Occasionnaly we may get oversized packets from the hardware which
exceed the nomimal 2KiB buffer size we allocate SKBs with. Add an early
check which drops the packet to avoid invoking skb_over_panic() and move
on to processing the next packet.
Signed-off-by: Florian Fainelli <[email protected]>
---
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
index 21973046b12b..d937daa8ee88 100644
--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
@@ -2316,6 +2316,14 @@ static unsigned int bcmgenet_desc_rx(struct bcmgenet_rx_ring *ring,
__func__, p_index, ring->c_index,
ring->read_ptr, dma_length_status);
+ if (unlikely(len > RX_BUF_LENGTH)) {
+ netif_err(priv, rx_status, dev, "oversized packet\n");
+ dev->stats.rx_length_errors++;
+ dev->stats.rx_errors++;
+ dev_kfree_skb_any(skb);
+ goto next;
+ }
+
if (unlikely(!(dma_flag & DMA_EOP) || !(dma_flag & DMA_SOP))) {
netif_err(priv, rx_status, dev,
"dropping fragmented packet!\n");
--
2.25.1
On Thu, Jan 26, 2023 at 04:08:19PM -0800, Florian Fainelli wrote:
> Occasionnaly we may get oversized packets from the hardware which
> exceed the nomimal 2KiB buffer size we allocate SKBs with. Add an early
> check which drops the packet to avoid invoking skb_over_panic() and move
> on to processing the next packet.
>
> Signed-off-by: Florian Fainelli <[email protected]>
> ---
> drivers/net/ethernet/broadcom/genet/bcmgenet.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
> index 21973046b12b..d937daa8ee88 100644
> --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
> +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
> @@ -2316,6 +2316,14 @@ static unsigned int bcmgenet_desc_rx(struct bcmgenet_rx_ring *ring,
> __func__, p_index, ring->c_index,
> ring->read_ptr, dma_length_status);
>
> + if (unlikely(len > RX_BUF_LENGTH)) {
> + netif_err(priv, rx_status, dev, "oversized packet\n");
I don't think that it is wise move to print to dmesg something that can
be triggered by user over network.
Thanks
> + dev->stats.rx_length_errors++;
> + dev->stats.rx_errors++;
> + dev_kfree_skb_any(skb);
> + goto next;
> + }
> +
> if (unlikely(!(dma_flag & DMA_EOP) || !(dma_flag & DMA_SOP))) {
> netif_err(priv, rx_status, dev,
> "dropping fragmented packet!\n");
> --
> 2.25.1
>
On 1/29/2023 1:42 AM, Leon Romanovsky wrote:
> On Thu, Jan 26, 2023 at 04:08:19PM -0800, Florian Fainelli wrote:
>> Occasionnaly we may get oversized packets from the hardware which
>> exceed the nomimal 2KiB buffer size we allocate SKBs with. Add an early
>> check which drops the packet to avoid invoking skb_over_panic() and move
>> on to processing the next packet.
>>
>> Signed-off-by: Florian Fainelli <[email protected]>
>> ---
>> drivers/net/ethernet/broadcom/genet/bcmgenet.c | 8 ++++++++
>> 1 file changed, 8 insertions(+)
>>
>> diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
>> index 21973046b12b..d937daa8ee88 100644
>> --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
>> +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
>> @@ -2316,6 +2316,14 @@ static unsigned int bcmgenet_desc_rx(struct bcmgenet_rx_ring *ring,
>> __func__, p_index, ring->c_index,
>> ring->read_ptr, dma_length_status);
>>
>> + if (unlikely(len > RX_BUF_LENGTH)) {
>> + netif_err(priv, rx_status, dev, "oversized packet\n");
>
> I don't think that it is wise move to print to dmesg something that can
> be triggered by user over network.
A frame larger than RX_BUF_LENGTH intentionally received would be
segmented by the MAC, we have seen this happen however while playing
with unsafe clock ratios for instance or when there are insufficient
credits given to the Ethernet MAC to write frames into DRAM. The print
is consistent with other errors that are captured and is only enabled if
the appropriate ethtool message level bitmask is set.
--
Florian
Hello:
This patch was applied to netdev/net-next.git (master)
by David S. Miller <[email protected]>:
On Thu, 26 Jan 2023 16:08:19 -0800 you wrote:
> Occasionnaly we may get oversized packets from the hardware which
> exceed the nomimal 2KiB buffer size we allocate SKBs with. Add an early
> check which drops the packet to avoid invoking skb_over_panic() and move
> on to processing the next packet.
>
> Signed-off-by: Florian Fainelli <[email protected]>
>
> [...]
Here is the summary with links:
- [net-next] net: bcmgenet: Add a check for oversized packets
https://git.kernel.org/netdev/net-next/c/5c0862c2c962
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
On Sun, Jan 29, 2023 at 01:17:43PM -0800, Florian Fainelli wrote:
>
>
> On 1/29/2023 1:42 AM, Leon Romanovsky wrote:
> > On Thu, Jan 26, 2023 at 04:08:19PM -0800, Florian Fainelli wrote:
> > > Occasionnaly we may get oversized packets from the hardware which
> > > exceed the nomimal 2KiB buffer size we allocate SKBs with. Add an early
> > > check which drops the packet to avoid invoking skb_over_panic() and move
> > > on to processing the next packet.
