[dpdk-dev] [PATCH 2/3] net/sfc/base: fix potential buffer overflow in Tx queue init

[Andrew Rybchenko]

From: Andy Moreton <amoreton at solarflare.com>

Improve error checking to avoid a caller overflowing the MCDI
request buffer if the requested TXQ size was excessively large.

Coverity issue: 1305527
Fixes: e7cd430c864f ("net/sfc/base: import SFN7xxx family support")
CC: stable at dpdk.org

Signed-off-by: Andy Moreton <amoreton at solarflare.com>
Signed-off-by: Andrew Rybchenko <arybchenko at solarflare.com>
---
 drivers/net/sfc/base/ef10_tx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/sfc/base/ef10_tx.c b/drivers/net/sfc/base/ef10_tx.c
index 6ad11dd..0f8e9b1 100644
--- a/drivers/net/sfc/base/ef10_tx.c
+++ b/drivers/net/sfc/base/ef10_tx.c
@@ -67,7 +67,7 @@ efx_mcdi_init_txq(
 	    EFX_TXQ_NBUFS(enp->en_nic_cfg.enc_txq_max_ndescs));
 
 	npages = EFX_TXQ_NBUFS(size);
-	if (npages > MC_CMD_INIT_TXQ_IN_DMA_ADDR_MAXNUM) {
+	if (MC_CMD_INIT_TXQ_IN_LEN(npages) > sizeof (payload)) {
 		rc = EINVAL;
 		goto fail1;
 	}
-- 
2.7.4