From 7fe741821337f3cbeecac768b8ef3a16bf21c938 Mon Sep 17 00:00:00 2001 From: Tudor Cornea Date: Thu, 5 Aug 2021 14:35:23 +0300 Subject: [PATCH] net/iavf: fix overflow in maximum packet length config The len variable, used in the computation of max_pkt_len could overflow, if used to store the result of the following computation: rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS Since, we could define the mbuf size to have a large value (i.e 13312), and IAVF_MAX_CHAINED_RX_BUFFERS is defined as 5, the computation mentioned above could potentially result in a value which might be bigger than MAX_USHORT. The result will be that Jumbo Frames will not work properly Fixes: 69dd4c3d0898 ("net/avf: enable queue and device") Cc: stable@dpdk.org Signed-off-by: Tudor Cornea Acked-by: Qi Zhang --- drivers/net/iavf/iavf_ethdev.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/net/iavf/iavf_ethdev.c b/drivers/net/iavf/iavf_ethdev.c index 574cfe055e..dc5cbc22f5 100644 --- a/drivers/net/iavf/iavf_ethdev.c +++ b/drivers/net/iavf/iavf_ethdev.c @@ -574,13 +574,14 @@ iavf_init_rxq(struct rte_eth_dev *dev, struct iavf_rx_queue *rxq) { struct iavf_hw *hw = IAVF_DEV_PRIVATE_TO_HW(dev->data->dev_private); struct rte_eth_dev_data *dev_data = dev->data; - uint16_t buf_size, max_pkt_len, len; + uint16_t buf_size, max_pkt_len; buf_size = rte_pktmbuf_data_room_size(rxq->mp) - RTE_PKTMBUF_HEADROOM; /* Calculate the maximum packet length allowed */ - len = rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS; - max_pkt_len = RTE_MIN(len, dev->data->dev_conf.rxmode.max_rx_pkt_len); + max_pkt_len = RTE_MIN((uint32_t) + rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS, + dev->data->dev_conf.rxmode.max_rx_pkt_len); /* Check if the jumbo frame and maximum packet length are set * correctly. -- 2.39.5