korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-29 05:55:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
75aab4e10a
linux/drivers/net/ethernet
History
Björn Töpel 75aab4e10a i40e: avoid premature Rx buffer reuse 
The page recycle code, incorrectly, relied on that a page fragment
could not be freed inside xdp_do_redirect(). This assumption leads to
that page fragments that are used by the stack/XDP redirect can be
reused and overwritten.

To avoid this, store the page count prior invoking xdp_do_redirect().

Longer explanation:

Intel NICs have a recycle mechanism. The main idea is that a page is
split into two parts. One part is owned by the driver, one part might
be owned by someone else, such as the stack.

t0: Page is allocated, and put on the Rx ring
              +---------------
used by NIC ->| upper buffer
(rx_buffer)   +---------------
              | lower buffer
              +---------------
  page count  == USHRT_MAX
  rx_buffer->pagecnt_bias == USHRT_MAX

t1: Buffer is received, and passed to the stack (e.g.)
              +---------------
              | upper buff (skb)
              +---------------
used by NIC ->| lower buffer
(rx_buffer)   +---------------
  page count  == USHRT_MAX
  rx_buffer->pagecnt_bias == USHRT_MAX - 1

t2: Buffer is received, and redirected
              +---------------
              | upper buff (skb)
              +---------------
used by NIC ->| lower buffer
(rx_buffer)   +---------------

Now, prior calling xdp_do_redirect():
  page count  == USHRT_MAX
  rx_buffer->pagecnt_bias == USHRT_MAX - 2

This means that buffer *cannot* be flipped/reused, because the skb is
still using it.

The problem arises when xdp_do_redirect() actually frees the
segment. Then we get:
  page count  == USHRT_MAX - 1
  rx_buffer->pagecnt_bias == USHRT_MAX - 2

From a recycle perspective, the buffer can be flipped and reused,
which means that the skb data area is passed to the Rx HW ring!

To work around this, the page count is stored prior calling
xdp_do_redirect().

Note that this is not optimal, since the NIC could actually reuse the
"lower buffer" again. However, then we need to track whether
XDP_REDIRECT consumed the buffer or not.

