[PATCH] net/octeontx/base: fix out-of-bounds read in DQ range lookup

[Sergei Iashin]

In octeontx_pko_dq_range_lookup(), the inner while loop evaluates the
array access ctl->dq_map[dq].chanid before the bounds check
dq < RTE_DIM(ctl->dq_map). When dq is incremented to 256 inside the
loop, the next iteration reads one element past the end of the
256-element dq_map array before the bounds condition can short-circuit.

Swap the two conjuncts so the bounds check is evaluated first, matching
the pattern already used in the outer loop.

Fixes: cad78ca23818 ("net/octeontx/base: add base PKO operations")
Cc: jerin.jacob at caviumnetworks.com
Cc: stable at dpdk.org

Signed-off-by: Sergei Iashin <yashin.sergey at gmail.com>
---
 drivers/net/octeontx/base/octeontx_pkovf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/octeontx/base/octeontx_pkovf.c b/drivers/net/octeontx/base/octeontx_pkovf.c
index 7aec84a813..5326fe24b9 100644
--- a/drivers/net/octeontx/base/octeontx_pkovf.c
+++ b/drivers/net/octeontx/base/octeontx_pkovf.c
@@ -196,8 +196,8 @@ octeontx_pko_dq_range_lookup(struct octeontx_pko_vf_ctl_s *ctl, uint64_t chanid,
 	while (dq < RTE_DIM(ctl->dq_map)) {
 		dq_base = dq;
 		dq_cnt = 0;
-		while (ctl->dq_map[dq].chanid == ~chanid &&
-			dq < RTE_DIM(ctl->dq_map)) {
+		while (dq < RTE_DIM(ctl->dq_map) &&
+			ctl->dq_map[dq].chanid == ~chanid) {
 			dq_cnt++;
 			if (dq_cnt == dq_num)
 				return dq_base;
-- 
2.39.5