net/i40e: add parameter check for RSS flow init

Message ID 1542014724-68073-1-git-send-email-wei.zhao1@intel.com (mailing list archive)
State Accepted, archived
Delegated to: Qi Zhang
Headers
Series net/i40e: add parameter check for RSS flow init |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/mellanox-Performance-Testing success Performance Testing PASS
ci/intel-Performance-Testing success Performance Testing PASS
ci/Intel-compilation success Compilation OK

Commit Message

Zhao1, Wei Nov. 12, 2018, 9:25 a.m. UTC
  There need an parameter check for RSS flow init, or it may cause
core dump if pointer is NULL in memory copy.

Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow API")

Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
---
 drivers/net/i40e/i40e_ethdev.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
  

Comments

Zhao1, Wei Nov. 13, 2018, 1:29 a.m. UTC | #1
Hi, Adrien Mazarguil

	Peng yuan has find this problem, if you  use the following test step, You will find the problem.

./x86_64-native-linuxapp-gcc/app/testpmd -c 1ffff -n 4 - -i --nb-cores=8 --rxq=4 --txq=4 --port-topology=chained
...............
testpmd> start
testpmd> flow create 0 ingress pattern end actions rss types ipv4-udp end key 67108863 / end
 Segmentation fault (core dumped)


https://patches.dpdk.org/patch/47995/ 
This is the protection I have add, but you still need fix some bug in rte_flow CLI.


> -----Original Message-----
> From: Adrien Mazarguil [mailto:adrien.mazarguil@6wind.com]
> Sent: Monday, November 12, 2018 10:03 PM
> To: Zhao1, Wei <wei.zhao1@intel.com>
> Cc: Peng, Yuan <yuan.peng@intel.com>
> Subject: Re: FW: [PATCH] net/i40e: add parameter check for RSS flow init
> 
> Hi Wei,
> 
> On Mon, Nov 12, 2018 at 10:02:20AM +0000, Zhao1, Wei wrote:
> > Hi, adrien.mazarguil
> >
> >    There is some error in CML layer for config this parameter, in
> > i40e PMD it will get NULL of  in->key even if tester config Some specific key
> from testpmd CLI, I add some protection but you also need fix that bug in CLI
> layer.
> 
> Odd, is that new? You shouldn't need to worry about the pointer if key_len is
> zero.
> 
> Isn't this problem related to commit a4391f8bae85 "app/testpmd: set default
> RSS key as null"? There's an ongoing discussion to revert this patch [1].

testpmd> flow create 0 ingress pattern end actions rss types ipv4-udp end key 67108863 / end

This CLI command key is not NLLL, but i40E PMD get NULL.

> [1] https://mails.dpdk.org/archives/dev/2018-November/118633.html
> 
> > > -----Original Message-----
> > > From: Zhao1, Wei
> > > Sent: Monday, November 12, 2018 5:25 PM
> > > To: dev@dpdk.org
> > > Cc: Zhang, Qi Z <qi.z.zhang@intel.com>; stable@dpdk.org; Peng, Yuan
> > > <yuan.peng@intel.com>; Zhao1, Wei <wei.zhao1@intel.com>
> > > Subject: [PATCH] net/i40e: add parameter check for RSS flow init
> > >
> > > There need an parameter check for RSS flow init, or it may cause
> > > core dump if pointer is NULL in memory copy.
> > >
> > > Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow
> > > API")
> > >
> > > Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
> > > ---
> > >  drivers/net/i40e/i40e_ethdev.c | 5 ++++-
> > >  1 file changed, 4 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/net/i40e/i40e_ethdev.c
> > > b/drivers/net/i40e/i40e_ethdev.c index 1c77906..217a8dc 100644
> > > --- a/drivers/net/i40e/i40e_ethdev.c
> > > +++ b/drivers/net/i40e/i40e_ethdev.c
> > > @@ -12552,13 +12552,16 @@ i40e_rss_conf_init(struct
> > > i40e_rte_flow_rss_conf *out,
> > >  	if (in->key_len > RTE_DIM(out->key) ||
> > >  	    in->queue_num > RTE_DIM(out->queue))
> > >  		return -EINVAL;
> > > +	if (!in->key && in->key_len)
> > > +		return -EINVAL;
> > > +	if (out->key && in->key)
> > > +		out->conf.key = memcpy(out->key, in->key, in->key_len);
> > >  	out->conf = (struct rte_flow_action_rss){
> > >  		.func = in->func,
> > >  		.level = in->level,
> > >  		.types = in->types,
> > >  		.key_len = in->key_len,
> > >  		.queue_num = in->queue_num,
> > > -		.key = memcpy(out->key, in->key, in->key_len),
> > >  		.queue = memcpy(out->queue, in->queue,
> > >  				sizeof(*in->queue) * in->queue_num),
> > >  	};
> > > --
> > > 2.7.5
> >
> 
> --
> Adrien Mazarguil
> 6WIND
  
Peng, Yuan Nov. 13, 2018, 2:27 a.m. UTC | #2
Hi, Adrien Mazarguil

Yes. It's just the problem related to commit a4391f8bae85db0153e1f101c21c61151573baad "app/testpmd: set default RSS key as null".
You can check the detailed bug information from https://jira01.devtools.intel.com/browse/DPDK-7136?filter=-2

Thank you.
Yuan.

