From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 10D7DA0575
	for <public@inbox.dpdk.org>; Thu, 11 Mar 2021 11:38:38 +0100 (CET)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 0130C22A2B7;
	Thu, 11 Mar 2021 11:38:38 +0100 (CET)
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by mails.dpdk.org (Postfix) with ESMTP id 81B224003D;
 Thu, 11 Mar 2021 11:38:35 +0100 (CET)
IronPort-SDR: qlJdJ3XTBZDR3bh6WtlNsEwHULtZWovIjqFd9cV+NUnaN0kwCw+b+45pjuVBynPs7cbl1m15G5
 Ww/cALl5shHw==
X-IronPort-AV: E=McAfee;i="6000,8403,9919"; a="167921703"
X-IronPort-AV: E=Sophos;i="5.81,240,1610438400"; d="scan'208";a="167921703"
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
 by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 11 Mar 2021 02:38:34 -0800
IronPort-SDR: 48ps6lxn3b1tGC1CC5lC7ATqjk3RsYK2Y0rT2afjbT3LMtBfC/jnMqD6qChSnjUPoDWg+OxYvI
 Fi7DewLF2iDg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.81,240,1610438400"; d="scan'208";a="438665706"
Received: from orsmsx605.amr.corp.intel.com ([10.22.229.18])
 by FMSMGA003.fm.intel.com with ESMTP; 11 Mar 2021 02:38:33 -0800
Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by
 ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2106.2; Thu, 11 Mar 2021 02:38:33 -0800
Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by
 ORSMSX607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2106.2; Thu, 11 Mar 2021 02:38:32 -0800
Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by
 orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2
 via Frontend Transport; Thu, 11 Mar 2021 02:38:32 -0800
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.100)
 by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2106.2; Thu, 11 Mar 2021 02:38:31 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=cUU/4/HbPvOQwVPPZyTIbjL1/Pz9sfO6T1fx62oSKdCqV3G9N5Gk6BT5Bh7UmqY4mO2Z4Vu8BQGj6osrpVFRXRCOLW0IoGC4UaO4hJayNCARp4Y3LQ7IMsRKcwCfgELWuiqfpqaK/XAKnYwgCnBctIeJbZG0dTiKWlb1JdcjROcu0Hq6eEPJUeodLutOWwxSRgT2COM7rtLLpEHOp/DoqOhkTYJFSjzbwxwNyJ357uanCX4j9w+ErCqZz4YRP9+W0sjy+rMJShJ7iVwEnHFCCIDj/orzo/4f9Lqu4geW/67+SGjDGITeoymJf/T1a1GPQjM4+mFQV26A1bVyVCycuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=j1+hjl/PvIsO0bqkdoEawYEuZpl8VfAmUqsIjNoIlHU=;
 b=FR+MLtsHNWQPOEas2o6sGY2ETEftyhFtzN487Mbe1qAolS9NLKq13j17GshuKa5ByVIpPF1LmZXC727f1CxUFFqonoY+go7/0/ssGf9UBi7lhcWGrP46sMSOAkS2fNOHRUc47M0AyWtz8pdN9FZ4M15reEWBkBzq02rHITv1ipw3DyVVh+JS51L/s9Y/n/t2sAJdJzz5X/NWEdsDd2UYMDo0iAaogkyDpheNNCdIcTQsFLGMntcN3RAYNDHKqHzsd4mTXhJ1m8INFoT54+i0PEBlW8rb8uzuEqB3mJ5GsrC8wGEAHiKdEc2bz8pFAu0QOFHjq5Qcl/TTJDf6Q/MICg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; 
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=j1+hjl/PvIsO0bqkdoEawYEuZpl8VfAmUqsIjNoIlHU=;
