From patchwork Thu Feb 15 18:27:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Justin Chen X-Patchwork-Id: 201724 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:c619:b0:108:e6aa:91d0 with SMTP id hn25csp81796dyb; Thu, 15 Feb 2024 11:50:14 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWIoMdJQsq05UhCGejAXgnEO1Z0ALeTx6e9FkaBW+rn3DUUM1ywhTP1gDezF1B1syjVTAyNYCqADa+KH/rM4FZbkonF5g== X-Google-Smtp-Source: AGHT+IERmaWm34vAPf8jA/BJqceJIDyInFtlnOylPF56I4Qn8tGJge8qHjHQXZOBLuqFU2cOrvkE X-Received: by 2002:a05:6358:706:b0:178:8a53:87f with SMTP id e6-20020a056358070600b001788a53087fmr2979995rwj.1.1708026614486; Thu, 15 Feb 2024 11:50:14 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708026614; cv=pass; d=google.com; s=arc-20160816; b=uLUZPZBbCaQtqOrhkNt47aXwnyjiA8yBbSyaN5of+xK8V2NH8KN7jJ2+/1Qk1w6LoH v8/KGMdjmycw4Pc4sJb78GM6Rod/vYxRppKkj+WF0rNwCr1T7ElIXD/IJOe0rg2yimms KhK0+ZJksRQ0hS+5YDI68sFJ+fw1epiLKQD6wBoahcf2vau8ZwImynlL/YR5XyA+pBx4 TjjPcIH36dkE4abyPc/EuqFQ7EWRbrvpo9OF0C6SHhdsdtlb3RkWFy4Jl298SYeKwHo2 afsX59alur+wkFqPW+Edd+BydPV8/03RjpnTyoeJQZBpMCGQxElS4VcTNcEAqyWL6N+w or5A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=fl0lbVWFk7esL9ghuxTeB/l0ggA63ROJq7hUF6DPi6w=; fh=wwtHFuHvBN9hgrPXd8aoRO0YhsRYOLrVUU7vlkjW028=; b=DJkFZRJWFpFFVknxdKjYDLqVEHWqLpYiY0SywkEU4NmmaAZoWw10b/mQBK/kDcNxdA LxqPYW9A2LqSSJoE4JPiEepAo9LqwtmV1ydz347aY/l5NS7Jw4wGlHiG0IWcRVCAXic4 KbOpa+BxCWWfajb2976pvdbWsyL3gBPxdwgqz4GElbYZJPTx/Y3mKY7zfUOZgS73rRwj t+UYTLgaWIYLzAF440e2TUdZ2EkRaylriFKw3SD9NqwS0EYxDrs45j1fVegveop1ZQJO YwVH2pEMy1wLagVRafXUSsPgjayTqe/r6m1Cs7PGWfz5ilf2T7IUqvzlbDx4qKLGR3N1 ZUpQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b="YU7/lnHs"; arc=pass (i=1 dkim=pass dkdomain=broadcom.com dmarc=pass fromdomain=broadcom.com); spf=pass (google.com: domain of linux-kernel+bounces-67508-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-67508-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id by24-20020a056a02059800b005dc365174desi1678803pgb.377.2024.02.15.11.50.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 11:50:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-67508-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b="YU7/lnHs"; arc=pass (i=1 dkim=pass dkdomain=broadcom.com dmarc=pass fromdomain=broadcom.com); spf=pass (google.com: domain of linux-kernel+bounces-67508-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-67508-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id EBB1E28FA1E for ; Thu, 15 Feb 2024 18:32:31 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1441713B280; Thu, 15 Feb 2024 18:27:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b="YU7/lnHs" Received: from mail-oi1-f178.google.com (mail-oi1-f178.google.com [209.85.167.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BDC2B13A274 for ; Thu, 15 Feb 2024 18:27:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708021662; cv=none; b=bdYzZP5IT4ZSAbl5eK8UcODFg7Z7OL2Qx7YnMoIyNDaLPlqfRDYJQkMMS0XUe8YHmf6/Dc5x679vER0mfayF+pxVM6GZ2Z0pXiC5HEMbCMStqtvT3KgbWk9XAnn9P279XSw88EmfPd25oZmC+9VhmAh1k6Zd1Kj7y3BIcUX9x/w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708021662; c=relaxed/simple; bh=jLl9Z2fTsH6Rmmj0FW2/msC3++4LT5xvr/9S1+KPYzA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=K9kOHivMWBSiwTIOwksTicFVMHh8b9Mi8EKkdhY6ZYSPAZHJ5lliFdGYRGbmQ4W+Xpf6vqhC5s85yDubm38Gdv3n8cJnRs1ghEls7P/wA9V3iUj/LqCPiDKBVt36yxpo+XOLWYX12dHRuRpOT3VW1p33IfOLdYa1nfUnQpxwbXU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=broadcom.com; spf=fail smtp.mailfrom=broadcom.com; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b=YU7/lnHs; arc=none smtp.client-ip=209.85.167.