From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ferruh Yigit <ferruh.yigit@intel.com>
Subject: Re: [dpdk-stable] [PATCH] net/i40e: add parameter check
 for RSS flow init
Date: Tue, 13 Nov 2018 23:11:02 +0000
Message-ID: <624b84e4-f892-07e1-84b9-260ab1e00d86@intel.com>
References: <1542014724-68073-1-git-send-email-wei.zhao1@intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Cc: qi.z.zhang@intel.com, stable@dpdk.org, yuan.peng@intel.com
To: Wei Zhao <wei.zhao1@intel.com>, dev@dpdk.org
Return-path: <dev-bounces@dpdk.org>
In-Reply-To: <1542014724-68073-1-git-send-email-wei.zhao1@intel.com>
Content-Language: en-US
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

On 11/12/2018 9:25 AM, Wei Zhao wrote:
> There need an parameter check for RSS flow init, or it may cause
> core dump if pointer is NULL in memory copy.
> 
> Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow API")
> 
> Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
> ---
>  drivers/net/i40e/i40e_ethdev.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
> index 1c77906..217a8dc 100644
> --- a/drivers/net/i40e/i40e_ethdev.c
> +++ b/drivers/net/i40e/i40e_ethdev.c
> @@ -12552,13 +12552,16 @@ i40e_rss_conf_init(struct i40e_rte_flow_rss_conf *out,
>  	if (in->key_len > RTE_DIM(out->key) ||
>  	    in->queue_num > RTE_DIM(out->queue))
>  		return -EINVAL;
> +	if (!in->key && in->key_len)
> +		return -EINVAL;
> +	if (out->key && in->key)
> +		out->conf.key = memcpy(out->key, in->key, in->key_len);

Giving following warning [1] with clang, which looks like valid warning.
i40e_rte_flow_rss_conf->key is an array, no need to check its address.

I will remove it while merging.

[1]
.../drivers/net/i40e/i40e_ethdev.c:12557:11: error: address of array 'out->key'
will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]


        if (out->key && in->key)
            ~~~~~^~~ ~~

>  	out->conf = (struct rte_flow_action_rss){
>  		.func = in->func,
>  		.level = in->level,
>  		.types = in->types,
>  		.key_len = in->key_len,
>  		.queue_num = in->queue_num,
> -		.key = memcpy(out->key, in->key, in->key_len),
>  		.queue = memcpy(out->queue, in->queue,
>  				sizeof(*in->queue) * in->queue_num),
>  	};
>