review.tizen.org Git - platform/kernel/linux-starfive.git/commit

octeontx2-af: Fix possible buffer overflow

[ Upstream commit ad31c629ca3c87f6d557488c1f9faaebfbcd203c ]

A loop in rvu_mbox_handler_nix_bandprof_free() contains
a break if (idx == MAX_BANDPROF_PER_PFFUNC),
but if idx may reach MAX_BANDPROF_PER_PFFUNC
buffer '(*req->prof_idx)[layer]' overflow happens before that check.

The patch moves the break to the
beginning of the loop.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: e8e095b3b370 ("octeontx2-af: cn10k: Bandwidth profiles config support").
Signed-off-by: Elena Salomatkina <elena.salomatkina.cmc@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Subbaraya Sundeep <sbhatta@marvell.com>
Link: https://lore.kernel.org/r/20231124210802.109763-1-elena.salomatkina.cmc@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

author	Elena Salomatkina <elena.salomatkina.cmc@gmail.com>
	Fri, 24 Nov 2023 21:08:02 +0000 (00:08 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 8 Dec 2023 07:52:22 +0000 (08:52 +0100)
commit	f8e2ec79856f4782eed836f97c79b41d9fb264ac
tree	8109a43e3d9661817a6495103765207cdf66eada	tree \| snapshot
parent	20bb3a96cee99e047b0bbae4a413f76b614ddd36	commit \| diff