[PWCI] "net/intel: check raw item spec/mask for null"

[ovsrobot]

NOTE: This is an auto submission for "net/intel: check raw item spec/mask for null".

See "http://patchwork.dpdk.org/project/dpdk/list/?series=36977" for details.

Summary by Sourcery

Validate RAW flow item spec/mask pointers in Intel iavf and ice drivers and propagate errors when they are missing.

Bug Fixes:

• Add NULL checks for RAW flow item spec/mask in iavf RSS hash pattern parsing and return a proper rte_flow_error on invalid input.
• Add NULL checks for RAW flow item spec/mask in ice RSS hash pattern parsing and return a proper rte_flow_error on invalid input.
• Add NULL checks for RAW flow item spec/mask in iavf flow director and flow subscription pattern parsing, failing with rte_flow_error when absent.
• Add NULL checks for RAW flow item spec/mask in ice flow director pattern parsing to prevent crashes on malformed rules.

Summary by CodeRabbit

• Bug Fixes
  • Enhanced validation in network flow pattern processing across Intel drivers to detect invalid inputs and provide consistent error reporting, improving system reliability and preventing downstream failures when misconfigured patterns are provided.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[sourcery-ai]

Reviewer's Guide

Adds NULL checks and proper error reporting for RAW rte_flow items in Intel iavf and ice drivers, and threads rte_flow_error into the RAW pattern parsing helpers that previously assumed non-NULL spec/mask pointers.

Sequence diagram for RAW pattern parsing with NULL checks in Intel drivers

sequenceDiagram
    actor App
    participant PMD as iavf_hash_parse_pattern_action
    participant RawParser as iavf_hash_parse_raw_pattern
    participant Error as rte_flow_error

    App->>PMD: rte_flow_create(pattern, actions, error)
    PMD->>PMD: detect IAVF_PHINT_RAW
    PMD->>RawParser: iavf_hash_parse_raw_pattern(item, error, meta)
    RawParser->>RawParser: raw_spec = item->spec
    RawParser->>RawParser: raw_mask = item->mask
    alt RAW spec or mask is NULL
        RawParser->>Error: rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_ITEM, item, NULL_RAW_spec_mask)
        RawParser-->>PMD: return -rte_errno
        PMD-->>App: fail rte_flow_create with error
    else RAW spec and mask are non NULL
        RawParser->>RawParser: validate lengths and content
        RawParser-->>PMD: return 0
        PMD-->>App: continue flow rule setup
    end

Loading

Flow diagram for RAW rte_flow item NULL checking in Intel drivers

flowchart TD
    Start[Start RAW item handling] --> GetItem[Load item spec and mask]
    GetItem --> CheckNull{raw_spec or raw_mask is NULL?}
    CheckNull -->|Yes| Log[Log NULL RAW spec/mask]
    Log --> SetErr[Call rte_flow_error_set with EINVAL and RTE_FLOW_ERROR_TYPE_ITEM]
    SetErr --> ReturnErr[Return -rte_errno to caller]
    CheckNull -->|No| Validate[Validate RAW pattern lengths and content]
    Validate --> Continue[Continue with RSS/FDIR rule configuration]

Loading

File-Level Changes

Change	Details	Files
Harden RAW pattern parsing in iavf RSS hash path with NULL checks and error propagation.	Extend iavf_hash_parse_raw_pattern to accept a rte_flow_error pointer so it can report parsing errors. Add explicit NULL checks for RAW item spec and mask before accessing pattern data, logging an error and setting rte_flow_error when invalid. Update iavf_hash_parse_pattern_action to pass the rte_flow_error object through to iavf_hash_parse_raw_pattern.	drivers/net/intel/iavf/iavf_hash.c
Harden RAW pattern parsing in ice RSS hash path with NULL checks and error propagation.	Extend ice_hash_parse_raw_pattern signature to take a rte_flow_error pointer. Add guard to detect NULL RAW spec/mask and set rte_flow_error with EINVAL and RTE_FLOW_ERROR_TYPE_ITEM instead of proceeding. Update ice_hash_parse_pattern_action to pass the rte_flow_error into ice_hash_parse_raw_pattern.	drivers/net/intel/ice/ice_hash.c
Add consistent NULL RAW spec/mask validation in iavf and ice flow director pattern parsing.	Insert NULL checks for RAW item spec/mask in iavf_fdir_parse_pattern and log via PMD_DRV_LOG before setting rte_flow_error and returning an error. Add analogous NULL RAW spec/mask validation in iavf_fsub_parse_pattern, including logging and rte_flow_error_set usage. Introduce RAW spec/mask NULL validation in ice_fdir_parse_pattern, returning an error via rte_flow_error_set when invalid.	drivers/net/intel/iavf/iavf_fdir.c drivers/net/intel/iavf/iavf_fsub.c drivers/net/intel/ice/ice_fdir_filter.c

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds NULL validation checks for RAW pattern items across Intel IAVF and ICE network drivers. Files in hash modules (iavf_hash.c, ice_hash.c) additionally propagate a new error parameter to parsing functions, enabling consistent error reporting. Changes strengthen error handling for incomplete RAW pattern specifications.