 b=xTEeMkww0kL0yRCjsUyV1G9Wo0TWlklbnop8KPyrymd7p0uphLCiYbaYoC6lMZic3QIQCRFmrP4S+y2+ZwBXwz1BH4RZDF9l/AB81KKXMy0q5wgBZ0b3DeQyRo4mCGSx/uL7lsnXcR3RBqs7OjFD9q28qwhqYm+MTra6Q5g88qM=
Received: from DM6PR11MB4491.namprd11.prod.outlook.com (2603:10b6:5:204::19)
 by DM6PR11MB4547.namprd11.prod.outlook.com (2603:10b6:5:2a1::19) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.28; Thu, 11 Mar
 2021 10:38:26 +0000
Received: from DM6PR11MB4491.namprd11.prod.outlook.com
 ([fe80::3182:6da2:8c64:f07a]) by DM6PR11MB4491.namprd11.prod.outlook.com
 ([fe80::3182:6da2:8c64:f07a%3]) with mapi id 15.20.3890.039; Thu, 11 Mar 2021
 10:38:26 +0000
From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: "Wang, Xiao W" <xiao.w.wang@intel.com>, "Xia, Chenbo"
 <chenbo.xia@intel.com>, "maxime.coquelin@redhat.com"
 <maxime.coquelin@redhat.com>
CC: "Liu, Yong" <yong.liu@intel.com>, "dev@dpdk.org" <dev@dpdk.org>, "Wang,
 Xiao W" <xiao.w.wang@intel.com>, "stable@dpdk.org" <stable@dpdk.org>
Thread-Topic: [dpdk-dev] [PATCH] vhost: add header check in dequeue offload
Thread-Index: AQHXFkPx0DvhwzzuJEWAVNJfJ4f3oKp+lcaQ
Date: Thu, 11 Mar 2021 10:38:26 +0000
Message-ID: <DM6PR11MB449184C89B13FDB1921B7E9C9A909@DM6PR11MB4491.namprd11.prod.outlook.com>
References: <20210311063827.55394-1-xiao.w.wang@intel.com>
In-Reply-To: <20210311063827.55394-1-xiao.w.wang@intel.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-reaction: no-action
dlp-version: 11.5.1.3
authentication-results: intel.com; dkim=none (message not signed)
 header.d=none;intel.com; dmarc=none action=none header.from=intel.com;
x-originating-ip: [46.7.39.127]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a554b79c-e1cc-4add-0a5e-08d8e479cdc5
x-ms-traffictypediagnostic: DM6PR11MB4547:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM6PR11MB45470B0869A5D465598A15189A909@DM6PR11MB4547.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: vckhhy2GyPE6gVx8HAx3UWXoNW6BDIpe4k2TmuLMLgxCFuDNTaevXiL4jl0K8rJhWQKN6G3ioDY/d3Mqy/Jz11EEhUr4AuqmQpYKyefnHnR86dwFxUpuRagMFZ927Rixon7hpfox/g2/gpNQLUi9QbgCWpwHQWGIJL+UBk/nZ26itXo4b/0y/Ck8cOXVn/g4sNYSupTG+GjruA/7affeSQ7owxL3/TUdnNigbM6k+EBrQDyt2iINqI/uekWoZQxkXLzonALilxJWYEoXxWapg0/IXaxK+GE/MzSFkpsQG6ZLRLYwfBDbDgspO4vzziGklnvJ55tnypIOljbGM1ZUq7wH5qXbkHAIXZLYVoKuMKR0PCkRgvZnYOZqVMveDKQRErF0AKhim8n+m3a5n7MResPBo+FNKTasISWnyF9wprmv3+HYOnf3iXxOJ9Fwhu54qbaLCk02OQzkR02idz7LCvkg2rucevPt/tuMyx5Mz+VJao1AQYaQWCU1FlZluVzWzbp+8IcwlnF1caaL67ckBg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:DM6PR11MB4491.namprd11.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(136003)(396003)(376002)(39860400002)(346002)(366004)(66476007)(2906002)(55016002)(7696005)(478600001)(110136005)(33656002)(9686003)(86362001)(71200400001)(66556008)(316002)(26005)(66946007)(6506007)(64756008)(76116006)(66446008)(83380400001)(8936002)(8676002)(54906003)(186003)(4326008)(5660300002)(52536014);