> > >
> > > Signed-off-by: Florian Fainelli <[email protected]>
> > > ---
> > > drivers/net/ethernet/broadcom/genet/bcmgenet.c | 8 ++++++++
> > > 1 file changed, 8 insertions(+)
> > >
> > > diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
> > > index 21973046b12b..d937daa8ee88 100644
> > > --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
> > > +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
> > > @@ -2316,6 +2316,14 @@ static unsigned int bcmgenet_desc_rx(struct bcmgenet_rx_ring *ring,
> > > __func__, p_index, ring->c_index,
> > > ring->read_ptr, dma_length_status);
> > > + if (unlikely(len > RX_BUF_LENGTH)) {
> > > + netif_err(priv, rx_status, dev, "oversized packet\n");
> >
> > I don't think that it is wise move to print to dmesg something that can
> > be triggered by user over network.
>
> A frame larger than RX_BUF_LENGTH intentionally received would be segmented
> by the MAC, we have seen this happen however while playing with unsafe clock
> ratios for instance or when there are insufficient credits given to the
> Ethernet MAC to write frames into DRAM. The print is consistent with other
> errors that are captured and is only enabled if the appropriate ethtool
> message level bitmask is set.
I saw other prints in that function, but you add new one.
Won't netif_err() be printed by default in almost all distro?
Thanks
> --
> Florian
On 1/30/23 02:09, Leon Romanovsky wrote:
> On Sun, Jan 29, 2023 at 01:17:43PM -0800, Florian Fainelli wrote:
>>
>>
>> On 1/29/2023 1:42 AM, Leon Romanovsky wrote:
>>> On Thu, Jan 26, 2023 at 04:08:19PM -0800, Florian Fainelli wrote:
>>>> Occasionnaly we may get oversized packets from the hardware which
>>>> exceed the nomimal 2KiB buffer size we allocate SKBs with. Add an early
>>>> check which drops the packet to avoid invoking skb_over_panic() and move
>>>> on to processing the next packet.
>>>>
>>>> Signed-off-by: Florian Fainelli <[email protected]>
>>>> ---
>>>> drivers/net/ethernet/broadcom/genet/bcmgenet.c | 8 ++++++++
>>>> 1 file changed, 8 insertions(+)
>>>>
>>>> diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
>>>> index 21973046b12b..d937daa8ee88 100644
>>>> --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
>>>> +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
>>>> @@ -2316,6 +2316,14 @@ static unsigned int bcmgenet_desc_rx(struct bcmgenet_rx_ring *ring,
>>>> __func__, p_index, ring->c_index,
>>>> ring->read_ptr, dma_length_status);
>>>> + if (unlikely(len > RX_BUF_LENGTH)) {
>>>> + netif_err(priv, rx_status, dev, "oversized packet\n");
>>>
>>> I don't think that it is wise move to print to dmesg something that can
>>> be triggered by user over network.
>>
>> A frame larger than RX_BUF_LENGTH intentionally received would be segmented
>> by the MAC, we have seen this happen however while playing with unsafe clock
>> ratios for instance or when there are insufficient credits given to the
>> Ethernet MAC to write frames into DRAM. The print is consistent with other
>> errors that are captured and is only enabled if the appropriate ethtool
>> message level bitmask is set.
>
> I saw other prints in that function, but you add new one.
> Won't netif_err() be printed by default in almost all distro?
Do distributions alter the drive default message level:
#define GENET_MSG_DEFAULT (NETIF_MSG_DRV | NETIF_MSG_PROBE | \
NETIF_MSG_LINK)
?
--
Florian
On Mon, Jan 30, 2023 at 10:19:07AM -0800, Florian Fainelli wrote:
> On 1/30/23 02:09, Leon Romanovsky wrote:
> > On Sun, Jan 29, 2023 at 01:17:43PM -0800, Florian Fainelli wrote:
> > >
> > >
> > > On 1/29/2023 1:42 AM, Leon Romanovsky wrote:
> > > > On Thu, Jan 26, 2023 at 04:08:19PM -0800, Florian Fainelli wrote:
> > > > > Occasionnaly we may get oversized packets from the hardware which
> > > > > exceed the nomimal 2KiB buffer size we allocate SKBs with. Add an early
> > > > > check which drops the packet to avoid invoking skb_over_panic() and move
> > > > > on to processing the next packet.
> > > > >
> > > > > Signed-off-by: Florian Fainelli <[email protected]>
> > > > > ---
> > > > > drivers/net/ethernet/broadcom/genet/bcmgenet.c | 8 ++++++++
> > > > > 1 file changed, 8 insertions(+)
> > > > >
> > > > > diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
> > > > > index 21973046b12b..d937daa8ee88 100644
> > > > > --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
> > > > > +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
> > > > > @@ -2316,6 +2316,14 @@ static unsigned int bcmgenet_desc_rx(struct bcmgenet_rx_ring *ring,
> > > > > __func__, p_index, ring->c_index,
> > > > > ring->read_ptr, dma_length_status);
> > > > > + if (unlikely(len > RX_BUF_LENGTH)) {
> > > > > + netif_err(priv, rx_status, dev, "oversized packet\n");
> > > >
> > > > I don't think that it is wise move to print to dmesg something that can
> > > > be triggered by user over network.
> > >
> > > A frame larger than RX_BUF_LENGTH intentionally received would be segmented
> > > by the MAC, we have seen this happen however while playing with unsafe clock
> > > ratios for instance or when there are insufficient credits given to the
> > > Ethernet MAC to write frames into DRAM. The print is consistent with other
> > > errors that are captured and is only enabled if the appropriate ethtool
> > > message level bitmask is set.
> >
> > I saw other prints in that function, but you add new one.
> > Won't netif_err() be printed by default in almost all distro?
>
> Do distributions alter the drive default message level:
>
> #define GENET_MSG_DEFAULT (NETIF_MSG_DRV | NETIF_MSG_PROBE | \
> NETIF_MSG_LINK)
> ?
Ohh, I didn't know about per-driver defaults.
Thanks for the explanation.
> --
> Florian
>