diff mbox series

net/txgbe: fix null pointer check problem

Message ID	1619355269-14802-1-git-send-email-humin29@huawei.com (mailing list archive)
State	Accepted, archived
Delegated to:	Ferruh Yigit
Headers	From: "Min Hu (Connor)" <humin29@huawei.com> To: <dev@dpdk.org> CC: <ferruh.yigit@intel.com>, <jiawenwu@trustnetic.com>, <jianwang@trustnetic.com> Date: Sun, 25 Apr 2021 20:54:29 +0800 Message-ID: <1619355269-14802-1-git-send-email-humin29@huawei.com> MIME-Version: 1.0 Content-Type: text/plain Subject: [dpdk-dev] [PATCH] net/txgbe: fix null pointer check problem Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	net/txgbe: fix null pointer check problem \| net/txgbe: fix null pointer check problem

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/iol-intel-Functional	success	Functional Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-abi-testing	success	Testing PASS
ci/iol-testing	success	Testing PASS
ci/github-robot	success	github build: passed
ci/intel-Testing	success	Testing PASS
ci/iol-mellanox-Performance	success	Performance Testing PASS

Commit Message

humin (Q) April 25, 2021, 12:54 p.m. UTC

  From: HongBo Zheng <zhenghongbo3@huawei.com>

In function cons_parse_ntuple_filter, item->spec and item->mask
should be confirmed not null before use memcmp on it, current
judgement (item->spec || item->mask) just can confirm item->spec
or item->mask is not null, and cause null pointer be used in
memcmp.

This patch fix this problem.

Fixes: b7eeecb17556 ("net/txgbe: parse n-tuple filter")
Cc: stable@dpdk.org

Signed-off-by: HongBo Zheng <zhenghongbo3@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
---
 drivers/net/txgbe/txgbe_flow.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

Comments

Ferruh Yigit April 27, 2021, 3:30 p.m. UTC | #1

On 4/25/2021 1:54 PM, Min Hu (Connor) wrote:
> From: HongBo Zheng <zhenghongbo3@huawei.com>
> 
> In function cons_parse_ntuple_filter, item->spec and item->mask
> should be confirmed not null before use memcmp on it, current
> judgement (item->spec || item->mask) just can confirm item->spec
> or item->mask is not null, and cause null pointer be used in
> memcmp.
> 
> This patch fix this problem.
> 
> Fixes: b7eeecb17556 ("net/txgbe: parse n-tuple filter")
> Cc: stable@dpdk.org
> 
> Signed-off-by: HongBo Zheng <zhenghongbo3@huawei.com>
> Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
> ---
>  drivers/net/txgbe/txgbe_flow.c | 18 ++++++++----------
>  1 file changed, 8 insertions(+), 10 deletions(-)
> 
> diff --git a/drivers/net/txgbe/txgbe_flow.c b/drivers/net/txgbe/txgbe_flow.c
> index 57a4f2e..35026ee 100644
> --- a/drivers/net/txgbe/txgbe_flow.c
> +++ b/drivers/net/txgbe/txgbe_flow.c
> @@ -240,11 +240,10 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
>  			return -rte_errno;
>  		}
>  		/* if the first item is MAC, the content should be NULL */
> -		if ((item->spec || item->mask) &&
> -			(memcmp(eth_spec, &eth_null,
> -				sizeof(struct rte_flow_item_eth)) ||
> -			 memcmp(eth_mask, &eth_null,
> -				sizeof(struct rte_flow_item_eth)))) {
> +		if ((item->spec && memcmp(eth_spec, &eth_null,
> +					  sizeof(struct rte_flow_item_eth))) ||
> +		    (item->mask && memcmp(eth_mask, &eth_null,
> +					  sizeof(struct rte_flow_item_eth)))) {
>  			rte_flow_error_set(error, EINVAL,
>  				RTE_FLOW_ERROR_TYPE_ITEM,
>  				item, "Not supported by ntuple filter");
> @@ -272,11 +271,10 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
>  			return -rte_errno;
>  		}
>  		/* the content should be NULL */
> -		if ((item->spec || item->mask) &&
> -			(memcmp(vlan_spec, &vlan_null,
> -				sizeof(struct rte_flow_item_vlan)) ||
> -			 memcmp(vlan_mask, &vlan_null,
> -				sizeof(struct rte_flow_item_vlan)))) {
> +		if ((item->spec && memcmp(vlan_spec, &vlan_null,
> +					  sizeof(struct rte_flow_item_vlan))) ||
> +		    (item->mask && memcmp(vlan_mask, &vlan_null,
> +					  sizeof(struct rte_flow_item_vlan)))) {
>  			rte_flow_error_set(error, EINVAL,
>  				RTE_FLOW_ERROR_TYPE_ITEM,
>  				item, "Not supported by ntuple filter");
> 

Looks good to me, but lets wait or maintainers review.

