW_ITEM_TYPE_ICMP6:
+ return rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_ITEM,
+ NULL, "ICMP/ICMP6 "
+ "item not supported");
default:
- snprintf(errstr, sizeof(errstr), "item type %d not supported",
- items->type);
return rte_flow_error_set(error, ENOTSUP,
RTE_FLOW_ERROR_TYPE_ITEM,
- NULL, errstr);
+ NULL, "item not supported");
}
item_flags |= last_item;
}
@@ -1698,7 +1701,6 @@
struct mlx5_priv *priv = dev->data->dev_private;
struct mlx5_flow_workspace *wks = mlx5_flow_get_thread_workspace();
struct mlx5_flow_rss_desc *rss_desc;
- char errstr[32];
MLX5_ASSERT(wks);
rss_desc = &wks->rss_desc[!!wks->flow_nested_idx];
@@ -1846,11 +1848,9 @@
item_flags |= MLX5_FLOW_LAYER_MPLS;
break;
default:
- snprintf(errstr, sizeof(errstr), "item type %d not supported",
- items->type);
return rte_flow_error_set(error, ENOTSUP,
RTE_FLOW_ERROR_TYPE_ITEM,
- NULL, errstr);
+ NULL, "item not supported");
}
}
dev_flow->handle->layers = item_flags;