[1/3] net/ice/base: check the number of recipe when in chain
Checks
Commit Message
when we add some long switch rule, we need check the
number of final recipe number, if it is large than
ICE_MAX_CHAIN_RECIPE, we should refuse this rule.
For example:
"flow create 0 ingress pattern eth / ipv6
src is CDCD:910A:2222:5498:8475:1111:3900:1536
dst is CDCD:910A:2222:5498:8475:1111:3900:2022
tc is 3 / udp dst is 45 / end actions queue index 2 / end"
This rule will consum 6 recipe, if it is not refused, it
will cause the following code over write of lkup_indx and mask.
LIST_FOR_EACH_ENTRY(entry, &rm->rg_list, ice_recp_grp_entry,
l_entry) {
last_chain_entry->fv_idx[i] = entry->chain_idx;
buf[recps].content.lkup_indx[i] = entry->chain_idx;
buf[recps].content.mask[i++] = CPU_TO_LE16(0xFFFF);
..........
}
Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
---
drivers/net/ice/base/ice_switch.c | 3 +++
1 file changed, 3 insertions(+)
Comments
Tested-by: Lu, Nannan <nannan.lu@intel.com>
-----Original Message-----
From: Zhao1, Wei
Sent: Friday, April 10, 2020 8:42 AM
To: dev@dpdk.org
Cc: Zhang, Qi Z <qi.z.zhang@intel.com>; Lu, Nannan <nannan.lu@intel.com>; Peng, Yuan <yuan.peng@intel.com>; Zhao1, Wei <wei.zhao1@intel.com>
Subject: [PATCH 1/3] net/ice/base: check the number of recipe when in chain
when we add some long switch rule, we need check the number of final recipe number, if it is large than ICE_MAX_CHAIN_RECIPE, we should refuse this rule.
For example:
"flow create 0 ingress pattern eth / ipv6 src is CDCD:910A:2222:5498:8475:1111:3900:1536
dst is CDCD:910A:2222:5498:8475:1111:3900:2022
tc is 3 / udp dst is 45 / end actions queue index 2 / end"
This rule will consum 6 recipe, if it is not refused, it will cause the following code over write of lkup_indx and mask.
LIST_FOR_EACH_ENTRY(entry, &rm->rg_list, ice_recp_grp_entry,
l_entry) {
last_chain_entry->fv_idx[i] = entry->chain_idx;
buf[recps].content.lkup_indx[i] = entry->chain_idx;
buf[recps].content.mask[i++] = CPU_TO_LE16(0xFFFF);
..........
}
Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
---
drivers/net/ice/base/ice_switch.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ice/base/ice_switch.c b/drivers/net/ice/base/ice_switch.c
index b5aa5abd9..c17219274 100644
--- a/drivers/net/ice/base/ice_switch.c
+++ b/drivers/net/ice/base/ice_switch.c
@@ -5352,6 +5352,9 @@ ice_add_sw_recipe(struct ice_hw *hw, struct ice_sw_recipe *rm,
rm->n_grp_count++;
}
+ if (rm->n_grp_count > ICE_MAX_CHAIN_RECIPE)
+ return ICE_ERR_MAX_LIMIT;
+
tmp = (struct ice_aqc_recipe_data_elem *)ice_calloc(hw,
ICE_MAX_NUM_RECIPES,
sizeof(*tmp));
--
2.19.1
@@ -5352,6 +5352,9 @@ ice_add_sw_recipe(struct ice_hw *hw, struct ice_sw_recipe *rm,
rm->n_grp_count++;
}
+ if (rm->n_grp_count > ICE_MAX_CHAIN_RECIPE)
+ return ICE_ERR_MAX_LIMIT;
+
tmp = (struct ice_aqc_recipe_data_elem *)ice_calloc(hw,
ICE_MAX_NUM_RECIPES,
sizeof(*tmp));