ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in...

ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()

stable inclusion
from stable-v5.10.84
commit 22519eff7df2d88adcc2568d86046ce1e2b52803
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9S24Z
CVE: CVE-2021-47548

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=22519eff7df2d88adcc2568d86046ce1e2b52803



--------------------------------

[ Upstream commit a66998e0 ]

The if statement:
  if (port >= DSAF_GE_NUM)
        return;

limits the value of port less than DSAF_GE_NUM (i.e., 8).
However, if the value of port is 6 or 7, an array overflow could occur:
  port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off;

because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6).

To fix this possible array overflow, we first check port and if it is
greater than or equal to DSAF_MAX_PORT_NUM, the function returns.

Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Teng Qi <starmiku1207184332@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Cheng Yu <serein.chengyu@huawei.com>