[PATCH openEuler-1.0-LTS 01/18] net: hns3: limit bd numbers when getting dfx regs.

From: Yonglong Liu liuyonglong@huawei.com

driver inclusion category: bugfix bugzilla: NA CVE: NA

----------------------------

When getting dfx regs, the bd numbers from the firmware may be very big which is not expected, and cause the buffer size overflow. This patch limit the max bd numbers to 64 to fix the problem.

Signed-off-by: Yonglong Liu liuyonglong@huawei.com Reviewed-by: li yongxin liyongxin1@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 9 +++++++++ 1 file changed, 9 insertions(+)

diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c index 8507eb60450fe..ac5f502d5e9be 100644 --- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c +++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c @@ -11180,6 +11180,8 @@ static int hclge_get_dfx_reg_len(struct hclge_dev *hdev, int *len)

static int hclge_get_dfx_reg(struct hclge_dev *hdev, void *data) { +#define HCLGE_DFX_BD_NUM_MAX 64 + u32 dfx_reg_type_num = ARRAY_SIZE(hclge_dfx_bd_offset_list); int bd_num, bd_num_max, buf_len, i; struct hclge_desc *desc_src; @@ -11202,6 +11204,13 @@ static int hclge_get_dfx_reg(struct hclge_dev *hdev, void *data) for (i = 1; i < dfx_reg_type_num; i++) bd_num_max = max_t(int, bd_num_max, bd_num_list[i]);

+ if (bd_num_max > HCLGE_DFX_BD_NUM_MAX) { + dev_err(&hdev->pdev->dev, + "Get dfx reg fail, invalid bd number: %d\n", + bd_num_max); + goto out; + } + buf_len = sizeof(*desc_src) * bd_num_max; desc_src = kzalloc(buf_len, GFP_KERNEL); if (!desc_src) {