net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc()

[ Upstream commit 51fe0a4705 ]

rules is allocated in ethtool_get_rxnfc and the size is determined by
rule_cnt from user space. So rule_cnt needs to be check before using
rules to avoid OOB writing or NULL pointer dereference.

Fixes: 90b509b39a ("net: mvpp2: cls: Add Classification offload support")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Reviewed-by: Marcin Wojtas <mw@semihalf.com>
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Hangyu Hua 2023-09-08 14:19:49 +08:00 коммит произвёл Greg Kroah-Hartman
Родитель 06b4934ab2
Коммит 5bb09dddc7
1 изменённых файлов: 5 добавлений и 0 удалений

Просмотреть файл

@ -5572,6 +5572,11 @@ static int mvpp2_ethtool_get_rxnfc(struct net_device *dev,
break; break;
case ETHTOOL_GRXCLSRLALL: case ETHTOOL_GRXCLSRLALL:
for (i = 0; i < MVPP2_N_RFS_ENTRIES_PER_FLOW; i++) { for (i = 0; i < MVPP2_N_RFS_ENTRIES_PER_FLOW; i++) {
if (loc == info->rule_cnt) {
ret = -EMSGSIZE;
break;
}
if (port->rfs_rules[i]) if (port->rfs_rules[i])
rules[loc++] = i; rules[loc++] = i;
} }