tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

net: ipa: verify table sizes fit in commands early

We currently verify the table size and offset fit in the immediate
command fields that must encode them in ipa_table_valid_one(). We
can now make this check earlier, in ipa_table_mem_valid().

The non-hashed IPv4 filter and route tables will always exist, and
their sizes will match the IPv6 tables, as well as the hashed tables
(if supported). So it's sufficient to verify the offset and size of
the IPv4 non-hashed tables fit into these fields.

Rename the function ipa_cmd_table_init_valid(), to reinforce that
it is the TABLE_INIT immediate command fields we're checking.

Signed-off-by: Alex Elder <elder@linaro.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

authored by

Alex Elder and committed by
Paolo Abeni 5444b0ea cf139196

+9 -8
+2 -1
drivers/net/ipa/ipa_cmd.c
··· 171 171 } 172 172 173 173 /* Validate a memory region holding a table */ 174 - bool ipa_cmd_table_valid(struct ipa *ipa, const struct ipa_mem *mem, bool route) 174 + bool ipa_cmd_table_init_valid(struct ipa *ipa, const struct ipa_mem *mem, 175 + bool route) 175 176 { 176 177 u32 offset_max = field_max(IP_FLTRT_FLAGS_NHASH_ADDR_FMASK); 177 178 u32 size_max = field_max(IP_FLTRT_FLAGS_NHASH_SIZE_FMASK);
+3 -3
drivers/net/ipa/ipa_cmd.h
··· 47 47 }; 48 48 49 49 /** 50 - * ipa_cmd_table_valid() - Validate a memory region holding a table 50 + * ipa_cmd_table_init_valid() - Validate a memory region holding a table 51 51 * @ipa: - IPA pointer 52 52 * @mem: - IPA memory region descriptor 53 53 * @route: - Whether the region holds a route or filter table 54 54 * 55 55 * Return: true if region is valid, false otherwise 56 56 */ 57 - bool ipa_cmd_table_valid(struct ipa *ipa, const struct ipa_mem *mem, 58 - bool route); 57 + bool ipa_cmd_table_init_valid(struct ipa *ipa, const struct ipa_mem *mem, 58 + bool route); 59 59 60 60 /** 61 61 * ipa_cmd_data_valid() - Validate command-realted configuration is valid
+4 -4
drivers/net/ipa/ipa_table.c
··· 166 166 size = IPA_ROUTE_COUNT_MAX * sizeof(__le64); 167 167 else 168 168 size = (1 + IPA_FILTER_COUNT_MAX) * sizeof(__le64); 169 - 170 - if (!ipa_cmd_table_valid(ipa, mem, route)) 171 - return false; 172 - 173 169 /* mem->size >= size is sufficient, but we'll demand more */ 174 170 if (mem->size == size) 175 171 return true; ··· 639 643 return false; 640 644 641 645 if (mem_ipv4->size != mem_ipv6->size) 646 + return false; 647 + 648 + /* Table offset and size must fit in TABLE_INIT command fields */ 649 + if (!ipa_cmd_table_init_valid(ipa, mem_ipv4, !filter)) 642 650 return false; 643 651 644 652 /* Make sure the regions are big enough */