From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25620C433F5 for ; Fri, 26 Nov 2021 02:40:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1358770AbhKZCne (ORCPT ); Thu, 25 Nov 2021 21:43:34 -0500 Received: from mail.kernel.org ([198.145.29.99]:50236 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244262AbhKZClM (ORCPT ); Thu, 25 Nov 2021 21:41:12 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 44FDD611C1; Fri, 26 Nov 2021 02:34:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1637894063; bh=EgrS4pubz4LuPdnjybQq5Kip6l5qYfdPOzl59f3I0kI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cLTRxmbC0OaP/415UhPkoZCDBkpuqPlXlJgJr4UP28BRpp5RR+ciCre3JDkKGNsaP ykxJ3TEyFV8V3Aqn7hsLSxFfYRBWr6W7GIURA9rCCpl0fZGH9i+8kYFoRkjg3ZUkcC tv7Jh9WOkVSj+Y2OxaAwmsbG9eo5tsKyfTk7WklEU5X5W7kNuxUF0MslhfNjlOjJQm OiXPJ8bo63CzPHNEkWQK4VNodPabvMUzh5GGqMCFpCy4F+UIwjfQPReJXciWRmxpQc mR7cOdT+2ENyOS2uvvKU2yEpZdB8UwcvSdvd/lshD0haguZTKpg4bhCCCieO0tNHRo Lapp/VuuWpbWw== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Teng Qi , TOTE Robot , "David S . Miller" , Sasha Levin , yisen.zhuang@huawei.com, salil.mehta@huawei.com, kuba@kernel.org, huangguangbin2@huawei.com, lipeng321@huawei.com, zhengyongjun3@huawei.com, shenyang39@huawei.com, liuyonglong@huawei.com, netdev@vger.kernel.org Subject: [PATCH AUTOSEL 5.10 22/28] ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() Date: Thu, 25 Nov 2021 21:33:37 -0500 Message-Id: <20211126023343.442045-22-sashal@kernel.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211126023343.442045-1-sashal@kernel.org> References: <20211126023343.442045-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Teng Qi [ Upstream commit a66998e0fbf213d47d02813b9679426129d0d114 ] The if statement: if (port >= DSAF_GE_NUM) return; limits the value of port less than DSAF_GE_NUM (i.e., 8). However, if the value of port is 6 or 7, an array overflow could occur: port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off; because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6). To fix this possible array overflow, we first check port and if it is greater than or equal to DSAF_MAX_PORT_NUM, the function returns. Reported-by: TOTE Robot Signed-off-by: Teng Qi Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c index a9aca8c24e90d..aa87e4d121532 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c @@ -400,6 +400,10 @@ static void hns_dsaf_ge_srst_by_port(struct dsaf_device *dsaf_dev, u32 port, return; if (!HNS_DSAF_IS_DEBUG(dsaf_dev)) { + /* DSAF_MAX_PORT_NUM is 6, but DSAF_GE_NUM is 8. + We need check to prevent array overflow */ + if (port >= DSAF_MAX_PORT_NUM) + return; reg_val_1 = 0x1 << port; port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off; /* there is difference between V1 and V2 in register.*/ -- 2.33.0