All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 5.15] ice: fix crash at allocation failure
@ 2022-05-25  7:19 Magnus Karlsson
  2022-05-25  9:46 ` Maciej Fijalkowski
  0 siblings, 1 reply; 3+ messages in thread
From: Magnus Karlsson @ 2022-05-25  7:19 UTC (permalink / raw)
  To: gregkh, sashal, stable, maciej.fijalkowski, bjorn
  Cc: Magnus Karlsson, Jeff Shaw

From: Magnus Karlsson <magnus.karlsson@intel.com>

Fix a crash in the zero-copy driver that occurs when it fails to
allocate buffers from user-space. This crash can easily be triggered
by a malicious program that does not provide any buffers in the fill
ring for the kernel to use.

Note that this bug does not exist in upstream since the batched buffer
allocation interface got introduced in 5.16 and replaced this code.

Reported-by: Jeff Shaw <jeffrey.b.shaw@intel.com>
Tested-by: Jeff Shaw <jeffrey.b.shaw@intel.com>
Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
---
 drivers/net/ethernet/intel/ice/ice_xsk.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/intel/ice/ice_xsk.c b/drivers/net/ethernet/intel/ice/ice_xsk.c
index 2b1873061912..5581747947e5 100644
--- a/drivers/net/ethernet/intel/ice/ice_xsk.c
+++ b/drivers/net/ethernet/intel/ice/ice_xsk.c
@@ -378,7 +378,7 @@ bool ice_alloc_rx_bufs_zc(struct ice_ring *rx_ring, u16 count)
 
 	do {
 		*xdp = xsk_buff_alloc(rx_ring->xsk_pool);
-		if (!xdp) {
+		if (!*xdp) {
 			ok = false;
 			break;
 		}

base-commit: 9f43e3ac7e662f352f829077723fa0b92ccaded1
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH 5.15] ice: fix crash at allocation failure
  2022-05-25  7:19 [PATCH 5.15] ice: fix crash at allocation failure Magnus Karlsson
@ 2022-05-25  9:46 ` Maciej Fijalkowski
  2022-05-26 12:16   ` Greg KH
  0 siblings, 1 reply; 3+ messages in thread
From: Maciej Fijalkowski @ 2022-05-25  9:46 UTC (permalink / raw)
  To: Magnus Karlsson; +Cc: gregkh, sashal, stable, bjorn, Magnus Karlsson, Jeff Shaw

On Wed, May 25, 2022 at 09:19:53AM +0200, Magnus Karlsson wrote:
> From: Magnus Karlsson <magnus.karlsson@intel.com>
> 
> Fix a crash in the zero-copy driver that occurs when it fails to
> allocate buffers from user-space. This crash can easily be triggered
> by a malicious program that does not provide any buffers in the fill
> ring for the kernel to use.
> 
> Note that this bug does not exist in upstream since the batched buffer
> allocation interface got introduced in 5.16 and replaced this code.
> 
> Reported-by: Jeff Shaw <jeffrey.b.shaw@intel.com>
> Tested-by: Jeff Shaw <jeffrey.b.shaw@intel.com>
> Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>

Acked-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>

> ---
>  drivers/net/ethernet/intel/ice/ice_xsk.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/ethernet/intel/ice/ice_xsk.c b/drivers/net/ethernet/intel/ice/ice_xsk.c
> index 2b1873061912..5581747947e5 100644
> --- a/drivers/net/ethernet/intel/ice/ice_xsk.c
> +++ b/drivers/net/ethernet/intel/ice/ice_xsk.c
> @@ -378,7 +378,7 @@ bool ice_alloc_rx_bufs_zc(struct ice_ring *rx_ring, u16 count)
>  
>  	do {
>  		*xdp = xsk_buff_alloc(rx_ring->xsk_pool);
> -		if (!xdp) {
> +		if (!*xdp) {
>  			ok = false;
>  			break;
>  		}
> 
> base-commit: 9f43e3ac7e662f352f829077723fa0b92ccaded1
> -- 
> 2.34.1
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH 5.15] ice: fix crash at allocation failure
  2022-05-25  9:46 ` Maciej Fijalkowski
@ 2022-05-26 12:16   ` Greg KH
  0 siblings, 0 replies; 3+ messages in thread
From: Greg KH @ 2022-05-26 12:16 UTC (permalink / raw)
  To: Maciej Fijalkowski
  Cc: Magnus Karlsson, sashal, stable, bjorn, Magnus Karlsson, Jeff Shaw

On Wed, May 25, 2022 at 11:46:52AM +0200, Maciej Fijalkowski wrote:
> On Wed, May 25, 2022 at 09:19:53AM +0200, Magnus Karlsson wrote:
> > From: Magnus Karlsson <magnus.karlsson@intel.com>
> > 
> > Fix a crash in the zero-copy driver that occurs when it fails to
> > allocate buffers from user-space. This crash can easily be triggered
> > by a malicious program that does not provide any buffers in the fill
> > ring for the kernel to use.
> > 
> > Note that this bug does not exist in upstream since the batched buffer
> > allocation interface got introduced in 5.16 and replaced this code.
> > 
> > Reported-by: Jeff Shaw <jeffrey.b.shaw@intel.com>
> > Tested-by: Jeff Shaw <jeffrey.b.shaw@intel.com>
> > Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
> 
> Acked-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
> 

Now queued up, thanks.

greg k-h

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-05-26 12:16 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-25  7:19 [PATCH 5.15] ice: fix crash at allocation failure Magnus Karlsson
2022-05-25  9:46 ` Maciej Fijalkowski
2022-05-26 12:16   ` Greg KH

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.