Commit cbd7ec08 authored by Sean Anderson's avatar Sean Anderson Committed by Jakub Kicinski

net: dpaa: Pad packets to ETH_ZLEN

When sending packets under 60 bytes, up to three bytes of the buffer
following the data may be leaked. Avoid this by extending all packets to
ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be
reproduced by running

	$ ping -s 11 destination

Fixes: 9ad1a374 ("dpaa_eth: add support for DPAA Ethernet")
Suggested-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarSean Anderson <sean.anderson@linux.dev>
Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20240910143144.1439910-1-sean.anderson@linux.devSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent b4cd80b0
......@@ -2272,12 +2272,12 @@ static netdev_tx_t
dpaa_start_xmit(struct sk_buff *skb, struct net_device *net_dev)
{
const int queue_mapping = skb_get_queue_mapping(skb);
bool nonlinear = skb_is_nonlinear(skb);
struct rtnl_link_stats64 *percpu_stats;
struct dpaa_percpu_priv *percpu_priv;
struct netdev_queue *txq;
struct dpaa_priv *priv;
struct qm_fd fd;
bool nonlinear;
int offset = 0;
int err = 0;
......@@ -2287,6 +2287,13 @@ dpaa_start_xmit(struct sk_buff *skb, struct net_device *net_dev)
qm_fd_clear_fd(&fd);
/* Packet data is always read as 32-bit words, so zero out any part of
* the skb which might be sent if we have to pad the packet
*/
if (__skb_put_padto(skb, ETH_ZLEN, false))
goto enomem;
nonlinear = skb_is_nonlinear(skb);
if (!nonlinear) {
/* We're going to store the skb backpointer at the beginning
* of the data buffer, so we need a privately owned skb
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment