[dpdk-stable] patch 'net/iavf: fix overflow in maximum packet length config' has been queued to stable release 20.11.4

[Xueming Li]

Hi,

FYI, your patch has been queued to stable release 20.11.4

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/12/21. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/steevenlee/dpdk

This queued commit can be viewed at:
https://github.com/steevenlee/dpdk/commit/c660ad64aae2f2174d5160de227ec965b35c0eda

Thanks.

Xueming Li <xuemingl at nvidia.com>

---
>From c660ad64aae2f2174d5160de227ec965b35c0eda Mon Sep 17 00:00:00 2001
From: Tudor Cornea <tudor.cornea at gmail.com>
Date: Thu, 5 Aug 2021 14:35:23 +0300
Subject: [PATCH] net/iavf: fix overflow in maximum packet length config
Cc: Xueming Li <xuemingl at nvidia.com>

[ upstream commit 7fe741821337f3cbeecac768b8ef3a16bf21c938 ]

The len variable, used in the computation of max_pkt_len could
overflow, if used to store the result of the following computation:

rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS

Since, we could define the mbuf size to have a large value (i.e 13312),
and IAVF_MAX_CHAINED_RX_BUFFERS is defined as 5, the computation
mentioned above could potentially result in a value which might be
bigger than MAX_USHORT.

The result will be that Jumbo Frames will not work properly

Fixes: 69dd4c3d0898 ("net/avf: enable queue and device")

Signed-off-by: Tudor Cornea <tudor.cornea at gmail.com>
Acked-by: Qi Zhang <qi.z.zhang at intel.com>
---
 drivers/net/iavf/iavf_ethdev.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/net/iavf/iavf_ethdev.c b/drivers/net/iavf/iavf_ethdev.c
index 9671c957d8..885b2a4bd0 100644
--- a/drivers/net/iavf/iavf_ethdev.c
+++ b/drivers/net/iavf/iavf_ethdev.c
@@ -408,13 +408,14 @@ iavf_init_rxq(struct rte_eth_dev *dev, struct iavf_rx_queue *rxq)
 {
 	struct iavf_hw *hw = IAVF_DEV_PRIVATE_TO_HW(dev->data->dev_private);
 	struct rte_eth_dev_data *dev_data = dev->data;
-	uint16_t buf_size, max_pkt_len, len;
+	uint16_t buf_size, max_pkt_len;
 
 	buf_size = rte_pktmbuf_data_room_size(rxq->mp) - RTE_PKTMBUF_HEADROOM;
 
 	/* Calculate the maximum packet length allowed */
-	len = rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS;
-	max_pkt_len = RTE_MIN(len, dev->data->dev_conf.rxmode.max_rx_pkt_len);
+	max_pkt_len = RTE_MIN((uint32_t)
+			rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS,
+			dev->data->dev_conf.rxmode.max_rx_pkt_len);
 
 	/* Check if the jumbo frame and maximum packet length are set
 	 * correctly.
-- 
2.33.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2021-11-10 14:17:03.234998975 +0800
+++ 0025-net-iavf-fix-overflow-in-maximum-packet-length-confi.patch	2021-11-10 14:17:01.764080297 +0800
@@ -1 +1 @@
-From 7fe741821337f3cbeecac768b8ef3a16bf21c938 Mon Sep 17 00:00:00 2001
+From c660ad64aae2f2174d5160de227ec965b35c0eda Mon Sep 17 00:00:00 2001
@@ -4,0 +5,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit 7fe741821337f3cbeecac768b8ef3a16bf21c938 ]
@@ -19 +21,0 @@
-Cc: stable at dpdk.org
@@ -28 +30 @@
-index 574cfe055e..dc5cbc22f5 100644
+index 9671c957d8..885b2a4bd0 100644
@@ -31 +33 @@
-@@ -574,13 +574,14 @@ iavf_init_rxq(struct rte_eth_dev *dev, struct iavf_rx_queue *rxq)
+@@ -408,13 +408,14 @@ iavf_init_rxq(struct rte_eth_dev *dev, struct iavf_rx_queue *rxq)