virtio_net: bugfix overflow inside xdp_linearize_page()
stable inclusion from stable-v5.10.179 commit b6dd232f6350778a6ba440ea52bdfc4571b62a06 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8C809 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b6dd232f6350778a6ba440ea52bdfc4571b62a06 -------------------------------- [ Upstream commit 853618d5 ] Here we copy the data from the original buf to the new page. But we not check that it may be overflow. As long as the size received(including vnethdr) is greater than 3840 (PAGE_SIZE -VIRTIO_XDP_HEADROOM). Then the memcpy will overflow. And this is completely possible, as long as the MTU is large, such as 4096. In our test environment, this will cause crash. Since crash is caused by the written memory, it is meaningless, so I do not include it. Fixes: 72979a6c ("virtio_net: xdp, add slowpath case for non contiguous buffers") Signed-off-by:Xuan Zhuo <xuanzhuo@linux.alibaba.com> Acked-by:
Loading
Please sign in to comment