 DIR:OUT; SFP:1102; 
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?nI6g6kGeCLhFH7E+zhEugXSkh7mLd+W1DFeTheOhomsp2l7xkyy0jE+5HF1Z?=
 =?us-ascii?Q?x7wDO3uueT+9UsKHzQNfVlfsckMJiYT/j/3hBBpeCIp5P88Vmt9uBZS89rfI?=
 =?us-ascii?Q?pF0ayiKQJzIaDcbIZOAmhLQa0w+Df+xnPoiF/++xFegQ0nMzqQp/wgLZaW+X?=
 =?us-ascii?Q?gnsJ7FAyNlZGXv0nT0OadJkge/OqPgUeUcIm/GnKkCSMWDQUk6GLZXNGbCbh?=
 =?us-ascii?Q?1M9H0xQLWnUSNEl+V/J2Oh46KQJ8vyPrHp7GBcFIvhn2Z9zZRB34FqFt0Erh?=
 =?us-ascii?Q?qqf0NADYAErHdEbqACUI3Vw8SC0LBWt9U3xXBVaovv3IjpxhaeRxnfehP6+S?=
 =?us-ascii?Q?bkD5cRfH35OIdfd1myqP9yMKa3By/cc/h6pllCGv8sdcoqkj6uc7Aml28Fp0?=
 =?us-ascii?Q?w4QiialTczIhNjKQrbkWJvRjEDXUNzKBCvZTFS3GjtehA9cn2wK7j4dok49P?=
 =?us-ascii?Q?qMilv7NzRkbcxHvcVk8IueGGGf1N7OG2Q+xALWbgLwT0RPBnmST7+/oBhBcE?=
 =?us-ascii?Q?hgHYC8z2BMxRM125BxKYC9MGsfgC2LVq8QPVObVU4EetVjkEZ7n0WeAylgyO?=
 =?us-ascii?Q?JViunuf8Dp7s7CooEfPsvkHzyVwzxSNuI/ZxCwu0KECxKkQ7dvEB0IugzYB4?=
 =?us-ascii?Q?ATS1u3Staq6YqoS0atWevJp/LnqsawEvDG2uDY3GHmXqV4GRSqgouqqvKHwG?=
 =?us-ascii?Q?aak94hfUVDd4qwwZ0t3VKG8VURObx6LV4GReClPY5WsCtrMAH5FRc/woTLBo?=
 =?us-ascii?Q?vk8vMRBbxizpoDcL9jM53ad+Xfymt5LgtmbsN87CqOWgsU0JbQfjOnt2sFCk?=
 =?us-ascii?Q?MyCT6wQGq4bB3RsX9zVzbWEJeAVNgUgiyfVFKKa/p6GmvkRjlOOajvoOmNKi?=
 =?us-ascii?Q?xdzmRz4ZUr5yFFupYCPdVSiTAE1Iv20JFoOwcFHmZvOCIOYs39Ix6jTYl8Zj?=
 =?us-ascii?Q?CpNY0nh/zgJ1v+wrbtkVD9vUzwKruRKwXNMAv9p9QtNQ50dXot6uAVwlEslo?=
 =?us-ascii?Q?9PWrJs6OYUJSAmJovn/XXS7E2q4Qqq4DKxM+bl2bvGbEvS1S+PqcU5hfAUKm?=
 =?us-ascii?Q?FoGMr3fotBl3w/fGNZyoshjY1bQr8Q+xkfL0dYb7PqgTKS9YEj6yIvmLiETF?=
 =?us-ascii?Q?bTU4g41Xz0RMsxFQhme+0TE3ckE4PjZI3sT9IwyEUZx1uEBuSLWrknPYx1hU?=
 =?us-ascii?Q?cBDkEcL/fWpAnKGGsALhKaN2a1t+8Xpg65YgwnkAwVw4JC0+8JtXFXyx1FpX?=
 =?us-ascii?Q?lF2lP9q3ttrDlqlgOCO1TeuTJSaLcRS1OmCXeC0PkOXA3zU7i8eyvreMk6LS?=
 =?us-ascii?Q?M30=3D?=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4491.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a554b79c-e1cc-4add-0a5e-08d8e479cdc5
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2021 10:38:26.5564 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: DcNGBENfnlNsX3hryF1gYpz5+1xi3Pl1qaLM9dk8k4qTOCtmIjqtVTARXwBqc+kiKQ+yzZYC1KJL7C3yuTEaLxl+0fPUdaiOIT21cMSUajs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4547
X-OriginatorOrg: intel.com
Subject: Re: [dpdk-stable] [dpdk-dev] [PATCH] vhost: add header check in
 dequeue offload
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org
Sender: "stable" <stable-bounces@dpdk.org>



>=20
> When parsing the virtio net header and packet header for dequeue offload,
> we need to perform sanity check on the packet header to ensure:
>   - No out-of-boundary memory access.
