| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ea28ab1d-eace-4c6e-b5b4-2eb835eaaa64@gmail.com>
Date: Thu, 11 Sep 2025 08:47:06 +0300
From: Tariq Toukan <ttoukan.linux@...il.com>
To: Amery Hung <ameryhung@...il.com>, netdev@...r.kernel.org
Cc: bpf@...r.kernel.org, andrew+netdev@...n.ch, davem@...emloft.net,
edumazet@...gle.com, pabeni@...hat.com, kuba@...nel.org,
martin.lau@...nel.org, noren@...dia.com, dtatulea@...dia.com,
saeedm@...dia.com, tariqt@...dia.com, mbloch@...dia.com, cpaasch@...nai.com,
kernel-team@...a.com
Subject: Re: [PATCH net v1 1/2] net/mlx5e: RX, Fix generating skb from
non-linear xdp_buff for legacy RQ
On 10/09/2025 6:41, Amery Hung wrote:
> XDP programs can release xdp_buff fragments when calling
> bpf_xdp_adjust_tail(). The driver currently assumes the number of
> fragments to be unchanged and may generate skb with wrong truesize or
> containing invalid frags. Fix the bug by generating skb according to
> xdp_buff after the XDP program runs.
>
> Fixes: ea5d49bdae8b ("net/mlx5e: Add XDP multi buffer support to the non-linear legacy RQ")
> Signed-off-by: Amery Hung <ameryhung@...il.com>
> ---
Hi,
Thanks for your patch!
> drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
> index b8c609d91d11..1d3eacfd0325 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
> @@ -1729,6 +1729,7 @@ mlx5e_skb_from_cqe_nonlinear(struct mlx5e_rq *rq, struct mlx5e_wqe_frag_info *wi
> struct mlx5e_wqe_frag_info *head_wi = wi;
> u16 rx_headroom = rq->buff.headroom;
> struct mlx5e_frag_page *frag_page;
> + u8 nr_frags_free, old_nr_frags;
> struct skb_shared_info *sinfo;
> u32 frag_consumed_bytes;
> struct bpf_prog *prog;
> @@ -1772,17 +1773,25 @@ mlx5e_skb_from_cqe_nonlinear(struct mlx5e_rq *rq, struct mlx5e_wqe_frag_info *wi
> wi++;
> }
>
> + old_nr_frags = sinfo->nr_frags;
> +
> prog = rcu_dereference(rq->xdp_prog);
> if (prog && mlx5e_xdp_handle(rq, prog, mxbuf)) {
> if (__test_and_clear_bit(MLX5E_RQ_FLAG_XDP_XMIT, rq->flags)) {
> struct mlx5e_wqe_frag_info *pwi;
>
> + wi -= old_nr_frags - sinfo->nr_frags;
> +
> for (pwi = head_wi; pwi < wi; pwi++)
> pwi->frag_page->frags++;
> }
> return NULL; /* page/packet was consumed by XDP */
> }
>
> + nr_frags_free = old_nr_frags - sinfo->nr_frags;
> + wi -= nr_frags_free;
> + truesize -= nr_frags_free * frag_info->frag_stride;
> +
New code section better be under if (prog), rather than running
unconditionally.
Also move all needed new local vars under if (prog) to minimize their scope.
> skb = mlx5e_build_linear_skb(
> rq, mxbuf->xdp.data_hard_start, rq->buff.frame0_sz,
> mxbuf->xdp.data - mxbuf->xdp.data_hard_start,
Powered by blists - more mailing lists