mirror of
https://github.com/torvalds/linux
synced 2024-07-21 18:51:47 +00:00
Merge branch 'rule_buf-OOB'
Hangyu Hua says: ==================== Fix possible OOB write when using rule_buf ADD bounds checks in bcmasp_netfilt_get_all_active and mvpp2_ethtool_get_rxnfc and mtk_hwlro_get_fdir_all when using rule_buf from ethtool_get_rxnfc. v2: [PATCH v2 1/3]: use -EMSGSIZE instead of truncating the list sliently. [PATCH v2 3/3]: drop the brackets. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
0b9c3914ad
|
@ -528,13 +528,16 @@ void bcmasp_netfilt_suspend(struct bcmasp_intf *intf)
|
|||
ASP_RX_FILTER_BLK_CTRL);
|
||||
}
|
||||
|
||||
void bcmasp_netfilt_get_all_active(struct bcmasp_intf *intf, u32 *rule_locs,
|
||||
u32 *rule_cnt)
|
||||
int bcmasp_netfilt_get_all_active(struct bcmasp_intf *intf, u32 *rule_locs,
|
||||
u32 *rule_cnt)
|
||||
{
|
||||
struct bcmasp_priv *priv = intf->parent;
|
||||
int j = 0, i;
|
||||
|
||||
for (i = 0; i < NUM_NET_FILTERS; i++) {
|
||||
if (j == *rule_cnt)
|
||||
return -EMSGSIZE;
|
||||
|
||||
if (!priv->net_filters[i].claimed ||
|
||||
priv->net_filters[i].port != intf->port)
|
||||
continue;
|
||||
|
@ -548,6 +551,8 @@ void bcmasp_netfilt_get_all_active(struct bcmasp_intf *intf, u32 *rule_locs,
|
|||
}
|
||||
|
||||
*rule_cnt = j;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int bcmasp_netfilt_get_active(struct bcmasp_intf *intf)
|
||||
|
|
|
@ -577,8 +577,8 @@ void bcmasp_netfilt_release(struct bcmasp_intf *intf,
|
|||
|
||||
int bcmasp_netfilt_get_active(struct bcmasp_intf *intf);
|
||||
|
||||
void bcmasp_netfilt_get_all_active(struct bcmasp_intf *intf, u32 *rule_locs,
|
||||
u32 *rule_cnt);
|
||||
int bcmasp_netfilt_get_all_active(struct bcmasp_intf *intf, u32 *rule_locs,
|
||||
u32 *rule_cnt);
|
||||
|
||||
void bcmasp_netfilt_suspend(struct bcmasp_intf *intf);
|
||||
|
||||
|
|
|
@ -335,7 +335,7 @@ static int bcmasp_get_rxnfc(struct net_device *dev, struct ethtool_rxnfc *cmd,
|
|||
err = bcmasp_flow_get(intf, cmd);
|
||||
break;
|
||||
case ETHTOOL_GRXCLSRLALL:
|
||||
bcmasp_netfilt_get_all_active(intf, rule_locs, &cmd->rule_cnt);
|
||||
err = bcmasp_netfilt_get_all_active(intf, rule_locs, &cmd->rule_cnt);
|
||||
cmd->data = NUM_NET_FILTERS;
|
||||
break;
|
||||
default:
|
||||
|
|
|
@ -5586,6 +5586,11 @@ static int mvpp2_ethtool_get_rxnfc(struct net_device *dev,
|
|||
break;
|
||||
case ETHTOOL_GRXCLSRLALL:
|
||||
for (i = 0; i < MVPP2_N_RFS_ENTRIES_PER_FLOW; i++) {
|
||||
if (loc == info->rule_cnt) {
|
||||
ret = -EMSGSIZE;
|
||||
break;
|
||||
}
|
||||
|
||||
if (port->rfs_rules[i])
|
||||
rules[loc++] = i;
|
||||
}
|
||||
|
|
|
@ -2994,6 +2994,9 @@ static int mtk_hwlro_get_fdir_all(struct net_device *dev,
|
|||
int i;
|
||||
|
||||
for (i = 0; i < MTK_MAX_LRO_IP_CNT; i++) {
|
||||
if (cnt == cmd->rule_cnt)
|
||||
return -EMSGSIZE;
|
||||
|
||||
if (mac->hwlro_ip[i]) {
|
||||
rule_locs[cnt] = i;
|
||||
cnt++;
|
||||
|
|
Loading…
Reference in a new issue