>   - The packet header and virtio_net header are valid and aligned.
>=20
> Fixes: d0cf91303d73 ("vhost: add Tx offload capabilities")
> Cc: stable@dpdk.org
>=20
> Signed-off-by: Xiao Wang <xiao.w.wang@intel.com>
> ---
>  lib/librte_vhost/virtio_net.c | 49 +++++++++++++++++++++++++++++++++++++=
------
>  1 file changed, 43 insertions(+), 6 deletions(-)
>=20
> diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.=
c
> index 583bf379c6..0fba0053a3 100644
> --- a/lib/librte_vhost/virtio_net.c
> +++ b/lib/librte_vhost/virtio_net.c
> @@ -1821,44 +1821,64 @@ virtio_net_with_host_offload(struct virtio_net *d=
ev)
>  	return false;
>  }
>=20
> -static void
> -parse_ethernet(struct rte_mbuf *m, uint16_t *l4_proto, void **l4_hdr)
> +static int
> +parse_ethernet(struct rte_mbuf *m, uint16_t *l4_proto, void **l4_hdr,
> +		uint16_t *len)
>  {
>  	struct rte_ipv4_hdr *ipv4_hdr;
>  	struct rte_ipv6_hdr *ipv6_hdr;
>  	void *l3_hdr =3D NULL;
>  	struct rte_ether_hdr *eth_hdr;
>  	uint16_t ethertype;
> +	uint16_t data_len =3D m->data_len;
>=20
>  	eth_hdr =3D rte_pktmbuf_mtod(m, struct rte_ether_hdr *);
>=20
> +	if (data_len <=3D sizeof(struct rte_ether_hdr))
> +		return -EINVAL;
> +
>  	m->l2_len =3D sizeof(struct rte_ether_hdr);
>  	ethertype =3D rte_be_to_cpu_16(eth_hdr->ether_type);
> +	data_len -=3D sizeof(struct rte_ether_hdr);
>=20
>  	if (ethertype =3D=3D RTE_ETHER_TYPE_VLAN) {
> +		if (data_len <=3D sizeof(struct rte_vlan_hdr))
> +			return -EINVAL;
> +
>  		struct rte_vlan_hdr *vlan_hdr =3D
>  			(struct rte_vlan_hdr *)(eth_hdr + 1);
>=20
>  		m->l2_len +=3D sizeof(struct rte_vlan_hdr);
>  		ethertype =3D rte_be_to_cpu_16(vlan_hdr->eth_proto);
> +		data_len -=3D sizeof(struct rte_vlan_hdr);
>  	}
>=20
>  	l3_hdr =3D (char *)eth_hdr + m->l2_len;
>=20
>  	switch (ethertype) {
>  	case RTE_ETHER_TYPE_IPV4:
> +		if (data_len <=3D sizeof(struct rte_ipv4_hdr))
> +			return -EINVAL;
>  		ipv4_hdr =3D l3_hdr;
>  		*l4_proto =3D ipv4_hdr->next_proto_id;
>  		m->l3_len =3D rte_ipv4_hdr_len(ipv4_hdr);
> +		if (data_len <=3D m->l3_len) {
> +			m->l3_len =3D 0;
> +			return -EINVAL;
> +		}
>  		*l4_hdr =3D (char *)l3_hdr + m->l3_len;
>  		m->ol_flags |=3D PKT_TX_IPV4;
> +		data_len -=3D m->l3_len;
>  		break;
>  	case RTE_ETHER_TYPE_IPV6:
> +		if (data_len <=3D sizeof(struct rte_ipv6_hdr))
> +			return -EINVAL;
>  		ipv6_hdr =3D l3_hdr;
>  		*l4_proto =3D ipv6_hdr->proto;
>  		m->l3_len =3D sizeof(struct rte_ipv6_hdr);
>  		*l4_hdr =3D (char *)l3_hdr + m->l3_len;
