1. Patchew
  2. linux
  3. View series

[PATCH net v2] net: dpaa: Pad packets to ETH_ZLEN

Sean Anderson posted 1 patch 2 months, 2 weeks ago 
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
[PATCH net v2] net: dpaa: Pad packets to ETH_ZLEN
Posted by Sean Anderson 2 months, 2 weeks ago 
When sending packets under 60 bytes, up to three bytes of the buffer
following the data may be leaked. Avoid this by extending all packets to
ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be
reproduced by running

	$ ping -s 11 destination

Fixes: 9ad1a3749333 ("dpaa_eth: add support for DPAA Ethernet")
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Sean Anderson <sean.anderson@linux.dev>
---

Changes in v2:
- Fix the nonlinear varable becoming out-of-sync with the skb's
  linearization state by padding the packet before anything else.

 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c b/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
index cfe6b57b1da0..4a55e521c17e 100644
--- a/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
+++ b/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
@@ -2272,12 +2272,12 @@ static netdev_tx_t
 dpaa_start_xmit(struct sk_buff *skb, struct net_device *net_dev)
 {
 	const int queue_mapping = skb_get_queue_mapping(skb);
-	bool nonlinear = skb_is_nonlinear(skb);
 	struct rtnl_link_stats64 *percpu_stats;
 	struct dpaa_percpu_priv *percpu_priv;
 	struct netdev_queue *txq;
 	struct dpaa_priv *priv;
 	struct qm_fd fd;
+	bool nonlinear;
 	int offset = 0;
 	int err = 0;
 
@@ -2287,6 +2287,13 @@ dpaa_start_xmit(struct sk_buff *skb, struct net_device *net_dev)
 
 	qm_fd_clear_fd(&fd);
 
+	/* Packet data is always read as 32-bit words, so zero out any part of
+	 * the skb which might be sent if we have to pad the packet
+	 */
+	if (__skb_put_padto(skb, ETH_ZLEN, false))
+		goto enomem;
+
+	nonlinear = skb_is_nonlinear(skb);
 	if (!nonlinear) {
 		/* We're going to store the skb backpointer at the beginning
 		 * of the data buffer, so we need a privately owned skb
-- 
2.35.1.1320.gc452695387.dirty
Re: [PATCH net v2] net: dpaa: Pad packets to ETH_ZLEN
Posted by Eric Dumazet 2 months, 2 weeks ago 
On Tue, Sep 10, 2024 at 4:32 PM Sean Anderson <sean.anderson@linux.dev> wrote:
>
> When sending packets under 60 bytes, up to three bytes of the buffer
> following the data may be leaked. Avoid this by extending all packets to
> ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be
> reproduced by running
>
>         $ ping -s 11 destination
>
> Fixes: 9ad1a3749333 ("dpaa_eth: add support for DPAA Ethernet")
> Suggested-by: Eric Dumazet <edumazet@google.com>
> Signed-off-by: Sean Anderson <sean.anderson@linux.dev>

Reviewed-by: Eric Dumazet <edumazet@google.com>

Thanks !

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.