Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp5409851pxb; Mon, 7 Feb 2022 01:05:02 -0800 (PST) X-Google-Smtp-Source: ABdhPJxw+NuwPe/Kuf7oGbZvDpuXh7lLBARY1bxirvXOHVG+GsLNo8fFKNj2nomtSrZj+HxKYScQ X-Received: by 2002:a17:90b:2516:: with SMTP id ns22mr13182456pjb.242.1644224702657; Mon, 07 Feb 2022 01:05:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644224702; cv=none; d=google.com; s=arc-20160816; b=Dnld6rV0fvJxlHA2FR0fUxo7sqs84Bej5jAzbQ2yO2n5FMRzmwnGtETJmWYUnhKogM 28AzsfM+TlEE9Aowlb7YI94pxyRTfmhdW0cNSIltsNnA7IlwjxLOBPHR7mbyDr0Hs4nc 8xo6tKfheaVoJj9fDlcJbWU/7ufvEznB8ZEFNRGGpU7CjtiznhtULZUn0ZOiCKsXJgB8 7EMKIwVLzZJxCYPsVuntDdutbOV2oLiuSkFsSokGTtqzATxXZ4W0cR1KBnl46W4j2IY+ dq/byxs3YTHS6nc0AtJlnDMJdBwm+oQrVd0ELS2iSZpuPsMbEre5Bts3uBuFsjcyGTOA zwGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Z6JQ1aX4zMv7pVVTF8P1ch7f6zUV97akQQW5kldGWJQ=; b=wqSNfQV04XX/4WDNu+su6fOFnUME2v7fNMLXOTeSk0AEl0wrB/rWmQ7GPfNb7fyaZf RLDih0+1M8SeEG6TwyaIPUNkLFT9Qb0AIqReq8kVu2nqMNXNdsYc9VlYsMqbGIIxxdac y0G4YexFmKReZYhQbEvg8/m+ptQKuxfqHs6nQxkE2U1wYKAtGKYWuI7DTz94l/XfuTYe o+pXYYALJF8rlOQZs53lqYojg7mhLqprvae8qzKKFxu0pJMipxd+bkILvcpRe9000d8C eNV8rAunV1QHHRg49L9y8GuvQYjbJ4dd8ke1TYjYvW7MPEhSbuuOo5ge2Ex3+fu7tz+H 01zQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="oDS/m2Kr"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r12si8703408pgj.462.2022.02.07.01.04.51; Mon, 07 Feb 2022 01:05:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="oDS/m2Kr"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1357930AbiBDJZx (ORCPT + 99 others); Fri, 4 Feb 2022 04:25:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60994 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1357595AbiBDJYa (ORCPT ); Fri, 4 Feb 2022 04:24:30 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BB1AFC06177A; Fri, 4 Feb 2022 01:24:30 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 7D34AB836B9; Fri, 4 Feb 2022 09:24:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 59540C004E1; Fri, 4 Feb 2022 09:24:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1643966668; bh=fSmrUO2QO2mxwW/Q3DVpy091GpVKvail29v4IS7R+dU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=oDS/m2KrhsYSLT6KbhBQGxzz8YyppL2bPL3sG6kHTnagRbfeKoBqHi/DarBbZJpcd gKtXOgmaIykGmkSx0a/CrWqt2R6p0npf6eo8Zr9F1LBZdQuPKt6Kf/DYBHEOssjX4V SsMdEXHGe4GxZBBvUYdxC3IsuyfDTK3pzO7CVqqU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Tom Lendacky , Shyam Sundar S K , Jakub Kicinski Subject: [PATCH 5.15 25/32] net: amd-xgbe: Fix skb data length underflow Date: Fri, 4 Feb 2022 10:22:35 +0100 Message-Id: <20220204091916.090850152@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220204091915.247906930@linuxfoundation.org> References: <20220204091915.247906930@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Shyam Sundar S K commit 5aac9108a180fc06e28d4e7fb00247ce603b72ee upstream. There will be BUG_ON() triggered in include/linux/skbuff.h leading to intermittent kernel panic, when the skb length underflow is detected. Fix this by dropping the packet if such length underflows are seen because of inconsistencies in the hardware descriptors. Fixes: 622c36f143fc ("amd-xgbe: Fix jumbo MTU processing on newer hardware") Suggested-by: Tom Lendacky Signed-off-by: Shyam Sundar S K Acked-by: Tom Lendacky Link: https://lore.kernel.org/r/20220127092003.2812745-1-Shyam-sundar.S-k@amd.com Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman --- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) --- a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c +++ b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c @@ -2557,6 +2557,14 @@ read_again: buf2_len = xgbe_rx_buf2_len(rdata, packet, len); len += buf2_len; + if (buf2_len > rdata->rx.buf.dma_len) { + /* Hardware inconsistency within the descriptors + * that has resulted in a length underflow. + */ + error = 1; + goto skip_data; + } + if (!skb) { skb = xgbe_create_skb(pdata, napi, rdata, buf1_len); @@ -2586,8 +2594,10 @@ skip_data: if (!last || context_next) goto read_again; - if (!skb) + if (!skb || error) { + dev_kfree_skb(skb); goto next_packet; + } /* Be sure we don't exceed the configured MTU */ max_len = netdev->mtu + ETH_HLEN;