The hardware assumes that a mismatch between the reported packet length
and the total amount of data in the descriptors is caused by a malicious
driver, leading the hardware to disable transmission altogether. To
avoid such a scenario, use rte_mbuf_check to validate that the mbuf is
correctly formed before processing.
Fixes: 4022f9999f56 ("net/gve: support basic Tx data path for DQO")
Cc: junfeng....@intel.com
Cc: sta...@dpdk.org
Signed-off-by: Joshua Washington <joshw...@google.com>
Reviewed-by: Ankit Garg <nkt...@google.com>
---
drivers/net/gve/gve_tx_dqo.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/net/gve/gve_tx_dqo.c b/drivers/net/gve/gve_tx_dqo.c
index b2e5aae634..7e03e75b20 100644
--- a/drivers/net/gve/gve_tx_dqo.c
+++ b/drivers/net/gve/gve_tx_dqo.c
@@ -113,13 +113,14 @@ gve_tx_burst_dqo(void *tx_queue, struct rte_mbuf
**tx_pkts, uint16_t nb_pkts)
struct rte_mbuf **sw_ring;
struct rte_mbuf *tx_pkt;
uint16_t mask, sw_mask;
+ uint16_t first_sw_id;
+ const char *reason;
uint16_t nb_tx = 0;
uint64_t ol_flags;
uint16_t nb_descs;
uint16_t tx_id;
uint16_t sw_id;
uint64_t bytes;
- uint16_t first_sw_id;
uint8_t tso;
uint8_t csum;
@@ -139,6 +140,12 @@ gve_tx_burst_dqo(void *tx_queue, struct rte_mbuf
**tx_pkts, uint16_t nb_pkts)
gve_tx_clean_descs_dqo(txq, DQO_TX_MULTIPLIER *
txq->rs_thresh);
+
+ if (rte_mbuf_check(tx_pkt, true, &reason)) {
+ PMD_DRV_LOG(DEBUG, "Invalid mbuf: %s", reason);
+ break;
+ }
+
ol_flags = tx_pkt->ol_flags;
first_sw_id = sw_id;
--
2.50.0.727.gbf7dc18ff4-goog
