From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7F25EA0584; Wed, 19 Oct 2022 14:57:25 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2AD07427F3; Wed, 19 Oct 2022 14:57:25 +0200 (CEST) Received: from inbox.dpdk.org (inbox.dpdk.org [95.142.172.178]) by mails.dpdk.org (Postfix) with ESMTP id 44041410D1 for ; Wed, 19 Oct 2022 14:57:24 +0200 (CEST) Received: by inbox.dpdk.org (Postfix, from userid 33) id 2132BA0585; Wed, 19 Oct 2022 14:57:24 +0200 (CEST) From: bugzilla@dpdk.org To: dev@dpdk.org Subject: [Bug 1111] i40e: buffer size fields may overflow in Rx descriptors Date: Wed, 19 Oct 2022 12:57:23 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: DPDK X-Bugzilla-Component: ethdev X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: ivan.malov@oktetlabs.ru X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: dev@dpdk.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://bugs.dpdk.org/ Auto-Submitted: auto-generated X-Auto-Response-Suppress: All MIME-Version: 1.0 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org https://bugs.dpdk.org/show_bug.cgi?id=3D1111 Bug ID: 1111 Summary: i40e: buffer size fields may overflow in Rx descriptors Product: DPDK Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: Normal Component: ethdev Assignee: dev@dpdk.org Reporter: ivan.malov@oktetlabs.ru Target Milestone: --- Created attachment 226 --> https://bugs.dpdk.org/attachment.cgi?id=3D226&action=3Dedit probable-fix It appears that opensource ethdev tests [1] have detected a bug in i40e PMD: by the looks of it, Rx descriptor fill-out is not robust against overflow in data buffer size field, which happens when the user provides a mempool with excessively large objects on Rx setup. A test log example can be found at [2]. In it, a mempool with mbuf data size of 32900 B is used. The test sends one packet to the NIC, but the PMD sees 5 packets which have no payload. Manual debugging indicates that, in the driver, round-up gives the value of 32768 B, which then gives the value of 256 to use in 7-bit "dbuff" field of an Rx descriptor ([3]). The value overflows, hence the test result. A probable fix is attached to the ticket. [1] http://mails.dpdk.org/archives/dev/2022-October/251663.html [2] https://ts-factory.io/bublik/v2/log/123183?focusId=3D123879&mode=3Dtree= Andlog [3] https://github.com/DPDK/dpdk/blob/main/drivers/net/i40e/base/i40e_lan_hmc.c= #L709 --=20 You are receiving this mail because: You are the assignee for the bug.=