>  		m->ol_flags |=3D PKT_TX_IPV6;
> +		data_len -=3D m->l3_len;
>  		break;
>  	default:
>  		m->l3_len =3D 0;
> @@ -1866,6 +1886,9 @@ parse_ethernet(struct rte_mbuf *m, uint16_t *l4_pro=
to, void **l4_hdr)
>  		*l4_hdr =3D NULL;
>  		break;
>  	}
> +
> +	*len =3D data_len;
> +	return 0;
>  }
>=20
>  static __rte_always_inline void
> @@ -1874,24 +1897,30 @@ vhost_dequeue_offload(struct virtio_net_hdr *hdr,=
 struct rte_mbuf *m)
>  	uint16_t l4_proto =3D 0;
>  	void *l4_hdr =3D NULL;
>  	struct rte_tcp_hdr *tcp_hdr =3D NULL;
> +	uint16_t len =3D 0;
>=20
>  	if (hdr->flags =3D=3D 0 && hdr->gso_type =3D=3D VIRTIO_NET_HDR_GSO_NONE=
)
>  		return;
>=20
> -	parse_ethernet(m, &l4_proto, &l4_hdr);
> +	if (parse_ethernet(m, &l4_proto, &l4_hdr, &len) < 0)
> +		return;
> +
>  	if (hdr->flags =3D=3D VIRTIO_NET_HDR_F_NEEDS_CSUM) {
>  		if (hdr->csum_start =3D=3D (m->l2_len + m->l3_len)) {
>  			switch (hdr->csum_offset) {
>  			case (offsetof(struct rte_tcp_hdr, cksum)):
> -				if (l4_proto =3D=3D IPPROTO_TCP)
> +				if (l4_proto =3D=3D IPPROTO_TCP &&
> +					len > sizeof(struct rte_tcp_hdr))

Shouldn't it be '>=3D' here?

>  					m->ol_flags |=3D PKT_TX_TCP_CKSUM;
>  				break;
>  			case (offsetof(struct rte_udp_hdr, dgram_cksum)):
> -				if (l4_proto =3D=3D IPPROTO_UDP)
> +				if (l4_proto =3D=3D IPPROTO_UDP &&
> +					len > sizeof(struct rte_udp_hdr))
>  					m->ol_flags |=3D PKT_TX_UDP_CKSUM;
>  				break;
>  			case (offsetof(struct rte_sctp_hdr, cksum)):
> -				if (l4_proto =3D=3D IPPROTO_SCTP)
> +				if (l4_proto =3D=3D IPPROTO_SCTP &&
> +					len > sizeof(struct rte_sctp_hdr))
>  					m->ol_flags |=3D PKT_TX_SCTP_CKSUM;
>  				break;
>  			default:
> @@ -1904,12 +1933,20 @@ vhost_dequeue_offload(struct virtio_net_hdr *hdr,=
 struct rte_mbuf *m)
>  		switch (hdr->gso_type & ~VIRTIO_NET_HDR_GSO_ECN) {
>  		case VIRTIO_NET_HDR_GSO_TCPV4:
>  		case VIRTIO_NET_HDR_GSO_TCPV6:
> +			if (l4_proto !=3D IPPROTO_TCP ||
> +					len <=3D sizeof(struct rte_tcp_hdr))
> +				break;
>  			tcp_hdr =3D l4_hdr;
> +			if (len <=3D (tcp_hdr->data_off & 0xf0) >> 2)
> +				break;
>  			m->ol_flags |=3D PKT_TX_TCP_SEG;
>  			m->tso_segsz =3D hdr->gso_size;
>  			m->l4_len =3D (tcp_hdr->data_off & 0xf0) >> 2;
>  			break;
>  		case VIRTIO_NET_HDR_GSO_UDP:
> +			if (l4_proto !=3D IPPROTO_UDP ||
> +					len <=3D sizeof(struct rte_udp_hdr))
> +				break;
>  			m->ol_flags |=3D PKT_TX_UDP_SEG;
>  			m->tso_segsz =3D hdr->gso_size;
>  			m->l4_len =3D sizeof(struct rte_udp_hdr);
> --
> 2.15.1