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=broadcom.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=broadcom.com Received: by mail-oi1-f178.google.com with SMTP id 5614622812f47-3bba50cd318so880960b6e.0 for ; Thu, 15 Feb 2024 10:27:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1708021659; x=1708626459; darn=vger.kernel.org; h=mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=fl0lbVWFk7esL9ghuxTeB/l0ggA63ROJq7hUF6DPi6w=; b=YU7/lnHsQoJeqkvEOK5GYtMOyjHq/z0SfwK9I9VPg+VMiK7yRSgzGQxsBKg71AQ7Lq jYipdrdVAYC/6jjWRhrDG4t8MZsh6EVgMuIvSe6TnbQ1kZXC6Eb1M50dyR9S3wuprADV WicDfTISCWCdQHeXKmJ/HzolGjD+8UBh45DWs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708021659; x=1708626459; h=mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=fl0lbVWFk7esL9ghuxTeB/l0ggA63ROJq7hUF6DPi6w=; b=e/xtzJWgUYGlCtLCMqQVDtV2vIGtHghqb9Xbc0U/j0jfPeIVR3VKjzMkFVFwfhxi02 u8K/ea7imLDvU+fmIeJ/JFlH3sKPrJom7O5gtWK2cTDgJX4m1xmGGEqIQ25Ci88nqxN2 DdRhgFgSyBQGSndL2aTr3Acx5dalkkMumDs4DGeJDUcttBfuW85xt404O3AWlXsJiAAN Hp2lDGaKgQjWxxY/XssEP58SsZrBxuF3cTMDUUoHirpcTSHVRb8+Cx1Kc/TDMp6BcBCX r1poJq4pJk8ut31jONwFW0vwQUc9Sb0XVAqSI86mxC+HW3WTC+oESZouzxYWSM02N9wg ukAw== X-Forwarded-Encrypted: i=1; AJvYcCUuSkwlFv7k8pFT/LN1M+6pbFfBImFZDK1hQoC7k8dvAtrAenTOutlEsT0liBF8jhmOTilrN+VJNuyNGPYnXnR74Lu8OxNKw+YXl7v9 X-Gm-Message-State: AOJu0YxCIOZu3Uf7aYQIlbP1PGh0TKBwKTu94NdOqrt3CbOfQLAwC/Dz m5VV7Ius9nWBs3REk+M9JZqqV66QV6HOPLhHKyAhFKLl2KsHu7gEghsFyom9lQ== X-Received: by 2002:a05:6808:9a3:b0:3c0:326a:9cff with SMTP id e3-20020a05680809a300b003c0326a9cffmr2709373oig.23.1708021659611; Thu, 15 Feb 2024 10:27:39 -0800 (PST) Received: from stbirv-lnx-1.igp.broadcom.net ([192.19.223.252]) by smtp.gmail.com with ESMTPSA id mf4-20020a0562145d8400b0068f13038031sm901515qvb.5.2024.02.15.10.27.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 10:27:39 -0800 (PST) From: Justin Chen To: netdev@vger.kernel.org Cc: Justin Chen , Florian Fainelli , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Hangyu Hua , bcm-kernel-feedback-list@broadcom.com (open list:BROADCOM ASP 2.0 ETHERNET DRIVER), linux-kernel@vger.kernel.org (open list) Subject: [PATCH 2/2] net: bcmasp: Sanity check is off by one Date: Thu, 15 Feb 2024 10:27:32 -0800 Message-Id: <20240215182732.1536941-3-justin.chen@broadcom.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240215182732.1536941-1-justin.chen@broadcom.com> References: <20240215182732.1536941-1-justin.chen@broadcom.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790995715491500969 X-GMAIL-MSGID: 1790995715491500969 A sanity check for OOB write is off by one leading to a false positive when the array is full. Fixes: 9b90aca97f6d ("net: ethernet: bcmasp: fix possible OOB write in bcmasp_netfilt_get_all_active()") Signed-off-by: Justin Chen Reviewed-by: Florian Fainelli --- drivers/net/ethernet/broadcom/asp2/bcmasp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/broadcom/asp2/bcmasp.c b/drivers/net/ethernet/broadcom/asp2/bcmasp.c index 29b04a274d07..80245c65cc90 100644 --- a/drivers/net/ethernet/broadcom/asp2/bcmasp.c +++ b/drivers/net/ethernet/broadcom/asp2/bcmasp.c @@ -535,9 +535,6 @@ int bcmasp_netfilt_get_all_active(struct bcmasp_intf *intf, u32 *rule_locs, int j = 0, i; for (i = 0; i < NUM_NET_FILTERS; i++) { - if (j == *rule_cnt) - return -EMSGSIZE; - if (!priv->net_filters[i].claimed || priv->net_filters[i].port != intf->port) continue; @@ -547,6 +544,9 @@ int bcmasp_netfilt_get_all_active(struct bcmasp_intf *intf, u32 *rule_locs, priv->net_filters[i - 1].wake_filter) continue; + if (j == *rule_cnt) + return -EMSGSIZE; + rule_locs[j++] = priv->net_filters[i].fs.location; }