Commit 70def5e0 authored by Elena Salomatkina's avatar Elena Salomatkina Committed by Zheng Zengkai
Browse files

octeontx2-af: Fix possible buffer overflow 

stable inclusion
from stable-v6.6.5
commit f8e2ec79856f4782eed836f97c79b41d9fb264ac
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I8N21P

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f8e2ec79856f4782eed836f97c79b41d9fb264ac



--------------------------------

[ Upstream commit ad31c629ca3c87f6d557488c1f9faaebfbcd203c ]

A loop in rvu_mbox_handler_nix_bandprof_free() contains
a break if (idx == MAX_BANDPROF_PER_PFFUNC),
but if idx may reach MAX_BANDPROF_PER_PFFUNC
buffer '(*req->prof_idx)[layer]' overflow happens before that check.

The patch moves the break to the
beginning of the loop.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: e8e095b3 ("octeontx2-af: cn10k: Bandwidth profiles config support").
Signed-off-by: default avatarElena Salomatkina <elena.salomatkina.cmc@gmail.com>
Reviewed-by: default avatarSimon Horman <horms@kernel.org>
Reviewed-by: default avatarSubbaraya Sundeep <sbhatta@marvell.com>
Link: https://lore.kernel.org/r/20231124210802.109763-1-elena.salomatkina.cmc@gmail.com


Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 9a5a58e0
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment