[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20231019173227.3175575-12-jacob.e.keller@intel.com>
Date: Thu, 19 Oct 2023 10:32:27 -0700
From: Jacob Keller <jacob.e.keller@...el.com>
To: netdev@...r.kernel.org,
David Miller <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>
Cc: Dan Carpenter <dan.carpenter@...aro.org>,
Simon Horman <horms@...nel.org>,
Jesse Brandeburg <jesse.brandeburg@...el.com>,
Rafal Romanowski <rafal.romanowski@...el.com>,
Jacob Keller <jacob.e.keller@...el.com>
Subject: [PATCH net-next 11/11] ixgbe: fix end of loop test in ixgbe_set_vf_macvlan()
From: Dan Carpenter <dan.carpenter@...aro.org>
The list iterator in a list_for_each_entry() loop can never be NULL.
If the loop exits without hitting a break then the iterator points
to an offset off the list head and dereferencing it is an out of
bounds access.
Before we transitioned to using list_for_each_entry() loops, then
it was possible for "entry" to be NULL and the comments mention
this. I have updated the comments to match the new code.
Fixes: c1fec890458a ("ethernet/intel: Use list_for_each_entry() helper")
Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>
Reviewed-by: Simon Horman <horms@...nel.org>
Reviewed-by: Jesse Brandeburg <jesse.brandeburg@...el.com>
Tested-by: Rafal Romanowski <rafal.romanowski@...el.com>
Signed-off-by: Jacob Keller <jacob.e.keller@...el.com>
---
.../net/ethernet/intel/ixgbe/ixgbe_sriov.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index cd593f5719e1..9cfdfa8a4355 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -640,6 +640,7 @@ static int ixgbe_set_vf_macvlan(struct ixgbe_adapter *adapter,
int vf, int index, unsigned char *mac_addr)
{
struct vf_macvlans *entry;
+ bool found = false;
int retval = 0;
if (index <= 1) {
@@ -661,22 +662,22 @@ static int ixgbe_set_vf_macvlan(struct ixgbe_adapter *adapter,
if (!index)
return 0;
- entry = NULL;
-
list_for_each_entry(entry, &adapter->vf_mvs.l, l) {
- if (entry->free)
+ if (entry->free) {
+ found = true;
break;
+ }
}
/*
* If we traversed the entire list and didn't find a free entry
- * then we're out of space on the RAR table. Also entry may
- * be NULL because the original memory allocation for the list
- * failed, which is not fatal but does mean we can't support
- * VF requests for MACVLAN because we couldn't allocate
- * memory for the list management required.
+ * then we're out of space on the RAR table. It's also possible
+ * for the &adapter->vf_mvs.l list to be empty because the original
+ * memory allocation for the list failed, which is not fatal but does
+ * mean we can't support VF requests for MACVLAN because we couldn't
+ * allocate memory for the list management required.
*/
- if (!entry || !entry->free)
+ if (!found)
return -ENOSPC;
retval = ixgbe_add_mac_filter(adapter, mac_addr, vf);
--
2.41.0
Powered by blists - more mailing lists