[net-next,v2] gve: enhance no queue page list detection

Commit Message

Wang, Haiyue Feb. 15, 2022, 5:17 a.m. UTC

The commit
a5886ef4f4bf ("gve: Introduce per netdev `enum gve_queue_format`")
introduces three queue format type, only GVE_GQI_QPL_FORMAT queue has
page list. So it should use the queue page list number to detect the
zero size queue page list. Correct the design logic.

Using the 'queue_format == GVE_GQI_RDA_FORMAT' may lead to request zero
sized memory allocation, like if the queue format is GVE_DQO_RDA_FORMAT.

The kernel memory subsystem will return ZERO_SIZE_PTR, which is not NULL
address, so the driver can run successfully. Also the code still checks
the queue page list number firstly, then accesses the allocated memory,
so zero number queue page list allocation will not lead to access fault.

Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
---
 drivers/net/ethernet/google/gve/gve_main.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

Comments

Bailey Forrest Feb. 15, 2022, 6:04 p.m. UTC | #1

On Mon, Feb 14, 2022 at 9:52 PM Haiyue Wang <haiyue.wang@intel.com> wrote:
>
> The commit
> a5886ef4f4bf ("gve: Introduce per netdev `enum gve_queue_format`")
> introduces three queue format type, only GVE_GQI_QPL_FORMAT queue has
> page list. So it should use the queue page list number to detect the
> zero size queue page list. Correct the design logic.
>
> Using the 'queue_format == GVE_GQI_RDA_FORMAT' may lead to request zero
> sized memory allocation, like if the queue format is GVE_DQO_RDA_FORMAT.
>
> The kernel memory subsystem will return ZERO_SIZE_PTR, which is not NULL
> address, so the driver can run successfully. Also the code still checks
> the queue page list number firstly, then accesses the allocated memory,
> so zero number queue page list allocation will not lead to access fault.
>
> Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>

Reviewed-by: Bailey Forrest <bcf@google.com>

Jakub Kicinski Feb. 16, 2022, 2:01 a.m. UTC | #2

On Tue, 15 Feb 2022 13:17:49 +0800 Haiyue Wang wrote:
> The commit
> a5886ef4f4bf ("gve: Introduce per netdev `enum gve_queue_format`")
> introduces three queue format type, only GVE_GQI_QPL_FORMAT queue has
> page list. So it should use the queue page list number to detect the
> zero size queue page list. Correct the design logic.
> 
> Using the 'queue_format == GVE_GQI_RDA_FORMAT' may lead to request zero
> sized memory allocation, like if the queue format is GVE_DQO_RDA_FORMAT.
> 
> The kernel memory subsystem will return ZERO_SIZE_PTR, which is not NULL
> address, so the driver can run successfully. Also the code still checks
> the queue page list number firstly, then accesses the allocated memory,
> so zero number queue page list allocation will not lead to access fault.
> 
> Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>

Applied, thanks!

Patch

diff --git a/drivers/net/ethernet/google/gve/gve_main.c b/drivers/net/ethernet/google/gve/gve_main.c
index 54e51c8221b8..6cafee55efc3 100644
--- a/drivers/net/ethernet/google/gve/gve_main.c
+++ b/drivers/net/ethernet/google/gve/gve_main.c
@@ -857,8 +857,7 @@  static int gve_alloc_qpls(struct gve_priv *priv)
 	int i, j;
 	int err;
 
-	/* Raw addressing means no QPLs */
-	if (priv->queue_format == GVE_GQI_RDA_FORMAT)
+	if (num_qpls == 0)
 		return 0;
 
 	priv->qpls = kvcalloc(num_qpls, sizeof(*priv->qpls), GFP_KERNEL);
@@ -901,8 +900,7 @@  static void gve_free_qpls(struct gve_priv *priv)
 	int num_qpls = gve_num_tx_qpls(priv) + gve_num_rx_qpls(priv);
 	int i;
 
-	/* Raw addressing means no QPLs */
-	if (priv->queue_format == GVE_GQI_RDA_FORMAT)
+	if (num_qpls == 0)
 		return;
 
 	kvfree(priv->qpl_cfg.qpl_id_map);