| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 5 Mar 2021 01:25:34 -0800
From: Jia-Ju Bai <baijiaju1990@...il.com>
To: bjorn@...nel.org, magnus.karlsson@...el.com,
jonathan.lemon@...il.com, davem@...emloft.net, kuba@...nel.org,
ast@...nel.org, daniel@...earbox.net, hawk@...nel.org,
john.fastabend@...il.com, andrii@...nel.org, kafai@...com,
songliubraving@...com, yhs@...com, kpsingh@...nel.org
Cc: netdev@...r.kernel.org, bpf@...r.kernel.org,
linux-kernel@...r.kernel.org, Jia-Ju Bai <baijiaju1990@...il.com>
Subject: [PATCH] net: xdp: fix error return code of xsk_generic_xmit()
When err is zero but xskq_prod_reserve() fails, no error return code of
xsk_generic_xmit() is assigned.
To fix this bug, err is assigned with the return value of
xskq_prod_reserve(), and then err is checked.
The spinlock is only used to protect the call to xskq_prod_reserve().
Reported-by: TOTE Robot <oslab@...nghua.edu.cn>
Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
---
net/xdp/xsk.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c
index 4faabd1ecfd1..f1c1db07dd07 100644
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c
@@ -484,8 +484,14 @@ static int xsk_generic_xmit(struct sock *sk)
* if there is space in it. This avoids having to implement
* any buffering in the Tx path.
*/
+ if (unlikely(err)) {
+ kfree_skb(skb);
+ goto out;
+ }
+
spin_lock_irqsave(&xs->pool->cq_lock, flags);
- if (unlikely(err) || xskq_prod_reserve(xs->pool->cq)) {
+ err = xskq_prod_reserve(xs->pool->cq);
+ if (unlikely(err)) {
spin_unlock_irqrestore(&xs->pool->cq_lock, flags);
kfree_skb(skb);
goto out;
--
2.17.1
Powered by blists - more mailing lists