On Thu, May 07, 2026 at 04:21:17PM +0300, Daniil Iskhakov wrote:
> When parsing an ntuple filter, the code attempts to ensure that if the
> first item is ETH or VLAN, its spec and mask are either absent or
> contain only zero fields. The current check is:
>
> if ((item->spec || item->mask) &&
> (memcmp(spec, &null_struct, size) ||
> memcmp(mask, &null_struct, size)))
>
> This condition is logically incorrect. If item->spec points to a
> zero-filled structure and item->mask is NULL, memcmp(mask) would
> dereference a NULL pointer.
>
> The intended behavior is to reject any non-zero spec or mask.
>
> Guard each memcmp() call with a check of the corresponding pointer while
> keeping a single error path.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 46ea969177f3 ("net/ixgbe: add ntuple support to flow parser")
> Cc: [email protected]
>
> Signed-off-by: Daniil Agalakov <[email protected]>
> Signed-off-by: Daniil Iskhakov <[email protected]>
> ---
Acked-by: Bruce Richardson <[email protected]>
Applied to dpdk-next-net-intel.
Thanks,
/Bruce
