From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6108746F2F for ; Thu, 18 Sep 2025 14:36:26 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 599F44027A; Thu, 18 Sep 2025 14:36:26 +0200 (CEST) Received: from mail-ej1-f52.google.com (mail-ej1-f52.google.com [209.85.218.52]) by mails.dpdk.org (Postfix) with ESMTP id 2494B4027A for ; Thu, 18 Sep 2025 14:36:25 +0200 (CEST) Received: by mail-ej1-f52.google.com with SMTP id a640c23a62f3a-afcb78ead12so131049266b.1 for ; Thu, 18 Sep 2025 05:36:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1758198985; x=1758803785; darn=dpdk.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=fEELsLufYCXPZnmpxh2qditXbYoZOmCvwOR1IEkTGWc=; b=PlYwt1GKY7BJBHPz7iSzqs/ObhcExRPoWK3QF88Jz/8IVj2tvAgEKCUKs45QYAnt9f BFxHB+uIGV0iRG6MhxaemWSFaMEwJeNRTezFEgfUxClUerDU7kjvxdVsKQ4ndMlrJ1iV xLq4Den/kRcGcXOzRahKs2Qdkdb/Yz/yIcXOzIz4YggLwHWFBLxGe49VrdQgS7ilIHX3 mgoqe8TmLYJ7hHvLL0pzIeb3yeB8gDFG8zaDaqrlnq1lfBICD4RX8EybJmoOeeDOV3iM O9sitKXeRJ4uuTNwUR59zGZUqMH30TQ6MVC94zrX3aZ92xnFdpOtqv4x48Fv1sxrVBfJ 6o5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758198985; x=1758803785; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=fEELsLufYCXPZnmpxh2qditXbYoZOmCvwOR1IEkTGWc=; b=p59W1As8Z8yneo/IibfXgdm5EMQNzxjMbVBfIXL2Fb89mNE1WC0F20TIOWjDEbfgdS CL1lJZG6FkYnEiXImhzKLjXP/vH6xK0wIMJ2jlyjZFD0TeHS5YiUxw+6WJrGzmFJxPFA o7es4sdnbzDXYPvfVo+f/cKaXZbHqppZAXpZh7CbZ7S2Ax2eBHPlZvK62wFf1IQ4c6mz bGJwxK3a/nB+SqXo8RZA1WSdz7gtpJMausr5mGZ4zXhkdVgQCvtQHHLuoIoLzP49Q7l9 62HH4fy5RjEqgy6mb6ZUdHutv3sEqlM8K69O5X8vkYUQmuDXOSoAxtlyqeX4mVOuPp0F 6WVA== X-Forwarded-Encrypted: i=1; AJvYcCUGpIfWPA1UwcHqUI6BY+Sp96TiI7ThLiET2YMwg08Ft6Ai99mMpQ4ou+dLw1PV5M/GmLYOgkU=@dpdk.org X-Gm-Message-State: AOJu0Yzjh4XRaPSAnnsblUSHELhAX30zNAqvvDp8HdNNvWgQp4qmeEcq 2S/m+KFp5qYvrlRfbcG+nyyRsfhoTw0toZnSKuxgtASgFqplB36aPJmNsXrjfSZQEOH6Cqy2kXL 0p1oDv9c46RLkhJLcBmLstvnZrN5PA1M= X-Gm-Gg: ASbGncv0cOyDVgyq1a//3Y9YB31HEWbNGYSp9DlpDoOiu4lkBRCMaeo7axL7yveJLBO QDCWMYWdMRgHRtuFlyGt6mWUdcOr6wtzARVlZmVsoZOu8uEmJQ/QdzwrkhuCHR/l3S2OqFytDH1 h0G4I657CE2WD9T2MrQKS2hEU4s5nv3hV0WZ8sIbVdoVW/N2zF5Ia2Va4nXU7zMaacSBhcXAOc5 6KLwWrWIDCeIOL5IQkXozwa X-Google-Smtp-Source: AGHT+IHY0JdZFJHgxo2dmDSCqVDiQQjaUK/8+0VY+xYb8hnAEq/oHtJ5up0Q4CLYNZ5lhoIVCj0uldmzA2zSsY3DSLc= X-Received: by 2002:a17:906:d555:b0:b04:1457:99 with SMTP id a640c23a62f3a-b1bb2261be5mr593545766b.14.1758198984472; Thu, 18 Sep 2025 05:36:24 -0700 (PDT) MIME-Version: 1.0 References: <20250902104451.81876-1-tathagat.dpdk@gmail.com> In-Reply-To: <20250902104451.81876-1-tathagat.dpdk@gmail.com> From: kumaraparameshwaran rathinavel Date: Thu, 18 Sep 2025 18:06:11 +0530 X-Gm-Features: AS18NWB_92qAVGxtvs-_bdF3VGcpPEpGvmf1KvEWBa87Z3R9Sg7UMHq4mUN6ojs Message-ID: Subject: Re: [PATCH] gro: fix payload corruption in coalescing packets To: Tathagat Priyadarshi , kumaraparameshwaran rathinavel Cc: hujiayu.hu@foxmail.com, dev@dpdk.org, stable@dpdk.org Content-Type: multipart/alternative; boundary="000000000000e9ff22063f12991d" X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org --000000000000e9ff22063f12991d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Reviewed by : @kumaraparameshwaran rathinavel On Tue, Sep 2, 2025 at 4:14=E2=80=AFPM Tathagat Priyadarshi wrote: > In the current implementation when cmp is larger than 0, > the new packet is appended to the original packet. However > the code is operating on the trailing packet to update the tcp flags > which ends up corrupting the payload of the trailing packets. > > Fixes: 547f29435769 ("gro: fix reordering of packets") > Cc: stable@dpdk.org > > Signed-off-by: Tathagat Priyadarshi > --- > lib/gro/gro_tcp.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/gro/gro_tcp.h b/lib/gro/gro_tcp.h > index e9be7b95d1..43383e47e0 100644 > --- a/lib/gro/gro_tcp.h > +++ b/lib/gro/gro_tcp.h > @@ -133,7 +133,7 @@ merge_two_tcp_packets(struct gro_tcp_item *item, > pkt_head->nb_segs +=3D pkt_tail->nb_segs; > pkt_head->pkt_len +=3D pkt_tail->pkt_len; > if (tcp_flags !=3D RTE_TCP_ACK_FLAG) { > - tcp_hdr =3D rte_pktmbuf_mtod_offset(pkt, struct rte_tcp_h= dr > *, > + tcp_hdr =3D rte_pktmbuf_mtod_offset(pkt_head, struct > rte_tcp_hdr *, > l2_offset + > pkt_head->l2_len + pkt_head->l3_len); > tcp_hdr->tcp_flags |=3D tcp_flags; > } > -- > 2.34.1 > > --000000000000e9ff22063f12991d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Reviewed by :=C2=A0@ku= maraparameshwaran rathinavel=C2=A0

On Tue, Sep 2, = 2025 at 4:14=E2=80=AFPM Tathagat Priyadarshi <tathagat.dpdk@gmail.com> wrote:
In the current implementation when = cmp is larger than 0,
the new packet is appended to the original packet. However
the code is operating on the trailing packet to update the tcp flags
which ends up corrupting the payload of the trailing packets.

Fixes: 547f29435769 ("gro: fix reordering of packets")
Cc: stable@dpdk.org

Signed-off-by: Tathagat Priyadarshi <tathagat.dpdk@gmail.com>
---
=C2=A0lib/gro/gro_tcp.h | 2 +-
=C2=A01 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/gro/gro_tcp.h b/lib/gro/gro_tcp.h
index e9be7b95d1..43383e47e0 100644
--- a/lib/gro/gro_tcp.h
+++ b/lib/gro/gro_tcp.h
@@ -133,7 +133,7 @@ merge_two_tcp_packets(struct gro_tcp_item *item,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 pkt_head->nb_segs +=3D pkt_tail->nb_segs;=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 pkt_head->pkt_len +=3D pkt_tail->pkt_len;=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 if (tcp_flags !=3D RTE_TCP_ACK_FLAG) {
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0tcp_hdr =3D rte_pkt= mbuf_mtod_offset(pkt, struct rte_tcp_hdr *,
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0tcp_hdr =3D rte_pkt= mbuf_mtod_offset(pkt_head, struct rte_tcp_hdr *,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 l2_offset + pkt_head->l2_len + pkt_head->l3_len)= ;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 tcp_hdr->tcp_fla= gs |=3D tcp_flags;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 }
--
2.34.1

--000000000000e9ff22063f12991d--