Jiawen Wu April 29, 2021, 3:35 a.m. UTC | #2

On April 27, 2021 11:31 PM, Ferruh Yigit wrote:
> On 4/25/2021 1:54 PM, Min Hu (Connor) wrote:
> > From: HongBo Zheng <zhenghongbo3@huawei.com>
> >
> > In function cons_parse_ntuple_filter, item->spec and item->mask should
> > be confirmed not null before use memcmp on it, current judgement
> > (item->spec || item->mask) just can confirm item->spec or item->mask
> > is not null, and cause null pointer be used in memcmp.
> >
> > This patch fix this problem.
> >
> > Fixes: b7eeecb17556 ("net/txgbe: parse n-tuple filter")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: HongBo Zheng <zhenghongbo3@huawei.com>
> > Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
> > ---
> >  drivers/net/txgbe/txgbe_flow.c | 18 ++++++++----------
> >  1 file changed, 8 insertions(+), 10 deletions(-)
> >
> > diff --git a/drivers/net/txgbe/txgbe_flow.c
> > b/drivers/net/txgbe/txgbe_flow.c index 57a4f2e..35026ee 100644
> > --- a/drivers/net/txgbe/txgbe_flow.c
> > +++ b/drivers/net/txgbe/txgbe_flow.c
> > @@ -240,11 +240,10 @@ cons_parse_ntuple_filter(const struct
> rte_flow_attr *attr,
> >  			return -rte_errno;
> >  		}
> >  		/* if the first item is MAC, the content should be NULL */
> > -		if ((item->spec || item->mask) &&
> > -			(memcmp(eth_spec, &eth_null,
> > -				sizeof(struct rte_flow_item_eth)) ||
> > -			 memcmp(eth_mask, &eth_null,
> > -				sizeof(struct rte_flow_item_eth)))) {
> > +		if ((item->spec && memcmp(eth_spec, &eth_null,
> > +					  sizeof(struct rte_flow_item_eth))) ||
> > +		    (item->mask && memcmp(eth_mask, &eth_null,
> > +					  sizeof(struct rte_flow_item_eth)))) {
> >  			rte_flow_error_set(error, EINVAL,
> >  				RTE_FLOW_ERROR_TYPE_ITEM,
> >  				item, "Not supported by ntuple filter"); @@ -272,11
> +271,10 @@
> > cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
> >  			return -rte_errno;
> >  		}
> >  		/* the content should be NULL */
> > -		if ((item->spec || item->mask) &&
> > -			(memcmp(vlan_spec, &vlan_null,
> > -				sizeof(struct rte_flow_item_vlan)) ||
> > -			 memcmp(vlan_mask, &vlan_null,
> > -				sizeof(struct rte_flow_item_vlan)))) {
> > +		if ((item->spec && memcmp(vlan_spec, &vlan_null,
> > +					  sizeof(struct rte_flow_item_vlan))) ||
> > +		    (item->mask && memcmp(vlan_mask, &vlan_null,
> > +					  sizeof(struct rte_flow_item_vlan)))) {
> >  			rte_flow_error_set(error, EINVAL,
> >  				RTE_FLOW_ERROR_TYPE_ITEM,
> >  				item, "Not supported by ntuple filter");
> >
> 
> Looks good to me, but lets wait or maintainers review.