-----Original Message-----
From: Zhao1, Wei 
Sent: Tuesday, November 13, 2018 9:29 AM
To: Adrien Mazarguil <adrien.mazarguil@6wind.com>
Cc: Peng, Yuan <yuan.peng@intel.com>; dev@dpdk.org
Subject: RE: FW: [PATCH] net/i40e: add parameter check for RSS flow init

Hi, Adrien Mazarguil

	Peng yuan has find this problem, if you  use the following test step, You will find the problem.

./x86_64-native-linuxapp-gcc/app/testpmd -c 1ffff -n 4 - -i --nb-cores=8 --rxq=4 --txq=4 --port-topology=chained ...............
testpmd> start
testpmd> flow create 0 ingress pattern end actions rss types ipv4-udp 
testpmd> end key 67108863 / end
 Segmentation fault (core dumped)


https://patches.dpdk.org/patch/47995/
This is the protection I have add, but you still need fix some bug in rte_flow CLI.


> -----Original Message-----
> From: Adrien Mazarguil [mailto:adrien.mazarguil@6wind.com]
> Sent: Monday, November 12, 2018 10:03 PM
> To: Zhao1, Wei <wei.zhao1@intel.com>
> Cc: Peng, Yuan <yuan.peng@intel.com>
> Subject: Re: FW: [PATCH] net/i40e: add parameter check for RSS flow init
> 
> Hi Wei,
> 
> On Mon, Nov 12, 2018 at 10:02:20AM +0000, Zhao1, Wei wrote:
> > Hi, adrien.mazarguil
> >
> >    There is some error in CML layer for config this parameter, in
> > i40e PMD it will get NULL of  in->key even if tester config Some specific key
> from testpmd CLI, I add some protection but you also need fix that bug in CLI
> layer.
> 
> Odd, is that new? You shouldn't need to worry about the pointer if key_len is
> zero.
> 
> Isn't this problem related to commit a4391f8bae85 "app/testpmd: set default
> RSS key as null"? There's an ongoing discussion to revert this patch [1].

testpmd> flow create 0 ingress pattern end actions rss types ipv4-udp end key 67108863 / end

This CLI command key is not NLLL, but i40E PMD get NULL.

> [1] https://mails.dpdk.org/archives/dev/2018-November/118633.html
> 
> > > -----Original Message-----
> > > From: Zhao1, Wei
> > > Sent: Monday, November 12, 2018 5:25 PM
> > > To: dev@dpdk.org
> > > Cc: Zhang, Qi Z <qi.z.zhang@intel.com>; stable@dpdk.org; Peng, Yuan
> > > <yuan.peng@intel.com>; Zhao1, Wei <wei.zhao1@intel.com>
> > > Subject: [PATCH] net/i40e: add parameter check for RSS flow init
> > >
> > > There need an parameter check for RSS flow init, or it may cause
> > > core dump if pointer is NULL in memory copy.
> > >
> > > Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow
> > > API")
> > >
> > > Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
> > > ---
> > >  drivers/net/i40e/i40e_ethdev.c | 5 ++++-
> > >  1 file changed, 4 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/net/i40e/i40e_ethdev.c
> > > b/drivers/net/i40e/i40e_ethdev.c index 1c77906..217a8dc 100644
> > > --- a/drivers/net/i40e/i40e_ethdev.c
> > > +++ b/drivers/net/i40e/i40e_ethdev.c
> > > @@ -12552,13 +12552,16 @@ i40e_rss_conf_init(struct
> > > i40e_rte_flow_rss_conf *out,
> > >  	if (in->key_len > RTE_DIM(out->key) ||
> > >  	    in->queue_num > RTE_DIM(out->queue))
> > >  		return -EINVAL;
> > > +	if (!in->key && in->key_len)
> > > +		return -EINVAL;
> > > +	if (out->key && in->key)
> > > +		out->conf.key = memcpy(out->key, in->key, in->key_len);
> > >  	out->conf = (struct rte_flow_action_rss){
> > >  		.func = in->func,
> > >  		.level = in->level,
> > >  		.types = in->types,
> > >  		.key_len = in->key_len,
> > >  		.queue_num = in->queue_num,
> > > -		.key = memcpy(out->key, in->key, in->key_len),
> > >  		.queue = memcpy(out->queue, in->queue,
> > >  				sizeof(*in->queue) * in->queue_num),
> > >  	};
> > > --
> > > 2.7.5
> >
> 
> --
> Adrien Mazarguil
> 6WIND
  
Zhao1, Wei Nov. 13, 2018, 2:41 a.m. UTC | #3
Add Ophir Munk for discussion.


