[PATCH openEuler-5.10-LTS v2 72/82] net: atlantic: fix "frag[0] not initialized"

17 Aug 2022

From: Grant Grundler grundler@chromium.org
stable inclusion
from stable-v5.10.118
commit 9b84e83a92cdacd1a768c4de04ec3d9a81b26c12
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5L686
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
[ Upstream commit 62e0ae0f4020250f961cf8d0103a4621be74e077 ]
In aq_ring_rx_clean(), if buff->is_eop is not set AND
buff->len < AQ_CFG_RX_HDR_SIZE, then hdr_len remains equal to
buff->len and skb_add_rx_frag(xxx, *0*, ...) is not called.
The loop following this code starts calling skb_add_rx_frag() starting
with i=1 and thus frag[0] is never initialized. Since i is initialized
to zero at the top of the primary loop, we can just reference and
post-increment i instead of hardcoding the 0 when calling
skb_add_rx_frag() the first time.
Reported-by: Aashay Shringarpure aashay@google.com
Reported-by: Yi Chou yich@google.com
Reported-by: Shervin Oloumi enlightened@google.com
Signed-off-by: Grant Grundler grundler@chromium.org
Signed-off-by: David S. Miller davem@davemloft.net
Signed-off-by: Sasha Levin sashal@kernel.org
Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com
Acked-by: Xie XiuQi xiexiuqi@huawei.com
---
 drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/aquantia/atlantic/aq_ring.c b/drivers/net/ethernet/aquantia/atlantic/aq_ring.c
index 72f8751784c3..7cf5a48e9a7d 100644
--- a/drivers/net/ethernet/aquantia/atlantic/aq_ring.c
+++ b/drivers/net/ethernet/aquantia/atlantic/aq_ring.c
@@ -445,7 +445,7 @@ int aq_ring_rx_clean(struct aq_ring_s *self,
    	       ALIGN(hdr_len, sizeof(long)));
if (buff->len - hdr_len > 0) {
-			skb_add_rx_frag(skb, 0, buff->rxdata.page,
+			skb_add_rx_frag(skb, i++, buff->rxdata.page,
    				buff->rxdata.pg_off + hdr_len,
    				buff->len - hdr_len,
    				AQ_CFG_RX_FRAME_MAX);
@@ -454,7 +454,6 @@ int aq_ring_rx_clean(struct aq_ring_s *self,
if (!buff->is_eop) {
    		buff_ = buff;
-			i = 1U;
    		do {
    			next_ = buff_->next;
    			buff_ = &self->buff_ring[next_];
-- 
2.20.1

    

2024

2023

2022

2021

2020

2019

[PATCH openEuler-5.10-LTS v2 72/82] net: atlantic: fix "frag[0] not initialized"