diff mbox series

[net-next,2/2] xen-netfront: re-order error checks in xennet_get_responses()

Message ID 743b3ff3-896c-bfc9-e187-6d50da88f103@suse.com (mailing list archive)
State Accepted
Delegated to: Netdev Maintainers
Headers show
Series xen-netfront: XSA-403 follow-on | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for net-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix success Link
netdev/cover_letter success Series has a cover letter
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers warning 5 maintainers not CCed: edumazet@google.com pabeni@redhat.com kuba@kernel.org davem@davemloft.net sstabellini@kernel.org
netdev/build_clang success Errors and warnings before: 2 this patch: 2
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 2 this patch: 2
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 32 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Jan Beulich July 13, 2022, 9:19 a.m. UTC 
Check the retrieved grant reference first; there's no point trying to
have xennet_move_rx_slot() move invalid data (and further defer
recognition of the issue, likely making diagnosis yet more difficult).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
I question the log message claiming a bad ID (which is how I read its
wording): rx->id isn't involved in determining ref. I don't see what
else to usefully log, though, yet making the message just "Bad rx
response" also doesn't look very useful.

Comments

Paolo Abeni July 14, 2022, 10:37 a.m. UTC | #1 
On Wed, 2022-07-13 at 11:19 +0200, Jan Beulich wrote:
> Check the retrieved grant reference first; there's no point trying to
> have xennet_move_rx_slot() move invalid data (and further defer
> recognition of the issue, likely making diagnosis yet more difficult).
> 
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> ---
> I question the log message claiming a bad ID (which is how I read its
> wording): rx->id isn't involved in determining ref. I don't see what
> else to usefully log, though, yet making the message just "Bad rx
> response" also doesn't look very useful.

For the records, I (mis-)read that log message differently, claiming
there is a bad RX response, and specifying the ID of such response,
which may or may be not useful to diagnose where/when the problem
happens.

Cheers,

Paolo
diff mbox series

Patch

--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -1043,16 +1043,6 @@  static int xennet_get_responses(struct n
 	}
 
 	for (;;) {
-		if (unlikely(rx->status < 0 ||
-			     rx->offset + rx->status > XEN_PAGE_SIZE)) {
-			if (net_ratelimit())
-				dev_warn(dev, "rx->offset: %u, size: %d\n",
-					 rx->offset, rx->status);
-			xennet_move_rx_slot(queue, skb, ref);
-			err = -EINVAL;
-			goto next;
-		}
-
 		/*
 		 * This definitely indicates a bug, either in this driver or in
 		 * the backend driver. In future this should flag the bad
@@ -1065,6 +1055,16 @@  static int xennet_get_responses(struct n
 			err = -EINVAL;
 			goto next;
 		}
+
+		if (unlikely(rx->status < 0 ||
+			     rx->offset + rx->status > XEN_PAGE_SIZE)) {
+			if (net_ratelimit())
+				dev_warn(dev, "rx->offset: %u, size: %d\n",
+					 rx->offset, rx->status);
+			xennet_move_rx_slot(queue, skb, ref);
+			err = -EINVAL;
+			goto next;
+		}
 
 		if (!gnttab_end_foreign_access_ref(ref)) {
 			dev_alert(dev,