net: qed: fix the array may be out of bound

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

If the variable 'p_bit->flags' is always 0,
the loop condition is always 0.

The variable 'j' may be greater than or equal to 32.

At this time, the array 'p_aeu->bits[32]' may be out
of bound.

Signed-off-by: zhangyue <zhangyue1@kylinos.cn>
Link: https://lore.kernel.org/r/20211125113610.273841-1-zhangyue1@kylinos.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

zhangyue and committed by

Jakub Kicinski 4 years ago 0435a4d0 bacb6c1e

+3 -3

1 changed file

expand all

drivers

net

ethernet

qlogic

qed

qed_int.c

+3 -3

drivers/net/ethernet/qlogic/qed/qed_int.c

··· 1045 1045 if (!parities) 1046 1046 continue; 1047 1047 1048 - for (j = 0, bit_idx = 0; bit_idx < 32; j++) { 1048 + for (j = 0, bit_idx = 0; bit_idx < 32 && j < 32; j++) { 1049 1049 struct aeu_invert_reg_bit *p_bit = &p_aeu->bits[j]; 1050 1050 1051 1051 if (qed_int_is_parity_flag(p_hwfn, p_bit) && ··· 1083 1083 * to current group, making them responsible for the 1084 1084 * previous assertion. 1085 1085 */ 1086 - for (j = 0, bit_idx = 0; bit_idx < 32; j++) { 1086 + for (j = 0, bit_idx = 0; bit_idx < 32 && j < 32; j++) { 1087 1087 long unsigned int bitmask; 1088 1088 u8 bit, bit_len; 1089 1089 ··· 1382 1382 memset(sb_info->parity_mask, 0, sizeof(u32) * NUM_ATTN_REGS); 1383 1383 for (i = 0; i < NUM_ATTN_REGS; i++) { 1384 1384 /* j is array index, k is bit index */ 1385 - for (j = 0, k = 0; k < 32; j++) { 1385 + for (j = 0, k = 0; k < 32 && j < 32; j++) { 1386 1386 struct aeu_invert_reg_bit *p_aeu; 1387 1387 1388 1388 p_aeu = &aeu_descs[i].bits[j];