diff options
author | Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp> | 2019-01-29 09:45:56 +0900 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2019-01-30 14:02:43 -0800 |
commit | 1667c08a9d31c7cdf09f4890816bfbf20b685495 (patch) | |
tree | 504149649d26e614873add9ec91d156c0b20a5b5 | |
parent | 188313c137c4f76afd0862f50dbc185b198b9e2a (diff) | |
download | lwn-1667c08a9d31c7cdf09f4890816bfbf20b685495.tar.gz lwn-1667c08a9d31c7cdf09f4890816bfbf20b685495.zip |
virtio_net: Fix out of bounds access of sq
When XDP is disabled, curr_queue_pairs + smp_processor_id() can be
larger than max_queue_pairs.
There is no guarantee that we have enough XDP send queues dedicated for
each cpu when XDP is disabled, so do not count drops on sq in that case.
Fixes: 5b8f3c8d30a6 ("virtio_net: Add XDP related stats")
Signed-off-by: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
Acked-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | drivers/net/virtio_net.c | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index 0e1a36908419..669b65c232a2 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -491,20 +491,17 @@ static int virtnet_xdp_xmit(struct net_device *dev, int ret, err; int i; - sq = virtnet_xdp_sq(vi); - - if (unlikely(flags & ~XDP_XMIT_FLAGS_MASK)) { - ret = -EINVAL; - drops = n; - goto out; - } - /* Only allow ndo_xdp_xmit if XDP is loaded on dev, as this * indicate XDP resources have been successfully allocated. */ xdp_prog = rcu_dereference(rq->xdp_prog); - if (!xdp_prog) { - ret = -ENXIO; + if (!xdp_prog) + return -ENXIO; + + sq = virtnet_xdp_sq(vi); + + if (unlikely(flags & ~XDP_XMIT_FLAGS_MASK)) { + ret = -EINVAL; drops = n; goto out; } |