[v2,2/2] net/ice: check illegal packets
Checks
Commit Message
If the length of data_len in mbuf is less than 17 or
greater than the maximum frame size, it is illegal.
These illegal packets will lead to TX/RX hang and
can't recover automatically.
This patch check those illegal packets and protect
TX/RX from hanging.
Fixes: 17c7d0f9d6a4 ("net/ice: support basic Rx/Tx")
Signed-off-by: Kevin Liu <kevinx.liu@intel.com>
---
drivers/net/ice/ice_rxtx.c | 11 +++++++++++
drivers/net/ice/ice_rxtx.h | 2 ++
2 files changed, 13 insertions(+)
@@ -3442,6 +3442,9 @@ ice_prep_pkts(__rte_unused void *tx_queue, struct rte_mbuf **tx_pkts,
int i, ret;
uint64_t ol_flags;
struct rte_mbuf *m;
+ struct ice_tx_queue *txq = tx_queue;
+ struct rte_eth_dev *dev = &rte_eth_devices[txq->port_id];
+ uint16_t max_frame_size = dev->data->mtu + ICE_ETH_OVERHEAD;
for (i = 0; i < nb_pkts; i++) {
m = tx_pkts[i];
@@ -3458,6 +3461,14 @@ ice_prep_pkts(__rte_unused void *tx_queue, struct rte_mbuf **tx_pkts,
return i;
}
+ /* check the data_len in mbuf */
+ if (m->data_len < ICE_TX_MIN_PKT_LEN ||
+ m->data_len > max_frame_size) {
+ rte_errno = EINVAL;
+ PMD_DRV_LOG(ERR, "INVALID mbuf: bad data_len=[%hu]", m->data_len);
+ return i;
+ }
+
#ifdef RTE_ETHDEV_DEBUG_TX
ret = rte_validate_tx_offload(m);
if (ret != 0) {
@@ -40,6 +40,8 @@
#define ICE_RXDID_COMMS_OVS 22
+#define ICE_TX_MIN_PKT_LEN 17
+
extern uint64_t ice_timestamp_dynflag;
extern int ice_timestamp_dynfield_offset;