Re: [PATCH] octeontx2-af: Add array index check
From: Simon Horman
Date: Sat Mar 30 2024 - 16:12:19 EST
On Thu, Mar 28, 2024 at 11:28:18AM -0700, Jakub Kicinski wrote:
> On Thu, 28 Mar 2024 11:16:48 +0300 Aleksandr Mishin wrote:
> > In rvu_map_cgx_lmac_pf() the 'iter', which is used as an array index, can reach
> > value (up to 14) that exceed the size (MAX_LMAC_COUNT = 8) of the array.
> > Fix this bug by adding 'iter' value check.
>
> I'm guessing you got the 14 from:
>
> hw->lmac_per_cgx = (nix_const >> 8) & 0xFULL;
>
> Seems more reasonable to cap the size at that point than every use
> afterwards.
FWIIW, I didn't find any other locations where this overflow might occur,
but I do agree that this approach makes sense.
I also notice that rvu_map_cgx_lmac_pf() has the following check near the
top. I think the lmac_per_cgx portion can be dropped, though that could be
a follow-up.
if (cgx_cnt_max > 0xF || rvu->hw->lmac_per_cgx > 0xF)
return -EINVAL;