From: Magnus Karlsson <magnus.karlsson@xxxxxxxxx> Fix a crash in the zero-copy driver that occurs when it fails to allocate buffers from user-space. This crash can easily be triggered by a malicious program that does not provide any buffers in the fill ring for the kernel to use. Note that this bug does not exist in upstream since the batched buffer allocation interface got introduced in 5.16 and replaced this code. Reported-by: Jeff Shaw <jeffrey.b.shaw@xxxxxxxxx> Tested-by: Jeff Shaw <jeffrey.b.shaw@xxxxxxxxx> Signed-off-by: Magnus Karlsson <magnus.karlsson@xxxxxxxxx> Acked-by: Maciej Fijalkowski <maciej.fijalkowski@xxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/net/ethernet/intel/ice/ice_xsk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/ethernet/intel/ice/ice_xsk.c +++ b/drivers/net/ethernet/intel/ice/ice_xsk.c @@ -378,7 +378,7 @@ bool ice_alloc_rx_bufs_zc(struct ice_rin do { *xdp = xsk_buff_alloc(rx_ring->xsk_pool); - if (!xdp) { + if (!*xdp) { ok = false; break; }