Re: [PATCH 1/2] net: xilinx_emaclite: fix receive buffer overflow

2017-02-15 Thread David Miller
From: Anssi Hannula Date: Tue, 14 Feb 2017 19:11:44 +0200 > xilinx_emaclite looks at the received data to try to determine the > Ethernet packet length but does not properly clamp it if > proto_type == ETH_P_IP or 1500 < proto_type <= 1518, causing a buffer > overflow

RE: [PATCH 1/2] net: xilinx_emaclite: fix receive buffer overflow

2017-02-15 Thread David Laight
From: Anssi Hannula > Sent: 15 February 2017 08:29 ... > Looking through the product guide [1] I don't see the actual receive > packet length provided anywhere, so I guess that is why the crazy stuff > is done. If the hardware doesn't provide the receive packet length then I suggest you 'fix' the

Re: [PATCH 1/2] net: xilinx_emaclite: fix receive buffer overflow

2017-02-15 Thread Anssi Hannula
On 14.2.2017 22:12, David Miller wrote: > From: Anssi Hannula > Date: Tue, 14 Feb 2017 19:11:44 +0200 > >> xilinx_emaclite looks at the received data to try to determine the >> Ethernet packet length but does not properly clamp it if >> proto_type == ETH_P_IP or 1500 <

Re: [PATCH 1/2] net: xilinx_emaclite: fix receive buffer overflow

2017-02-14 Thread David Miller
From: Anssi Hannula Date: Tue, 14 Feb 2017 19:11:44 +0200 > xilinx_emaclite looks at the received data to try to determine the > Ethernet packet length but does not properly clamp it if > proto_type == ETH_P_IP or 1500 < proto_type <= 1518, causing a buffer > overflow

[PATCH 1/2] net: xilinx_emaclite: fix receive buffer overflow

2017-02-14 Thread Anssi Hannula
xilinx_emaclite looks at the received data to try to determine the Ethernet packet length but does not properly clamp it if proto_type == ETH_P_IP or 1500 < proto_type <= 1518, causing a buffer overflow and a panic via skb_panic() as the length exceeds the allocated skb size. Fix those cases.