> -----Original Message-----
> From: Peng, Yuan
> Sent: Tuesday, November 13, 2018 10:27 AM
> To: Zhao1, Wei <wei.zhao1@intel.com>; Adrien Mazarguil
> <adrien.mazarguil@6wind.com>
> Cc: dev@dpdk.org
> Subject: RE: FW: [PATCH] net/i40e: add parameter check for RSS flow init
> 
> Hi, Adrien Mazarguil
> 
> Yes. It's just the problem related to commit
> a4391f8bae85db0153e1f101c21c61151573baad "app/testpmd: set default RSS
> key as null".
> You can check the detailed bug information from
> https://jira01.devtools.intel.com/browse/DPDK-7136?filter=-2
> 
> Thank you.
> Yuan.
> 
> -----Original Message-----
> From: Zhao1, Wei
> Sent: Tuesday, November 13, 2018 9:29 AM
> To: Adrien Mazarguil <adrien.mazarguil@6wind.com>
> Cc: Peng, Yuan <yuan.peng@intel.com>; dev@dpdk.org
> Subject: RE: FW: [PATCH] net/i40e: add parameter check for RSS flow init
> 
> Hi, Adrien Mazarguil
> 
> 	Peng yuan has find this problem, if you  use the following test step,
> You will find the problem.
> 
> ./x86_64-native-linuxapp-gcc/app/testpmd -c 1ffff -n 4 - -i --nb-cores=8 --
> rxq=4 --txq=4 --port-topology=chained ...............
> testpmd> start
> testpmd> flow create 0 ingress pattern end actions rss types ipv4-udp
> testpmd> end key 67108863 / end
>  Segmentation fault (core dumped)
> 
> 
> https://patches.dpdk.org/patch/47995/
> This is the protection I have add, but you still need fix some bug in rte_flow
> CLI.
> 
> 
> > -----Original Message-----
> > From: Adrien Mazarguil [mailto:adrien.mazarguil@6wind.com]
> > Sent: Monday, November 12, 2018 10:03 PM
> > To: Zhao1, Wei <wei.zhao1@intel.com>
> > Cc: Peng, Yuan <yuan.peng@intel.com>
> > Subject: Re: FW: [PATCH] net/i40e: add parameter check for RSS flow
> > init
> >
> > Hi Wei,
> >
> > On Mon, Nov 12, 2018 at 10:02:20AM +0000, Zhao1, Wei wrote:
> > > Hi, adrien.mazarguil
> > >
> > >    There is some error in CML layer for config this parameter, in
> > > i40e PMD it will get NULL of  in->key even if tester config Some
> > > specific key
> > from testpmd CLI, I add some protection but you also need fix that bug
> > in CLI layer.
> >
> > Odd, is that new? You shouldn't need to worry about the pointer if
> > key_len is zero.
> >
> > Isn't this problem related to commit a4391f8bae85 "app/testpmd: set
> > default RSS key as null"? There's an ongoing discussion to revert this patch
> [1].
> 
> testpmd> flow create 0 ingress pattern end actions rss types ipv4-udp
> testpmd> end key 67108863 / end
> 
> This CLI command key is not NLLL, but i40E PMD get NULL.
> 
> > [1] https://mails.dpdk.org/archives/dev/2018-November/118633.html
> >
> > > > -----Original Message-----
> > > > From: Zhao1, Wei
> > > > Sent: Monday, November 12, 2018 5:25 PM
> > > > To: dev@dpdk.org
> > > > Cc: Zhang, Qi Z <qi.z.zhang@intel.com>; stable@dpdk.org; Peng,
> > > > Yuan <yuan.peng@intel.com>; Zhao1, Wei <wei.zhao1@intel.com>
> > > > Subject: [PATCH] net/i40e: add parameter check for RSS flow init
> > > >
> > > > There need an parameter check for RSS flow init, or it may cause
> > > > core dump if pointer is NULL in memory copy.
> > > >
> > > > Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow
> > > > API")
> > > >
> > > > Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
> > > > ---
> > > >  drivers/net/i40e/i40e_ethdev.c | 5 ++++-
> > > >  1 file changed, 4 insertions(+), 1 deletion(-)
> > > >
> > > > diff --git a/drivers/net/i40e/i40e_ethdev.c
> > > > b/drivers/net/i40e/i40e_ethdev.c index 1c77906..217a8dc 100644
> > > > --- a/drivers/net/i40e/i40e_ethdev.c
> > > > +++ b/drivers/net/i40e/i40e_ethdev.c
> > > > @@ -12552,13 +12552,16 @@ i40e_rss_conf_init(struct
> > > > i40e_rte_flow_rss_conf *out,
> > > >  	if (in->key_len > RTE_DIM(out->key) ||
> > > >  	    in->queue_num > RTE_DIM(out->queue))
> > > >  		return -EINVAL;
> > > > +	if (!in->key && in->key_len)
> > > > +		return -EINVAL;
> > > > +	if (out->key && in->key)
> > > > +		out->conf.key = memcpy(out->key, in->key, in->key_len);
> > > >  	out->conf = (struct rte_flow_action_rss){
> > > >  		.func = in->func,
> > > >  		.level = in->level,
> > > >  		.types = in->types,
> > > >  		.key_len = in->key_len,
> > > >  		.queue_num = in->queue_num,
> > > > -		.key = memcpy(out->key, in->key, in->key_len),
> > > >  		.queue = memcpy(out->queue, in->queue,
> > > >  				sizeof(*in->queue) * in->queue_num),
> > > >  	};
> > > > --
> > > > 2.7.5
> > >
> >
> > --
> > Adrien Mazarguil
> > 6WIND
  
