Commit 3ef310a7 authored by Tomer Tayar's avatar Tomer Tayar Committed by David S. Miller
Browse files

qed: Prevent creation of too-big u32-chains 



Current Logic would allow the creation of a chain with U32_MAX + 1
elements, when the actual maximum supported by the driver infrastructure
is U32_MAX.

Fixes: a91eb52a ("qed: Revisit chain implementation")
Signed-off-by: default avatarTomer Tayar <Tomer.Tayar@cavium.com>
Signed-off-by: default avatarYuval Mintz <Yuval.Mintz@cavium.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent f3e48119

drivers/net/ethernet/qlogic/qed/qed_dev.c

+2 −3
Original line number Diff line number Diff line
@@ -2389,9 +2389,8 @@ qed_chain_alloc_sanity_check(struct qed_dev *cdev, 
	 * size/capacity fields are of a u32 type.

	 */

	if ((cnt_type == QED_CHAIN_CNT_TYPE_U16 &&

	     chain_size > 0x10000) ||

	    (cnt_type == QED_CHAIN_CNT_TYPE_U32 &&

	     chain_size > 0x100000000ULL)) {

	     chain_size > ((u32)U16_MAX + 1)) ||

	    (cnt_type == QED_CHAIN_CNT_TYPE_U32 && chain_size > U32_MAX)) {

		DP_NOTICE(cdev,

			  "The actual chain size (0x%llx) is larger than the maximal possible value\n",

			  chain_size);

CRA Git | Maintained and supported by SUSTech CRA and CCSE