[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20251126104327.175590-1-aleksei.kodanev@bell-sw.com>
Date: Wed, 26 Nov 2025 10:43:27 +0000
From: Alexey Kodanev <aleksei.kodanev@...l-sw.com>
To: netdev@...r.kernel.org
Cc: Andrew Lunn <andrew+netdev@...n.ch>,
"David S . Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Maxime Coquelin <mcoquelin.stm32@...il.com>,
Alexandre Torgue <alexandre.torgue@...s.st.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Jesper Dangaard Brouer <hawk@...nel.org>,
John Fastabend <john.fastabend@...il.com>,
Stanislav Fomichev <sdf@...ichev.me>,
Russell King <rmk+kernel@...linux.org.uk>,
Furong Xu <0x1207@...il.com>,
Kunihiko Hayashi <hayashi.kunihiko@...ionext.com>,
Vladimir Oltean <vladimir.oltean@....com>,
Ong Boon Leong <boon.leong.ong@...el.com>,
linux-stm32@...md-mailman.stormreply.com,
linux-arm-kernel@...ts.infradead.org,
Jochen Henneberg <jh@...neberg-systemdesign.com>,
Piotr Raczynski <piotr.raczynski@...el.com>,
Alexey Kodanev <aleksei.kodanev@...l-sw.com>
Subject: [PATCH net-next] net: stmmac: fix rx limit check in stmmac_rx_zc()
The extra "count >= limit" check in stmmac_rx_zc() is redundant and
has no effect because the value of "count" doesn't change after the
while condition at this point.
However, it can change after "read_again:" label:
while (count < limit) {
...
if (count >= limit)
break;
read_again:
...
/* XSK pool expects RX frame 1:1 mapped to XSK buffer */
if (likely(status & rx_not_ls)) {
xsk_buff_free(buf->xdp);
buf->xdp = NULL;
dirty++;
count++;
goto read_again;
}
...
This patch addresses the same issue previously resolved in stmmac_rx()
by commit fa02de9e7588 ("net: stmmac: fix rx budget limit check").
The fix is the same: move the check after the label to ensure that it
bounds the goto loop.
Detected using the static analysis tool - Svace.
Fixes: bba2556efad6 ("net: stmmac: Enable RX via AF_XDP zero-copy")
Signed-off-by: Alexey Kodanev <aleksei.kodanev@...l-sw.com>
---
After creating the patch, I also found the previous attempt to fix this issue
from 2023, but I'm not sure what went wrong or why it wasn't applied:
https://lore.kernel.org/netdev/ZBRd2HyZdz52eXyz@nimitz/
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
index 7b90ecd3a55e..86e912471dea 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -5258,10 +5258,10 @@ static int stmmac_rx_zc(struct stmmac_priv *priv, int limit, u32 queue)
len = 0;
}
+read_again:
if (count >= limit)
break;
-read_again:
buf1_len = 0;
entry = next_entry;
buf = &rx_q->buf_pool[entry];
--
2.25.1
Powered by blists - more mailing lists