Ferruh Yigit Nov. 13, 2018, 9:28 p.m. UTC | #4
On 11/13/2018 2:41 AM, Zhao1, Wei wrote:
> Add Ophir Munk for discussion.
> 
> 
>> -----Original Message-----
>> From: Peng, Yuan
>> Sent: Tuesday, November 13, 2018 10:27 AM
>> To: Zhao1, Wei <wei.zhao1@intel.com>; Adrien Mazarguil
>> <adrien.mazarguil@6wind.com>
>> Cc: dev@dpdk.org
>> Subject: RE: FW: [PATCH] net/i40e: add parameter check for RSS flow init
>>
>> Hi, Adrien Mazarguil
>>
>> Yes. It's just the problem related to commit
>> a4391f8bae85db0153e1f101c21c61151573baad "app/testpmd: set default RSS
>> key as null".
>> You can check the detailed bug information from
>> https://jira01.devtools.intel.com/browse/DPDK-7136?filter=-2
>>
>> Thank you.
>> Yuan.
>>
>> -----Original Message-----
>> From: Zhao1, Wei
>> Sent: Tuesday, November 13, 2018 9:29 AM
>> To: Adrien Mazarguil <adrien.mazarguil@6wind.com>
>> Cc: Peng, Yuan <yuan.peng@intel.com>; dev@dpdk.org
>> Subject: RE: FW: [PATCH] net/i40e: add parameter check for RSS flow init
>>
>> Hi, Adrien Mazarguil
>>
>> 	Peng yuan has find this problem, if you  use the following test step,
>> You will find the problem.
>>
>> ./x86_64-native-linuxapp-gcc/app/testpmd -c 1ffff -n 4 - -i --nb-cores=8 --
>> rxq=4 --txq=4 --port-topology=chained ...............
>> testpmd> start
>> testpmd> flow create 0 ingress pattern end actions rss types ipv4-udp
>> testpmd> end key 67108863 / end
>>  Segmentation fault (core dumped)

The patch causing the crash reverted [1], change will be on RC3 so this should
be solved already, you can verify it with head of next-net.

Still, this patch adds some checks, no harm to have them if you still want to
have it in? (perhaps only need to drop Fixes line.)

Qi,

What do you think, does it have any risk to get it on rc3? Or should we push to
next release since it turned out to be extra safety checks now?

[1]
Commit 8773db152033 ("app/testpmd: revert setting default RSS")


>>
>>
>> https://patches.dpdk.org/patch/47995/
>> This is the protection I have add, but you still need fix some bug in rte_flow
>> CLI.
>>
>>
>>> -----Original Message-----
>>> From: Adrien Mazarguil [mailto:adrien.mazarguil@6wind.com]
>>> Sent: Monday, November 12, 2018 10:03 PM
>>> To: Zhao1, Wei <wei.zhao1@intel.com>
>>> Cc: Peng, Yuan <yuan.peng@intel.com>
>>> Subject: Re: FW: [PATCH] net/i40e: add parameter check for RSS flow
>>> init
>>>
>>> Hi Wei,
>>>
>>> On Mon, Nov 12, 2018 at 10:02:20AM +0000, Zhao1, Wei wrote:
>>>> Hi, adrien.mazarguil
>>>>
>>>>    There is some error in CML layer for config this parameter, in
>>>> i40e PMD it will get NULL of  in->key even if tester config Some
>>>> specific key
>>> from testpmd CLI, I add some protection but you also need fix that bug
>>> in CLI layer.
>>>
>>> Odd, is that new? You shouldn't need to worry about the pointer if
>>> key_len is zero.
>>>
>>> Isn't this problem related to commit a4391f8bae85 "app/testpmd: set
>>> default RSS key as null"? There's an ongoing discussion to revert this patch
>> [1].
>>
>> testpmd> flow create 0 ingress pattern end actions rss types ipv4-udp
>> testpmd> end key 67108863 / end
>>
>> This CLI command key is not NLLL, but i40E PMD get NULL.
>>
>>> [1] https://mails.dpdk.org/archives/dev/2018-November/118633.html
>>>
>>>>> -----Original Message-----
>>>>> From: Zhao1, Wei
>>>>> Sent: Monday, November 12, 2018 5:25 PM
>>>>> To: dev@dpdk.org
>>>>> Cc: Zhang, Qi Z <qi.z.zhang@intel.com>; stable@dpdk.org; Peng,
>>>>> Yuan <yuan.peng@intel.com>; Zhao1, Wei <wei.zhao1@intel.com>
>>>>> Subject: [PATCH] net/i40e: add parameter check for RSS flow init
>>>>>
>>>>> There need an parameter check for RSS flow init, or it may cause
>>>>> core dump if pointer is NULL in memory copy.
>>>>>
>>>>> Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow
>>>>> API")
>>>>>
>>>>> Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
>>>>> ---
>>>>>  drivers/net/i40e/i40e_ethdev.c | 5 ++++-
>>>>>  1 file changed, 4 insertions(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/drivers/net/i40e/i40e_ethdev.c
>>>>> b/drivers/net/i40e/i40e_ethdev.c index 1c77906..217a8dc 100644
>>>>> --- a/drivers/net/i40e/i40e_ethdev.c
>>>>> +++ b/drivers/net/i40e/i40e_ethdev.c
>>>>> @@ -12552,13 +12552,16 @@ i40e_rss_conf_init(struct
>>>>> i40e_rte_flow_rss_conf *out,
>>>>>  	if (in->key_len > RTE_DIM(out->key) ||
>>>>>  	    in->queue_num > RTE_DIM(out->queue))
>>>>>  		return -EINVAL;
>>>>> +	if (!in->key && in->key_len)
>>>>> +		return -EINVAL;
>>>>> +	if (out->key && in->key)
>>>>> +		out->conf.key = memcpy(out->key, in->key, in->key_len);
>>>>>  	out->conf = (struct rte_flow_action_rss){
>>>>>  		.func = in->func,
>>>>>  		.level = in->level,
>>>>>  		.types = in->types,
>>>>>  		.key_len = in->key_len,
>>>>>  		.queue_num = in->queue_num,
>>>>> -		.key = memcpy(out->key, in->key, in->key_len),
>>>>>  		.queue = memcpy(out->queue, in->queue,
>>>>>  				sizeof(*in->queue) * in->queue_num),
>>>>>  	};
>>>>> --
>>>>> 2.7.5
>>>>
>>>
>>> --
>>> Adrien Mazarguil
>>> 6WIND
  
Qi Zhang Nov. 13, 2018, 10:40 p.m. UTC | #5
> -----Original Message-----
> From: Zhao1, Wei
> Sent: Monday, November 12, 2018 1:25 AM
> To: dev@dpdk.org
> Cc: Zhang, Qi Z <qi.z.zhang@intel.com>; stable@dpdk.org; Peng, Yuan
> <yuan.peng@intel.com>; Zhao1, Wei <wei.zhao1@intel.com>
> Subject: [PATCH] net/i40e: add parameter check for RSS flow init
> 
> There need an parameter check for RSS flow init, or it may cause core dump
> if pointer is NULL in memory copy.
> 
> Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow API")
> 
> Signed-off-by: Wei Zhao <wei.zhao1@intel.com>

Acked-by: Qi Zhang <qi.z.zhang@intel.com>

Applied to dpdk-next-net-net.

