From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Fri, 17 Dec 2021 07:12:32 +0000 (+0300)
Subject: crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete()
X-Git-Tag: v6.6.17~8477^2~20
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3438e7220b3183b1ee80227e3a0d742b18df4623;p=platform%2Fkernel%2Flinux-rpi.git

crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete()

If "egrp" is negative then it is causes an out of bounds access in
eng_grps->grp[].

Fixes: d9d7749773e8 ("crypto: octeontx2 - add apis for custom engine groups")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

diff --git a/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c b/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c
index 9aef379..27f6d0a 100644
--- a/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c
+++ b/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c
@@ -1685,7 +1685,7 @@ int otx2_cpt_dl_custom_egrp_delete(struct otx2_cptpf_dev *cptpf,
 	if (kstrtoint(tmp, 10, &egrp))
 		goto err_print;
 
-	if (egrp >= OTX2_CPT_MAX_ENGINE_GROUPS) {
+	if (egrp < 0 || egrp >= OTX2_CPT_MAX_ENGINE_GROUPS) {
 		dev_err(dev, "Invalid engine group %d", egrp);
 		return -EINVAL;
 	}