linux-hardened/drivers/net/qlcnic
Eric Dumazet 04746ff128 qlcnic: dont assume NET_IP_ALIGN is 2
qlcnic driver allocates rx skbs and gives to hardware too bytes of extra
storage, allowing for corruption of kernel data.

NET_IP_ALIGN being 0 on some platforms (including x86), drivers should
not assume it's 2.

rds_ring->skb_size = rds_ring->dma_size + NET_IP_ALIGN;
...
skb = dev_alloc_skb(rds_ring->skb_size);
skb_reserve(skb, 2);
pci_map_single(pdev, skb->data, rds_ring->dma_size, PCI_DMA_FROMDEVICE);

(and rds_ring->skb_size == rds_ring->dma_size) -> bug


Because of extra alignment (1500 + 32) -> four extra bytes are available
before the struct skb_shared_info, so corruption is not noticed.

Note: this driver could use netdev_alloc_skb_ip_align()

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-17 22:58:08 -07:00
..
Makefile
qlcnic.h qlcnic: fix loopback test 2010-07-25 16:32:40 -07:00
qlcnic_ctx.c qlcnic: restore NPAR config data after recovery 2010-07-14 13:54:17 -07:00
qlcnic_ethtool.c qlcnic: fix loopback test 2010-07-25 16:32:40 -07:00
qlcnic_hdr.h qlcnic: Remove obsolete code 2010-06-29 15:12:36 -07:00
qlcnic_hw.c qlcnic: release device resources during interface down 2010-06-23 13:16:30 -07:00
qlcnic_init.c qlcnic: dont assume NET_IP_ALIGN is 2 2010-09-17 22:58:08 -07:00
qlcnic_main.c qlcnic: fix poll implementation 2010-08-23 20:28:55 -07:00