| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 14 Aug 2022 11:32:26 -0400
From: Sasha Levin <sashal@...nel.org>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
Cc: Ofir Bitton <obitton@...ana.ai>, Oded Gabbay <ogabbay@...nel.org>,
Sasha Levin <sashal@...nel.org>, gregkh@...uxfoundation.org,
osharabi@...ana.ai, ttayar@...ana.ai, ynudelman@...ana.ai,
dliberman@...ana.ai, fkassabri@...ana.ai, dhirschfeld@...ana.ai
Subject: [PATCH AUTOSEL 5.15 25/46] habanalabs/gaudi: fix shift out of bounds
From: Ofir Bitton <obitton@...ana.ai>
[ Upstream commit 01622098aeb05a5efbb727199bbc2a4653393255 ]
When validating NIC queues, queue offset calculation must be
performed only for NIC queues.
Signed-off-by: Ofir Bitton <obitton@...ana.ai>
Reviewed-by: Oded Gabbay <ogabbay@...nel.org>
Signed-off-by: Oded Gabbay <ogabbay@...nel.org>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
drivers/misc/habanalabs/gaudi/gaudi.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/drivers/misc/habanalabs/gaudi/gaudi.c b/drivers/misc/habanalabs/gaudi/gaudi.c
index 14da87b38e83..801acab048eb 100644
--- a/drivers/misc/habanalabs/gaudi/gaudi.c
+++ b/drivers/misc/habanalabs/gaudi/gaudi.c
@@ -5744,15 +5744,17 @@ static int gaudi_parse_cb_no_ext_queue(struct hl_device *hdev,
{
struct asic_fixed_properties *asic_prop = &hdev->asic_prop;
struct gaudi_device *gaudi = hdev->asic_specific;
- u32 nic_mask_q_id = 1 << (HW_CAP_NIC_SHIFT +
- ((parser->hw_queue_id - GAUDI_QUEUE_ID_NIC_0_0) >> 2));
+ u32 nic_queue_offset, nic_mask_q_id;
if ((parser->hw_queue_id >= GAUDI_QUEUE_ID_NIC_0_0) &&
- (parser->hw_queue_id <= GAUDI_QUEUE_ID_NIC_9_3) &&
- (!(gaudi->hw_cap_initialized & nic_mask_q_id))) {
- dev_err(hdev->dev, "h/w queue %d is disabled\n",
- parser->hw_queue_id);
- return -EINVAL;
+ (parser->hw_queue_id <= GAUDI_QUEUE_ID_NIC_9_3)) {
+ nic_queue_offset = parser->hw_queue_id - GAUDI_QUEUE_ID_NIC_0_0;
+ nic_mask_q_id = 1 << (HW_CAP_NIC_SHIFT + (nic_queue_offset >> 2));
+
+ if (!(gaudi->hw_cap_initialized & nic_mask_q_id)) {
+ dev_err(hdev->dev, "h/w queue %d is disabled\n", parser->hw_queue_id);
+ return -EINVAL;
+ }
}
/* For internal queue jobs just check if CB address is valid */
--
2.35.1
Powered by blists - more mailing lists