IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds

[ Upstream commit 3144533bf667c8e53bb20656b78295960073e57b ] The dlid assignment made by looking into the u_ucast_dlid array does not do an explicit check for the size of the array. The code path to arrive at def_port, the index value is long and complicated so its best to just have an explicit check here. Signed-off-by: N Dennis Dalessandro <dennis.dalessandro@intel.com> Signed-off-by: N Jason Gunthorpe <jgg@mellanox.com> Signed-off-by: N Sasha Levin <sashal@kernel.org>

IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds
[ Upstream commit 3144533bf667c8e53bb20656b78295960073e57b ] The dlid assignment made by looking into the u_ucast_dlid array does not do an explicit check for the size of the array. The code path to arrive at def_port, the index value is long and complicated so its best to just have an explicit check here. Signed-off-by: N Dennis Dalessandro <dennis.dalessandro@intel.com> Signed-off-by: N Jason Gunthorpe <jgg@mellanox.com> Signed-off-by: N Sasha Levin <sashal@kernel.org>
449b9ae3 · Dennis Dalessandro · Greg Kroah-Hartman · e0dee1c8 · 449b9ae3
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

drivers/infiniband/ulp/opa_vnic/opa_vnic_encap.c drivers/infiniband/ulp/opa_vnic/opa_vnic_encap.c +2 -1

未找到文件。
--- a/drivers/infiniband/ulp/opa_vnic/opa_vnic_encap.c
+++ b/drivers/infiniband/ulp/opa_vnic/opa_vnic_encap.c
@@ -351,7 +351,8 @@ static uint32_t opa_vnic_get_dlid(struct opa_vnic_adapter *adapter,
 			if (unlikely(!dlid))
 				v_warn("Null dlid in MAC address\n");
 		} else if (def_port != OPA_VNIC_INVALID_PORT) {
-			dlid = info->vesw.u_ucast_dlid[def_port];
+			if (def_port < OPA_VESW_MAX_NUM_DEF_PORT)
+				dlid = info->vesw.u_ucast_dlid[def_port];
 		}
 	}