virtchnl: Fix off by one error · tjh.dev/kernel@843faff

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

virtchnl: Fix off by one error

When calculating the valid length for a VIRTCHNL_OP_ENABLE_CHANNELS
message, we accidentally allowed messages with one extra
virtchnl_channel_info structure on the end. This happened due
to an off by one error, because we forgot that valid_len already
accounted for one virtchnl_channel_info structure, so we need to
subtract one from the num_tc value.

Signed-off-by: Alice Michael <alice.michael@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>

authored by

Alice Michael and committed by

Jeff Kirsher 7 years ago 843faff8 c9a98305

+2 -2

1 changed file

expand all

include

linux

avf

virtchnl.h

+2 -2

include/linux/avf/virtchnl.h

··· 819 819 if (msglen >= valid_len) { 820 820 struct virtchnl_tc_info *vti = 821 821 (struct virtchnl_tc_info *)msg; 822 - valid_len += vti->num_tc * 823 - sizeof(struct virtchnl_channel_info); 822 + valid_len += (vti->num_tc - 1) * 823 + sizeof(struct virtchnl_channel_info); 824 824 if (vti->num_tc == 0) 825 825 err_msg_format = true; 826 826 }