From patchwork Fri May  5 12:37:35 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tim Gardner <tim.gardner@canonical.com>
X-Patchwork-Id: 1777608
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=canonical.com header.i=@canonical.com
 header.a=rsa-sha256 header.s=20210705 header.b=bkrC7cL2;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4QCVZx5xVJz214K
	for <incoming@patchwork.ozlabs.org>; Fri,  5 May 2023 22:38:01 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1puuh7-0003H0-61; Fri, 05 May 2023 12:37:53 +0000
Received: from smtp-relay-internal-1.internal ([10.131.114.114]
 helo=smtp-relay-internal-1.canonical.com)
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <tim.gardner@canonical.com>) id 1puuh4-0003GS-Gz
 for kernel-team@lists.ubuntu.com; Fri, 05 May 2023 12:37:50 +0000
Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com
 [209.85.214.200])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 20D0D3F12F
 for <kernel-team@lists.ubuntu.com>; Fri,  5 May 2023 12:37:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
 s=20210705; t=1683290270;
 bh=F3/V+ufyD8WoIaC+OPyMeiQMnLrYdmSCk0Kyflk8s9s=;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
 MIME-Version;
 b=bkrC7cL2SmG1uC6e4woTdKqjTlQhdRKAY1Huze5rFJp/RkhHKCJHMSPfWT99pa7rV
 SMlWFUYpoAld5XTWva8W1ejrqhm7nWf1D6ZFHBO9u5nXJ0yMqySrdoKA6vECJRBCuJ
 qgFamBkufIbnT0BYzdWEqfXYg94HyBAv685Jw9ym94tJl8fqeNdcJHh0TfZ2EE1XaO
 jUx2CHoTgLFZkiE00IRw+QU8BE4Aspf401xrnhcaMpyxCIrBzD3s2B+pB2LofFJjzI
 2VsjyaL3r1smW/67iVyLHONX+tMNgAvWdApiSsUXHA61bJ0u/CtEvJqqnibHFM/nlz
 f/jTM5ujmmoRA==
Received: by mail-pl1-f200.google.com with SMTP id
 d9443c01a7336-1aae625e57dso8194125ad.1
 for <kernel-team@lists.ubuntu.com>; Fri, 05 May 2023 05:37:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1683290268; x=1685882268;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=F3/V+ufyD8WoIaC+OPyMeiQMnLrYdmSCk0Kyflk8s9s=;
 b=gFEk2/oN7kFhwoz/fJb/hgUvvZJu1qQVmMbDvEhDcVC46bfn/DWoLEGt594g9ZrQ0/
 iaNweO/rFeFaH+4YpuHlxXuwm/X5XKP9SGjZyQInCZaJ8Sb58PtloWV9NBzDvSK4C/RB
 GX042SjuZXRLwaohYm8CvkXQuCsFZ6cU0Wgsmz0NAVZ4mVF0l3RXGLBVxuBRa2kecDgs
 PGz17Bmr+3psI7hITxABQhNz3OXrzHTFE5S7buQL1kALb1Ku0PvGhqNQpGxz2IATIMu3
 5kA0TSTwVOXfS1U2FfO36tOdHooLUZmhcqwh5rWnxe959qbbCaQkqMYr/gVj1DwYwxWz
 BSNg==
X-Gm-Message-State: AC+VfDxRQIinLKj+LSdE86o5YTBHTBR0uGzkC/dCX306cqlvOM5ril+Q
 JbWkThCK6bDcTVO1QvRg1LWXXgbvJm+sSMHtsnjYF6wwPbPRfReNUWHa8H0YfqaOByhuyD1YIQz
 A0uv5AgKTdMkZ+IyKDWdtS1Z1gre0Twm3wACxI0yF+QutIngbTAfk
X-Received: by 2002:a17:902:ef96:b0:1aa:ce4d:c77d with SMTP id
 iz22-20020a170902ef9600b001aace4dc77dmr1277619plb.24.1683290268105;
 Fri, 05 May 2023 05:37:48 -0700 (PDT)
X-Google-Smtp-Source: 
 ACHHUZ4laxUAg1lo0ctRuFUxdK395hGMgCYc1ZDa3dhn0yg/X/D2iVJ7Xr0pNhdGJwzNSSGhswCxNw==
X-Received: by 2002:a17:902:ef96:b0:1aa:ce4d:c77d with SMTP id
 iz22-20020a170902ef9600b001aace4dc77dmr1277604plb.24.1683290267775;
 Fri, 05 May 2023 05:37:47 -0700 (PDT)
Received: from smtp.gmail.com (174-045-099-030.res.spectrum.com.
 [174.45.99.30]) by smtp.gmail.com with ESMTPSA id
 s5-20020a170902ea0500b001aafde0cd8fsm1697957plg.53.2023.05.05.05.37.46
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 05 May 2023 05:37:46 -0700 (PDT)
From: Tim Gardner <tim.gardner@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 2/2] net: mana: Check if netdev/napi_alloc_frag returns single
 page
Date: Fri,  5 May 2023 06:37:35 -0600
Message-Id: <20230505123735.1229681-3-tim.gardner@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230505123735.1229681-1-tim.gardner@canonical.com>
References: <20230505123735.1229681-1-tim.gardner@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Haiyang Zhang <haiyangz@microsoft.com>

BugLink: https://bugs.launchpad.net/bugs/2018593

netdev/napi_alloc_frag() may fall back to single page which is smaller
than the requested size.
Add error checking to avoid memory overwritten.

Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit df18f2da302f169e1a29098c6ca3b474f1b0269e)
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
 drivers/net/ethernet/microsoft/mana/mana_en.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c
index 2ab3caefac25..202f2f34f016 100644
--- a/drivers/net/ethernet/microsoft/mana/mana_en.c
+++ b/drivers/net/ethernet/microsoft/mana/mana_en.c
@@ -553,6 +553,14 @@ static int mana_pre_alloc_rxbufs(struct mana_port_context *mpc, int new_mtu)
 			va = netdev_alloc_frag(mpc->rxbpre_alloc_size);
 			if (!va)
 				goto error;
+
+			page = virt_to_head_page(va);
+			/* Check if the frag falls back to single page */
+			if (compound_order(page) <
+			    get_order(mpc->rxbpre_alloc_size)) {
+				put_page(page);
+				goto error;
+			}
 		} else {
 			page = dev_alloc_page();
 			if (!page)
@@ -1504,6 +1512,13 @@ static void *mana_get_rxfrag(struct mana_rxq *rxq, struct device *dev,
 
 		if (!va)
 			return NULL;
+
+		page = virt_to_head_page(va);
+		/* Check if the frag falls back to single page */
+		if (compound_order(page) < get_order(rxq->alloc_size)) {
+			put_page(page);
+			return NULL;
+		}
 	} else {
 		page = dev_alloc_page();
 		if (!page)