From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <yskoh@mellanox.com>
Received: from EUR03-VE1-obe.outbound.protection.outlook.com
 (mail-eopbgr50071.outbound.protection.outlook.com [40.107.5.71])
 by dpdk.org (Postfix) with ESMTP id 28A4D1B1ED
 for <stable@dpdk.org>; Wed,  9 Jan 2019 10:30:12 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Mellanox.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Ce1ICuWIRyuPDozSIhC99TDfilpFRrckYRo6+/Z4Bzw=;
 b=Zzr9VyZUjzgzZIU87J+J9yhbW9T9APgJoWRA8ZFMoUTvtFXaQRsFn+boi9GHQPi3vXFVVgE1gMKlu8xNWV97m1E5b2D9lYfcQsf97Su6dSwxS9WhIUpQehYRi1mPXFV+LDTHeLArD77ZWVsMQipELA/EcFo7HUtIdYPrYlW5oIo=
Received: from DB3PR0502MB3980.eurprd05.prod.outlook.com (52.134.72.27) by
 DB3PR0502MB4092.eurprd05.prod.outlook.com (52.134.73.10) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.1516.13; Wed, 9 Jan 2019 09:30:07 +0000
Received: from DB3PR0502MB3980.eurprd05.prod.outlook.com
 ([fe80::d43a:3775:8af7:29c6]) by DB3PR0502MB3980.eurprd05.prod.outlook.com
 ([fe80::d43a:3775:8af7:29c6%4]) with mapi id 15.20.1495.011; Wed, 9 Jan 2019
 09:30:07 +0000
From: Yongseok Koh <yskoh@mellanox.com>
To: Jiayu Hu <jiayu.hu@intel.com>
CC: "stable@dpdk.org" <stable@dpdk.org>
Thread-Topic: [dpdk-stable] [PATCH 17.11] gro: fix overflow of TCP payload
 calculation
Thread-Index: AQHUp8H5CRK7lLK+qkiqw8nO/rvAIKWmrEsA
Date: Wed, 9 Jan 2019 09:30:07 +0000
Message-ID: <F063B93D-6AF4-49CC-9F0A-B605F66291B4@mellanox.com>
References: <1547000450-113783-1-git-send-email-jiayu.hu@intel.com>
In-Reply-To: <1547000450-113783-1-git-send-email-jiayu.hu@intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=yskoh@mellanox.com; 
x-originating-ip: [69.181.245.183]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB3PR0502MB4092;
 6:5OBFFIyRomDByeCmPb31B0pMyuujdRumEa+rRjuSjQWd5nc+cnjgr98OzmJ1Wb5bUklEEFrByFvWhCBLIujRPs7BUBw8lMNHkG7SVe2AFtKM2bO32kWA9xVvmZJkKcgEIj8ka94DpDERY5nBhxZQ8lbSMvajC5EExgnj0IudFP2NCX1/KUTJhT7Uovj43N7XTsh2ujyE1+dAqJv64XxWS3knug2EZ9/zCAoOaiFN26fxcpn6k0pihIXglF1IzvgZqkX0OWauc8R5xADh8ZoI9MTyiDqbSZq4JBZfDYMLtuZOD2ynl0trTNr6N1BENp2ZmBQId1CkucA0IG7fhEyuMmLF784+eNtLYhth27OtAC9bWzNtDf9BGUR1ZjTO6GEWtjFRrqVHBRTZ8hG8fwvErCIlD5iC0hTqbqFIY9KuWjNp56m4465N1p/8awgTYPidtwEQPXJEBYzCo50DHZ4dIA==;
 5:nf+aICr1Wjgjj583f9nUn6ceeAdOnQwGCDd2+73y5KEAB79dnTrpm0qo/sCoE8TQdF31ltfB9HWZvPgtgSYhbAf7I8gkZ+tJouYh79B1HggPik9fhEakUt3LWyiDtTftEna0VJc2kIXTuo6RgmAbIpnXni3P27JdZBrsVjOyEyGL2LLkeIbtZtdsOwbnye+054qY5dACVZg3aDgFmXE0Og==;
 7:0gvceL9ryDkP1IdrC8iYA9gb72F/Vf2oQOubqxZBVJ/ek99Kn4J4mDZIL0jJ3o5kIEkYZ0o7rxHzGgHlJ3VbwE3wtGJUjhaFG2jse7GdAEMQYY/JydAcH0Rbq75663U1P22IlttwE/ktgnOqY2tzjg==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: da308f60-7dbc-485e-3c67-08d676150b7d
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0;
 RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(4618075)(2017052603328)(7153060)(7193020);
 SRVR:DB3PR0502MB4092; 
x-ms-traffictypediagnostic: DB3PR0502MB4092:
x-microsoft-antispam-prvs: <DB3PR0502MB40922CE05FFEC87F422FB114C38B0@DB3PR0502MB4092.eurprd05.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
 RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(10201501046)(3002001)(3231475)(944501520)(52105112)(93006095)(93001095)(6055026)(6041310)(20161123562045)(20161123560045)(20161123558120)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095);
 SRVR:DB3PR0502MB4092; BCL:0; PCL:0; RULEID:; SRVR:DB3PR0502MB4092; 
x-forefront-prvs: 0912297777
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(346002)(39860400002)(366004)(396003)(376002)(136003)(199004)(189003)(6916009)(66066001)(2616005)(82746002)(476003)(83716004)(478600001)(71190400001)(102836004)(256004)(229853002)(71200400001)(6116002)(3846002)(25786009)(7736002)(6506007)(53546011)(11346002)(6486002)(81166006)(305945005)(81156014)(316002)(86362001)(26005)(6436002)(446003)(6512007)(33656002)(486006)(14454004)(53936002)(36756003)(186003)(99286004)(5660300001)(106356001)(105586002)(6246003)(97736004)(8936002)(68736007)(2906002)(76176011)(4326008);
 DIR:OUT; SFP:1101; SCL:1; SRVR:DB3PR0502MB4092;
 H:DB3PR0502MB3980.eurprd05.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; A:1; MX:1; 
received-spf: None (protection.outlook.com: mellanox.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: FYV0jJ/blzRwALyFLvh/I0TC6j7lTszu5arftUDmsYehLQWuukf/x1v2N6QucSt/LsFGlm/7opDFQuTohp8l+pCf8ogUdtXolkd/011mgJ17Zgqqsrs3NflJPBWl6RLf8Y/AlAziXRA/65Ng04V78fmazRTAItR5edmmb+mGoAVt6b9Xfv/tZ5vEHVb1C6wuL2cHo3DnV0yKggfPg7K8Rd3K+nEYbe0xUnrKVLfT5o+VgeJKQhVKUCOlCywIVjJoFlrfgBtlgMJM1wPdLmLtmDkGgft6MILX3sd0m7pltT5ljn+Qacueb07Rw1h4BjQ9
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-ID: <EDE69A8F7C83154E8FFE057C2B0DECF2@eurprd05.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: Mellanox.com
X-MS-Exchange-CrossTenant-Network-Message-Id: da308f60-7dbc-485e-3c67-08d676150b7d
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jan 2019 09:30:07.6930 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a652971c-7d2e-4d9b-a6a4-d149256f461b
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR0502MB4092
Subject: Re: [dpdk-stable] [PATCH 17.11] gro: fix overflow of TCP
	payload	calculation
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jan 2019 09:30:12 -0000


