diff mbox series

net/mlx5: fix refuse empty VLAN validation

Message ID 20210119170700.25918-1-shirik@nvidia.com (mailing list archive)
State Accepted, archived
Delegated to: Raslan Darawsheh
Headers
Series net/mlx5: fix refuse empty VLAN validation |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-broadcom-Functional success Functional Testing PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/intel-Testing success Testing PASS
ci/iol-mellanox-Functional success Functional Testing PASS
ci/iol-abi-testing success Testing PASS
ci/iol-testing warning Testing issues

Commit Message

Shiri Kuzin Jan. 19, 2021, 5:07 p.m. UTC 
  In verbs, an empty VLAN is equivalent to a packet without VLAN layer,
hence, the VLAN item should not be empty and this case is rejected.

However, the case for ether type of VLAN without following VLAN item
was not validated, allowing the creation of a flow with empty
VLAN item.

To fix this issue a validation was added requiring ether type of VLAN
will be followed with VLAN item.

Fixes: 0b1edd21cd78 ("net/mlx5: refuse empty VLAN flow specification")
Cc: stable@dpdk.org

Signed-off-by: Shiri Kuzin <shirik@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
---
 drivers/net/mlx5/mlx5_flow_verbs.c | 8 ++++++++
 1 file changed, 8 insertions(+)

Comments

Raslan Darawsheh Jan. 24, 2021, 10:44 a.m. UTC | #1 
Hi,

> -----Original Message-----
> From: Shiri Kuzin <shirik@nvidia.com>
> Sent: Tuesday, January 19, 2021 7:07 PM
> To: dev@dpdk.org
> Cc: Matan Azrad <matan@nvidia.com>; Slava Ovsiienko
> <viacheslavo@nvidia.com>; Shahaf Shuler <shahafs@nvidia.com>; Raslan
> Darawsheh <rasland@nvidia.com>; stable@dpdk.org
> Subject: [PATCH] net/mlx5: fix refuse empty VLAN validation
> 
> In verbs, an empty VLAN is equivalent to a packet without VLAN layer,
> hence, the VLAN item should not be empty and this case is rejected.
> 
> However, the case for ether type of VLAN without following VLAN item
> was not validated, allowing the creation of a flow with empty
> VLAN item.
> 
> To fix this issue a validation was added requiring ether type of VLAN
> will be followed with VLAN item.
> 
> Fixes: 0b1edd21cd78 ("net/mlx5: refuse empty VLAN flow specification")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Shiri Kuzin <shirik@nvidia.com>
> Acked-by: Matan Azrad <matan@nvidia.com>
> ---

Patch applied to next-net-mlx,
Kindest regards,
Raslan Darawsheh
diff mbox series

Patch

diff --git a/drivers/net/mlx5/mlx5_flow_verbs.c b/drivers/net/mlx5/mlx5_flow_verbs.c
index 2d4381946d..827d2ecf9d 100644
--- a/drivers/net/mlx5/mlx5_flow_verbs.c
+++ b/drivers/net/mlx5/mlx5_flow_verbs.c
@@ -1253,6 +1253,7 @@  flow_verbs_validate(struct rte_eth_dev *dev,
 	uint64_t last_item = 0;
 	uint8_t next_protocol = 0xff;
 	uint16_t ether_type = 0;
+	bool is_empty_vlan = false;
 
 	if (items == NULL)
 		return -1;
@@ -1280,6 +1281,8 @@  flow_verbs_validate(struct rte_eth_dev *dev,
 				ether_type &=
 					((const struct rte_flow_item_eth *)
 					 items->mask)->type;
+				if (ether_type == RTE_BE16(RTE_ETHER_TYPE_VLAN))
+					is_empty_vlan = true;
 				ether_type = rte_be_to_cpu_16(ether_type);
 			} else {
 				ether_type = 0;
@@ -1305,6 +1308,7 @@  flow_verbs_validate(struct rte_eth_dev *dev,
 			} else {
 				ether_type = 0;
 			}
+			is_empty_vlan = false;
 			break;
 		case RTE_FLOW_ITEM_TYPE_IPV4:
 			ret = mlx5_flow_validate_item_ipv4
@@ -1416,6 +1420,10 @@  flow_verbs_validate(struct rte_eth_dev *dev,
 		}
 		item_flags |= last_item;
 	}
+	if (is_empty_vlan)
+		return rte_flow_error_set(error, ENOTSUP,
+						 RTE_FLOW_ERROR_TYPE_ITEM, NULL,
+		    "VLAN matching without vid specification is not supported");
 	for (; actions->type != RTE_FLOW_ACTION_TYPE_END; actions++) {
 		switch (actions->type) {
 		case RTE_FLOW_ACTION_TYPE_VOID: