Google Git
Sign in
android-kvm / linux / ad31c629ca3c87f6d557488c1f9faaebfbcd203c
commitad31c629ca3c87f6d557488c1f9faaebfbcd203c[log] [tgz]
authorElena Salomatkina <elena.salomatkina.cmc@gmail.com>Sat Nov 25 00:08:02 2023 +0300
committerPaolo Abeni <pabeni@redhat.com>Tue Nov 28 10:43:37 2023 +0100
tree101b0e32d2da01aab68877d27a83711975557ffd
parentec2610b129b49fd3ba0fbbf1fe988774a1af4a2a [diff]
octeontx2-af: Fix possible buffer overflow

A loop in rvu_mbox_handler_nix_bandprof_free() contains
a break if (idx == MAX_BANDPROF_PER_PFFUNC),
but if idx may reach MAX_BANDPROF_PER_PFFUNC
buffer '(*req->prof_idx)[layer]' overflow happens before that check.

The patch moves the break to the
beginning of the loop.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: e8e095b3b370 ("octeontx2-af: cn10k: Bandwidth profiles config support").
Signed-off-by: Elena Salomatkina <elena.salomatkina.cmc@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Subbaraya Sundeep <sbhatta@marvell.com>
Link: https://lore.kernel.org/r/20231124210802.109763-1-elena.salomatkina.cmc@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
1 file changed
tree: 101b0e32d2da01aab68877d27a83711975557ffd
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. io_uring/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. rust/
  18. samples/
  19. scripts/
  20. security/
  21. sound/
  22. tools/
  23. usr/
  24. virt/
  25. .clang-format
  26. .cocciconfig
  27. .get_maintainer.ignore
  28. .gitattributes
  29. .gitignore
  30. .mailmap
  31. .rustfmt.toml
  32. COPYING
  33. CREDITS
  34. Kbuild
  35. Kconfig
  36. MAINTAINERS
  37. Makefile
  38. README