From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 507BF28ED for ; Mon, 12 Dec 2022 13:24:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AFA63C433EF; Mon, 12 Dec 2022 13:24:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1670851481; bh=Hkku2Kn5FMsN3aIQhZE2MaCO1AcPlkRJs18EXVHAyjU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KWhwl8M5Yk6A2NA7sW8VKioIoMnaH+b3Eijt20q5KNaG6nuagxQ/l3iy+tS2RQjJs 2PKK6EvLW84D4f6SF5rG4k4kgeFIFxdb4boHlBGeNG8b6S2VV6x1yF7GpD/ONFEI1g MTaGwYlsiq2JyNT2GZdYo3W/WuBfxbd8ylU6B4Gg= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Dan Carpenter , Leon Romanovsky , Jakub Kicinski , Sasha Levin Subject: [PATCH 5.4 66/67] net: mvneta: Fix an out of bounds check Date: Mon, 12 Dec 2022 14:17:41 +0100 Message-Id: <20221212130920.754194092@linuxfoundation.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221212130917.599345531@linuxfoundation.org> References: <20221212130917.599345531@linuxfoundation.org> User-Agent: quilt/0.67 Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Dan Carpenter [ Upstream commit cdd97383e19d4afe29adc3376025a15ae3bab3a3 ] In an earlier commit, I added a bounds check to prevent an out of bounds read and a WARN(). On further discussion and consideration that check was probably too aggressive. Instead of returning -EINVAL, a better fix would be to just prevent the out of bounds read but continue the process. Background: The value of "pp->rxq_def" is a number between 0-7 by default, or even higher depending on the value of "rxq_number", which is a module parameter. If the value is more than the number of available CPUs then it will trigger the WARN() in cpu_max_bits_warn(). Fixes: e8b4fc13900b ("net: mvneta: Prevent out of bounds read in mvneta_config_rss()") Signed-off-by: Dan Carpenter Reviewed-by: Leon Romanovsky Link: https://lore.kernel.org/r/Y5A7d1E5ccwHTYPf@kadam Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin --- drivers/net/ethernet/marvell/mvneta.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c index 67ba697518d6..2c1ee3268498 100644 --- a/drivers/net/ethernet/marvell/mvneta.c +++ b/drivers/net/ethernet/marvell/mvneta.c @@ -3717,7 +3717,7 @@ static void mvneta_percpu_elect(struct mvneta_port *pp) /* Use the cpu associated to the rxq when it is online, in all * the other cases, use the cpu 0 which can't be offline. */ - if (cpu_online(pp->rxq_def)) + if (pp->rxq_def < nr_cpu_ids && cpu_online(pp->rxq_def)) elected_cpu = pp->rxq_def; max_cpu = num_present_cpus(); @@ -4235,9 +4235,6 @@ static int mvneta_config_rss(struct mvneta_port *pp) napi_disable(&pp->napi); } - if (pp->indir[0] >= nr_cpu_ids) - return -EINVAL; - pp->rxq_def = pp->indir[0]; /* Update unicast mapping */ -- 2.35.1