Thanks
Qi

> ---
>  drivers/net/i40e/i40e_ethdev.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
> index 1c77906..217a8dc 100644
> --- a/drivers/net/i40e/i40e_ethdev.c
> +++ b/drivers/net/i40e/i40e_ethdev.c
> @@ -12552,13 +12552,16 @@ i40e_rss_conf_init(struct
> i40e_rte_flow_rss_conf *out,
>  	if (in->key_len > RTE_DIM(out->key) ||
>  	    in->queue_num > RTE_DIM(out->queue))
>  		return -EINVAL;
> +	if (!in->key && in->key_len)
> +		return -EINVAL;
> +	if (out->key && in->key)
> +		out->conf.key = memcpy(out->key, in->key, in->key_len);
>  	out->conf = (struct rte_flow_action_rss){
>  		.func = in->func,
>  		.level = in->level,
>  		.types = in->types,
>  		.key_len = in->key_len,
>  		.queue_num = in->queue_num,
> -		.key = memcpy(out->key, in->key, in->key_len),
>  		.queue = memcpy(out->queue, in->queue,
>  				sizeof(*in->queue) * in->queue_num),
>  	};
> --
> 2.7.5
  
Qi Zhang Nov. 13, 2018, 10:41 p.m. UTC | #6
> -----Original Message-----
> From: Yigit, Ferruh
> Sent: Tuesday, November 13, 2018 1:28 PM
> To: Zhao1, Wei <wei.zhao1@intel.com>; ophirmu@mellanox.com; Zhang, Qi
> Z <qi.z.zhang@intel.com>
> Cc: dev@dpdk.org; Peng, Yuan <yuan.peng@intel.com>; Adrien Mazarguil
> <adrien.mazarguil@6wind.com>
> Subject: Re: [dpdk-dev] FW: [PATCH] net/i40e: add parameter check for RSS
> flow init
> 
> On 11/13/2018 2:41 AM, Zhao1, Wei wrote:
> > Add Ophir Munk for discussion.
> >
> >
> >> -----Original Message-----
> >> From: Peng, Yuan
> >> Sent: Tuesday, November 13, 2018 10:27 AM
> >> To: Zhao1, Wei <wei.zhao1@intel.com>; Adrien Mazarguil
> >> <adrien.mazarguil@6wind.com>
> >> Cc: dev@dpdk.org
> >> Subject: RE: FW: [PATCH] net/i40e: add parameter check for RSS flow
> >> init
> >>
> >> Hi, Adrien Mazarguil
> >>
> >> Yes. It's just the problem related to commit
> >> a4391f8bae85db0153e1f101c21c61151573baad "app/testpmd: set default
> >> RSS key as null".
> >> You can check the detailed bug information from
> >> https://jira01.devtools.intel.com/browse/DPDK-7136?filter=-2
> >>
> >> Thank you.
> >> Yuan.
> >>
> >> -----Original Message-----
> >> From: Zhao1, Wei
> >> Sent: Tuesday, November 13, 2018 9:29 AM
> >> To: Adrien Mazarguil <adrien.mazarguil@6wind.com>
> >> Cc: Peng, Yuan <yuan.peng@intel.com>; dev@dpdk.org
> >> Subject: RE: FW: [PATCH] net/i40e: add parameter check for RSS flow
> >> init
> >>
> >> Hi, Adrien Mazarguil
> >>
> >> 	Peng yuan has find this problem, if you  use the following test
> >> step, You will find the problem.
> >>
> >> ./x86_64-native-linuxapp-gcc/app/testpmd -c 1ffff -n 4 - -i
> >> --nb-cores=8 --
> >> rxq=4 --txq=4 --port-topology=chained ...............
> >> testpmd> start
> >> testpmd> flow create 0 ingress pattern end actions rss types ipv4-udp
> >> testpmd> end key 67108863 / end
> >>  Segmentation fault (core dumped)
> 
> The patch causing the crash reverted [1], change will be on RC3 so this should
> be solved already, you can verify it with head of next-net.
> 
> Still, this patch adds some checks, no harm to have them if you still want to
> have it in? (perhaps only need to drop Fixes line.)
> 
> Qi,
> 
> What do you think, does it have any risk to get it on rc3? Or should we push
> to next release since it turned out to be extra safety checks now?
> 
> [1]
> Commit 8773db152033 ("app/testpmd: revert setting default RSS")

I have no objection to add safe check in i40e driver here, looks like it should not rely on other part of the application to guarantee the key is not empty. Maybe It's even better to have some warning log when that case happen.

I have applied it, since the patch is not harmful at least and we don't need to wait for verification for [1].

