[1/3] net/ice/base: check the number of recipe when in chain
diff mbox series

Message ID 20200410004157.3032-2-wei.zhao1@intel.com
State Accepted, archived
Delegated to: xiaolong ye
Headers show
Series
  • update ice switch base code
Related show

Checks

Context Check Description
ci/Intel-compilation success Compilation OK
ci/iol-testing success Testing PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-intel-Performance fail Performance Testing issues
ci/checkpatch success coding style OK

Commit Message

Zhao1, Wei April 10, 2020, 12:41 a.m. UTC
when we add some long switch rule, we need check the
number of final recipe number, if it is large than
ICE_MAX_CHAIN_RECIPE, we should refuse this rule.
For example:

"flow create 0 ingress pattern eth / ipv6
src is CDCD:910A:2222:5498:8475:1111:3900:1536
dst is CDCD:910A:2222:5498:8475:1111:3900:2022
tc is 3 / udp dst is 45 / end actions queue index 2 / end"

This rule will consum 6 recipe, if it is not refused, it
will cause the following code over write of lkup_indx and mask.

LIST_FOR_EACH_ENTRY(entry, &rm->rg_list, ice_recp_grp_entry,
		l_entry) {
	last_chain_entry->fv_idx[i] = entry->chain_idx;
	buf[recps].content.lkup_indx[i] = entry->chain_idx;
	buf[recps].content.mask[i++] = CPU_TO_LE16(0xFFFF);
	..........
}

Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
---
 drivers/net/ice/base/ice_switch.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Lu, Nannan April 10, 2020, 2:05 a.m. UTC | #1
Tested-by: Lu, Nannan <nannan.lu@intel.com>

-----Original Message-----
From: Zhao1, Wei 
Sent: Friday, April 10, 2020 8:42 AM
To: dev@dpdk.org
Cc: Zhang, Qi Z <qi.z.zhang@intel.com>; Lu, Nannan <nannan.lu@intel.com>; Peng, Yuan <yuan.peng@intel.com>; Zhao1, Wei <wei.zhao1@intel.com>
Subject: [PATCH 1/3] net/ice/base: check the number of recipe when in chain

when we add some long switch rule, we need check the number of final recipe number, if it is large than ICE_MAX_CHAIN_RECIPE, we should refuse this rule.
For example:

"flow create 0 ingress pattern eth / ipv6 src is CDCD:910A:2222:5498:8475:1111:3900:1536
dst is CDCD:910A:2222:5498:8475:1111:3900:2022
tc is 3 / udp dst is 45 / end actions queue index 2 / end"

This rule will consum 6 recipe, if it is not refused, it will cause the following code over write of lkup_indx and mask.

LIST_FOR_EACH_ENTRY(entry, &rm->rg_list, ice_recp_grp_entry,
		l_entry) {
	last_chain_entry->fv_idx[i] = entry->chain_idx;
	buf[recps].content.lkup_indx[i] = entry->chain_idx;
	buf[recps].content.mask[i++] = CPU_TO_LE16(0xFFFF);
	..........
}

Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
---
 drivers/net/ice/base/ice_switch.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/ice/base/ice_switch.c b/drivers/net/ice/base/ice_switch.c
index b5aa5abd9..c17219274 100644
--- a/drivers/net/ice/base/ice_switch.c
+++ b/drivers/net/ice/base/ice_switch.c
@@ -5352,6 +5352,9 @@ ice_add_sw_recipe(struct ice_hw *hw, struct ice_sw_recipe *rm,
 		rm->n_grp_count++;
 	}
 
+	if (rm->n_grp_count > ICE_MAX_CHAIN_RECIPE)
+		return ICE_ERR_MAX_LIMIT;
+
 	tmp = (struct ice_aqc_recipe_data_elem *)ice_calloc(hw,
 							    ICE_MAX_NUM_RECIPES,
 							    sizeof(*tmp));
--
2.19.1

Patch
diff mbox series

diff --git a/drivers/net/ice/base/ice_switch.c b/drivers/net/ice/base/ice_switch.c
index b5aa5abd9..c17219274 100644
--- a/drivers/net/ice/base/ice_switch.c
+++ b/drivers/net/ice/base/ice_switch.c
@@ -5352,6 +5352,9 @@  ice_add_sw_recipe(struct ice_hw *hw, struct ice_sw_recipe *rm,
 		rm->n_grp_count++;
 	}
 
+	if (rm->n_grp_count > ICE_MAX_CHAIN_RECIPE)
+		return ICE_ERR_MAX_LIMIT;
+
 	tmp = (struct ice_aqc_recipe_data_elem *)ice_calloc(hw,
 							    ICE_MAX_NUM_RECIPES,
 							    sizeof(*tmp));