From: Can Ayberk Demir <ayberkdemir@gmail.com>
To: netdev@vger.kernel.org
Cc: Radhey Shyam Pandey <radhey.shyam.pandey@amd.com>,
Andrew Lunn <andrew+netdev@lunn.ch>,
"David S . Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Michal Simek <michal.simek@amd.com>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org,
Can Ayberk DEMIR <ayberkdemir@gmail.com>
Subject: [PATCH v2] drivers: net: axienet: safely drop oversized RX frames
Date: Fri, 9 May 2025 09:37:27 +0300 [thread overview]
Message-ID: <20250509063727.35560-1-ayberkdemir@gmail.com> (raw)
In-Reply-To: <20250508150421.26059-1-ayberkdemir@gmail.com>
From: Can Ayberk DEMIR <ayberkdemir@gmail.com>
This patch addresses style issues pointed out in v1.
In AXI Ethernet (axienet) driver, receiving an Ethernet frame larger
than the allocated skb buffer may cause memory corruption or kernel panic,
especially when the interface MTU is small and a jumbo frame is received.
Signed-off-by: Can Ayberk DEMIR <ayberkdemir@gmail.com>
---
.../net/ethernet/xilinx/xilinx_axienet_main.c | 46 +++++++++++--------
1 file changed, 27 insertions(+), 19 deletions(-)
diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
index 1b7a653c1f4e..2b375dd06def 100644
--- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
+++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
@@ -1223,28 +1223,36 @@ static int axienet_rx_poll(struct napi_struct *napi, int budget)
dma_unmap_single(lp->dev, phys, lp->max_frm_size,
DMA_FROM_DEVICE);
- skb_put(skb, length);
- skb->protocol = eth_type_trans(skb, lp->ndev);
- /*skb_checksum_none_assert(skb);*/
- skb->ip_summed = CHECKSUM_NONE;
-
- /* if we're doing Rx csum offload, set it up */
- if (lp->features & XAE_FEATURE_FULL_RX_CSUM) {
- csumstatus = (cur_p->app2 &
- XAE_FULL_CSUM_STATUS_MASK) >> 3;
- if (csumstatus == XAE_IP_TCP_CSUM_VALIDATED ||
- csumstatus == XAE_IP_UDP_CSUM_VALIDATED) {
- skb->ip_summed = CHECKSUM_UNNECESSARY;
+ if (unlikely(length > skb_tailroom(skb))) {
+ netdev_warn(ndev,
+ "Dropping oversized RX frame (len=%u, tailroom=%u)\n",
+ length, skb_tailroom(skb));
+ dev_kfree_skb(skb);
+ skb = NULL;
+ } else {
+ skb_put(skb, length);
+ skb->protocol = eth_type_trans(skb, lp->ndev);
+ /*skb_checksum_none_assert(skb);*/
+ skb->ip_summed = CHECKSUM_NONE;
+
+ /* if we're doing Rx csum offload, set it up */
+ if (lp->features & XAE_FEATURE_FULL_RX_CSUM) {
+ csumstatus = (cur_p->app2 &
+ XAE_FULL_CSUM_STATUS_MASK) >> 3;
+ if (csumstatus == XAE_IP_TCP_CSUM_VALIDATED ||
+ csumstatus == XAE_IP_UDP_CSUM_VALIDATED) {
+ skb->ip_summed = CHECKSUM_UNNECESSARY;
+ }
+ } else if (lp->features & XAE_FEATURE_PARTIAL_RX_CSUM) {
+ skb->csum = be32_to_cpu(cur_p->app3 & 0xFFFF);
+ skb->ip_summed = CHECKSUM_COMPLETE;
}
- } else if (lp->features & XAE_FEATURE_PARTIAL_RX_CSUM) {
- skb->csum = be32_to_cpu(cur_p->app3 & 0xFFFF);
- skb->ip_summed = CHECKSUM_COMPLETE;
- }
- napi_gro_receive(napi, skb);
+ napi_gro_receive(napi, skb);
- size += length;
- packets++;
+ size += length;
+ packets++;
+ }
}
new_skb = napi_alloc_skb(napi, lp->max_frm_size);
--
2.39.5 (Apple Git-154)
next prev parent reply other threads:[~2025-05-09 6:37 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-08 15:04 [PATCH] drivers: net: axienet: safely drop oversized RX frames Can Ayberk Demir
2025-05-09 6:08 ` Gupta, Suraj
2025-05-09 6:37 ` Can Ayberk Demir [this message]
2025-05-09 8:06 ` [PATCH v2] " Gupta, Suraj
2025-05-09 8:18 ` Gupta, Suraj
2025-05-09 10:47 ` [PATCH net v3] " Can Ayberk Demir
2025-05-09 15:17 ` Gupta, Suraj
2025-05-16 8:43 ` [PATCH net v4] " Can Ayberk Demir
2025-05-16 9:02 ` Eric Dumazet
2025-05-19 5:17 ` Gupta, Suraj
2025-05-13 22:18 ` [PATCH v2] drivers: " kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250509063727.35560-1-ayberkdemir@gmail.com \
--to=ayberkdemir@gmail.com \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michal.simek@amd.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=radhey.shyam.pandey@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).