Regards
Qi

> 
> 
> >>
> >>
> >> https://patches.dpdk.org/patch/47995/
> >> This is the protection I have add, but you still need fix some bug in
> >> rte_flow CLI.
> >>
> >>
> >>> -----Original Message-----
> >>> From: Adrien Mazarguil [mailto:adrien.mazarguil@6wind.com]
> >>> Sent: Monday, November 12, 2018 10:03 PM
> >>> To: Zhao1, Wei <wei.zhao1@intel.com>
> >>> Cc: Peng, Yuan <yuan.peng@intel.com>
> >>> Subject: Re: FW: [PATCH] net/i40e: add parameter check for RSS flow
> >>> init
> >>>
> >>> Hi Wei,
> >>>
> >>> On Mon, Nov 12, 2018 at 10:02:20AM +0000, Zhao1, Wei wrote:
> >>>> Hi, adrien.mazarguil
> >>>>
> >>>>    There is some error in CML layer for config this parameter, in
> >>>> i40e PMD it will get NULL of  in->key even if tester config Some
> >>>> specific key
> >>> from testpmd CLI, I add some protection but you also need fix that
> >>> bug in CLI layer.
> >>>
> >>> Odd, is that new? You shouldn't need to worry about the pointer if
> >>> key_len is zero.
> >>>
> >>> Isn't this problem related to commit a4391f8bae85 "app/testpmd: set
> >>> default RSS key as null"? There's an ongoing discussion to revert
> >>> this patch
> >> [1].
> >>
> >> testpmd> flow create 0 ingress pattern end actions rss types ipv4-udp
> >> testpmd> end key 67108863 / end
> >>
> >> This CLI command key is not NLLL, but i40E PMD get NULL.
> >>
> >>> [1] https://mails.dpdk.org/archives/dev/2018-November/118633.html
> >>>
> >>>>> -----Original Message-----
> >>>>> From: Zhao1, Wei
> >>>>> Sent: Monday, November 12, 2018 5:25 PM
> >>>>> To: dev@dpdk.org
> >>>>> Cc: Zhang, Qi Z <qi.z.zhang@intel.com>; stable@dpdk.org; Peng,
> >>>>> Yuan <yuan.peng@intel.com>; Zhao1, Wei <wei.zhao1@intel.com>
> >>>>> Subject: [PATCH] net/i40e: add parameter check for RSS flow init
> >>>>>
> >>>>> There need an parameter check for RSS flow init, or it may cause
> >>>>> core dump if pointer is NULL in memory copy.
> >>>>>
> >>>>> Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow
> >>>>> API")
> >>>>>
> >>>>> Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
> >>>>> ---
> >>>>>  drivers/net/i40e/i40e_ethdev.c | 5 ++++-
> >>>>>  1 file changed, 4 insertions(+), 1 deletion(-)
> >>>>>
> >>>>> diff --git a/drivers/net/i40e/i40e_ethdev.c
> >>>>> b/drivers/net/i40e/i40e_ethdev.c index 1c77906..217a8dc 100644
> >>>>> --- a/drivers/net/i40e/i40e_ethdev.c
> >>>>> +++ b/drivers/net/i40e/i40e_ethdev.c
> >>>>> @@ -12552,13 +12552,16 @@ i40e_rss_conf_init(struct
> >>>>> i40e_rte_flow_rss_conf *out,
> >>>>>  	if (in->key_len > RTE_DIM(out->key) ||
> >>>>>  	    in->queue_num > RTE_DIM(out->queue))
> >>>>>  		return -EINVAL;
> >>>>> +	if (!in->key && in->key_len)
> >>>>> +		return -EINVAL;
> >>>>> +	if (out->key && in->key)
> >>>>> +		out->conf.key = memcpy(out->key, in->key, in->key_len);
> >>>>>  	out->conf = (struct rte_flow_action_rss){
> >>>>>  		.func = in->func,
> >>>>>  		.level = in->level,
> >>>>>  		.types = in->types,
> >>>>>  		.key_len = in->key_len,
> >>>>>  		.queue_num = in->queue_num,
> >>>>> -		.key = memcpy(out->key, in->key, in->key_len),
> >>>>>  		.queue = memcpy(out->queue, in->queue,
> >>>>>  				sizeof(*in->queue) * in->queue_num),
> >>>>>  	};
> >>>>> --
> >>>>> 2.7.5
> >>>>
> >>>
> >>> --
> >>> Adrien Mazarguil
> >>> 6WIND
  
Ferruh Yigit Nov. 13, 2018, 11:11 p.m. UTC | #7
On 11/12/2018 9:25 AM, Wei Zhao wrote:
> There need an parameter check for RSS flow init, or it may cause
> core dump if pointer is NULL in memory copy.
> 
> Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow API")
> 
> Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
> ---
>  drivers/net/i40e/i40e_ethdev.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
> index 1c77906..217a8dc 100644
> --- a/drivers/net/i40e/i40e_ethdev.c
> +++ b/drivers/net/i40e/i40e_ethdev.c
> @@ -12552,13 +12552,16 @@ i40e_rss_conf_init(struct i40e_rte_flow_rss_conf *out,
>  	if (in->key_len > RTE_DIM(out->key) ||
>  	    in->queue_num > RTE_DIM(out->queue))
>  		return -EINVAL;
> +	if (!in->key && in->key_len)
> +		return -EINVAL;
> +	if (out->key && in->key)
> +		out->conf.key = memcpy(out->key, in->key, in->key_len);

Giving following warning [1] with clang, which looks like valid warning.
i40e_rte_flow_rss_conf->key is an array, no need to check its address.