Thanks.
Acked-by: Jiawen Wu <jiawenwu@trustnetic.com>

Ferruh Yigit April 29, 2021, 1:12 p.m. UTC | #3

On 4/29/2021 4:35 AM, Jiawen Wu wrote:
> On April 27, 2021 11:31 PM, Ferruh Yigit wrote:
>> On 4/25/2021 1:54 PM, Min Hu (Connor) wrote:
>>> From: HongBo Zheng <zhenghongbo3@huawei.com>
>>>
>>> In function cons_parse_ntuple_filter, item->spec and item->mask should
>>> be confirmed not null before use memcmp on it, current judgement
>>> (item->spec || item->mask) just can confirm item->spec or item->mask
>>> is not null, and cause null pointer be used in memcmp.
>>>
>>> This patch fix this problem.
>>>
>>> Fixes: b7eeecb17556 ("net/txgbe: parse n-tuple filter")
>>> Cc: stable@dpdk.org
>>>
>>> Signed-off-by: HongBo Zheng <zhenghongbo3@huawei.com>
>>> Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
>>> ---
>>>  drivers/net/txgbe/txgbe_flow.c | 18 ++++++++----------
>>>  1 file changed, 8 insertions(+), 10 deletions(-)
>>>
>>> diff --git a/drivers/net/txgbe/txgbe_flow.c
>>> b/drivers/net/txgbe/txgbe_flow.c index 57a4f2e..35026ee 100644
>>> --- a/drivers/net/txgbe/txgbe_flow.c
>>> +++ b/drivers/net/txgbe/txgbe_flow.c
>>> @@ -240,11 +240,10 @@ cons_parse_ntuple_filter(const struct
>> rte_flow_attr *attr,
>>>  			return -rte_errno;
>>>  		}
>>>  		/* if the first item is MAC, the content should be NULL */
>>> -		if ((item->spec || item->mask) &&
>>> -			(memcmp(eth_spec, &eth_null,
>>> -				sizeof(struct rte_flow_item_eth)) ||
>>> -			 memcmp(eth_mask, &eth_null,
>>> -				sizeof(struct rte_flow_item_eth)))) {
>>> +		if ((item->spec && memcmp(eth_spec, &eth_null,
>>> +					  sizeof(struct rte_flow_item_eth))) ||
>>> +		    (item->mask && memcmp(eth_mask, &eth_null,
>>> +					  sizeof(struct rte_flow_item_eth)))) {
>>>  			rte_flow_error_set(error, EINVAL,
>>>  				RTE_FLOW_ERROR_TYPE_ITEM,
>>>  				item, "Not supported by ntuple filter"); @@ -272,11
>> +271,10 @@
>>> cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
>>>  			return -rte_errno;
>>>  		}
>>>  		/* the content should be NULL */
>>> -		if ((item->spec || item->mask) &&
>>> -			(memcmp(vlan_spec, &vlan_null,
>>> -				sizeof(struct rte_flow_item_vlan)) ||
>>> -			 memcmp(vlan_mask, &vlan_null,
>>> -				sizeof(struct rte_flow_item_vlan)))) {
>>> +		if ((item->spec && memcmp(vlan_spec, &vlan_null,
>>> +					  sizeof(struct rte_flow_item_vlan))) ||
>>> +		    (item->mask && memcmp(vlan_mask, &vlan_null,
>>> +					  sizeof(struct rte_flow_item_vlan)))) {
>>>  			rte_flow_error_set(error, EINVAL,
>>>  				RTE_FLOW_ERROR_TYPE_ITEM,
>>>  				item, "Not supported by ntuple filter");
>>>
>>
>> Looks good to me, but lets wait or maintainers review.
> 
> Thanks.
> Acked-by: Jiawen Wu <jiawenwu@trustnetic.com>
> 

Applied to dpdk-next-net/main, thanks.

diff mbox series

Patch

diff --git a/drivers/net/txgbe/txgbe_flow.c b/drivers/net/txgbe/txgbe_flow.c
index 57a4f2e..35026ee 100644
--- a/drivers/net/txgbe/txgbe_flow.c
+++ b/drivers/net/txgbe/txgbe_flow.c
@@ -240,11 +240,10 @@  cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
 			return -rte_errno;
 		}
 		/* if the first item is MAC, the content should be NULL */
-		if ((item->spec || item->mask) &&
-			(memcmp(eth_spec, &eth_null,
-				sizeof(struct rte_flow_item_eth)) ||
-			 memcmp(eth_mask, &eth_null,
-				sizeof(struct rte_flow_item_eth)))) {
+		if ((item->spec && memcmp(eth_spec, &eth_null,
+					  sizeof(struct rte_flow_item_eth))) ||
+		    (item->mask && memcmp(eth_mask, &eth_null,
+					  sizeof(struct rte_flow_item_eth)))) {
 			rte_flow_error_set(error, EINVAL,
 				RTE_FLOW_ERROR_TYPE_ITEM,
 				item, "Not supported by ntuple filter");
@@ -272,11 +271,10 @@  cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
 			return -rte_errno;
 		}
 		/* the content should be NULL */
-		if ((item->spec || item->mask) &&
-			(memcmp(vlan_spec, &vlan_null,
-				sizeof(struct rte_flow_item_vlan)) ||
-			 memcmp(vlan_mask, &vlan_null,
-				sizeof(struct rte_flow_item_vlan)))) {
+		if ((item->spec && memcmp(vlan_spec, &vlan_null,
+					  sizeof(struct rte_flow_item_vlan))) ||
+		    (item->mask && memcmp(vlan_mask, &vlan_null,
+					  sizeof(struct rte_flow_item_vlan)))) {
 			rte_flow_error_set(error, EINVAL,
 				RTE_FLOW_ERROR_TYPE_ITEM,
 				item, "Not supported by ntuple filter");