[dpdk-dev] [PATCH 2/3] net/sfc/base: fix potential buffer overflow in Tx queue init
Andrew Rybchenko
arybchenko at solarflare.com
Tue Apr 4 14:13:26 CEST 2017
From: Andy Moreton <amoreton at solarflare.com>
Improve error checking to avoid a caller overflowing the MCDI
request buffer if the requested TXQ size was excessively large.
Coverity issue: 1305527
Fixes: e7cd430c864f ("net/sfc/base: import SFN7xxx family support")
CC: stable at dpdk.org
Signed-off-by: Andy Moreton <amoreton at solarflare.com>
Signed-off-by: Andrew Rybchenko <arybchenko at solarflare.com>
---
drivers/net/sfc/base/ef10_tx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/sfc/base/ef10_tx.c b/drivers/net/sfc/base/ef10_tx.c
index 6ad11dd..0f8e9b1 100644
--- a/drivers/net/sfc/base/ef10_tx.c
+++ b/drivers/net/sfc/base/ef10_tx.c
@@ -67,7 +67,7 @@ efx_mcdi_init_txq(
EFX_TXQ_NBUFS(enp->en_nic_cfg.enc_txq_max_ndescs));
npages = EFX_TXQ_NBUFS(size);
- if (npages > MC_CMD_INIT_TXQ_IN_DMA_ADDR_MAXNUM) {
+ if (MC_CMD_INIT_TXQ_IN_LEN(npages) > sizeof (payload)) {
rc = EINVAL;
goto fail1;
}
--
2.7.4
More information about the dev
mailing list