redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers/net/ethernet
History
Friedemann Gerold d26ed6b0e5 net: aquantia: memory corruption on jumbo frames 
This patch fixes skb_shared area, which will be corrupted
upon reception of 4K jumbo packets.

Originally build_skb usage purpose was to reuse page for skb to eliminate
needs of extra fragments. But that logic does not take into account that
skb_shared_info should be reserved at the end of skb data area.

In case packet data consumes all the page (4K), skb_shinfo location
overflows the page. As a consequence, __build_skb zeroed shinfo data above
the allocated page, corrupting next page.

The issue is rarely seen in real life because jumbo are normally larger
than 4K and that causes another code path to trigger.
But it 100% reproducible with simple scapy packet, like:

    sendp(IP(dst="192.168.100.3") / TCP(dport=443) \
          / Raw(RandString(size=(4096-40))), iface="enp1s0")

Fixes: 018423e90b ("net: ethernet: aquantia: Add ring support code")

Reported-by: Friedemann Gerold <f.gerold@b-c-s.de>
Reported-by: Michael Rauch <michael@rauch.be>
Signed-off-by: Friedemann Gerold <f.gerold@b-c-s.de>
Tested-by: Nikita Danilov <nikita.danilov@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2018-09-23 22:25:25 -07:00
..
3com net: prevent ISA drivers from building on PPC32 2018-07-22 11:12:29 -07:00
8390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-08-15 15:04:25 -07:00
adaptec net: adaptec: Replace mdelay() with msleep() in starfire_init_one() 2018-07-26 21:24:23 -07:00
aeroflex
agere
alacritech
allwinner
alteon alteon: acenic: mark expected switch fall-through 2018-08-07 17:54:19 -07:00
altera ethernet: Use octal not symbolic permissions 2018-03-26 12:07:49 -04:00
amazon net: ena: fix incorrect usage of memory barriers 2018-09-09 07:59:56 -07:00
amd Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-08-15 16:01:47 -07:00
apm ACPI: Convert ACPI reference args to generic fwnode reference args 2018-07-23 12:44:52 +02:00
apple net: apple: fix return type of ndo_start_xmit function 2018-09-21 19:15:15 -07:00
aquantia net: aquantia: memory corruption on jumbo frames 2018-09-23 22:25:25 -07:00
arc net: Remove depends on HAS_DMA in case of platform dependency 2018-06-23 10:44:30 +09:00
atheros Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net 2018-07-24 19:21:58 -07:00
aurora net: ethernet: Make NET_VENDOR_AURORA default to yes 2018-07-05 20:05:54 +09:00
broadcom bnxt: remove ndo_poll_controller 2018-09-23 21:55:25 -07:00
brocade treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
cadence net: macb: disable scatter-gather for macb on sama5d3 2018-09-17 07:53:21 -07:00
calxeda Merge 4.18-rc5 into char-misc-next 2018-07-16 09:04:54 +02:00
cavium liquidio: remove set but not used variable 'is25G' 2018-08-13 09:21:05 -07:00
chelsio net_sched: remove list_head from tc_action 2018-08-21 12:45:44 -07:00
cirrus net: cirrus: fix return type of ndo_start_xmit function 2018-09-21 19:15:14 -07:00
cisco net: cisco: enic: Replace GFP_ATOMIC with GFP_KERNEL 2018-08-04 13:08:06 -07:00
cortina net: gemini: Indicate that we can handle jumboframes 2018-07-12 17:39:15 -07:00
davicom treewide: simplify Kconfig dependencies for removed archs 2018-03-26 15:55:57 +02:00
dec net: tulip: de4x5: mark expected switch fall-throughs 2018-08-07 17:54:19 -07:00
dlink
emulex be2net: Fix memory leak in be_cmd_get_profile_config() 2018-09-05 08:07:55 -07:00
ezchip
faraday headers: separate linux/mod_devicetable.h from linux/platform_device.h 2018-07-07 17:52:26 +02:00
freescale Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-08-15 16:01:47 -07:00
fujitsu
hisilicon net: hns: add netif_carrier_off before change speed and duplex 2018-08-29 18:08:20 -07:00
hp net: hp100: fix always-true check for link up state 2018-09-17 07:55:19 -07:00
huawei net-next: hinic: fix a problem in free_tx_poll() 2018-08-08 09:46:08 -07:00
i825xx net: i825xx: fix return type of ndo_start_xmit function 2018-09-21 19:15:15 -07:00
ibm net: emac: fix fixed-link setup for the RTL8363SB switch 2018-09-18 19:56:29 -07:00
intel i40evf: remove ndo_poll_controller 2018-09-23 21:55:25 -07:00
marvell net: mvneta: fix the Rx desc buffer DMA unmapping 2018-09-19 21:25:20 -07:00
mediatek net-next: mediatek: cleanup unnecessary get chip id and its user 2018-07-29 13:15:57 -07:00
mellanox mlx5: remove ndo_poll_controller 2018-09-23 21:55:25 -07:00
micrel Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-08-15 16:01:47 -07:00
microchip net: ethernet: Fix a unused function warning. 2018-09-17 08:24:25 -07:00
moxa treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
mscc net: mscc: fix the frame extraction into the skb 2018-09-21 09:07:50 -07:00
myricom ethernet: Use octal not symbolic permissions 2018-03-26 12:07:49 -04:00
natsemi net/sonic: Use dma_mapping_error() 2018-05-31 14:17:33 -04:00
neterion vxge: remove set but not used variable 'req_out', 'status' and 'ret' 2018-08-11 12:05:19 -07:00
netronome nfp: remove ndo_poll_controller 2018-09-23 21:55:25 -07:00
ni net: nixge: Don't store skb in app4 field of descriptor 2018-08-13 08:49:37 -07:00
nuvoton
nvidia net: nvidia: forcedeth: Replace GFP_ATOMIC with GFP_KERNEL in nv_probe() 2018-07-27 13:45:14 -07:00
nxp
oki-semi net: pch_gbe: Clean up pch_gbe_set_multi 2018-06-23 20:52:09 +09:00
packetengines net: ethernet: Add missing VENDOR to Cadence and Packet Engines symbols 2018-07-05 20:05:54 +09:00
pasemi treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
qlogic qed: Add missing device config for RoCE EDPM in UFP mode. 2018-09-19 23:12:24 -07:00
qualcomm net: qca_spi: Fix race condition in spi transfers 2018-09-05 08:09:35 -07:00
rdc
realtek r8169: fix autoneg issue on resume with RTL8168E 2018-09-20 19:58:47 -07:00
renesas ravb: do not write 1 to reserved bits 2018-09-18 20:09:57 -07:00
rocker rocker: rocker_main: Ignore bridge VLAN events 2018-05-31 14:13:43 -04:00
samsung net: ethernet: sxgbe: mark expected switch fall-throughs 2018-08-07 17:54:20 -07:00
seeq net: seeq: fix return type of ndo_start_xmit function 2018-09-21 19:15:14 -07:00
sfc net: sfc: falcon: mark expected switch fall-through 2018-08-07 17:54:21 -07:00
sgi net: sgi: fix return type of ndo_start_xmit function 2018-09-21 19:15:14 -07:00
silan
sis
smsc ARM: 32-bit SoC platform updates 2018-08-23 13:44:43 -07:00
socionext net: socionext: Increase descriptors to 256 2018-08-11 12:11:36 -07:00
stmicro net: stmmac: Fixup the tail addr setting in xmit path 2018-09-18 19:48:08 -07:00
sun net: allow ndo_select_queue to pass netdev 2018-07-09 13:41:34 -07:00
synopsys net: ethernet: Use existing define with polynomial 2018-07-27 19:16:37 +08:00
tehuti net: tehuti: remove redundant pointer skb 2018-07-05 19:33:39 +09:00
ti net: ethernet: ti: add missing GENERIC_ALLOCATOR dependency 2018-09-17 07:49:33 -07:00
toshiba treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
tundra
via
wiznet net: wiznet: fix return type of ndo_start_xmit function 2018-09-21 19:15:15 -07:00
xilinx Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net 2018-07-24 19:21:58 -07:00
xircom
xscale
Kconfig net: change Exar/Neterion menu items to be alphabetical 2018-08-01 09:49:02 -07:00
Makefile net: change Exar/Neterion menu items to be alphabetical 2018-08-01 09:49:02 -07:00
dnet.c
dnet.h
ec_bhf.c ethernet: Use octal not symbolic permissions 2018-03-26 12:07:49 -04:00
ethoc.c treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
fealnx.c
jme.c net: jme: Replace mdelay() with msleep() and usleep_range() in jme_wait_link() 2018-07-27 13:45:14 -07:00
jme.h
korina.c
lantiq_etop.c MIPS: lantiq: dma: add dev pointer 2018-09-11 23:33:19 -07:00
netx-eth.c