--- /dev/null
+From 93efb0c656837f4a31d7cc6117a7c8cecc8fadac Mon Sep 17 00:00:00 2001
+From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
+Date: Fri, 12 Feb 2021 06:23:10 -0600
+Subject: octeontx2-pf: Fix out-of-bounds read in otx2_get_fecparam()
+
+From: Gustavo A. R. Silva <gustavoars@kernel.org>
+
+commit 93efb0c656837f4a31d7cc6117a7c8cecc8fadac upstream.
+
+Code at line 967 implies that rsp->fwdata.supported_fec may be up to 4:
+
+ 967: if (rsp->fwdata.supported_fec <= FEC_MAX_INDEX)
+
+If rsp->fwdata.supported_fec evaluates to 4, then there is an
+out-of-bounds read at line 971 because fec is an array with
+a maximum of 4 elements:
+
+ 954 const int fec[] = {
+ 955 ETHTOOL_FEC_OFF,
+ 956 ETHTOOL_FEC_BASER,
+ 957 ETHTOOL_FEC_RS,
+ 958 ETHTOOL_FEC_BASER | ETHTOOL_FEC_RS};
+ 959 #define FEC_MAX_INDEX 4
+
+ 971: fecparam->fec = fec[rsp->fwdata.supported_fec];
+
+Fix this by properly indexing fec[] with rsp->fwdata.supported_fec - 1.
+In this case the proper indexes 0 to 3 are used when
+rsp->fwdata.supported_fec evaluates to a range of 1 to 4, correspondingly.
+
+Fixes: d0cf9503e908 ("octeontx2-pf: ethtool fec mode support")
+Addresses-Coverity-ID: 1501722 ("Out-of-bounds read")
+Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c
++++ b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c
+@@ -805,7 +805,7 @@ static int otx2_get_fecparam(struct net_
+ if (!rsp->fwdata.supported_fec)
+ fecparam->fec = ETHTOOL_FEC_NONE;
+ else
+- fecparam->fec = fec[rsp->fwdata.supported_fec];
++ fecparam->fec = fec[rsp->fwdata.supported_fec - 1];
+ }
+ return 0;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