I will remove it while merging.

[1]
.../drivers/net/i40e/i40e_ethdev.c:12557:11: error: address of array 'out->key'
will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]


        if (out->key && in->key)
            ~~~~~^~~ ~~

>  	out->conf = (struct rte_flow_action_rss){
>  		.func = in->func,
>  		.level = in->level,
>  		.types = in->types,
>  		.key_len = in->key_len,
>  		.queue_num = in->queue_num,
> -		.key = memcpy(out->key, in->key, in->key_len),
>  		.queue = memcpy(out->queue, in->queue,
>  				sizeof(*in->queue) * in->queue_num),
>  	};
>
  
Zhao1, Wei Nov. 14, 2018, 4:12 a.m. UTC | #8
> -----Original Message-----
> From: Yigit, Ferruh
> Sent: Wednesday, November 14, 2018 7:11 AM
> To: Zhao1, Wei <wei.zhao1@intel.com>; dev@dpdk.org
> Cc: Zhang, Qi Z <qi.z.zhang@intel.com>; stable@dpdk.org; Peng, Yuan
> <yuan.peng@intel.com>
> Subject: Re: [dpdk-stable] [PATCH] net/i40e: add parameter check for RSS
> flow init
> 
> On 11/12/2018 9:25 AM, Wei Zhao wrote:
> > There need an parameter check for RSS flow init, or it may cause core
> > dump if pointer is NULL in memory copy.
> >
> > Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow API")
> >
> > Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
> > ---
> >  drivers/net/i40e/i40e_ethdev.c | 5 ++++-
> >  1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/net/i40e/i40e_ethdev.c
> > b/drivers/net/i40e/i40e_ethdev.c index 1c77906..217a8dc 100644
> > --- a/drivers/net/i40e/i40e_ethdev.c
> > +++ b/drivers/net/i40e/i40e_ethdev.c
> > @@ -12552,13 +12552,16 @@ i40e_rss_conf_init(struct
> i40e_rte_flow_rss_conf *out,
> >  	if (in->key_len > RTE_DIM(out->key) ||
> >  	    in->queue_num > RTE_DIM(out->queue))
> >  		return -EINVAL;
> > +	if (!in->key && in->key_len)
> > +		return -EINVAL;
> > +	if (out->key && in->key)
> > +		out->conf.key = memcpy(out->key, in->key, in->key_len);
> 
> Giving following warning [1] with clang, which looks like valid warning.
> i40e_rte_flow_rss_conf->key is an array, no need to check its address.

Yes, you are right, thanks.

> 
> I will remove it while merging.
> 
> [1]
> .../drivers/net/i40e/i40e_ethdev.c:12557:11: error: address of array 'out-
> >key'
> will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]
> 
> 
>         if (out->key && in->key)
>             ~~~~~^~~ ~~
> 
> >  	out->conf = (struct rte_flow_action_rss){
> >  		.func = in->func,
> >  		.level = in->level,
> >  		.types = in->types,
> >  		.key_len = in->key_len,
> >  		.queue_num = in->queue_num,
> > -		.key = memcpy(out->key, in->key, in->key_len),
> >  		.queue = memcpy(out->queue, in->queue,
> >  				sizeof(*in->queue) * in->queue_num),
> >  	};
> >
  

Patch

diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index 1c77906..217a8dc 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -12552,13 +12552,16 @@  i40e_rss_conf_init(struct i40e_rte_flow_rss_conf *out,
 	if (in->key_len > RTE_DIM(out->key) ||
 	    in->queue_num > RTE_DIM(out->queue))
 		return -EINVAL;
+	if (!in->key && in->key_len)
+		return -EINVAL;
+	if (out->key && in->key)
+		out->conf.key = memcpy(out->key, in->key, in->key_len);
 	out->conf = (struct rte_flow_action_rss){
 		.func = in->func,
 		.level = in->level,
 		.types = in->types,
 		.key_len = in->key_len,
 		.queue_num = in->queue_num,
-		.key = memcpy(out->key, in->key, in->key_len),
 		.queue = memcpy(out->queue, in->queue,
 				sizeof(*in->queue) * in->queue_num),
 	};