Commit f8ae3a48 authored Jan 11, 2022 by Eli Cohen Committed by Michael S. Tsirkin Jan 14, 2022

vdpa/mlx5: Fix is_index_valid() to refer to features



Make sure the decision whether an index received through a callback is
valid or not consults the negotiated features.

The motivation for this was due to a case encountered where I shut down
the VM. After the reset operation was called features were already
clear, I got get_vq_state() call which caused out array bounds
access since is_index_valid() reported the index value.

So this is more of not hit a bug since the call shouldn't have been made
first place.

Signed-off-by: Eli Cohen <elic@nvidia.com>
Link: https://lore.kernel.org/r/20220111183400.38418-4-elic@nvidia.com


Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Si-Wei <Liu&lt;si-wei.liu@oracle.com>
Acked-by: Jason Wang <jasowang@redhat.com>

parent 680ab9d6

drivers/vdpa/mlx5/net/mlx5_vnet.c

+7 −3

Original line number	Diff line number	Diff line
		@@ -133,10 +133,14 @@ struct mlx5_vdpa_virtqueue {

		static bool is_index_valid(struct mlx5_vdpa_dev *mvdev, u16 idx)
		{
		if (unlikely(idx > mvdev->max_idx))
		return false;
		if (!(mvdev->actual_features & BIT_ULL(VIRTIO_NET_F_MQ))) {
		if (!(mvdev->actual_features & BIT_ULL(VIRTIO_NET_F_CTRL_VQ)))
		return idx < 2;
		else
		return idx < 3;
		}

		return true;
		return idx <= mvdev->max_idx;
		}

		struct mlx5_vdpa_net {