On Wed, Aug 01, 2018 at 01:43:38PM +0300, Moti Haimovsky wrote:
> This commit fixes a segmentation fault observed when configuring
> mlx5 with RSS flow rule containing invalid queues indices such as
> negative numbers or numbers bigger than the number Rx queues the PMD
> is configured with.
>
> Fixes: 592f05b29a25 ("net/mlx5: add RSS flow action")
> Cc: nelio.laranje...@6wind.com
>
> Signed-off-by: Moti Haimovsky <mo...@mellanox.com>
> ---
> drivers/net/mlx5/mlx5_flow.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
> index 6c3021a..0b55366 100644
> --- a/drivers/net/mlx5/mlx5_flow.c
> +++ b/drivers/net/mlx5/mlx5_flow.c
> @@ -2077,6 +2077,12 @@ struct mlx5_flow_tunnel_info {
> "some RSS protocols are not"
> " supported");
> for (i = 0; i != rss->queue_num; ++i) {
> + if (rss->queue[i] >= priv->rxqs_n)
> + return rte_flow_error_set
> + (error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ACTION_CONF,
> + &rss->queue[i],
When specified, the object associated with RTE_FLOW_TYPE_ACTION_CONF is the
configuration structure itself, not the data of an inner field. This type is
that of the the pointed object; the caller may attempt to dereference it
accordingly.
In short, use either "action->conf" or "rss" instead of "&rss->queue[i]"
here.
--
Adrien Mazarguil
6WIND
