Re: [PATCH net] octeontx2-af: Fix possible buffer overflow

From: Jakub Kicinski
Date: Mon Nov 27 2023 - 21:38:58 EST

Next message: Rahul Rameshbabu: "Re: [PATCH 1/1] hid-playstation: Fix button maps for the DualSense Edge controller"
Previous message: Andrei Matei: "Re: [Bug Report] bpf: zero access_size of stack causes array indix oob in check_stack_range_initialized()"
In reply to: Elena Salomatkina: "[PATCH net] octeontx2-af: Fix possible buffer overflow"
Next in thread: Subbaraya Sundeep Bhatta: "RE: [EXT] [PATCH net] octeontx2-af: Fix possible buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 25 Nov 2023 00:08:02 +0300 Elena Salomatkina wrote:
> A loop in rvu_mbox_handler_nix_bandprof_free() contains
> a break if (idx == MAX_BANDPROF_PER_PFFUNC),
> but if idx may reach MAX_BANDPROF_PER_PFFUNC
> buffer '(*req->prof_idx)[layer]' overflow happens before that check.
>
> The patch moves the break to the
> beginning of the loop.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: e8e095b3b370 ("octeontx2-af: cn10k: Bandwidth profiles config support").
> Signed-off-by: Elena Salomatkina <elena.salomatkina.cmc@xxxxxxxxx>
> Reviewed-by: Simon Horman <horms@xxxxxxxxxx>

Marvell folks, at least one of you has to review this. Please see:
https://docs.kernel.org/next/maintainer/feature-and-driver-maintainers.html

Next message: Rahul Rameshbabu: "Re: [PATCH 1/1] hid-playstation: Fix button maps for the DualSense Edge controller"
Previous message: Andrei Matei: "Re: [Bug Report] bpf: zero access_size of stack causes array indix oob in check_stack_range_initialized()"
In reply to: Elena Salomatkina: "[PATCH net] octeontx2-af: Fix possible buffer overflow"
Next in thread: Subbaraya Sundeep Bhatta: "RE: [EXT] [PATCH net] octeontx2-af: Fix possible buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]