3.18-stable review patch. If anyone has any objections, please let me know.
------------------ From: Felix Fietkau <[email protected]> commit 6a6c708469c9e10fd87adcc3abff164270538d62 upstream. In very rare cases, the MAC can catch an internal buffer that is bigger than it's supposed to be. Instead of crashing the kernel, simply pass the buffer back to the hardware Signed-off-by: Felix Fietkau <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Amit Pundir <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- drivers/net/ethernet/broadcom/bgmac.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/drivers/net/ethernet/broadcom/bgmac.c +++ b/drivers/net/ethernet/broadcom/bgmac.c @@ -373,6 +373,13 @@ static int bgmac_dma_rx_read(struct bgma break; } + if (len > BGMAC_RX_ALLOC_SIZE) { + bgmac_err(bgmac, "Found oversized packet at slot %d, DMA issue!\n", + ring->start); + put_page(virt_to_head_page(buf)); + break; + } + /* Omit CRC. */ len -= ETH_FCS_LEN;
