* [PATCH net] ixgbe: Off by one in ixgbe_ipsec_tx()
@ 2018-07-04 9:53 Dan Carpenter
2018-07-05 11:13 ` David Miller
2018-07-09 15:53 ` Shannon Nelson
0 siblings, 2 replies; 3+ messages in thread
From: Dan Carpenter @ 2018-07-04 9:53 UTC (permalink / raw)
To: Jeff Kirsher, Shannon Nelson
Cc: David S. Miller, intel-wired-lan, netdev, kernel-janitors
The ipsec->tx_tbl[] has IXGBE_IPSEC_MAX_SA_COUNT elements so the > needs
to be changed to >= so we don't read one element beyond the end of the
array.
Fixes: 592594704761 ("ixgbe: process the Tx ipsec offload")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
index c116f459945d..da4322e4daed 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
@@ -839,7 +839,7 @@ int ixgbe_ipsec_tx(struct ixgbe_ring *tx_ring,
}
itd->sa_idx = xs->xso.offload_handle - IXGBE_IPSEC_BASE_TX_INDEX;
- if (unlikely(itd->sa_idx > IXGBE_IPSEC_MAX_SA_COUNT)) {
+ if (unlikely(itd->sa_idx >= IXGBE_IPSEC_MAX_SA_COUNT)) {
netdev_err(tx_ring->netdev, "%s: bad sa_idx=%d handle=%lu\n",
__func__, itd->sa_idx, xs->xso.offload_handle);
return 0;
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH net] ixgbe: Off by one in ixgbe_ipsec_tx()
2018-07-04 9:53 [PATCH net] ixgbe: Off by one in ixgbe_ipsec_tx() Dan Carpenter
@ 2018-07-05 11:13 ` David Miller
2018-07-09 15:53 ` Shannon Nelson
1 sibling, 0 replies; 3+ messages in thread
From: David Miller @ 2018-07-05 11:13 UTC (permalink / raw)
To: dan.carpenter
Cc: jeffrey.t.kirsher, shannon.nelson, intel-wired-lan, netdev,
kernel-janitors
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Wed, 4 Jul 2018 12:53:37 +0300
> The ipsec->tx_tbl[] has IXGBE_IPSEC_MAX_SA_COUNT elements so the > needs
> to be changed to >= so we don't read one element beyond the end of the
> array.
>
> Fixes: 592594704761 ("ixgbe: process the Tx ipsec offload")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
I'll let Jeff pick this up.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH net] ixgbe: Off by one in ixgbe_ipsec_tx()
2018-07-04 9:53 [PATCH net] ixgbe: Off by one in ixgbe_ipsec_tx() Dan Carpenter
2018-07-05 11:13 ` David Miller
@ 2018-07-09 15:53 ` Shannon Nelson
1 sibling, 0 replies; 3+ messages in thread
From: Shannon Nelson @ 2018-07-09 15:53 UTC (permalink / raw)
To: Dan Carpenter, Jeff Kirsher
Cc: David S. Miller, intel-wired-lan, netdev, kernel-janitors
On 7/4/2018 2:53 AM, Dan Carpenter wrote:
> The ipsec->tx_tbl[] has IXGBE_IPSEC_MAX_SA_COUNT elements so the > needs
> to be changed to >= so we don't read one element beyond the end of the
> array.
>
> Fixes: 592594704761 ("ixgbe: process the Tx ipsec offload")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Shannon Nelson <shannon.nelson@oracle.com>
>
> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
> index c116f459945d..da4322e4daed 100644
> --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
> +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
> @@ -839,7 +839,7 @@ int ixgbe_ipsec_tx(struct ixgbe_ring *tx_ring,
> }
>
> itd->sa_idx = xs->xso.offload_handle - IXGBE_IPSEC_BASE_TX_INDEX;
> - if (unlikely(itd->sa_idx > IXGBE_IPSEC_MAX_SA_COUNT)) {
> + if (unlikely(itd->sa_idx >= IXGBE_IPSEC_MAX_SA_COUNT)) {
> netdev_err(tx_ring->netdev, "%s: bad sa_idx=%d handle=%lu\n",
> __func__, itd->sa_idx, xs->xso.offload_handle);
> return 0;
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-07-09 15:53 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-04 9:53 [PATCH net] ixgbe: Off by one in ixgbe_ipsec_tx() Dan Carpenter
2018-07-05 11:13 ` David Miller
2018-07-09 15:53 ` Shannon Nelson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).