Changes

Cohort / File(s)	Summary
IAVF FDIR validation drivers/net/intel/iavf/iavf_fdir.c	Adds NULL pointer validation for raw_spec and raw_mask; logs error and returns -errno if either is NULL.
IAVF FSUB validation drivers/net/intel/iavf/iavf_fsub.c	Adds NULL pointer validation in parse_pattern; early exit with error logging and -rte_errno on NULL detection.
IAVF hash signature update drivers/net/intel/iavf/iavf_hash.c	Updates iavf_hash_parse_raw_pattern to accept struct rte_flow_error *error parameter; adds NULL validation for raw spec/mask; caller in iavf_hash_parse_pattern_action propagates error parameter.
ICE FDIR validation drivers/net/intel/ice/ice_fdir_filter.c	Adds NULL pointer validation for RAW pattern spec/mask in parse_pattern; reports EINVAL error and returns negative errno on failure.
ICE hash signature update drivers/net/intel/ice/ice_hash.c	Updates ice_hash_parse_raw_pattern to accept struct rte_flow_error *error parameter; adds NULL validation; updates caller in ice_hash_parse_pattern_action to propagate error parameter and adjusted error messages.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A rabbit hops through driver code,
Checking nulls along the road,
RAW patterns now must pass the test—
No dangling pointers in this nest!
Error handling, strong and true,
Intel drivers polished new! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: adding NULL pointer checks for RAW item spec/mask fields across Intel net drivers (IAVF and ICE).

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• When detecting NULL RAW spec/mask, consider returning the result of rte_flow_error_set(...) directly instead of calling it and then return -rte_errno;, to avoid relying on external errno state and to match the common DPDK error-handling pattern.
• In the hash parse paths, iavf_hash_parse_raw_pattern/ice_hash_parse_raw_pattern now set rte_flow_error themselves and the caller also calls rte_flow_error_set on non-zero return; it may be clearer to centralize error reporting in one place to avoid double-setting or conflicting error details.
• The new NULL RAW spec/mask checks log an error via PMD_DRV_LOG for iavf but not for the corresponding ice paths; consider making the logging behavior consistent across drivers for easier debugging.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- When detecting NULL RAW spec/mask, consider returning the result of `rte_flow_error_set(...)` directly instead of calling it and then `return -rte_errno;`, to avoid relying on external errno state and to match the common DPDK error-handling pattern.
- In the hash parse paths, `iavf_hash_parse_raw_pattern`/`ice_hash_parse_raw_pattern` now set `rte_flow_error` themselves and the caller also calls `rte_flow_error_set` on non-zero return; it may be clearer to centralize error reporting in one place to avoid double-setting or conflicting error details.
- The new NULL RAW spec/mask checks log an error via `PMD_DRV_LOG` for iavf but not for the corresponding ice paths; consider making the logging behavior consistent across drivers for easier debugging.

## Individual Comments

### Comment 1
<location> `drivers/net/intel/iavf/iavf_hash.c:899-907` </location>
<code_context>
 	raw_spec = item->spec;
 	raw_mask = item->mask;

+	if (!raw_spec || !raw_mask) {
+		PMD_DRV_LOG(ERR, "NULL RAW spec/mask");
+		rte_flow_error_set(error, EINVAL,
+				RTE_FLOW_ERROR_TYPE_ITEM,
+				item, "NULL RAW spec/mask");
+		return -rte_errno;
+	}
+
 	spec_len = strlen((char *)(uintptr_t)raw_spec->pattern);
 	if (strlen((char *)(uintptr_t)raw_mask->pattern) !=
 		spec_len)
</code_context>

<issue_to_address>
**🚨 suggestion (security):** Consider using a bounded string length (like strnlen with raw_spec->length) rather than strlen on RAW pattern.

The NULL guard is helpful, but strlen on raw_spec->pattern is still unbounded. If the pattern is not NUL-terminated within raw_spec->length, this can read past the buffer. ice_hash_parse_raw_pattern already uses strnlen with raw_spec->length; please do the same here for consistency and safety:

```c
spec_len = strnlen((char *)(uintptr_t)raw_spec->pattern,
                   raw_spec->length + 1);
if (spec_len != raw_spec->length)
    ...
```

Suggested implementation:

```c
	const struct rte_flow_item_raw *raw_spec, *raw_mask;
	size_t spec_len, mask_len;

	raw_spec = item->spec;
	raw_mask = item->mask;

