From bf5a3c51e9f7af02f6e0fff01751b623c68f2263 Mon Sep 17 00:00:00 2001 From: Magnus Karlsson Date: Wed, 25 May 2022 09:19:53 +0200 Subject: [PATCH] ice: fix crash at allocation failure Fix a crash in the zero-copy driver that occurs when it fails to allocate buffers from user-space. This crash can easily be triggered by a malicious program that does not provide any buffers in the fill ring for the kernel to use. Note that this bug does not exist in upstream since the batched buffer allocation interface got introduced in 5.16 and replaced this code. Reported-by: Jeff Shaw Tested-by: Jeff Shaw Signed-off-by: Magnus Karlsson Acked-by: Maciej Fijalkowski Signed-off-by: Greg Kroah-Hartman --- drivers/net/ethernet/intel/ice/ice_xsk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/ice/ice_xsk.c b/drivers/net/ethernet/intel/ice/ice_xsk.c index 2b1873061912..5581747947e5 100644 --- a/drivers/net/ethernet/intel/ice/ice_xsk.c +++ b/drivers/net/ethernet/intel/ice/ice_xsk.c @@ -378,7 +378,7 @@ bool ice_alloc_rx_bufs_zc(struct ice_ring *rx_ring, u16 count) do { *xdp = xsk_buff_alloc(rx_ring->xsk_pool); - if (!xdp) { + if (!*xdp) { ok = false; break; }