Re: [PATCH net-next 4/6] net: sparx5: move SKB consumption to xmit()

From: Daniel Machon
Date: Fri Jan 10 2025 - 04:32:07 EST

Next message: Kun Hu: "Re: Bug: soft lockup in exfat_clear_bitmap"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v1 2/2] dt-bindings: hwmon: Add support for NCT7716, NCT7717 and NCT7718 in lm90"
In reply to: Eric Dumazet: "Re: [PATCH net-next 4/6] net: sparx5: move SKB consumption to xmit()"
Next in thread: Daniel Machon: "[PATCH net-next 3/6] net: sparx5: activate FDMA tx in start()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Eric,

> > diff --git a/drivers/net/ethernet/microchip/sparx5/sparx5_packet.c b/drivers/net/ethernet/microchip/sparx5/sparx5_packet.c
> > index b6f635d85820..e776fa0845c6 100644
> > --- a/drivers/net/ethernet/microchip/sparx5/sparx5_packet.c
> > +++ b/drivers/net/ethernet/microchip/sparx5/sparx5_packet.c
> > @@ -272,7 +272,6 @@ netdev_tx_t sparx5_port_xmit_impl(struct sk_buff *skb, struct net_device *dev)
> > SPARX5_SKB_CB(skb)->rew_op == IFH_REW_OP_TWO_STEP_PTP)
> > return NETDEV_TX_OK;
>
> If packet is freed earlier in sparx5_fdma_xmit(), you have UAF few
> lines above here ..
>
> stats->tx_bytes += skb->len; // UAF
> ...
> if (skb_shinfo(skb)->tx_flags & SKBTX_HW_TSTAMP && // UAF
> SPARX5_SKB_CB(skb)->rew_op == IFH_REW_OP_TWO_STEP_PTP) // UAF
>

Yes, this needs to be done differently. I will rework the SKB consumption in
v2. Thanks a lot!

/Daniel

Next message: Kun Hu: "Re: Bug: soft lockup in exfat_clear_bitmap"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v1 2/2] dt-bindings: hwmon: Add support for NCT7716, NCT7717 and NCT7718 in lm90"
In reply to: Eric Dumazet: "Re: [PATCH net-next 4/6] net: sparx5: move SKB consumption to xmit()"
Next in thread: Daniel Machon: "[PATCH net-next 3/6] net: sparx5: activate FDMA tx in start()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]