[dpdk-dev] net/mlx5: fix segfault due to array overflow
Checks
Commit Message
VLAN id is limited to MLX5_MAX_VLAN_IDS which is not verified by the code
before trying to add a new VLAN filter.
Fixes: 272733b5ebfd ("net/mlx5: use flow to enable unicast traffic")
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
---
drivers/net/mlx5/mlx5_vlan.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
Comments
On 11/2/2017 6:30 AM, Nelio Laranjeiro wrote:
> VLAN id is limited to MLX5_MAX_VLAN_IDS which is not verified by the code
> before trying to add a new VLAN filter.
>
> Fixes: 272733b5ebfd ("net/mlx5: use flow to enable unicast traffic")
>
> Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Applied to dpdk-next-net/master, thanks.
@@ -61,6 +61,7 @@ mlx5_vlan_filter_set(struct rte_eth_dev *dev, uint16_t vlan_id, int on)
{
struct priv *priv = dev->data->dev_private;
unsigned int i;
+ int ret = 0;
priv_lock(priv);
DEBUG("%p: %s VLAN filter ID %" PRIu16,
@@ -69,6 +70,11 @@ mlx5_vlan_filter_set(struct rte_eth_dev *dev, uint16_t vlan_id, int on)
for (i = 0; (i != priv->vlan_filter_n); ++i)
if (priv->vlan_filter[i] == vlan_id)
break;
+ /* Check if there's room for another VLAN filter. */
+ if (i == RTE_DIM(priv->vlan_filter)) {
+ ret = -ENOMEM;
+ goto out;
+ }
if (i < priv->vlan_filter_n) {
assert(priv->vlan_filter_n != 0);
/* Enabling an existing VLAN filter has no effect. */
@@ -94,7 +100,7 @@ mlx5_vlan_filter_set(struct rte_eth_dev *dev, uint16_t vlan_id, int on)
priv_dev_traffic_restart(priv, dev);
out:
priv_unlock(priv);
- return 0;
+ return ret;
}
/**