i40e: define proper net_device::neigh_priv_len

Konstantin Khorenko Fri, 23 Nov 2018 00:04:11 -0800

The commit is pushed to "branch-rh7-3.10.0-862.20.2.vz7.73.x-ovz" and will 
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-862.20.2.vz7.73.7
------>
commit 83a6531fe107465a9d2b859314c871b177f53138
Author: Konstantin Khorenko <[email protected]>
Date:   Fri Nov 23 10:24:51 2018 +0300


    drivers/net/i40e: define proper net_device::neigh_priv_len
    
    Reported by KASan.
    
    i40iw_net_event() unconditionally reads 16 bytes from
    neighbour::priv_key on neigh entry update, but memory evaluated
    for arp entry on allocation at neigh_event_ns() is evaluated as
    
            tbl->entry_size + dev->neigh_priv_len
    
    and neigh_priv_len is not inited by the driver.
    
    Fix that.
    
    net_device allocation stack:
    
    alloc_netdev_mqs
     alloc_etherdev_mqs_rh
      i40e_vsi_setup
       i40e_setup_pf_switch
        i40e_probe
    
    neigh entry allocation stack:
    
    __kmalloc
     __neigh_create
      neigh_event_ns
       arp_process
        arp_rcv
         __netif_receive_skb_core
          __netif_receive_skb
           netif_receive_skb_internal
            napi_gro_receive
             i40e_clean_rx_irq
              i40e_napi_poll
               net_rx_action
                __do_softirq
    
    reading 16 bytes from neighbour::priv_key stack:
    
    i40iw_copy_ip_ntohl
     i40iw_net_event
      notifier_call_chain
       atomic_notifier_call_chain
        call_netevent_notifiers
         neigh_update
          neigh_event_ns
           arp_process
            arp_rcv
             __netif_receive_skb_core
              __netif_receive_skb
               netif_receive_skb_internal
                napi_gro_receive
                 i40e_clean_rx_irq
                  i40e_napi_poll
                   net_rx_action
                    __do_softirq
    
    https://pmc.acronis.com/browse/VSTOR-17918
    
    Signed-off-by: Konstantin Khorenko <[email protected]>
---
 drivers/net/ethernet/intel/i40e/i40e_main.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c 
b/drivers/net/ethernet/intel/i40e/i40e_main.c
index 6596fb22ab7c..1a3df2eaf7dd 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -9606,6 +9606,9 @@ static int i40e_config_netdev(struct i40e_vsi *vsi)
        ether_addr_copy(netdev->dev_addr, mac_addr);
        ether_addr_copy(netdev->perm_addr, mac_addr);
 
+       /* i40iw_net_event() reads 16 bytes from neigh->primary_key */
+       netdev->neigh_priv_len = sizeof(u32) * 4;
+
        netdev->priv_flags |= IFF_UNICAST_FLT;
        netdev->priv_flags |= IFF_SUPP_NOFCS;
        /* Setup netdev TC information */

_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH RHEL7 COMMIT] drivers/net/i40e: define proper net_device::neigh_priv_len

Reply via email to