&out->conf and in can point to the same memory area. Reinitialization of
out->conf leads to setting in->key to NULL, but leaves key_len 40. This
leads to segfault on destruction of the RSS flow action. The segfault
happens inside i40e_action_rss_same(), when comparing comp->key and
with->key, because both comp->key_len and with->key_len are 40 (should
be 0).
Reproduction steps (testpmd):
port stop 0
flow create 0 ingress pattern end actions rss func default level 0\
key
6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a6d5a\
key_len 40 queues 0 end / end
port start 0
set link-up port 0
start
stop
set link-down port 0
port stop 0
flow destroy 0 rule 0
(Segmentation fault)
Fixes: ac8d22de2394 ("ethdev: flatten RSS configuration in flow API")
Signed-off-by: Elena Carasec <xcara...@stud.fit.vutbr.cz>
Signed-off-by: Jan Viktorin <vikto...@cesnet.cz>
---
drivers/net/i40e/i40e_ethdev.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index 11c02b1..a5fe130 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -13211,6 +13211,8 @@ struct i40e_customized_pctype*
return -EINVAL;
if (!in->key && in->key_len)
return -EINVAL;
+ if (&out->conf == in)
+ return 0;
out->conf = (struct rte_flow_action_rss){
.func = in->func,
.level = in->level,
--
1.8.3.1
