On Tue, Jun 09, 2026 at 02:03:17PM +0000, Ciara Loftus wrote:
> Currently, only the segment count is checked for non-TSO packets. There
> is no upper bound placed on the packet length, so packets larger than
> `IAVF_FRAME_SIZE_MAX` pass the prepare callback unchallenged and are
> submitted to the hardware. Sending such frames can trigger Malicious
> Driver Detection (MDD) on the PF. Fix this by adding a packet length
> size check on the non-TSO path.
>
> Fixes: 19ee91c6bd9a ("net/iavf: check illegal packet sizes")
> Cc: [email protected]
>
> Signed-off-by: Ciara Loftus <[email protected]>
> ---
Acked-by: Bruce Richardson <[email protected]>
Applied to dpdk-next-net-intel.
Thanks,
/Bruce
