From 2011841efe56d87b749c2493df5376864afae34d Mon Sep 17 00:00:00 2001 From: Jamie Bainbridge Date: Wed, 30 Apr 2025 11:29:06 +0800 Subject: [PATCH] qede: confirm skb is allocated before using stable inclusion from stable-v4.19.238 commit 9648adb1b3ece55c657d3a4f52bfee663b710dfe category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBP4XO CVE: CVE-2022-49084 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9648adb1b3ece55c657d3a4f52bfee663b710dfe ---------------------------------------------------------------- [ Upstream commit 4e910dbe36508654a896d5735b318c0b88172570 ] qede_build_skb() assumes build_skb() always works and goes straight to skb_reserve(). However, build_skb() can fail under memory pressure. This results in a kernel panic because the skb to reserve is NULL. Add a check in case build_skb() failed to allocate and return NULL. The NULL return is handled correctly in callers to qede_build_skb(). Fixes: 8a8633978b842 ("qede: Add build_skb() support.") Signed-off-by: Jamie Bainbridge Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Signed-off-by: Zhang Zekun --- drivers/net/ethernet/qlogic/qede/qede_fp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/ethernet/qlogic/qede/qede_fp.c b/drivers/net/ethernet/qlogic/qede/qede_fp.c index a96da16f3404..09ca436e7d49 100644 --- a/drivers/net/ethernet/qlogic/qede/qede_fp.c +++ b/drivers/net/ethernet/qlogic/qede/qede_fp.c @@ -731,6 +731,9 @@ qede_build_skb(struct qede_rx_queue *rxq, buf = page_address(bd->data) + bd->page_offset; skb = build_skb(buf, rxq->rx_buf_seg_size); + if (unlikely(!skb)) + return NULL; + skb_reserve(skb, pad); skb_put(skb, len); -- Gitee