提交 22118d86 编写于 作者: M Michal Schmidt 提交者: David S. Miller

bnx2x: fix possible overrun of VFPF multicast addresses array

It is too late to check for the limit of the number of VF multicast
addresses after they have already been copied to the req->multicast[]
array, possibly overflowing it.

Do the check before copying.

Also fix the error path to not skip unlocking vf2pf_mutex.
Signed-off-by: NMichal Schmidt <mschmidt@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 850268d3
...@@ -868,7 +868,7 @@ int bnx2x_vfpf_set_mcast(struct net_device *dev) ...@@ -868,7 +868,7 @@ int bnx2x_vfpf_set_mcast(struct net_device *dev)
struct bnx2x *bp = netdev_priv(dev); struct bnx2x *bp = netdev_priv(dev);
struct vfpf_set_q_filters_tlv *req = &bp->vf2pf_mbox->req.set_q_filters; struct vfpf_set_q_filters_tlv *req = &bp->vf2pf_mbox->req.set_q_filters;
struct pfvf_general_resp_tlv *resp = &bp->vf2pf_mbox->resp.general_resp; struct pfvf_general_resp_tlv *resp = &bp->vf2pf_mbox->resp.general_resp;
int rc, i = 0; int rc = 0, i = 0;
struct netdev_hw_addr *ha; struct netdev_hw_addr *ha;
if (bp->state != BNX2X_STATE_OPEN) { if (bp->state != BNX2X_STATE_OPEN) {
...@@ -883,6 +883,15 @@ int bnx2x_vfpf_set_mcast(struct net_device *dev) ...@@ -883,6 +883,15 @@ int bnx2x_vfpf_set_mcast(struct net_device *dev)
/* Get Rx mode requested */ /* Get Rx mode requested */
DP(NETIF_MSG_IFUP, "dev->flags = %x\n", dev->flags); DP(NETIF_MSG_IFUP, "dev->flags = %x\n", dev->flags);
/* We support PFVF_MAX_MULTICAST_PER_VF mcast addresses tops */
if (netdev_mc_count(dev) > PFVF_MAX_MULTICAST_PER_VF) {
DP(NETIF_MSG_IFUP,
"VF supports not more than %d multicast MAC addresses\n",
PFVF_MAX_MULTICAST_PER_VF);
rc = -EINVAL;
goto out;
}
netdev_for_each_mc_addr(ha, dev) { netdev_for_each_mc_addr(ha, dev) {
DP(NETIF_MSG_IFUP, "Adding mcast MAC: %pM\n", DP(NETIF_MSG_IFUP, "Adding mcast MAC: %pM\n",
bnx2x_mc_addr(ha)); bnx2x_mc_addr(ha));
...@@ -890,16 +899,6 @@ int bnx2x_vfpf_set_mcast(struct net_device *dev) ...@@ -890,16 +899,6 @@ int bnx2x_vfpf_set_mcast(struct net_device *dev)
i++; i++;
} }
/* We support four PFVF_MAX_MULTICAST_PER_VF mcast
* addresses tops
*/
if (i >= PFVF_MAX_MULTICAST_PER_VF) {
DP(NETIF_MSG_IFUP,
"VF supports not more than %d multicast MAC addresses\n",
PFVF_MAX_MULTICAST_PER_VF);
return -EINVAL;
}
req->n_multicast = i; req->n_multicast = i;
req->flags |= VFPF_SET_Q_FILTERS_MULTICAST_CHANGED; req->flags |= VFPF_SET_Q_FILTERS_MULTICAST_CHANGED;
req->vf_qid = 0; req->vf_qid = 0;
...@@ -924,7 +923,7 @@ int bnx2x_vfpf_set_mcast(struct net_device *dev) ...@@ -924,7 +923,7 @@ int bnx2x_vfpf_set_mcast(struct net_device *dev)
out: out:
bnx2x_vfpf_finalize(bp, &req->first_tlv); bnx2x_vfpf_finalize(bp, &req->first_tlv);
return 0; return rc;
} }
/* request pf to add a vlan for the vf */ /* request pf to add a vlan for the vf */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册