review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Magnus Karlsson <magnus.karlsson@intel.com>
	Fri, 18 Jun 2021 07:58:05 +0000 (09:58 +0200)
committer	Daniel Borkmann <daniel@iogearbox.net>
	Fri, 18 Jun 2021 14:59:20 +0000 (16:59 +0200)
commit	f654fae47e83e56b454fbbfd0af0a4f232e356d6
tree	3634a11285d2edd56ef556ea22e2409f3ec6ba7a	tree \| snapshot
parent	2f99619820c2269534eb2c0cde44870313c6d353	commit \| diff

xsk: Fix broken Tx ring validation

Fix broken Tx ring validation for AF_XDP. The commit under the Fixes
tag, fixed an off-by-one error in the validation but introduced
another error. Descriptors are now let through even if they straddle a
chunk boundary which they are not allowed to do in aligned mode. Worse
is that they are let through even if they straddle the end of the umem
itself, tricking the kernel to read data outside the allowed umem
region which might or might not be mapped at all.

Fix this by reintroducing the old code, but subtract the length by one
to fix the off-by-one error that the original patch was
addressing. The test chunk != chunk_end makes sure packets do not
straddle chunk boundraries. Note that packets of zero length are
allowed in the interface, therefore the test if the length is
non-zero.

Fixes: ac31565c2193 ("xsk: Fix for xp_aligned_validate_desc() when len == chunk_size")
Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Xuan Zhuo <xuanzhuo@linux.alibaba.com>
Acked-by: Björn Töpel <bjorn@kernel.org>
Link: https://lore.kernel.org/bpf/20210618075805.14412-1-magnus.karlsson@gmail.com