net: mana: hardening: Reject zero max_num_queues from MANA_QUERY_VPORT_CONFIG

As a part of MANA hardening for CVM, validate that max_num_sq and
max_num_rq returned by MANA_QUERY_VPORT_CONFIG are not zero. These
values flow into apc->num_queues, which is used as an allocation count
and loop bound. A zero value would result in zero-size allocations and
incorrect driver behavior.

Return -EPROTO if either value is zero.

Signed-off-by: Erni Sri Satya Vennela <ernis@linux.microsoft.com>
Link: https://patch.msgid.link/20260430085638.1875400-1-ernis@linux.microsoft.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c
index a654b3699c4c516ef50900d3b4f28eafc364b7cc..7c83e010a1e6164f35341bc2034b7e99538042ee 100644 (file)
--- a/drivers/net/ethernet/microsoft/mana/mana_en.c
+++ b/drivers/net/ethernet/microsoft/mana/mana_en.c
@@ -1262,6 +1262,12 @@ static int mana_query_vport_cfg(struct mana_port_context *apc, u32 vport_index,
 
        *max_sq = resp.max_num_sq;
        *max_rq = resp.max_num_rq;
+
+       if (*max_sq == 0 || *max_rq == 0) {
+               netdev_err(apc->ndev, "Invalid max queues from vPort config\n");
+               return -EPROTO;
+       }
+
        if (resp.num_indirection_ent > 0 &&
            resp.num_indirection_ent <= MANA_INDIRECT_TABLE_MAX_SIZE &&
            is_power_of_2(resp.num_indirection_ent)) {