```

```c
	spec_len = strnlen((char *)(uintptr_t)raw_spec->pattern,
			   raw_spec->length + 1);
	if (spec_len != raw_spec->length) {
		PMD_DRV_LOG(ERR,
			    "RAW spec pattern length %zu does not match length field %u",
			    spec_len, raw_spec->length);
		rte_flow_error_set(error, EINVAL,
				   RTE_FLOW_ERROR_TYPE_ITEM,
				   item,
				   "RAW spec pattern must be NUL-terminated within length");
		return -rte_errno;
	}

	mask_len = strnlen((char *)(uintptr_t)raw_mask->pattern,
			   raw_mask->length + 1);
	if (mask_len != raw_mask->length || mask_len != spec_len) {
		PMD_DRV_LOG(ERR,
			    "RAW mask pattern length %zu does not match length field %u or spec length %zu",
			    mask_len, raw_mask->length, spec_len);
		rte_flow_error_set(error, EINVAL,
				   RTE_FLOW_ERROR_TYPE_ITEM,
				   item,
				   "RAW mask pattern length must match spec length and be NUL-terminated within length");
		return -rte_errno;
	}

```

Because the provided snippet does not show the body of the original:

```c
if (strlen((char *)(uintptr_t)raw_mask->pattern) !=
    spec_len)
    /* ... */
```

you should remove or adjust any remaining block that handled this mismatch to avoid duplicate or now-unreachable checks. In other words, the existing error-handling `if` for `mask` vs `spec` length mismatch should be deleted or updated so that the new `strnlen`-based checks are the single source of truth for validating RAW pattern lengths, mirroring the approach used in `ice_hash_parse_raw_pattern`.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

drivers/net/intel/iavf/iavf_hash.c (1)

885-920: Fix pkt_buf leak on mask allocation failure; RAW NULL handling itself is good

The new raw_spec/raw_mask NULL check in iavf_hash_parse_raw_pattern() correctly prevents dereferences and reports an ITEM error via rte_flow_error_set, and the new error parameter is wired through from iavf_hash_parse_pattern_action() as intended.

However, there is a pre‑existing resource‑management bug in the same function:

• On failure to allocate msk_buf, pkt_buf is not freed, leaking pkt_len bytes.

You can fix this by freeing pkt_buf in that branch:

Proposed fix for `iavf_hash_parse_raw_pattern` leak

	pkt_buf = rte_zmalloc(NULL, pkt_len, 0);
	if (!pkt_buf)
		return -ENOMEM;

	msk_buf = rte_zmalloc(NULL, pkt_len, 0);
-	if (!msk_buf)
-		return -ENOMEM;
+	if (!msk_buf) {
+		rte_free(pkt_buf);
+		return -ENOMEM;
+	}

Note: similar to ice_hash_parse_raw_pattern, iavf_hash_parse_pattern_action() unconditionally wraps any non‑zero return with a generic "Parse raw pattern failed" rte_flow_error_set, which overwrites the more specific "NULL RAW spec/mask" message set in the callee. That’s harmless but you may want to rely on the callee’s error text for this path for clearer diagnostics.

Also applies to: 1555-1563

🧹 Nitpick comments (1)

drivers/net/intel/ice/ice_hash.c (1)

642-667: RAW spec/mask NULL validation is correct; consider avoiding redundant error overwrite

The new raw_spec/raw_mask NULL check in ice_hash_parse_raw_pattern() correctly prevents dereferences and reports an ITEM error through the new error parameter. The caller in ice_hash_parse_pattern_action() then unconditionally wraps any failure with a second rte_flow_error_set("Parse raw pattern failed"), which will overwrite the more specific message from the callee. If you care about preserving the detailed cause (e.g. "NULL RAW spec/mask"), you could rely on the callee’s rte_flow_error_set for this path and only set a generic message here for other error codes.

Also applies to: 1194-1203

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cd60dcd and f6d3ee5.

📒 Files selected for processing (5)

• drivers/net/intel/iavf/iavf_fdir.c
• drivers/net/intel/iavf/iavf_fsub.c
• drivers/net/intel/iavf/iavf_hash.c
• drivers/net/intel/ice/ice_fdir_filter.c
• drivers/net/intel/ice/ice_hash.c

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Sourcery review

🔇 Additional comments (3)

drivers/net/intel/iavf/iavf_fsub.c (1)

184-195: RAW NULL check in iavf_fsub_parse_pattern looks correct

The added raw_spec/raw_mask NULL guard cleanly prevents dereferences and reports an ITEM error via rte_flow_error_set, matching existing error‑handling patterns in this function.

drivers/net/intel/ice/ice_fdir_filter.c (1)

1850-1865: RAW NULL check in ice_fdir_parse_pattern is appropriate

The added raw_spec/raw_mask NULL guard ensures RAW patterns are rejected with a clear ITEM/EINVAL error instead of risking a NULL dereference when converting the patterns.

drivers/net/intel/iavf/iavf_fdir.c (1)

772-783: RAW NULL guard in iavf_fdir_parse_pattern is correct and consistent

Adding the raw_spec/raw_mask NULL check here safely prevents dereferences of missing RAW data and reports an ITEM/EINVAL error with a clear "NULL RAW spec/mask" message, matching the style used elsewhere in this driver.