From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 1B45AA00BE
	for <public@inbox.dpdk.org>; Fri, 22 Apr 2022 12:27:26 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 10C47410F5;
	Fri, 22 Apr 2022 12:27:26 +0200 (CEST)
Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com
 [209.85.214.174])
 by mails.dpdk.org (Postfix) with ESMTP id 5DBD340042;
 Fri, 22 Apr 2022 12:27:24 +0200 (CEST)
Received: by mail-pl1-f174.google.com with SMTP id c12so9902077plr.6;
 Fri, 22 Apr 2022 03:27:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=Wul3Kwf7QAYBoN8/nFbF6Tj90hQ99OQ2BYkkjugT7vo=;
 b=C2ojy06HjOQKv0lbAHYMFvVjm3K+SmPddGmZtZ8VNuxgK+KXFf86y3Etiqv0km+mE9
 o4bfOwepS2MpStzNuW/pOs5pZjhyb7/3FtYDNTzrdXe1zM/PqFsq4Q8vvPOLY4ODAnHB
 WRBJ4NgoqaFHknjwIbfuzuYBDNSVlEUdX+2hZgXEn8Dz0RanEREEftZu7YdUiSLoWpio
 w2sycqr5IGj8s/U65wg8MT9Amju8ERi6ejO4MtF87MBzTMXZMedyldlIhBcP96VcMPP+
 zVTa6ZEfXEKuT7ypGWjrVxrDmKLpizc/EYNNrSaKLFTZrqxI00CMygeKBKAC4XLH+M7F
 LUUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=Wul3Kwf7QAYBoN8/nFbF6Tj90hQ99OQ2BYkkjugT7vo=;
 b=61A+YqzTS7NjWsaFHPUIZeIJidD7BIlmk7niq3KuW+VfD4rTgUqzj+afQQfNYpVY2t
 qzsiAntFbrS582Ecq3yk9iVtTXoiV2fQssmcj9y3wY4kjmzHibr+fY8dFbhPPsCV0efx
 UCR2VI4YbRKQImvwLbjp2H3txhjaB9XpTaI26clcCtsU8TM3KphxWGAIyDXXNwbvsR9d
 fYUmYe2nzWgTal1FmjIZId9xuYt/7K1TK18rILexpbQiO4KkBwOx8wFsSmq7cX1xJqFn
 GJBRF7unnJWIhtgpTsE4eqGXqW+TrOABANyboK9ziHVlAKepa69vaB0yNpNFvZXMvfDz
 1M1Q==
X-Gm-Message-State: AOAM530zYoeSurQGED8u+siQ+KgXu1WEgZNeth1FO3BrwgnIYVE7nqWk
 7xk1JJjhwDk6f8BpA3d+kIM=
X-Google-Smtp-Source: ABdhPJzpQq9938AfHeVInDcwZkuoq917FSw9LMK5ENTkVW7vCNy/MVd2oh6vLa1muFJvsckb0Nybag==
X-Received: by 2002:a17:903:234c:b0:159:252:68c1 with SMTP id
 c12-20020a170903234c00b00159025268c1mr3789672plh.170.1650623243429; 
 Fri, 22 Apr 2022 03:27:23 -0700 (PDT)
Received: from kparameshwa-a02.vmware.com.com ([49.206.14.100])
 by smtp.gmail.com with ESMTPSA id
 k11-20020a056a00168b00b004f7e1555538sm2231176pfc.190.2022.04.22.03.27.21
 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);
 Fri, 22 Apr 2022 03:27:22 -0700 (PDT)
From: Kumara Parameshwaran <kumaraparamesh92@gmail.com>
X-Google-Original-From: Kumara Parameshwaran <kparameshwar@vmware.com>
To: jiayu.hu@intel.com
Cc: dev@dpdk.org, Kumara Parameshwaran <kumaraparamesh92@gmail.com>,
 stable@dpdk.org, Kumara Parameshwaran <kparameshwar@vmware.com>
Subject: [PATCH v2] gro: bug fix in identifying 0 length tcp packets
Date: Fri, 22 Apr 2022 15:57:09 +0530
Message-Id: <20220422102709.82005-1-kparameshwar@vmware.com>
X-Mailer: git-send-email 2.32.0 (Apple Git-132)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

From: Kumara Parameshwaran <kumaraparamesh92@gmail.com>

As the minimum Ethernet frame size is 64 bytes, a 0 length
tcp payload without tcp options would be 54 bytes and hence
there would be padding. So it would be incorrect to use the
packet length to determine the tcp data length.

Fixes: 1e4cf4d6d4fb ("gro: cleanup")
Cc: stable@dpdk.org

Signed-off-by: Kumara Parameshwaran <kparameshwar@vmware.com>
---
v1:
	Do not use packet length to determine the tcp data length as 
	the packet length could have padded bytes. This would lead 
	to addition of 0 length tcp packets into the GRO layer when 
	there ethernet fram is padded.
v2:
	Since using ip packet length to determine the tcp data length, 
	validate the ip packet length

 lib/gro/gro_tcp4.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/gro/gro_tcp4.c b/lib/gro/gro_tcp4.c
index 7498c66..30f5922 100644
--- a/lib/gro/gro_tcp4.c
+++ b/lib/gro/gro_tcp4.c
@@ -198,7 +198,8 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
 	struct rte_tcp_hdr *tcp_hdr;
 	uint32_t sent_seq;
 	int32_t tcp_dl;
-	uint16_t ip_id, hdr_len, frag_off;
+	uint16_t ip_id, frag_off;
+	uint16_t ip_len;
 	uint8_t is_atomic;
 
 	struct tcp4_flow_key key;
@@ -217,7 +218,6 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
 	eth_hdr = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *);
 	ipv4_hdr = (struct rte_ipv4_hdr *)((char *)eth_hdr + pkt->l2_len);
 	tcp_hdr = (struct rte_tcp_hdr *)((char *)ipv4_hdr + pkt->l3_len);
-	hdr_len = pkt->l2_len + pkt->l3_len + pkt->l4_len;
 
 	/*
 	 * Don't process the packet which has FIN, SYN, RST, PSH, URG, ECE
@@ -229,8 +229,9 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
 	 * Don't process the packet whose payload length is less than or
 	 * equal to 0.
 	 */
-	tcp_dl = pkt->pkt_len - hdr_len;
-	if (tcp_dl <= 0)
+	ip_len = rte_be_to_cpu_16(ipv4_hdr->total_length);
+	tcp_dl = ip_len - (pkt->l3_len + pkt->l4_len);
+	if (tcp_dl <= 0 || ip_len > pkt->pkt_len)
 		return -1;
 
 	/*
-- 
2.7.4