Commit 2b15e449 authored by Jakub Kicinski's avatar Jakub Kicinski Committed by Dong Chenchen
Browse files

ethtool: fail closed if we can't get max channel used in indirection tables 

mainline inclusion
from mainline-v6.11-rc1
commit 2899d58462ba868287d6ff3acad3675e7adf934f
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAUATO
CVE: CVE-2024-46834

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2899d58462ba868287d6ff3acad3675e7adf934f



--------------------------------

Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with
active RSS contexts") proves that allowing indirection table to contain
channels with out of bounds IDs may lead to crashes. Currently the
max channel check in the core gets skipped if driver can't fetch
the indirection table or when we can't allocate memory.

Both of those conditions should be extremely rare but if they do
happen we should try to be safe and fail the channel change.

Reviewed-by: default avatarJacob Keller <jacob.e.keller@intel.com>
Link: https://patch.msgid.link/20240710174043.754664-2-kuba@kernel.org


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
Conflicts:
	net/ethtool/common.c
[commit fb6e30a72539 pass a pointer to parameters to
ethtool_get_max_rxfh_channel(), which not merged lead to conflict.]
Signed-off-by: default avatarDong Chenchen <dongchenchen2@huawei.com>
parent 01e57e5f

net/ethtool/channels.c

+2 −4
Original line number Diff line number Diff line
@@ -171,11 +171,9 @@ ethnl_set_channels(struct ethnl_req_info *req_info, struct genl_info *info) 
	 */

	if (ethtool_get_max_rxnfc_channel(dev, &max_rxnfc_in_use))

		max_rxnfc_in_use = 0;

	if (!netif_is_rxfh_configured(dev) ||

	    ethtool_get_max_rxfh_channel(dev, &max_rxfh_in_use))

		max_rxfh_in_use = 0;

	max_rxfh_in_use = ethtool_get_max_rxfh_channel(dev);

	if (channels.combined_count + channels.rx_count <= max_rxfh_in_use) {

		GENL_SET_ERR_MSG(info, "requested channel counts are too low for existing indirection table settings");

		GENL_SET_ERR_MSG_FMT(info, "requested channel counts are too low for existing indirection table (%d)", max_rxfh_in_use);

		return -EINVAL;

	}

	if (channels.combined_count + channels.rx_count <= max_rxnfc_in_use) {

net/ethtool/common.c

+15 −11
Original line number Diff line number Diff line
@@ -587,35 +587,39 @@ int ethtool_get_max_rxnfc_channel(struct net_device *dev, u64 *max) 
	return err;

}



int ethtool_get_max_rxfh_channel(struct net_device *dev, u32 *max)

u32 ethtool_get_max_rxfh_channel(struct net_device *dev)

{

	u32 dev_size, current_max = 0;

	u32 dev_size, current_max;

	u32 *indir;

	int ret;



	if (!netif_is_rxfh_configured(dev))

		return 0;



	if (!dev->ethtool_ops->get_rxfh_indir_size ||

	    !dev->ethtool_ops->get_rxfh)

		return -EOPNOTSUPP;

		return 0;

	dev_size = dev->ethtool_ops->get_rxfh_indir_size(dev);

	if (dev_size == 0)

		return -EOPNOTSUPP;

		return 0;



	indir = kcalloc(dev_size, sizeof(indir[0]), GFP_USER);

	if (!indir)

		return -ENOMEM;

		return U32_MAX;



	ret = dev->ethtool_ops->get_rxfh(dev, indir, NULL, NULL);

	if (ret)

		goto out;

	if (ret) {

		current_max = U32_MAX;

		goto out_free;

	}



	current_max = 0;

	while (dev_size--)

		current_max = max(current_max, indir[dev_size]);



	*max = current_max;



out:

out_free:

	kfree(indir);

	return ret;

	return current_max;

}



int ethtool_check_ops(const struct ethtool_ops *ops)

net/ethtool/common.h

+1 −1
Original line number Diff line number Diff line
@@ -42,7 +42,7 @@ int __ethtool_get_link(struct net_device *dev); 
bool convert_legacy_settings_to_link_ksettings(

	struct ethtool_link_ksettings *link_ksettings,

	const struct ethtool_cmd *legacy_settings);

int ethtool_get_max_rxfh_channel(struct net_device *dev, u32 *max);

u32 ethtool_get_max_rxfh_channel(struct net_device *dev);

int ethtool_get_max_rxnfc_channel(struct net_device *dev, u64 *max);

int __ethtool_get_ts_info(struct net_device *dev, struct ethtool_ts_info *info);

net/ethtool/ioctl.c

+1 −3
Original line number Diff line number Diff line
@@ -1847,9 +1847,7 @@ static noinline_for_stack int ethtool_set_channels(struct net_device *dev, 
	 * indirection table/rxnfc settings */

	if (ethtool_get_max_rxnfc_channel(dev, &max_rxnfc_in_use))

		max_rxnfc_in_use = 0;

	if (!netif_is_rxfh_configured(dev) ||

	    ethtool_get_max_rxfh_channel(dev, &max_rxfh_in_use))

		max_rxfh_in_use = 0;

	max_rxfh_in_use = ethtool_get_max_rxfh_channel(dev);

	if (channels.combined_count + channels.rx_count <=

	    max_t(u64, max_rxnfc_in_use, max_rxfh_in_use))

		return -EINVAL;