net: mana: hardening: Validate adapter_mtu from MANA_QUERY_DEV_CONFIG

As a part of MANA hardening for CVM, validate the adapter_mtu value
returned from the MANA_QUERY_DEV_CONFIG HWC command.

The adapter_mtu value is used to compute ndev->max_mtu via:
gc->adapter_mtu - ETH_HLEN. If hardware returns a bogus adapter_mtu
smaller than ETH_HLEN (e.g. 0), the unsigned subtraction wraps to a
huge value, silently allowing oversized MTU settings.

Add a validation check to reject adapter_mtu values below
ETH_MIN_MTU + ETH_HLEN, returning -EPROTO to fail the device
configuration early with a clear error message.

Signed-off-by: Erni Sri Satya Vennela <ernis@linux.microsoft.com>
Link: https://patch.msgid.link/20260326173101.2010514-1-ernis@linux.microsoft.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c
index a9e0f99105aa87b404339d24d1f9b658e7d2dd9f..565375cc20d3b54f95fa41113c6389b67b9f728e 100644 (file)
--- a/drivers/net/ethernet/microsoft/mana/mana_en.c
+++ b/drivers/net/ethernet/microsoft/mana/mana_en.c
@@ -1207,10 +1207,16 @@ static int mana_query_device_cfg(struct mana_context *ac, u32 proto_major_ver,
 
        *max_num_vports = resp.max_num_vports;
 
-       if (resp.hdr.response.msg_version >= GDMA_MESSAGE_V2)
+       if (resp.hdr.response.msg_version >= GDMA_MESSAGE_V2) {
+               if (resp.adapter_mtu < ETH_MIN_MTU + ETH_HLEN) {
+                       dev_err(dev, "Adapter MTU too small: %u\n",
+                               resp.adapter_mtu);
+                       return -EPROTO;
+               }
                gc->adapter_mtu = resp.adapter_mtu;
-       else
+       } else {
                gc->adapter_mtu = ETH_FRAME_LEN;
+       }
 
        if (resp.hdr.response.msg_version >= GDMA_MESSAGE_V3)
                *bm_hostmode = resp.bm_hostmode;