| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y3QarsEAwlJFRXis@electric-eye.fr.zoreil.com>
Date: Wed, 16 Nov 2022 00:03:10 +0100
From: Francois Romieu <romieu@...zoreil.com>
To: Zhang Changzhong <zhangchangzhong@...wei.com>
Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com, mdf@...nel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH net v2 2/3] net: nixge: avoid overwriting buffer
descriptor
Zhang Changzhong <zhangchangzhong@...wei.com> :
> The check on the number of available BDs is incorrect because BDs are
> required not only for frags but also for skb. This may result in
> overwriting BD that is still in use.
>
> Fixes: 492caffa8a1a ("net: ethernet: nixge: Add support for National Instruments XGE netdev")
> Signed-off-by: Zhang Changzhong <zhangchangzhong@...wei.com>
> ---
> drivers/net/ethernet/ni/nixge.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/ni/nixge.c b/drivers/net/ethernet/ni/nixge.c
> index d8cd520..91b7ebc 100644
> --- a/drivers/net/ethernet/ni/nixge.c
> +++ b/drivers/net/ethernet/ni/nixge.c
> @@ -518,7 +518,7 @@ static netdev_tx_t nixge_start_xmit(struct sk_buff *skb,
> cur_p = &priv->tx_bd_v[priv->tx_bd_tail];
> tx_skb = &priv->tx_skb[priv->tx_bd_tail];
>
> - if (nixge_check_tx_bd_space(priv, num_frag)) {
> + if (nixge_check_tx_bd_space(priv, num_frag + 1)) {
> if (!netif_queue_stopped(ndev))
> netif_stop_queue(ndev);
> return NETDEV_TX_OK;
> --
Reviewed-by: Francois Romieu <romieu@...zoreil.com>
It's fine as a minimal fix but something may be done in a future patch
to avoid the confusing nixge_check_tx_bd_space(..., num_frag + 1) vs
static int nixge_check_tx_bd_space(struct nixge_priv *priv, int num_frag)
(use "slots" for the latter ?).
Consider waiting for -stable people's opinion before rushing into it
as it may make their life harder.
--
Ueimor
Powered by blists - more mailing lists