patch 'net/iavf: fix overflow in maximum packet length config' has been queued to stable release 19.11.11

[christian.ehrhardt at canonical.com]

Hi,

FYI, your patch has been queued to stable release 19.11.11

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before December 10th 2021. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/cpaelzer/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/cpaelzer/dpdk-stable-queue/commit/01b2a53e25b9eb73cc86492681c232f81dcedd49

Thanks.

Christian Ehrhardt <christian.ehrhardt at canonical.com>

---
>From 01b2a53e25b9eb73cc86492681c232f81dcedd49 Mon Sep 17 00:00:00 2001
From: Tudor Cornea <tudor.cornea at gmail.com>
Date: Thu, 5 Aug 2021 14:35:23 +0300
Subject: [PATCH] net/iavf: fix overflow in maximum packet length config

[ upstream commit 7fe741821337f3cbeecac768b8ef3a16bf21c938 ]

The len variable, used in the computation of max_pkt_len could
overflow, if used to store the result of the following computation:

rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS

Since, we could define the mbuf size to have a large value (i.e 13312),
and IAVF_MAX_CHAINED_RX_BUFFERS is defined as 5, the computation
mentioned above could potentially result in a value which might be
bigger than MAX_USHORT.

The result will be that Jumbo Frames will not work properly

Fixes: 69dd4c3d0898 ("net/avf: enable queue and device")

Signed-off-by: Tudor Cornea <tudor.cornea at gmail.com>
Acked-by: Qi Zhang <qi.z.zhang at intel.com>
---
 drivers/net/iavf/iavf_ethdev.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/net/iavf/iavf_ethdev.c b/drivers/net/iavf/iavf_ethdev.c
index 7d4b6b915c..583a8be760 100644
--- a/drivers/net/iavf/iavf_ethdev.c
+++ b/drivers/net/iavf/iavf_ethdev.c
@@ -263,13 +263,14 @@ iavf_init_rxq(struct rte_eth_dev *dev, struct iavf_rx_queue *rxq)
 {
 	struct iavf_hw *hw = IAVF_DEV_PRIVATE_TO_HW(dev->data->dev_private);
 	struct rte_eth_dev_data *dev_data = dev->data;
-	uint16_t buf_size, max_pkt_len, len;
+	uint16_t buf_size, max_pkt_len;
 
 	buf_size = rte_pktmbuf_data_room_size(rxq->mp) - RTE_PKTMBUF_HEADROOM;
 
 	/* Calculate the maximum packet length allowed */
-	len = rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS;
-	max_pkt_len = RTE_MIN(len, dev->data->dev_conf.rxmode.max_rx_pkt_len);
+	max_pkt_len = RTE_MIN((uint32_t)
+			rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS,
+			dev->data->dev_conf.rxmode.max_rx_pkt_len);
 
 	/* Check if the jumbo frame and maximum packet length are set
 	 * correctly.
-- 
2.34.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2021-11-30 16:50:07.017293357 +0100
+++ 0015-net-iavf-fix-overflow-in-maximum-packet-length-confi.patch	2021-11-30 16:50:05.530871622 +0100
@@ -1 +1 @@
-From 7fe741821337f3cbeecac768b8ef3a16bf21c938 Mon Sep 17 00:00:00 2001
+From 01b2a53e25b9eb73cc86492681c232f81dcedd49 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 7fe741821337f3cbeecac768b8ef3a16bf21c938 ]
+
@@ -19 +20,0 @@
-Cc: stable at dpdk.org
@@ -28 +29 @@
-index 574cfe055e..dc5cbc22f5 100644
+index 7d4b6b915c..583a8be760 100644
@@ -31 +32 @@
-@@ -574,13 +574,14 @@ iavf_init_rxq(struct rte_eth_dev *dev, struct iavf_rx_queue *rxq)
+@@ -263,13 +263,14 @@ iavf_init_rxq(struct rte_eth_dev *dev, struct iavf_rx_queue *rxq)