[PATCH] net/ixgbe: incorrect MAC/VLAN item validation for ntuple

[Daniil Iskhakov <dish@amicon.ru>]

When parsing an ntuple filter, the code attempts to ensure that if the
first item is ETH (or VLAN), its spec and mask must be NULL (i.e.
zeroed structure). The current check is:

  if ((item->spec || item->mask) &&
      (memcmp(spec, &null_struct, size) ||
          memcmp(mask, &null_struct, size)))

This condition is logically incorrect. If item->spec points to a
zero-filled structure and item->mask is NULL, memcmp(mask) would
dereference a NULL pointer.

The intention os code is to reject any non‑zero spec or mask.

Split the check into two independent conditions for spec and mask.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 46ea969177f3 ("net/ixgbe: add ntuple support to flow parser")
Cc: stable@dpdk.org

Signed-off-by: Daniil Agalakov <ade@amicon.ru>
Signed-off-by: Daniil Iskhakov <dish@amicon.ru>
---
Cc: wei.zhao1@intel.com
Cc: sdl.dpdk@linuxtesting.org
Cc: rrv@amicon.ru
---
 drivers/net/intel/ixgbe/ixgbe_flow.c | 37 +++++++++++++++++-----------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 01cd4f9bde..9edfff413e 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -238,14 +238,18 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
 
 		}
 		/* if the first item is MAC, the content should be NULL */
-		if ((item->spec || item->mask) &&
-			(memcmp(eth_spec, &eth_null,
-				sizeof(struct rte_flow_item_eth)) ||
-			 memcmp(eth_mask, &eth_null,
-				sizeof(struct rte_flow_item_eth)))) {
+		if (item->spec && memcmp(eth_spec, &eth_null,
+			sizeof(struct rte_flow_item_eth))) {
 			rte_flow_error_set(error, EINVAL,
-				RTE_FLOW_ERROR_TYPE_ITEM,
-				item, "Not supported by ntuple filter");
+			  RTE_FLOW_ERROR_TYPE_ITEM,
+			  item, "Not supported by ntuple filter");
+			return -rte_errno;
+		}
+		if (item->mask && memcmp(eth_mask, &eth_null,
+			sizeof(struct rte_flow_item_eth))) {
+			rte_flow_error_set(error, EINVAL,
+			  RTE_FLOW_ERROR_TYPE_ITEM,
+			  item, "Not supported by ntuple filter");
 			return -rte_errno;
 		}
 		/* check if the next not void item is IPv4 or Vlan */
@@ -271,15 +275,18 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
 			return -rte_errno;
 		}
 		/* the content should be NULL */
-		if ((item->spec || item->mask) &&
-			(memcmp(vlan_spec, &vlan_null,
-				sizeof(struct rte_flow_item_vlan)) ||
-			 memcmp(vlan_mask, &vlan_null,
-				sizeof(struct rte_flow_item_vlan)))) {
-
+		if (item->spec && memcmp(vlan_spec, &vlan_null,
+			sizeof(struct rte_flow_item_vlan))) {
 			rte_flow_error_set(error, EINVAL,
-				RTE_FLOW_ERROR_TYPE_ITEM,
-				item, "Not supported by ntuple filter");
+			  RTE_FLOW_ERROR_TYPE_ITEM,
+			  item, "Not supported by ntuple filter");
+			return -rte_errno;
+		}
+		if (item->mask && memcmp(vlan_mask, &vlan_null,
+			sizeof(struct rte_flow_item_vlan))) {
+			rte_flow_error_set(error, EINVAL,
+			  RTE_FLOW_ERROR_TYPE_ITEM,
+			  item, "Not supported by ntuple filter");
 			return -rte_errno;
 		}
 		/* check if the next not void item is IPv4 */
-- 
2.43.0