| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aSbok34XaG1DrlKp@shell.armlinux.org.uk>
Date: Wed, 26 Nov 2025 11:46:27 +0000
From: "Russell King (Oracle)" <linux@...linux.org.uk>
To: Alexey Kodanev <aleksei.kodanev@...l-sw.com>
Cc: netdev@...r.kernel.org, Andrew Lunn <andrew+netdev@...n.ch>,
"David S . Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Maxime Coquelin <mcoquelin.stm32@...il.com>,
Alexandre Torgue <alexandre.torgue@...s.st.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Jesper Dangaard Brouer <hawk@...nel.org>,
John Fastabend <john.fastabend@...il.com>,
Stanislav Fomichev <sdf@...ichev.me>, Furong Xu <0x1207@...il.com>,
Kunihiko Hayashi <hayashi.kunihiko@...ionext.com>,
Vladimir Oltean <vladimir.oltean@....com>,
Ong Boon Leong <boon.leong.ong@...el.com>,
linux-stm32@...md-mailman.stormreply.com,
linux-arm-kernel@...ts.infradead.org,
Jochen Henneberg <jh@...neberg-systemdesign.com>,
Piotr Raczynski <piotr.raczynski@...el.com>
Subject: Re: [PATCH net-next] net: stmmac: fix rx limit check in
stmmac_rx_zc()
On Wed, Nov 26, 2025 at 10:43:27AM +0000, Alexey Kodanev wrote:
> The extra "count >= limit" check in stmmac_rx_zc() is redundant and
> has no effect because the value of "count" doesn't change after the
> while condition at this point.
>
> However, it can change after "read_again:" label:
>
> while (count < limit) {
> ...
>
> if (count >= limit)
> break;
> read_again:
> ...
> /* XSK pool expects RX frame 1:1 mapped to XSK buffer */
> if (likely(status & rx_not_ls)) {
> xsk_buff_free(buf->xdp);
> buf->xdp = NULL;
> dirty++;
> count++;
> goto read_again;
> }
> ...
>
> This patch addresses the same issue previously resolved in stmmac_rx()
> by commit fa02de9e7588 ("net: stmmac: fix rx budget limit check").
> The fix is the same: move the check after the label to ensure that it
> bounds the goto loop.
>
> Detected using the static analysis tool - Svace.
> Fixes: bba2556efad6 ("net: stmmac: Enable RX via AF_XDP zero-copy")
> Signed-off-by: Alexey Kodanev <aleksei.kodanev@...l-sw.com>
> ---
>
> After creating the patch, I also found the previous attempt to fix this issue
> from 2023, but I'm not sure what went wrong or why it wasn't applied:
> https://lore.kernel.org/netdev/ZBRd2HyZdz52eXyz@nimitz/
It was because:
https://lore.kernel.org/netdev/871qli0wap.fsf@henneberg-systemdesign.com/
indicated that the author was going to do further work on the patchset,
so the patch submission was marked as "Changes Requested":
https://patchwork.kernel.org/project/netdevbpf/list/?series=730639&state=*
My guess is the author never came back with any patches.
netdev is based on patchwork, which means once a patch series has been
marked in such a way that it isn't going to be applied, it won't get
looked at again, and it's up to the author to resubmit. If the author
doesn't resubmit, no action will happens, especially for a driver such
as stmmac which doesn't have a maintainer.
I think this is a safe change.
Reviewed-by: Russell King (Oracle) <rmk+kernel@...linux.org.uk>
Thanks!
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!
Powered by blists - more mailing lists