Fixes: d9314c474d ("i40e: add support for XDP_REDIRECT")
Reported-and-analyzed-by: Li RongQing <lirongqing@baidu.com>
Signed-off-by: Björn Töpel <bjorn.topel@intel.com>
Tested-by: George Kuruvinakunnel <george.kuruvinakunnel@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
2020-12-09 15:26:58 -08:00
..
3com networking changes for the 5.10 merge window 2020-10-15 18:42:13 -07:00
8390 lib8390: Use netif_msg_init to initialize msg_enable bits 2020-10-01 19:08:46 -07:00
adaptec starfire: switch from 'pci_' to 'dma_' API 2020-08-24 17:33:11 -07:00
aeroflex
agere ethernet: select CONFIG_CRC32 as needed 2020-12-04 14:42:21 -08:00
alacritech treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
allwinner net: allwinner: remove redundant irqsave and irqrestore in hardIRQ 2020-09-23 17:33:52 -07:00
alteon net: alteon: convert tasklets to use new tasklet_setup() API 2020-09-14 13:02:37 -07:00
altera
amazon net: ena: fix packet's addresses for rx_offset feature 2020-11-24 16:07:13 -08:00
amd networking changes for the 5.10 merge window 2020-10-15 18:42:13 -07:00
apm net: xgene: Move shared header file into include/linux 2020-08-27 06:55:50 -07:00
apple
aquantia aquantia: Remove the build_skb path 2020-11-24 10:59:17 -08:00
arc drivers/net/ethernet: add some basic kdoc tags 2020-09-25 16:29:00 -07:00
atheros atl1e: fix error return code in atl1e_probe() 2020-11-18 11:02:15 -08:00
aurora
broadcom net: broadcom CNIC: requires MMU 2020-12-01 11:44:02 -08:00
brocade net: bna: Use fallthrough pseudo-keyword 2020-10-03 17:33:23 -07:00
cadence ethernet: select CONFIG_CRC32 as needed 2020-12-04 14:42:21 -08:00
calxeda drivers/net/ethernet: clean up mis-targeted comments 2020-09-25 16:29:00 -07:00
cavium net: thunderx: Use struct_size() helper in kmalloc() 2020-10-10 10:34:03 -07:00
chelsio ch_ktls: fix build warning for ipv4-only config 2020-12-05 12:56:21 -08:00
cirrus ethernet: cirrus: Remove unused macros 2020-08-18 12:54:47 -07:00
cisco net: remove unneeded break 2020-10-20 10:28:21 -07:00
cortina drivers/net/ethernet: clean up mis-targeted comments 2020-09-25 16:29:00 -07:00
davicom treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
dec drivers/net/ethernet: clean up unused assignments 2020-09-25 16:29:00 -07:00
dlink net: sundance: convert tasklets to use new tasklet_setup() API 2020-09-14 13:02:37 -07:00
emulex treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
ezchip
faraday ethernet: select CONFIG_CRC32 as needed 2020-12-04 14:42:21 -08:00
freescale dpaa2-mac: Add a missing of_node_put after of_device_is_available 2020-12-07 17:57:19 -08:00
fujitsu
google gve: Replace zero-length array with flexible-array member 2020-10-30 16:57:41 -05:00
hisilicon net: hns3: remove a misused pragma packed 2020-12-06 23:38:33 -08:00
huawei Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-10-05 18:40:01 -07:00
i825xx lib82596: convert to dma_alloc_noncoherent 2020-09-25 06:20:45 +02:00
ibm ibmvnic: Fix TX completion error handling 2020-12-01 10:09:04 -08:00
intel i40e: avoid premature Rx buffer reuse 2020-12-09 15:26:58 -08:00
marvell net: marvell: prestera: Fix error return code in prestera_port_create() 2020-12-05 14:04:55 -08:00
mediatek net: ethernet: mtk-star-emac: fix error return code in mtk_star_enable() 2020-11-12 17:58:37 -08:00
mellanox ethernet: select CONFIG_CRC32 as needed 2020-12-04 14:42:21 -08:00
micrel net: ksz884x: Use fallthrough pseudo-keyword 2020-10-03 17:33:23 -07:00
microchip ethernet: select CONFIG_CRC32 as needed 2020-12-04 14:42:21 -08:00
moxa
mscc net: mscc: ocelot: fix dropping of unknown IPv4 multicast on Seville 2020-12-05 15:41:34 -08:00
myricom net: remove napi_hash_del() from driver-facing API 2020-09-10 13:08:46 -07:00
natsemi net: natsemi: Replace in_interrupt() usage. 2020-09-29 14:02:54 -07:00
neterion net: vxge: Remove in_interrupt() conditionals 2020-09-29 14:02:54 -07:00
netronome ethernet: select CONFIG_CRC32 as needed 2020-12-04 14:42:21 -08:00
ni net: nixge: convert tasklets to use new tasklet_setup() API 2020-09-14 13:02:38 -07:00
nvidia
nxp ethernet: select CONFIG_CRC32 as needed 2020-12-04 14:42:21 -08:00
oki-semi drivers/net/ethernet: clean up mis-targeted comments 2020-09-25 16:29:00 -07:00
packetengines drivers/net/ethernet: clean up mis-targeted comments 2020-09-25 16:29:00 -07:00
pasemi net: pasemi: fix error return code in pasemi_mac_open() 2020-12-02 18:03:58 -08:00
pensando ionic: check port ptr before use 2020-11-05 09:58:25 -08:00
qlogic qed: fix ILT configuration of SRC block 2020-11-17 16:35:32 -08:00
qualcomm net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup 2020-11-16 16:34:49 -08:00
rdc
realtek r8169: disable hw csum for short packets on all chip versions 2020-11-07 12:14:35 -08:00
renesas ravb: Fix bit fields checking in ravb_hwtstamp_get() 2020-10-27 17:14:33 -07:00
rocker ethernet: select CONFIG_CRC32 as needed 2020-12-04 14:42:21 -08:00
samsung drivers/net/ethernet: clean up mis-targeted comments 2020-09-25 16:29:00 -07:00
seeq sgiseeq: convert to dma_alloc_noncoherent 2020-09-25 06:20:45 +02:00
sfc sfc: move initialisation of efx->filter_sem to efx_init_struct() 2020-10-20 21:22:23 -07:00
sgi net: sgi: ioc3-eth: Fix the size used in some 'dma_free_coherent()' calls 2020-08-03 16:00:26 -07:00
silan net: silan: convert tasklets to use new tasklet_setup() API 2020-09-14 13:02:38 -07:00
sis drivers/net/ethernet: clean up mis-targeted comments 2020-09-25 16:29:00 -07:00
smsc net: smc91x: convert tasklets to use new tasklet_setup() API 2020-09-14 13:02:38 -07:00
socionext netsec: ignore 'phy-mode' device property on ACPI systems 2020-10-20 15:59:43 -07:00
stmicro net: stmmac: overwrite the dma_cap.addr64 according to HW design 2020-12-08 14:52:29 -08:00
sun networking changes for the 5.10 merge window 2020-10-15 18:42:13 -07:00
synopsys drivers/net/ethernet: clean up unused assignments 2020-09-25 16:29:00 -07:00
tehuti drivers/net/ethernet: clean up mis-targeted comments 2020-09-25 16:29:00 -07:00
ti net: ethernet: ti: cpsw: fix error return code in cpsw_probe() 2020-11-16 15:37:28 -08:00
toshiba net: tc35815: switch from 'pci_' to 'dma_' API 2020-09-08 20:16:19 -07:00
tundra
via Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-10-05 18:40:01 -07:00
wiznet
xilinx net: ll_temac: Fix potential NULL dereference in temac_probe() 2020-12-08 16:15:46 -08:00
xircom treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
xscale
dnet.c drivers/net/ethernet: clean up unused assignments 2020-09-25 16:29:00 -07:00
dnet.h
ec_bhf.c
ethoc.c drivers/net/ethernet: clean up mis-targeted comments 2020-09-25 16:29:00 -07:00
fealnx.c
jme.c net: jme: convert tasklets to use new tasklet_setup() API 2020-09-14 13:02:37 -07:00
jme.h
Kconfig
korina.c net: korina: cast KSEG0 address to pointer in kfree 2020-10-19 17:00:00 -07:00
lantiq_etop.c
lantiq_xrx200.c net: lantiq: Add locking for TX DMA channel 2020-09-23 18:01:03 -07:00
Makefile