[PATCH 5.19 290/365] habanalabs/gaudi: fix shift out of bounds

From: Greg Kroah-Hartman
Date: Tue Aug 23 2022 - 05:16:56 EST


From: Ofir Bitton <obitton@xxxxxxxxx>

[ Upstream commit 01622098aeb05a5efbb727199bbc2a4653393255 ]

When validating NIC queues, queue offset calculation must be
performed only for NIC queues.

Signed-off-by: Ofir Bitton <obitton@xxxxxxxxx>
Reviewed-by: Oded Gabbay <ogabbay@xxxxxxxxxx>
Signed-off-by: Oded Gabbay <ogabbay@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/misc/habanalabs/gaudi/gaudi.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/drivers/misc/habanalabs/gaudi/gaudi.c b/drivers/misc/habanalabs/gaudi/gaudi.c
index e6bfaf55c6b6..3fb221f2e393 100644
--- a/drivers/misc/habanalabs/gaudi/gaudi.c
+++ b/drivers/misc/habanalabs/gaudi/gaudi.c
@@ -5654,15 +5654,17 @@ static int gaudi_parse_cb_no_ext_queue(struct hl_device *hdev,
{
struct asic_fixed_properties *asic_prop = &hdev->asic_prop;
struct gaudi_device *gaudi = hdev->asic_specific;
- u32 nic_mask_q_id = 1 << (HW_CAP_NIC_SHIFT +
- ((parser->hw_queue_id - GAUDI_QUEUE_ID_NIC_0_0) >> 2));
+ u32 nic_queue_offset, nic_mask_q_id;

if ((parser->hw_queue_id >= GAUDI_QUEUE_ID_NIC_0_0) &&
- (parser->hw_queue_id <= GAUDI_QUEUE_ID_NIC_9_3) &&
- (!(gaudi->hw_cap_initialized & nic_mask_q_id))) {
- dev_err(hdev->dev, "h/w queue %d is disabled\n",
- parser->hw_queue_id);
- return -EINVAL;
+ (parser->hw_queue_id <= GAUDI_QUEUE_ID_NIC_9_3)) {
+ nic_queue_offset = parser->hw_queue_id - GAUDI_QUEUE_ID_NIC_0_0;
+ nic_mask_q_id = 1 << (HW_CAP_NIC_SHIFT + (nic_queue_offset >> 2));
+
+ if (!(gaudi->hw_cap_initialized & nic_mask_q_id)) {
+ dev_err(hdev->dev, "h/w queue %d is disabled\n", parser->hw_queue_id);
+ return -EINVAL;
+ }
}

/* For internal queue jobs just check if CB address is valid */
--
2.35.1