From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6465628ED for ; Mon, 12 Dec 2022 13:55:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 68ED0C433F0; Mon, 12 Dec 2022 13:55:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1670853357; bh=w20WXwuPvpu5RbaB3/j5iQyNMmDmxinZfXFjskbr7jI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=v53R6zDue6EVxXt781olsFiG5wm6iyaTYEsw+wvHdhSihyPOui2yuBzMEFuOC4iSn JPkBOaFR68uwjwU7KIvNW63XCv3gajUbVzNLwqoo1+3OJR3X16Fj5s36vIXs4N7R3W z8LvtsJyASvbxxnIvaanQnzFmqox60HyS9G9Ec4Q= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Dan Carpenter , Leon Romanovsky , Jakub Kicinski , Sasha Levin Subject: [PATCH 4.9 31/31] net: mvneta: Fix an out of bounds check Date: Mon, 12 Dec 2022 14:19:49 +0100 Message-Id: <20221212130911.688058460@linuxfoundation.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221212130909.943483205@linuxfoundation.org> References: <20221212130909.943483205@linuxfoundation.org> User-Agent: quilt/0.67 Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Dan Carpenter [ Upstream commit cdd97383e19d4afe29adc3376025a15ae3bab3a3 ] In an earlier commit, I added a bounds check to prevent an out of bounds read and a WARN(). On further discussion and consideration that check was probably too aggressive. Instead of returning -EINVAL, a better fix would be to just prevent the out of bounds read but continue the process. Background: The value of "pp->rxq_def" is a number between 0-7 by default, or even higher depending on the value of "rxq_number", which is a module parameter. If the value is more than the number of available CPUs then it will trigger the WARN() in cpu_max_bits_warn(). Fixes: e8b4fc13900b ("net: mvneta: Prevent out of bounds read in mvneta_config_rss()") Signed-off-by: Dan Carpenter Reviewed-by: Leon Romanovsky Link: https://lore.kernel.org/r/Y5A7d1E5ccwHTYPf@kadam Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin --- drivers/net/ethernet/marvell/mvneta.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c index 86eb258ed811..b2d42d276efd 100644 --- a/drivers/net/ethernet/marvell/mvneta.c +++ b/drivers/net/ethernet/marvell/mvneta.c @@ -3278,7 +3278,7 @@ static void mvneta_percpu_elect(struct mvneta_port *pp) /* Use the cpu associated to the rxq when it is online, in all * the other cases, use the cpu 0 which can't be offline. */ - if (cpu_online(pp->rxq_def)) + if (pp->rxq_def < nr_cpu_ids && cpu_online(pp->rxq_def)) elected_cpu = pp->rxq_def; max_cpu = num_present_cpus(); @@ -3761,9 +3761,6 @@ static int mvneta_config_rss(struct mvneta_port *pp) napi_disable(&pcpu_port->napi); } - if (pp->indir[0] >= nr_cpu_ids) - return -EINVAL; - pp->rxq_def = pp->indir[0]; /* Update unicast mapping */ -- 2.35.1