net/mlx5: refuse empty VLAN in flow pattern

In verbs, an empty VLAN is equivalent to a packet without VLAN layer, hence, the VLAN item should not be empty and this case is rejected. However, the case for ether type of VLAN without following VLAN item was not validated, allowing the creation of a flow with empty VLAN item. To fix this issue a validation was added requiring ether type of VLAN will be followed with VLAN item. Fixes: 0b1edd21cd ("net/mlx5: refuse empty VLAN flow specification") Cc: stable@dpdk.org Signed-off-by: Shiri Kuzin <shirik@nvidia.com> Acked-by: Matan Azrad <matan@nvidia.com>
2021-01-19 19:07:00 +02:00 · 2021-01-19 19:07:00 +02:00 · b6aaaa22ae
commit b6aaaa22ae
parent bd0940a5c4
1 changed files with 8 additions and 0 deletions
--- a/drivers/net/mlx5/mlx5_flow_verbs.c
+++ b/drivers/net/mlx5/mlx5_flow_verbs.c
@ -1256,6 +1256,7 @@ flow_verbs_validate(struct rte_eth_dev *dev,
 	uint64_t last_item = 0;
 	uint8_t next_protocol = 0xff;
 	uint16_t ether_type = 0;
+	bool is_empty_vlan = false;

 	if (items == NULL)
 		return -1;
@ -1283,6 +1284,8 @@ flow_verbs_validate(struct rte_eth_dev *dev,
 				ether_type &=
 					((const struct rte_flow_item_eth *)
 					 items->mask)->type;
+				if (ether_type == RTE_BE16(RTE_ETHER_TYPE_VLAN))
+					is_empty_vlan = true;
 				ether_type = rte_be_to_cpu_16(ether_type);
 			} else {
 				ether_type = 0;
@ -1308,6 +1311,7 @@ flow_verbs_validate(struct rte_eth_dev *dev,
 			} else {
 				ether_type = 0;
 			}
+			is_empty_vlan = false;
 			break;
 		case RTE_FLOW_ITEM_TYPE_IPV4:
 			ret = mlx5_flow_validate_item_ipv4
@ -1419,6 +1423,10 @@ flow_verbs_validate(struct rte_eth_dev *dev,
 		}
 		item_flags |= last_item;
 	}
+	if (is_empty_vlan)
+		return rte_flow_error_set(error, ENOTSUP,
+						 RTE_FLOW_ERROR_TYPE_ITEM, NULL,
+		    "VLAN matching without vid specification is not supported");
 	for (; actions->type != RTE_FLOW_ACTION_TYPE_END; actions++) {
 		switch (actions->type) {
 		case RTE_FLOW_ACTION_TYPE_VOID: