CVE-2025-21960

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> eth: bnxt: do not update checksum in bnxt_xdp_build_skb()<br /> <br /> The bnxt_rx_pkt() updates ip_summed value at the end if checksum offload<br /> is enabled.<br /> When the XDP-MB program is attached and it returns XDP_PASS, the<br /> bnxt_xdp_build_skb() is called to update skb_shared_info.<br /> The main purpose of bnxt_xdp_build_skb() is to update skb_shared_info,<br /> but it updates ip_summed value too if checksum offload is enabled.<br /> This is actually duplicate work.<br /> <br /> When the bnxt_rx_pkt() updates ip_summed value, it checks if ip_summed<br /> is CHECKSUM_NONE or not.<br /> It means that ip_summed should be CHECKSUM_NONE at this moment.<br /> But ip_summed may already be updated to CHECKSUM_UNNECESSARY in the<br /> XDP-MB-PASS path.<br /> So the by skb_checksum_none_assert() WARNS about it.<br /> <br /> This is duplicate work and updating ip_summed in the<br /> bnxt_xdp_build_skb() is not needed.<br /> <br /> Splat looks like:<br /> WARNING: CPU: 3 PID: 5782 at ./include/linux/skbuff.h:5155 bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]<br /> Modules linked in: bnxt_re bnxt_en rdma_ucm rdma_cm iw_cm ib_cm ib_uverbs veth xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_]<br /> CPU: 3 UID: 0 PID: 5782 Comm: socat Tainted: G W 6.14.0-rc4+ #27<br /> Tainted: [W]=WARN<br /> Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021<br /> RIP: 0010:bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]<br /> Code: 54 24 0c 4c 89 f1 4c 89 ff c1 ea 1f ff d3 0f 1f 00 49 89 c6 48 85 c0 0f 84 4c e5 ff ff 48 89 c7 e8 ca 3d a0 c8 e9 8f f4 ff ff 0b f<br /> RSP: 0018:ffff88881ba09928 EFLAGS: 00010202<br /> RAX: 0000000000000000 RBX: 00000000c7590303 RCX: 0000000000000000<br /> RDX: 1ffff1104e7d1610 RSI: 0000000000000001 RDI: ffff8881c91300b8<br /> RBP: ffff88881ba09b28 R08: ffff888273e8b0d0 R09: ffff888273e8b070<br /> R10: ffff888273e8b010 R11: ffff888278b0f000 R12: ffff888273e8b080<br /> R13: ffff8881c9130e00 R14: ffff8881505d3800 R15: ffff888273e8b000<br /> FS: 00007f5a2e7be080(0000) GS:ffff88881ba00000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007fff2e708ff8 CR3: 000000013e3b0000 CR4: 00000000007506f0<br /> PKRU: 55555554<br /> Call Trace:<br /> <br /> ? __warn+0xcd/0x2f0<br /> ? bnxt_rx_pkt+0x479b/0x7610<br /> ? report_bug+0x326/0x3c0<br /> ? handle_bug+0x53/0xa0<br /> ? exc_invalid_op+0x14/0x50<br /> ? asm_exc_invalid_op+0x16/0x20<br /> ? bnxt_rx_pkt+0x479b/0x7610<br /> ? bnxt_rx_pkt+0x3e41/0x7610<br /> ? __pfx_bnxt_rx_pkt+0x10/0x10<br /> ? napi_complete_done+0x2cf/0x7d0<br /> __bnxt_poll_work+0x4e8/0x1220<br /> ? __pfx___bnxt_poll_work+0x10/0x10<br /> ? __pfx_mark_lock.part.0+0x10/0x10<br /> bnxt_poll_p5+0x36a/0xfa0<br /> ? __pfx_bnxt_poll_p5+0x10/0x10<br /> __napi_poll.constprop.0+0xa0/0x440<br /> net_rx_action+0x899/0xd00<br /> ...<br /> <br /> Following ping.py patch adds xdp-mb-pass case. so ping.py is going<br /> to be able to reproduce this issue.