[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220418231746.2464800-5-grundler@chromium.org>
Date: Mon, 18 Apr 2022 16:17:45 -0700
From: Grant Grundler <grundler@...omium.org>
To: Igor Russkikh <irusskikh@...vell.com>
Cc: Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
netdev <netdev@...r.kernel.org>,
"David S . Miller" <davem@...emloft.net>,
LKML <linux-kernel@...r.kernel.org>,
Aashay Shringarpure <aashay@...gle.com>,
Yi Chou <yich@...gle.com>,
Shervin Oloumi <enlightened@...gle.com>,
Grant Grundler <grundler@...omium.org>
Subject: [PATCH 4/5] net: atlantic: add check for MAX_SKB_FRAGS
Enforce that the CPU can not get stuck in an infinite loop.
Reported-by: Aashay Shringarpure <aashay@...gle.com>
Reported-by: Yi Chou <yich@...gle.com>
Reported-by: Shervin Oloumi <enlightened@...gle.com>
Signed-off-by: Grant Grundler <grundler@...omium.org>
---
drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/aquantia/atlantic/aq_ring.c b/drivers/net/ethernet/aquantia/atlantic/aq_ring.c
index bc1952131799..8201ce7adb77 100644
--- a/drivers/net/ethernet/aquantia/atlantic/aq_ring.c
+++ b/drivers/net/ethernet/aquantia/atlantic/aq_ring.c
@@ -363,6 +363,7 @@ int aq_ring_rx_clean(struct aq_ring_s *self,
continue;
if (!buff->is_eop) {
+ unsigned int frag_cnt = 0U;
buff_ = buff;
do {
bool is_rsc_completed = true;
@@ -371,6 +372,8 @@ int aq_ring_rx_clean(struct aq_ring_s *self,
err = -EIO;
goto err_exit;
}
+
+ frag_cnt++;
next_ = buff_->next,
buff_ = &self->buff_ring[next_];
is_rsc_completed =
@@ -378,7 +381,8 @@ int aq_ring_rx_clean(struct aq_ring_s *self,
next_,
self->hw_head);
- if (unlikely(!is_rsc_completed)) {
+ if (unlikely(!is_rsc_completed) ||
+ frag_cnt > MAX_SKB_FRAGS) {
err = 0;
goto err_exit;
}
--
2.36.0.rc0.470.gd361397f0d-goog
Powered by blists - more mailing lists