From: Tudor Cornea <tudor.cornea@gmail.com>
To: jingjing.wu@intel.com, beilei.xing@intel.com
Cc: qi.z.zhang@intel.com, dev@dpdk.org,
Tudor Cornea <tudor.cornea@gmail.com>
Subject: [dpdk-dev] [PATCH] net/iavf: fix overflow in maximum packet length config
Date: Thu, 5 Aug 2021 14:35:23 +0300 [thread overview]
Message-ID: <1628163323-87134-1-git-send-email-tudor.cornea@gmail.com> (raw)
The len variable, used in the computation of max_pkt_len could
overflow, if used to store the result of the following computation:
rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS
Since, we could define the mbuf size to have a large value (i.e 13312),
and IAVF_MAX_CHAINED_RX_BUFFERS is defined as 5, the computation mentioned
above could potentially result in a value which might be bigger than MAX_USHORT.
The result will be that Jumbo Frames will not work properly
A similar fix was submitted for the ice driver
Signed-off-by: Tudor Cornea <tudor.cornea@gmail.com>
---
drivers/net/iavf/iavf_ethdev.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/net/iavf/iavf_ethdev.c b/drivers/net/iavf/iavf_ethdev.c
index 574cfe0..dc5cbc2 100644
--- a/drivers/net/iavf/iavf_ethdev.c
+++ b/drivers/net/iavf/iavf_ethdev.c
@@ -574,13 +574,14 @@ iavf_init_rxq(struct rte_eth_dev *dev, struct iavf_rx_queue *rxq)
{
struct iavf_hw *hw = IAVF_DEV_PRIVATE_TO_HW(dev->data->dev_private);
struct rte_eth_dev_data *dev_data = dev->data;
- uint16_t buf_size, max_pkt_len, len;
+ uint16_t buf_size, max_pkt_len;
buf_size = rte_pktmbuf_data_room_size(rxq->mp) - RTE_PKTMBUF_HEADROOM;
/* Calculate the maximum packet length allowed */
- len = rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS;
- max_pkt_len = RTE_MIN(len, dev->data->dev_conf.rxmode.max_rx_pkt_len);
+ max_pkt_len = RTE_MIN((uint32_t)
+ rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS,
+ dev->data->dev_conf.rxmode.max_rx_pkt_len);
/* Check if the jumbo frame and maximum packet length are set
* correctly.
--
2.7.4
next reply other threads:[~2021-08-06 13:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-05 11:35 Tudor Cornea [this message]
2021-08-30 1:04 ` [dpdk-dev] [PATCH] net/iavf: fix overflow in maximum packet length config Zhang, Qi Z
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1628163323-87134-1-git-send-email-tudor.cornea@gmail.com \
--to=tudor.cornea@gmail.com \
--cc=beilei.xing@intel.com \
--cc=dev@dpdk.org \
--cc=jingjing.wu@intel.com \
--cc=qi.z.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.