Re: [PATCH] vdpa/mlx5: fix param validation in mlx5_vdpa_get_config()
From: Stefano Garzarella
Date: Tue Feb 09 2021 - 04:09:37 EST
On Tue, Feb 09, 2021 at 07:43:02AM +0200, Eli Cohen wrote:
On Mon, Feb 08, 2021 at 05:17:41PM +0100, Stefano Garzarella wrote:
It's legal to have 'offset + len' equal to
sizeof(struct virtio_net_config), since 'ndev->config' is a
'struct virtio_net_config', so we can safely copy its content under
this condition.
Fixes: 1a86b377aa21 ("vdpa/mlx5: Add VDPA driver for supported mlx5 devices")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Stefano Garzarella <sgarzare@xxxxxxxxxx>
Acked-by: Eli Cohen <elic@xxxxxxxxxx>
BTW, same error in vdpa_sim you may want to fix.
Commit 65b709586e22 ("vdpa_sim: add get_config callback in
vdpasim_dev_attr") unintentionally solved it.
Since it's a simulator, maybe we can avoid solving it in the stable
branches. Or does it matter?
Thanks,
Stefano
---
drivers/vdpa/mlx5/net/mlx5_vnet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/vdpa/mlx5/net/mlx5_vnet.c b/drivers/vdpa/mlx5/net/mlx5_vnet.c
index dc88559a8d49..10e9b09932eb 100644
--- a/drivers/vdpa/mlx5/net/mlx5_vnet.c
+++ b/drivers/vdpa/mlx5/net/mlx5_vnet.c
@@ -1820,7 +1820,7 @@ static void mlx5_vdpa_get_config(struct vdpa_device *vdev, unsigned int offset,
struct mlx5_vdpa_dev *mvdev = to_mvdev(vdev);
struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev);
- if (offset + len < sizeof(struct virtio_net_config))
+ if (offset + len <= sizeof(struct virtio_net_config))
memcpy(buf, (u8 *)&ndev->config + offset, len);
}
--
2.29.2