[PATCH] fsl/fman: Add array size check
From: Aleksandr Mishin
Date: Thu Mar 07 2024 - 03:07:03 EST
In fman_register_intr() and fman_unregister_intr()
get_module_event() is assigned to event which is then used
as array index without size check.
Fix this bug by adding a check of event.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 414fd46e7762 (fsl/fman: Add FMan support)
Signed-off-by: Aleksandr Mishin <amishin@xxxxxxxxxx>
---
drivers/net/ethernet/freescale/fman/fman.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/freescale/fman/fman.c b/drivers/net/ethernet/freescale/fman/fman.c
index d96028f01770..902d05ffff1b 100644
--- a/drivers/net/ethernet/freescale/fman/fman.c
+++ b/drivers/net/ethernet/freescale/fman/fman.c
@@ -2054,7 +2054,10 @@ void fman_register_intr(struct fman *fman, enum fman_event_modules module,
int event = 0;
event = get_module_event(module, mod_id, intr_type);
- WARN_ON(event >= FMAN_EV_CNT);
+ if (event >= FMAN_EV_CNT) {
+ WARN_ON(event >= FMAN_EV_CNT);
+ return;
+ }
/* register in local FM structure */
fman->intr_mng[event].isr_cb = isr_cb;
@@ -2079,7 +2082,10 @@ void fman_unregister_intr(struct fman *fman, enum fman_event_modules module,
int event = 0;
event = get_module_event(module, mod_id, intr_type);
- WARN_ON(event >= FMAN_EV_CNT);
+ if (event >= FMAN_EV_CNT) {
+ WARN_ON(event >= FMAN_EV_CNT);
+ return;
+ }
fman->intr_mng[event].isr_cb = NULL;
fman->intr_mng[event].src_handle = NULL;
--
2.30.2