| Message ID | 20210428094424.54435-1-xuanzhuo@linux.alibaba.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | ac31565c21937eee9117e43c9cd34f557f6f1cb8 |
| Delegated to: | BPF |
| Headers | show |
| Series | [bpf,v2] xsk: fix for xp_aligned_validate_desc() when len == chunk_size | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Clearly marked for bpf |
| netdev/subject_prefix | success | Link |
| netdev/cc_maintainers | success | CCed 16 of 16 maintainers |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 1 this patch: 1 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 16 lines checked |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 1 this patch: 1 |
| netdev/header_inline | success | Link |
Hello: This patch was applied to bpf/bpf.git (refs/heads/master): On Wed, 28 Apr 2021 17:44:24 +0800 you wrote: > When desc->len is equal to chunk_size, it is legal. But > xp_aligned_validate_desc() got "chunk_end" by desc->addr + desc->len > pointing to the next chunk during the check, which caused the check to > fail. > > Related commit: > commit 2b43470add8c ("xsk: Introduce AF_XDP buffer allocation API") > commit 26062b185eee ("xsk: Explicitly inline functions and move > definitions") > > [...] Here is the summary with links: - [bpf,v2] xsk: fix for xp_aligned_validate_desc() when len == chunk_size https://git.kernel.org/bpf/bpf/c/ac31565c2193 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
diff --git a/net/xdp/xsk_queue.h b/net/xdp/xsk_queue.h index 2823b7c3302d..40f359bf2044 100644 --- a/net/xdp/xsk_queue.h +++ b/net/xdp/xsk_queue.h @@ -128,13 +128,12 @@ static inline bool xskq_cons_read_addr_unchecked(struct xsk_queue *q, u64 *addr) static inline bool xp_aligned_validate_desc(struct xsk_buff_pool *pool, struct xdp_desc *desc) { - u64 chunk, chunk_end; + u64 chunk; - chunk = xp_aligned_extract_addr(pool, desc->addr); - chunk_end = xp_aligned_extract_addr(pool, desc->addr + desc->len); - if (chunk != chunk_end) + if (desc->len > pool->chunk_size) return false; + chunk = xp_aligned_extract_addr(pool, desc->addr); if (chunk >= pool->addrs_cnt) return false;
When desc->len is equal to chunk_size, it is legal. But xp_aligned_validate_desc() got "chunk_end" by desc->addr + desc->len pointing to the next chunk during the check, which caused the check to fail. Related commit: commit 2b43470add8c ("xsk: Introduce AF_XDP buffer allocation API") commit 26062b185eee ("xsk: Explicitly inline functions and move definitions") This problem was first introduced in "bbff2f321a86". Later in "2b43470add8c" this piece of code was moved into the new function xp_aligned_validate_desc(). Later this function was moved into the file xsk_queue.h in "26062b185eee". Fixes: bbff2f321a86 ("xsk: new descriptor addressing scheme") Signed-off-by: Xuan Zhuo <xuanzhuo@linux.alibaba.com> Acked-by: Magnus Karlsson <magnus.karlsson@intel.com> --- net/xdp/xsk_queue.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-)