> On Jan 8, 2019, at 6:20 PM, Jiayu Hu <jiayu.hu@intel.com> wrote:
>=20
> When the IPv4 packet length is less than the total length of IPv4
> and TCP headers, the calculated TCP payload length will overflow
> and result in incorrect reassembly behaviors.
>=20
> Fixes: 0d2cbe59b719 ("lib/gro: support TCP/IPv4")
>=20
> Signed-off-by: Jiayu Hu <jiayu.hu@intel.com>
> ---

Applied to stable/17.11

Thanks,
Yongseok

> lib/librte_gro/gro_tcp4.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>=20
> diff --git a/lib/librte_gro/gro_tcp4.c b/lib/librte_gro/gro_tcp4.c
> index 61a0423..d1c6c7d 100644
> --- a/lib/librte_gro/gro_tcp4.c
> +++ b/lib/librte_gro/gro_tcp4.c
> @@ -343,7 +343,8 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
> 	struct ipv4_hdr *ipv4_hdr;
> 	struct tcp_hdr *tcp_hdr;
> 	uint32_t sent_seq;
> -	uint16_t tcp_dl, ip_id;
> +	uint16_t ip_id;
> +	int32_t tcp_dl;
>=20
> 	struct tcp4_key key;
> 	uint32_t cur_idx, prev_idx, item_idx;
> @@ -360,10 +361,10 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
> 	 */
> 	if (tcp_hdr->tcp_flags !=3D TCP_ACK_FLAG)
> 		return -1;
> -	/* if payload length is 0, return immediately */
> +	/* if payload length is less than or equal to 0, return immediately */
> 	tcp_dl =3D rte_be_to_cpu_16(ipv4_hdr->total_length) - pkt->l3_len -
> 		pkt->l4_len;
> -	if (tcp_dl =3D=3D 0)
> +	if (tcp_dl <=3D 0)
> 		return -1;
>=20
> 	ip_id =3D rte_be_to_cpu_16(ipv4_hdr->packet_id);
> --=20
> 2.7.4
>=20