net/mlx5: fix the get function of Rx queue type
Checks
Commit Message
Function mlx5_rxq_get_type() uses the input queue index, without
checking it, as index to the Rx queues array.
If this value is too high, it will result in pointer to memory out
of Rx queues array bounds.
This patch adds check of the input queue index, to verify it is valid.
Fixes: 09775c04aace ("net/mlx5: split hairpin flows")
Cc: orika@mellanox.com
Signed-off-by: Dekel Peled <dekelp@mellanox.com>
---
drivers/net/mlx5/mlx5_rxq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
From: Dekel Peled
> Function mlx5_rxq_get_type() uses the input queue index, without checking
> it, as index to the Rx queues array.
> If this value is too high, it will result in pointer to memory out of Rx queues
> array bounds.
>
> This patch adds check of the input queue index, to verify it is valid.
>
> Fixes: 09775c04aace ("net/mlx5: split hairpin flows")
> Cc: orika@mellanox.com
>
> Signed-off-by: Dekel Peled <dekelp@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
Hi,
> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Dekel Peled
> Sent: Monday, November 11, 2019 4:33 PM
> To: Matan Azrad <matan@mellanox.com>; Shahaf Shuler
> <shahafs@mellanox.com>; Slava Ovsiienko <viacheslavo@mellanox.com>
> Cc: Ori Kam <orika@mellanox.com>; dev@dpdk.org
> Subject: [dpdk-dev] [PATCH] net/mlx5: fix the get function of Rx queue type
>
> Function mlx5_rxq_get_type() uses the input queue index, without
> checking it, as index to the Rx queues array.
> If this value is too high, it will result in pointer to memory out
> of Rx queues array bounds.
>
> This patch adds check of the input queue index, to verify it is valid.
>
> Fixes: 09775c04aace ("net/mlx5: split hairpin flows")
> Cc: orika@mellanox.com
>
> Signed-off-by: Dekel Peled <dekelp@mellanox.com>
> ---
> drivers/net/mlx5/mlx5_rxq.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/mlx5/mlx5_rxq.c b/drivers/net/mlx5/mlx5_rxq.c
> index 24d0eaa..f9b36ed 100644
> --- a/drivers/net/mlx5/mlx5_rxq.c
> +++ b/drivers/net/mlx5/mlx5_rxq.c
> @@ -2113,7 +2113,7 @@ enum mlx5_rxq_type
> struct mlx5_priv *priv = dev->data->dev_private;
> struct mlx5_rxq_ctrl *rxq_ctrl = NULL;
>
> - if ((*priv->rxqs)[idx]) {
> + if (idx < priv->rxqs_n && (*priv->rxqs)[idx]) {
> rxq_ctrl = container_of((*priv->rxqs)[idx],
> struct mlx5_rxq_ctrl,
> rxq);
> --
> 1.8.3.1
Patch applied to next-net-mlx,
Kindest regards,
Raslan Darawsheh
@@ -2113,7 +2113,7 @@ enum mlx5_rxq_type
struct mlx5_priv *priv = dev->data->dev_private;
struct mlx5_rxq_ctrl *rxq_ctrl = NULL;
- if ((*priv->rxqs)[idx]) {
+ if (idx < priv->rxqs_n && (*priv->rxqs)[idx]) {
rxq_ctrl = container_of((*priv->rxqs)[idx],
struct mlx5_rxq_ctrl,
rxq);