From: Magnus Karlsson magnus.karlsson@intel.com
Fix a crash in the zero-copy driver that occurs when it fails to allocate buffers from user-space. This crash can easily be triggered by a malicious program that does not provide any buffers in the fill ring for the kernel to use.
Note that this bug does not exist in upstream since the batched buffer allocation interface got introduced in 5.16 and replaced this code.
Reported-by: Jeff Shaw jeffrey.b.shaw@intel.com Tested-by: Jeff Shaw jeffrey.b.shaw@intel.com Signed-off-by: Magnus Karlsson magnus.karlsson@intel.com --- drivers/net/ethernet/intel/ice/ice_xsk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ice/ice_xsk.c b/drivers/net/ethernet/intel/ice/ice_xsk.c index 2b1873061912..5581747947e5 100644 --- a/drivers/net/ethernet/intel/ice/ice_xsk.c +++ b/drivers/net/ethernet/intel/ice/ice_xsk.c @@ -378,7 +378,7 @@ bool ice_alloc_rx_bufs_zc(struct ice_ring *rx_ring, u16 count)
do { *xdp = xsk_buff_alloc(rx_ring->xsk_pool); - if (!xdp) { + if (!*xdp) { ok = false; break; }
base-commit: 9f43e3ac7e662f352f829077723fa0b92ccaded1
On Wed, May 25, 2022 at 09:19:53AM +0200, Magnus Karlsson wrote:
From: Magnus Karlsson magnus.karlsson@intel.com
Fix a crash in the zero-copy driver that occurs when it fails to allocate buffers from user-space. This crash can easily be triggered by a malicious program that does not provide any buffers in the fill ring for the kernel to use.
Note that this bug does not exist in upstream since the batched buffer allocation interface got introduced in 5.16 and replaced this code.
Reported-by: Jeff Shaw jeffrey.b.shaw@intel.com Tested-by: Jeff Shaw jeffrey.b.shaw@intel.com Signed-off-by: Magnus Karlsson magnus.karlsson@intel.com
Acked-by: Maciej Fijalkowski maciej.fijalkowski@intel.com
drivers/net/ethernet/intel/ice/ice_xsk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ice/ice_xsk.c b/drivers/net/ethernet/intel/ice/ice_xsk.c index 2b1873061912..5581747947e5 100644 --- a/drivers/net/ethernet/intel/ice/ice_xsk.c +++ b/drivers/net/ethernet/intel/ice/ice_xsk.c @@ -378,7 +378,7 @@ bool ice_alloc_rx_bufs_zc(struct ice_ring *rx_ring, u16 count) do { *xdp = xsk_buff_alloc(rx_ring->xsk_pool);
if (!xdp) {
if (!*xdp) { ok = false; break;base-commit: 9f43e3ac7e662f352f829077723fa0b92ccaded1
2.34.1
On Wed, May 25, 2022 at 11:46:52AM +0200, Maciej Fijalkowski wrote:
On Wed, May 25, 2022 at 09:19:53AM +0200, Magnus Karlsson wrote:
From: Magnus Karlsson magnus.karlsson@intel.com
Fix a crash in the zero-copy driver that occurs when it fails to allocate buffers from user-space. This crash can easily be triggered by a malicious program that does not provide any buffers in the fill ring for the kernel to use.
Note that this bug does not exist in upstream since the batched buffer allocation interface got introduced in 5.16 and replaced this code.
Reported-by: Jeff Shaw jeffrey.b.shaw@intel.com Tested-by: Jeff Shaw jeffrey.b.shaw@intel.com Signed-off-by: Magnus Karlsson magnus.karlsson@intel.com
Acked-by: Maciej Fijalkowski maciej.fijalkowski@intel.com
Now queued up, thanks.
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Maciej Fijalkowski -
Magnus Karlsson