lpc_eth: add missing ndo_change_mtu()

lpc_eth does a copy of transmitted skbs to DMA area, without checking skb lengths, so can trigger buffer overflows : memcpy(pldat->tx_buff_v + txidx * ENET_MAXF_SIZE, skb->data, len); One way to get bigger skbs is to allow MTU changes above the 1500 limit. Calling eth_change_mtu() in ndo_change_mtu() makes sure this cannot happen. Signed-off-by: N Eric Dumazet <edumazet@google.com> Cc: Roland Stigge <stigge@antcom.de> Cc: Kevin Wells <kevin.wells@nxp.com> Acked-by: N Roland Stigge <stigge@antcom.de> Signed-off-by: N David S. Miller <davem@davemloft.net>

lpc_eth: add missing ndo_change_mtu()
lpc_eth does a copy of transmitted skbs to DMA area, without checking skb lengths, so can trigger buffer overflows : memcpy(pldat->tx_buff_v + txidx * ENET_MAXF_SIZE, skb->data, len); One way to get bigger skbs is to allow MTU changes above the 1500 limit. Calling eth_change_mtu() in ndo_change_mtu() makes sure this cannot happen. Signed-off-by: N Eric Dumazet <edumazet@google.com> Cc: Roland Stigge <stigge@antcom.de> Cc: Kevin Wells <kevin.wells@nxp.com> Acked-by: N Roland Stigge <stigge@antcom.de> Signed-off-by: N David S. Miller <davem@davemloft.net>
e3047859 · Eric Dumazet · David S. Miller · ed6be3dc · e3047859
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

drivers/net/ethernet/nxp/lpc_eth.c drivers/net/ethernet/nxp/lpc_eth.c +1 -0

未找到文件。
--- a/drivers/net/ethernet/nxp/lpc_eth.c
+++ b/drivers/net/ethernet/nxp/lpc_eth.c
@@ -1320,6 +1320,7 @@ static const struct net_device_ops lpc_netdev_ops = {
 	.ndo_set_rx_mode	= lpc_eth_set_multicast_list,
 	.ndo_do_ioctl		= lpc_eth_ioctl,
 	.ndo_set_mac_address	= lpc_set_mac_address,
+	.ndo_change_mtu		= eth_change_mtu,
 };

 static int lpc_eth_drv_probe(struct platform_device *pdev)