The len variable, used in the computation of max_pkt_len could
overflow, if used to store the result of the following computation:
rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS
Since, we could define the mbuf size to have a large value (i.e 13312),
and IAVF_MAX_CHAINED_RX_BUFFERS is defined as 5, the computation mentioned
above could potentially result in a value which might be bigger than MAX_USHORT.
The result will be that Jumbo Frames will not work properly
A similar fix was submitted for the ice driver
Signed-off-by: Tudor Cornea <tudor.cor...@gmail.com>
---
drivers/net/iavf/iavf_ethdev.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/net/iavf/iavf_ethdev.c b/drivers/net/iavf/iavf_ethdev.c
index 574cfe0..dc5cbc2 100644
--- a/drivers/net/iavf/iavf_ethdev.c
+++ b/drivers/net/iavf/iavf_ethdev.c
@@ -574,13 +574,14 @@ iavf_init_rxq(struct rte_eth_dev *dev, struct
iavf_rx_queue *rxq)
{
struct iavf_hw *hw = IAVF_DEV_PRIVATE_TO_HW(dev->data->dev_private);
struct rte_eth_dev_data *dev_data = dev->data;
- uint16_t buf_size, max_pkt_len, len;
+ uint16_t buf_size, max_pkt_len;
buf_size = rte_pktmbuf_data_room_size(rxq->mp) - RTE_PKTMBUF_HEADROOM;
/* Calculate the maximum packet length allowed */
- len = rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS;
- max_pkt_len = RTE_MIN(len, dev->data->dev_conf.rxmode.max_rx_pkt_len);
+ max_pkt_len = RTE_MIN((uint32_t)
+ rxq->rx_buf_len * IAVF_MAX_CHAINED_RX_BUFFERS,
+ dev->data->dev_conf.rxmode.max_rx_pkt_len);
/* Check if the jumbo frame and maximum packet length are set
* correctly.
--
2.7.4
