diff options
author | Laura Abbott <labbott@fedoraproject.org> | 2016-12-06 08:49:41 -0800 |
---|---|---|
committer | Laura Abbott <labbott@fedoraproject.org> | 2016-12-06 08:49:41 -0800 |
commit | fe324f69901af83cb16ee086f3d284e67ed36e33 (patch) | |
tree | bad4103c2fd2a1b5207f3971058cdf4582530cbd /virtio-net-Fix-DMA-from-the-stack-in-virtnet_set_mac_address.patch | |
parent | 825deb57fe07b1d4e73467438146f3d8d96db6a1 (diff) | |
download | kernel-fe324f69901af83cb16ee086f3d284e67ed36e33.tar.gz kernel-fe324f69901af83cb16ee086f3d284e67ed36e33.tar.xz kernel-fe324f69901af83cb16ee086f3d284e67ed36e33.zip |
Linux v4.9-rc8-9-gd9d0452
- Fix DMA from stack in virtio-net (rhbz 1401612)
Diffstat (limited to 'virtio-net-Fix-DMA-from-the-stack-in-virtnet_set_mac_address.patch')
-rw-r--r-- | virtio-net-Fix-DMA-from-the-stack-in-virtnet_set_mac_address.patch | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/virtio-net-Fix-DMA-from-the-stack-in-virtnet_set_mac_address.patch b/virtio-net-Fix-DMA-from-the-stack-in-virtnet_set_mac_address.patch new file mode 100644 index 000000000..1a392f929 --- /dev/null +++ b/virtio-net-Fix-DMA-from-the-stack-in-virtnet_set_mac_address.patch @@ -0,0 +1,82 @@ +From patchwork Tue Dec 6 02:10:58 2016 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +Subject: virtio-net: Fix DMA-from-the-stack in virtnet_set_mac_address() +From: Andy Lutomirski <luto@kernel.org> +X-Patchwork-Id: 702984 +X-Patchwork-Delegate: davem@davemloft.net +Message-Id: <fe889e578d5dffa9ae0834b449a35fcfd1e10694.1480990173.git.luto@kernel.org> +To: netdev@vger.kernel.org +Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org, + Andy Lutomirski <luto@kernel.org>, + "Michael S . Tsirkin" <mst@redhat.com>, Jason Wang <jasowang@redhat.com>, + Laura Abbott <labbott@redhat.com> +Date: Mon, 5 Dec 2016 18:10:58 -0800 + +With CONFIG_VMAP_STACK=y, virtnet_set_mac_address() can be passed a +pointer to the stack and it will OOPS. Copy the address to the heap +to prevent the crash. + +Cc: Michael S. Tsirkin <mst@redhat.com> +Cc: Jason Wang <jasowang@redhat.com> +Cc: Laura Abbott <labbott@redhat.com> +Reported-by: zbyszek@in.waw.pl +Signed-off-by: Andy Lutomirski <luto@kernel.org> +Acked-by: Jason Wang <jasowang@redhat.com> +Acked-by: Michael S. Tsirkin <mst@redhat.com> +--- + +Very lightly tested. + + drivers/net/virtio_net.c | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) + +diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c +index 7276d5a95bd0..cbf1c613c67a 100644 +--- a/drivers/net/virtio_net.c ++++ b/drivers/net/virtio_net.c +@@ -969,12 +969,17 @@ static int virtnet_set_mac_address(struct net_device *dev, void *p) + struct virtnet_info *vi = netdev_priv(dev); + struct virtio_device *vdev = vi->vdev; + int ret; +- struct sockaddr *addr = p; ++ struct sockaddr *addr; + struct scatterlist sg; + +- ret = eth_prepare_mac_addr_change(dev, p); ++ addr = kmalloc(sizeof(*addr), GFP_KERNEL); ++ if (!addr) ++ return -ENOMEM; ++ memcpy(addr, p, sizeof(*addr)); ++ ++ ret = eth_prepare_mac_addr_change(dev, addr); + if (ret) +- return ret; ++ goto out; + + if (virtio_has_feature(vdev, VIRTIO_NET_F_CTRL_MAC_ADDR)) { + sg_init_one(&sg, addr->sa_data, dev->addr_len); +@@ -982,7 +987,8 @@ static int virtnet_set_mac_address(struct net_device *dev, void *p) + VIRTIO_NET_CTRL_MAC_ADDR_SET, &sg)) { + dev_warn(&vdev->dev, + "Failed to set mac address by vq command.\n"); +- return -EINVAL; ++ ret = -EINVAL; ++ goto out; + } + } else if (virtio_has_feature(vdev, VIRTIO_NET_F_MAC) && + !virtio_has_feature(vdev, VIRTIO_F_VERSION_1)) { +@@ -996,8 +1002,11 @@ static int virtnet_set_mac_address(struct net_device *dev, void *p) + } + + eth_commit_mac_addr_change(dev, p); ++ ret = 0; + +- return 0; ++out: ++ kfree(addr); ++ return ret; + } + + static struct rtnl_link_stats64 *virtnet_stats(struct net_device *dev, |