From: Anssi Hannula <anssi.hann...@bitwise.fi>
Date: Tue, 14 Feb 2017 19:11:44 +0200
> xilinx_emaclite looks at the received data to try to determine the
> Ethernet packet length but does not properly clamp it if
> proto_type == ETH_P_IP or 1500 < proto_type <= 1518, causing a buffer
> overflow and a panic via skb_panic() as the length exceeds the allocated
> skb size.
>
> Fix those cases.
>
> Also add an additional unconditional check with WARN_ON() at the end.
>
> Signed-off-by: Anssi Hannula <anssi.hann...@bitwise.fi>
> Fixes: bb81b2ddfa19 ("net: add Xilinx emac lite device driver")
Why does this driver do all of this crazy stuff parsing the packet
headers?
It should be able to just read the length provided by the device
at XEL_RPLR_OFFSET and just use that.
