Linux Kernel XDP Checksum Offload Vulnerability in bnxt Ethernet Driver

A vulnerability has been identified in the Linux kernel's bnxt Ethernet driver, specifically in the handling of checksum offload with XDP (eXpress Data Path) programs. When the XDP-MB program is attached and returns XDP_PASS, the function bnxt_xdp_build_skb() is called to update skb_shared_info. However, this function also inadvertently updates the ip_summed value if checksum offload is enabled, creating redundant work. The issue arises because bnxt_rx_pkt() already modifies ip_summed after verifying its initial state. As a result, bnxt_xdp_build_skb() can introduce a conflict by changing ip_summed to CHECKSUM_UNNECESSARY, triggering a warning about the inconsistency.

Impact

Exploitation of this vulnerability leads to a warning being generated, indicating a potential issue with checksum handling in the bnxt Ethernet driver.

Reproduction

The vulnerability can be reproduced by attaching an XDP-MB program to a bnxt Ethernet interface and having it return XDP_PASS. This will trigger the bnxt_xdp_build_skb() function, which will incorrectly update the ip_summed value, causing a warning about the checksum state.