[Devel] [PATCH RHEL7 COMMIT] drivers/net/i40e: define proper net_device::neigh_priv_len

[Konstantin Khorenko]

The commit is pushed to "branch-rh7-3.10.0-862.20.2.vz7.73.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-862.20.2.vz7.73.7
------>
commit 83a6531fe107465a9d2b859314c871b177f53138
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date:   Fri Nov 23 10:24:51 2018 +0300

    drivers/net/i40e: define proper net_device::neigh_priv_len
    
    Reported by KASan.
    
    i40iw_net_event() unconditionally reads 16 bytes from
    neighbour::priv_key on neigh entry update, but memory evaluated
    for arp entry on allocation at neigh_event_ns() is evaluated as
    
            tbl->entry_size + dev->neigh_priv_len
    
    and neigh_priv_len is not inited by the driver.
    
    Fix that.
    
    net_device allocation stack:
    
    alloc_netdev_mqs
     alloc_etherdev_mqs_rh
      i40e_vsi_setup
       i40e_setup_pf_switch
        i40e_probe
    
    neigh entry allocation stack:
    
    __kmalloc
     __neigh_create
      neigh_event_ns
       arp_process
        arp_rcv
         __netif_receive_skb_core
          __netif_receive_skb
           netif_receive_skb_internal
            napi_gro_receive
             i40e_clean_rx_irq
              i40e_napi_poll
               net_rx_action
                __do_softirq
    
    reading 16 bytes from neighbour::priv_key stack:
    
    i40iw_copy_ip_ntohl
     i40iw_net_event
      notifier_call_chain
       atomic_notifier_call_chain
        call_netevent_notifiers
         neigh_update
          neigh_event_ns
           arp_process
            arp_rcv
             __netif_receive_skb_core
              __netif_receive_skb
               netif_receive_skb_internal
                napi_gro_receive
                 i40e_clean_rx_irq
                  i40e_napi_poll
                   net_rx_action
                    __do_softirq
    
    https://pmc.acronis.com/browse/VSTOR-17918
    
    Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 drivers/net/ethernet/intel/i40e/i40e_main.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
index 6596fb22ab7c..1a3df2eaf7dd 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -9606,6 +9606,9 @@ static int i40e_config_netdev(struct i40e_vsi *vsi)
 	ether_addr_copy(netdev->dev_addr, mac_addr);
 	ether_addr_copy(netdev->perm_addr, mac_addr);
 
+	/* i40iw_net_event() reads 16 bytes from neigh->primary_key */
+	netdev->neigh_priv_len = sizeof(u32) * 4;
+
 	netdev->priv_flags |= IFF_UNICAST_FLT;
 	netdev->priv_flags |= IFF_SUPP_NOFCS;
 	/* Setup netdev TC information */