Patch "[PATCH 5.15] ice: fix crash at allocation failure" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    [PATCH 5.15] ice: fix crash at allocation failure

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ice-fix-crash-at-allocation-failure.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From magnus.karlsson@xxxxxxxxx  Thu May 26 14:13:37 2022
From: Magnus Karlsson <magnus.karlsson@xxxxxxxxx>
Date: Wed, 25 May 2022 09:19:53 +0200
Subject: [PATCH 5.15] ice: fix crash at allocation failure
To: gregkh@xxxxxxxxxxxxxxxxxxx, sashal@xxxxxxxxxx, stable@xxxxxxxxxxxxxxx, maciej.fijalkowski@xxxxxxxxx, bjorn@xxxxxxxxxx
Cc: Magnus Karlsson <magnus.karlsson@xxxxxxxxx>, Jeff Shaw <jeffrey.b.shaw@xxxxxxxxx>
Message-ID: <20220525071953.27755-1-magnus.karlsson@xxxxxxxxx>


From: Magnus Karlsson <magnus.karlsson@xxxxxxxxx>

Fix a crash in the zero-copy driver that occurs when it fails to
allocate buffers from user-space. This crash can easily be triggered
by a malicious program that does not provide any buffers in the fill
ring for the kernel to use.

Note that this bug does not exist in upstream since the batched buffer
allocation interface got introduced in 5.16 and replaced this code.

Reported-by: Jeff Shaw <jeffrey.b.shaw@xxxxxxxxx>
Tested-by: Jeff Shaw <jeffrey.b.shaw@xxxxxxxxx>
Signed-off-by: Magnus Karlsson <magnus.karlsson@xxxxxxxxx>
Acked-by: Maciej Fijalkowski <maciej.fijalkowski@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/net/ethernet/intel/ice/ice_xsk.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/ethernet/intel/ice/ice_xsk.c
+++ b/drivers/net/ethernet/intel/ice/ice_xsk.c
@@ -378,7 +378,7 @@ bool ice_alloc_rx_bufs_zc(struct ice_rin
 
 	do {
 		*xdp = xsk_buff_alloc(rx_ring->xsk_pool);
-		if (!xdp) {
+		if (!*xdp) {
 			ok = false;
 			break;
 		}


Patches currently in stable-queue which might be from magnus.karlsson@xxxxxxxxx are

queue-5.15/ice-fix-crash-at-allocation-failure.patch
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux