kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   678063aa1425c5fee2dc993e6cd635f549601f8b
  2.   patches.suse
  3.   net-mana-Check-if-netdev-napi_alloc_frag-returns-sin.patch
Blob Blame History Raw 
From: Haiyang Zhang <haiyangz@microsoft.com>
Date: Fri, 21 Apr 2023 10:06:58 -0700
Subject: net: mana: Check if netdev/napi_alloc_frag returns single page
Patch-mainline: v6.4-rc1
Git-commit: df18f2da302f169e1a29098c6ca3b474f1b0269e
References: bsc#1210551

netdev/napi_alloc_frag() may fall back to single page which is smaller
than the requested size.
Add error checking to avoid memory overwritten.

Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
---
 drivers/net/ethernet/microsoft/mana/mana_en.c |   15 +++++++++++++++
 1 file changed, 15 insertions(+)

--- a/drivers/net/ethernet/microsoft/mana/mana_en.c
+++ b/drivers/net/ethernet/microsoft/mana/mana_en.c
@@ -512,6 +512,14 @@ static int mana_pre_alloc_rxbufs(struct
 			va = netdev_alloc_frag(mpc->rxbpre_alloc_size);
 			if (!va)
 				goto error;
+
+			page = virt_to_head_page(va);
+			/* Check if the frag falls back to single page */
+			if (compound_order(page) <
+			    get_order(mpc->rxbpre_alloc_size)) {
+				put_page(page);
+				goto error;
+			}
 		} else {
 			page = dev_alloc_page();
 			if (!page)
@@ -1457,6 +1465,13 @@ static void *mana_get_rxfrag(struct mana
 
 		if (!va)
 			return NULL;
+
+		page = virt_to_head_page(va);
+		/* Check if the frag falls back to single page */
+		if (compound_order(page) < get_order(rxq->alloc_size)) {
+			put_page(page);
+			return NULL;
+		}
 	} else {
 		page = dev_alloc_page();
 		if (!page)
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.