Thread (2 messages) 2 messages, 2 authors, 2021-10-13

RE: [PATCH] hv_netvsc: Fix potentionally overflow in netvsc_xdp_xmit()

From: Haiyang Zhang <haiyangz@microsoft.com>
Date: 2021-10-13 12:44:19
Also in: bpf, lkml, netdev 

quoted hunk ↗ jump to hunk
-----Original Message-----
From: Jiasheng Jiang <redacted>
Sent: Tuesday, October 12, 2021 11:05 PM
To: KY Srinivasan <kys@microsoft.com>; Haiyang Zhang
[off-list ref]; Stephen Hemminger [off-list ref];
wei.liu@kernel.org; Dexuan Cui [off-list ref];
davem@davemloft.net; kuba@kernel.org; ast@kernel.org;
daniel@iogearbox.net; hawk@kernel.org; john.fastabend@gmail.com;
andrii@kernel.org; kafai@fb.com; songliubraving@fb.com; yhs@fb.com;
kpsingh@kernel.org
Cc: linux-hyperv@vger.kernel.org; netdev@vger.kernel.org; linux-
kernel@vger.kernel.org; bpf@vger.kernel.org; Jiasheng Jiang
[off-list ref]
Subject: [PATCH] hv_netvsc: Fix potentionally overflow in
netvsc_xdp_xmit()

[Some people who received this message don't often get email from
jiasheng@iscas.ac.cn. Learn why this is important at
http://aka.ms/LearnAboutSenderIdentification.]

Adding skb_rx_queue_recorded() to avoid the value of skb->queue_mapping
to be 0. Otherwise the return value of skb_get_rx_queue() could be
MAX_U16
cause by overflow.

Fixes: 351e158 ("hv_netvsc: Add XDP support")
Signed-off-by: Jiasheng Jiang <redacted>
---
 drivers/net/hyperv/netvsc_drv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/hyperv/netvsc_drv.c
b/drivers/net/hyperv/netvsc_drv.c
index f682a55..e51201e 100644
--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -807,7 +807,7 @@ static void netvsc_xdp_xmit(struct sk_buff *skb,
struct net_device *ndev)
 {
        int rc;

-       skb->queue_mapping = skb_get_rx_queue(skb);
+       skb->queue_mapping = skb_rx_queue_recorded(skb) ?
skb_get_rx_queue(skb) : 0;
        __skb_push(skb, ETH_HLEN);
netvsc_xdp_xmit() is only called from netvsc_recv_callback() 
and after skb_record_rx_queue(skb, q_idx) is called:

        skb_record_rx_queue(skb, q_idx);

	  ......

        if (act == XDP_TX) {
                netvsc_xdp_xmit(skb, net);
                return NVSP_STAT_SUCCESS;
        }

So the existing code doesn't need this patch.

To avoid future misusing of netvsc_xdp_xmit() in other places, you
may just add a comment -- "This function should only be called 
after skb_record_rx_queue()".

Thanks,

- Haiyang

  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help