From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Eli Cohen <elic@nvidia.com>,
"Michael S . Tsirkin" <mst@redhat.com>,
Si-Wei Liu <si-wei.liu@oracle.com>,
Jason Wang <jasowang@redhat.com>, Sasha Levin <sashal@kernel.org>,
parav@nvidia.com, xieyongji@bytedance.com,
virtualization@lists.linux-foundation.org
Subject: [PATCH AUTOSEL 5.15 14/16] vdpa/mlx5: Fix is_index_valid() to refer to features
Date: Sat, 22 Jan 2022 19:12:13 -0500 [thread overview]
Message-ID: <20220123001216.2460383-14-sashal@kernel.org> (raw)
In-Reply-To: <20220123001216.2460383-1-sashal@kernel.org>
From: Eli Cohen <elic@nvidia.com>
[ Upstream commit f8ae3a489b21b05c39a0a1a7734f2a0188852177 ]
Make sure the decision whether an index received through a callback is
valid or not consults the negotiated features.
The motivation for this was due to a case encountered where I shut down
the VM. After the reset operation was called features were already
clear, I got get_vq_state() call which caused out array bounds
access since is_index_valid() reported the index value.
So this is more of not hit a bug since the call shouldn't have been made
first place.
Signed-off-by: Eli Cohen <elic@nvidia.com>
Link: https://lore.kernel.org/r/20220111183400.38418-4-elic@nvidia.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Si-Wei Liu<si-wei.liu@oracle.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vdpa/mlx5/net/mlx5_vnet.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/vdpa/mlx5/net/mlx5_vnet.c b/drivers/vdpa/mlx5/net/mlx5_vnet.c
index ae85d2dd6eb76..d538fbc472666 100644
--- a/drivers/vdpa/mlx5/net/mlx5_vnet.c
+++ b/drivers/vdpa/mlx5/net/mlx5_vnet.c
@@ -137,10 +137,14 @@ struct mlx5_vdpa_virtqueue {
static bool is_index_valid(struct mlx5_vdpa_dev *mvdev, u16 idx)
{
- if (unlikely(idx > mvdev->max_idx))
- return false;
+ if (!(mvdev->actual_features & BIT_ULL(VIRTIO_NET_F_MQ))) {
+ if (!(mvdev->actual_features & BIT_ULL(VIRTIO_NET_F_CTRL_VQ)))
+ return idx < 2;
+ else
+ return idx < 3;
+ }
- return true;
+ return idx <= mvdev->max_idx;
}
struct mlx5_vdpa_net {
--
2.34.1
next prev parent reply other threads:[~2022-01-23 0:14 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-23 0:12 [PATCH AUTOSEL 5.15 01/16] remoteproc: coredump: Correct argument 2 type for memcpy_fromio Sasha Levin
2022-01-23 0:12 ` [PATCH AUTOSEL 5.15 02/16] hwspinlock: stm32: enable clock at probe Sasha Levin
2022-01-23 0:12 ` [PATCH AUTOSEL 5.15 03/16] f2fs: don't drop compressed page cache in .{invalidate,release}page Sasha Levin
2022-01-23 0:12 ` [PATCH AUTOSEL 5.15 04/16] riscv: dts: microchip: mpfs: Fix reference clock node Sasha Levin
2022-01-23 0:12 ` [PATCH AUTOSEL 5.15 05/16] ksmbd: smbd: call rdma_accept() under CM handler Sasha Levin
2022-01-23 0:12 ` [PATCH AUTOSEL 5.15 06/16] x86/PCI: Ignore E820 reservations for bridge windows on newer systems Sasha Levin
2022-01-23 0:12 ` [PATCH AUTOSEL 5.15 07/16] sit: allow encapsulated IPv6 traffic to be delivered locally Sasha Levin
2022-01-23 0:12 ` [PATCH AUTOSEL 5.15 08/16] ceph: don't check for quotas on MDS stray dirs Sasha Levin
2022-01-23 0:12 ` [PATCH AUTOSEL 5.15 09/16] net: apple: mace: Fix build since dev_addr constification Sasha Levin
2022-01-23 0:12 ` [PATCH AUTOSEL 5.15 10/16] net: apple: bmac: " Sasha Levin
2022-01-23 0:12 ` [PATCH AUTOSEL 5.15 11/16] virtio-pci: fix the confusing error message Sasha Levin
2022-01-23 0:12 ` [PATCH AUTOSEL 5.15 12/16] vhost/test: fix memory leak of vhost virtqueues Sasha Levin
2022-01-23 0:12 ` [PATCH AUTOSEL 5.15 13/16] vdpa: clean up get_config_size ret value handling Sasha Levin
2022-04-02 3:57 ` Dan Carpenter
2022-01-23 0:12 ` Sasha Levin [this message]
2022-01-23 0:12 ` [PATCH AUTOSEL 5.15 15/16] io_uring: perform poll removal even if async work removal is successful Sasha Levin
2022-01-23 0:12 ` [PATCH AUTOSEL 5.15 16/16] block: Fix wrong offset in bio_truncate() Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220123001216.2460383-14-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=elic@nvidia.com \
--cc=jasowang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=parav@nvidia.com \
--cc=si-wei.liu@oracle.com \
--cc=stable@vger.kernel.org \
--cc=virtualization@lists.linux-foundation.org \
--cc=xieyongji@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox