Commit edcc6b26 authored by Dan Carpenter's avatar Dan Carpenter Committed by Aichun Shi
Browse files

crypto: qat - prevent underflow in rp2srv_store()

mainline inclusion
from mainline-v6.8-rc1
commit e53c741303a59ee1682e11f61b7772863e02526d
category: feature
bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I9A5BW
CVE: N/A
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e53c741303a59ee1682e11f61b7772863e02526d



-------------------------------------

The "ring" variable has an upper bounds check but nothing checks for
negatives.  This code uses kstrtouint() already and it was obviously
intended to be declared as unsigned int.  Make it so.

Intel-SIG: commit e53c741303a5 crypto: qat - prevent underflow in rp2srv_store()
Backport to support QAT in-tree driver

Fixes: dbc8876dd873 ("crypto: qat - add rp2svc sysfs attribute")
Signed-off-by: default avatarDan Carpenter <dan.carpenter@linaro.org>
Acked-by: default avatarGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
[ Aichun Shi: amend commit log ]
Signed-off-by: default avatarAichun Shi <aichun.shi@intel.com>
parent b9fe5faf
Loading
Loading
Loading
Loading
+2 −1
Original line number Diff line number Diff line
@@ -242,7 +242,8 @@ static ssize_t rp2srv_store(struct device *dev, struct device_attribute *attr,
			    const char *buf, size_t count)
{
	struct adf_accel_dev *accel_dev;
	int ring, num_rings, ret;
	int num_rings, ret;
	unsigned int ring;

	accel_dev = adf_devmgr_pci_to_accel_dev(to_pci_dev(dev));
	if (!accel_dev)