diff mbox series

net/iavf: fix overflow in maximum packet length config

Message ID 1628163323-87134-1-git-send-email-tudor.cornea@gmail.com (mailing list archive)
State Accepted, archived
Delegated to: Qi Zhang
Headers
Series net/iavf: fix overflow in maximum packet length config |

Checks

Context Check Description
ci/checkpatch warning coding style issues
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-broadcom-Functional success Functional Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-aarch64-unit-testing success Testing PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-abi-testing success Testing PASS
ci/iol-aarch64-compile-testing success Testing PASS
ci/iol-x86_64-compile-testing success Testing PASS
ci/iol-x86_64-unit-testing success Testing PASS
ci/Intel-compilation success Compilation OK
ci/intel-Testing success Testing PASS

Commit Message

Tudor Cornea Aug. 5, 2021, 11:35 a.m. UTC 
  The len variable, used in the computation of max_pkt_len could
overflow, if used to store the result of the following computation:

rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS

Since, we could define the mbuf size to have a large value (i.e 13312),
and IAVF_MAX_CHAINED_RX_BUFFERS is defined as 5, the computation mentioned
above could potentially result in a value which might be bigger than MAX_USHORT.

The result will be that Jumbo Frames will not work properly

A similar fix was submitted for the ice driver

Signed-off-by: Tudor Cornea <tudor.cornea@gmail.com>
---
 drivers/net/iavf/iavf_ethdev.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

Comments

Qi Zhang Aug. 30, 2021, 1:04 a.m. UTC | #1 
> -----Original Message-----
> From: Tudor Cornea <tudor.cornea@gmail.com>
> Sent: Thursday, August 5, 2021 7:35 PM
> To: Wu, Jingjing <jingjing.wu@intel.com>; Xing, Beilei <beilei.xing@intel.com>
> Cc: Zhang, Qi Z <qi.z.zhang@intel.com>; dev@dpdk.org; Tudor Cornea
> <tudor.cornea@gmail.com>
> Subject: [PATCH] net/iavf: fix overflow in maximum packet length config
> 
> The len variable, used in the computation of max_pkt_len could overflow, if
> used to store the result of the following computation:
> 
> rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS
> 
> Since, we could define the mbuf size to have a large value (i.e 13312), and
> IAVF_MAX_CHAINED_RX_BUFFERS is defined as 5, the computation mentioned
> above could potentially result in a value which might be bigger than
> MAX_USHORT.
> 
> The result will be that Jumbo Frames will not work properly
> 
> A similar fix was submitted for the ice driver

Fixes: 69dd4c3d0898 ("net/avf: enable queue and device")
Cc: stable@dpdk.org

> 
> Signed-off-by: Tudor Cornea <tudor.cornea@gmail.com>

Acked-by: Qi Zhang <qi.z.zhang@intel.com>

Applied to dpdk-next-net-intel.

Thanks
Qi
diff mbox series

Patch

diff --git a/drivers/net/iavf/iavf_ethdev.c b/drivers/net/iavf/iavf_ethdev.c
index 574cfe0..dc5cbc2 100644
--- a/drivers/net/iavf/iavf_ethdev.c
+++ b/drivers/net/iavf/iavf_ethdev.c
@@ -574,13 +574,14 @@  iavf_init_rxq(struct rte_eth_dev *dev, struct iavf_rx_queue *rxq)
 {
 	struct iavf_hw *hw = IAVF_DEV_PRIVATE_TO_HW(dev->data->dev_private);
 	struct rte_eth_dev_data *dev_data = dev->data;
-	uint16_t buf_size, max_pkt_len, len;
+	uint16_t buf_size, max_pkt_len;
 
 	buf_size = rte_pktmbuf_data_room_size(rxq->mp) - RTE_PKTMBUF_HEADROOM;
 
 	/* Calculate the maximum packet length allowed */
-	len = rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS;
-	max_pkt_len = RTE_MIN(len, dev->data->dev_conf.rxmode.max_rx_pkt_len);
+	max_pkt_len = RTE_MIN((uint32_t)
+			rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS,
+			dev->data->dev_conf.rxmode.max_rx_pkt_len);
 
 	/* Check if the jumbo frame and maximum packet length are set
 	 * correctly.