From: Dan Carpenter dan.carpenter@linaro.org
mainline inclusion from mainline-v6.13-rc1 commit 93a11608fb3720e1bc2b19a2649ac2b49cca1921 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBDHGV CVE: CVE-2024-53163
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
----------------------------------------------------------------------
This is called from uof_get_name_420xx() where "num_objs" is the ARRAY_SIZE() of fw_objs[]. The > needs to be >= to prevent an out of bounds access.
Fixes: fcf60f4bcf54 ("crypto: qat - add support for 420xx devices") Signed-off-by: Dan Carpenter dan.carpenter@linaro.org Acked-by: Giovanni Cabiddu giovanni.cabiddu@intel.com Signed-off-by: Herbert Xu herbert@gondor.apana.org.au Signed-off-by: Ye Bin yebin10@huawei.com --- drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c b/drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c index 78f0ea49254d..9faef33e54bd 100644 --- a/drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c +++ b/drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c @@ -375,7 +375,7 @@ static const char *uof_get_name(struct adf_accel_dev *accel_dev, u32 obj_num, else id = -EINVAL;
- if (id < 0 || id > num_objs) + if (id < 0 || id >= num_objs) return NULL;
return fw_objs[id];