From: Stephen Hemminger <shemm...@brocade.com> It is possible that some rogue application might pass a segment larger than 16K to the vmxnet3 transmit routine. In which case just drop it and increment counter.
Signed-off-by: Stephen Hemminger <stephen at networkplumber.org> --- lib/librte_pmd_vmxnet3/vmxnet3_ring.h | 1 + lib/librte_pmd_vmxnet3/vmxnet3_rxtx.c | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/lib/librte_pmd_vmxnet3/vmxnet3_ring.h b/lib/librte_pmd_vmxnet3/vmxnet3_ring.h index 55ceadf..5cdcb23 100644 --- a/lib/librte_pmd_vmxnet3/vmxnet3_ring.h +++ b/lib/librte_pmd_vmxnet3/vmxnet3_ring.h @@ -126,6 +126,7 @@ struct vmxnet3_txq_stats { * different reasons */ uint64_t drop_too_many_segs; + uint64_t drop_too_big; uint64_t drop_tso; uint64_t tx_ring_full; }; diff --git a/lib/librte_pmd_vmxnet3/vmxnet3_rxtx.c b/lib/librte_pmd_vmxnet3/vmxnet3_rxtx.c index 3bd13ef..f6c3452 100644 --- a/lib/librte_pmd_vmxnet3/vmxnet3_rxtx.c +++ b/lib/librte_pmd_vmxnet3/vmxnet3_rxtx.c @@ -327,6 +327,17 @@ vmxnet3_tq_tx_complete(vmxnet3_tx_queue_t *txq) PMD_TX_LOG(DEBUG, "Processed %d tx comps & command descs.", completed); } +static inline int +vmxnet3_seg_too_big(const struct rte_mbuf *m) +{ + do { + if (m->data_len > VMXNET3_MAX_TX_BUF_SIZE) + return 1; + } while ((m = m->next) != NULL); + + return 0; +} + uint16_t vmxnet3_xmit_pkts(void *tx_queue, struct rte_mbuf **tx_pkts, uint16_t nb_pkts) @@ -353,6 +364,13 @@ vmxnet3_xmit_pkts(void *tx_queue, struct rte_mbuf **tx_pkts, /* Is this packet execessively fragmented, then drop */ if (unlikely(txm->nb_segs > VMXNET3_MAX_TXD_PER_PKT)) { ++txq->stats.drop_too_many_segs; + goto drop; + } + + /* Check for case of monster segment */ + if (unlikely(vmxnet3_seg_too_big(txm))) { + ++txq->stats.drop_too_big; + drop: ++txq->stats.drop_total; rte_pktmbuf_free(txm); ++nb_tx; -- 2.1.4