queue-4.19/net-dsa-bcm_sf2-potential-array-overflow-in-bcm_sf2_.patch

   1 From aac8c28cbe187babf45a139a3c097873c1ece6d5 Mon Sep 17 00:00:00 2001
   2 From: Dan Carpenter <dan.carpenter@oracle.com>
   3 Date: Wed, 13 Feb 2019 11:23:04 +0300
   4 Subject: net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend()
   5
   6 [ Upstream commit 8d6ea932856c7087ce8c3d0e79494b7d5386f962 ]
   7
   8 The value of ->num_ports comes from bcm_sf2_sw_probe() and it is less
   9 than or equal to DSA_MAX_PORTS.  The ds->ports[] array is used inside
  10 the dsa_is_user_port() and dsa_is_cpu_port() functions.  The ds->ports[]
  11 array is allocated in dsa_switch_alloc() and it has ds->num_ports
  12 elements so this leads to a static checker warning about a potential out
  13 of bounds read.
  14
  15 Fixes: 8cfa94984c9c ("net: dsa: bcm_sf2: add suspend/resume callbacks")
  16 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
  17 Reviewed-by: Vivien Didelot <vivien.didelot@gmail.com>
  18 Signed-off-by: David S. Miller <davem@davemloft.net>
  19 Signed-off-by: Sasha Levin <sashal@kernel.org>
  20 ---
  21  drivers/net/dsa/bcm_sf2.c | 2 +-
  22  1 file changed, 1 insertion(+), 1 deletion(-)
  23
  24 diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_sf2.c
  25 index fc8b48adf38b..bb26a193361e 100644
  26 --- a/drivers/net/dsa/bcm_sf2.c
  27 +++ b/drivers/net/dsa/bcm_sf2.c
  28 @@ -692,7 +692,7 @@ static int bcm_sf2_sw_suspend(struct dsa_switch *ds)
  29          * port, the other ones have already been disabled during
  30          * bcm_sf2_sw_setup
  31          */
  32 -       for (port = 0; port < DSA_MAX_PORTS; port++) {
  33 +       for (port = 0; port < ds->num_ports; port++) {
  34                 if (dsa_is_user_port(ds, port) || dsa_is_cpu_port(ds, port))
  35                         bcm_sf2_port_disable(ds, port, NULL);
  36         }
  37 --
  38 2.19.1
  39