Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 32f3671f authored by Or Gerlitz's avatar Or Gerlitz Committed by Saeed Mahameed
Browse files

net/mlx5e: Make sure the FW max encap size is enough for ipv4 tunnels 



Otherwise the code that fills the ipv4 encapsulation headers could be writing
beyond the allocated headers buffer.

Fixes: a54e20b4 ('net/mlx5e: Add basic TC tunnel set action for SRIOV offloads')
Signed-off-by: default avatarOr Gerlitz <ogerlitz@mellanox.com>
Reviewed-by: default avatarRoi Dayan <roid@mellanox.com>
Signed-off-by: default avatarSaeed Mahameed <saeedm@mellanox.com>
parent c415f704

drivers/net/ethernet/mellanox/mlx5/core/en_tc.c

+23 −19
Original line number Diff line number Diff line
@@ -786,8 +786,8 @@ static int mlx5e_route_lookup_ipv6(struct mlx5e_priv *priv, 
	return 0;

}



static int gen_vxlan_header_ipv4(struct net_device *out_dev,

				 char buf[],

static void gen_vxlan_header_ipv4(struct net_device *out_dev,

				  char buf[], int encap_size,

				  unsigned char h_dest[ETH_ALEN],

				  int ttl,

				  __be32 daddr,
@@ -795,7 +795,6 @@ static int gen_vxlan_header_ipv4(struct net_device *out_dev, 
				  __be16 udp_dst_port,

				  __be32 vx_vni)

{

	int encap_size = VXLAN_HLEN + sizeof(struct iphdr) + ETH_HLEN;

	struct ethhdr *eth = (struct ethhdr *)buf;

	struct iphdr  *ip = (struct iphdr *)((char *)eth + sizeof(struct ethhdr));

	struct udphdr *udp = (struct udphdr *)((char *)ip + sizeof(struct iphdr));
@@ -818,8 +817,6 @@ static int gen_vxlan_header_ipv4(struct net_device *out_dev, 
	udp->dest = udp_dst_port;

	vxh->vx_flags = VXLAN_HF_VNI;

	vxh->vx_vni = vxlan_vni_field(vx_vni);



	return encap_size;

}



static int gen_vxlan_header_ipv6(struct net_device *out_dev,
@@ -863,13 +860,20 @@ static int mlx5e_create_encap_header_ipv4(struct mlx5e_priv *priv, 
					  struct net_device **out_dev)

{

	int max_encap_size = MLX5_CAP_ESW(priv->mdev, max_encap_header_size);

	int ipv4_encap_size = ETH_HLEN + sizeof(struct iphdr) + VXLAN_HLEN;

	struct ip_tunnel_key *tun_key = &e->tun_info.key;

	int encap_size, ttl, err;

	struct neighbour *n = NULL;

	struct flowi4 fl4 = {};

	char *encap_header;

	int ttl, err;



	encap_header = kzalloc(max_encap_size, GFP_KERNEL);

	if (max_encap_size < ipv4_encap_size) {

		mlx5_core_warn(priv->mdev, "encap size %d too big, max supported is %d\n",

			       ipv4_encap_size, max_encap_size);

		return -EOPNOTSUPP;

	}



	encap_header = kzalloc(ipv4_encap_size, GFP_KERNEL);

	if (!encap_header)

		return -ENOMEM;
@@ -904,8 +908,8 @@ static int mlx5e_create_encap_header_ipv4(struct mlx5e_priv *priv, 


	switch (e->tunnel_type) {

	case MLX5_HEADER_TYPE_VXLAN:

		encap_size = gen_vxlan_header_ipv4(*out_dev, encap_header,

						   e->h_dest, ttl,

		gen_vxlan_header_ipv4(*out_dev, encap_header,

				      ipv4_encap_size, e->h_dest, ttl,

				      fl4.daddr,

				      fl4.saddr, tun_key->tp_dst,

				      tunnel_id_to_key32(tun_key->tun_id));
@@ -916,7 +920,7 @@ static int mlx5e_create_encap_header_ipv4(struct mlx5e_priv *priv, 
	}



	err = mlx5_encap_alloc(priv->mdev, e->tunnel_type,

			       encap_size, encap_header, &e->encap_id);

			       ipv4_encap_size, encap_header, &e->encap_id);

out:

	if (err && n)

		neigh_release(n);