From: Emil Tantilov Date: Thu, 16 Oct 2014 15:49:02 +0000 (+0000) Subject: ixgbe: check for vfs outside of sriov_num_vfs before dereference X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=600a507ddcb99096731e1d96a3ebf43e20fc7f80;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git ixgbe: check for vfs outside of sriov_num_vfs before dereference The check for vfinfo is not sufficient because it does not protect against specifying vf that is outside of sriov_num_vfs range. All of the ndo functions have a check for it except for ixgbevf_ndo_set_spoofcheck(). The following patch is all we need to protect against this panic: ip link set p96p1 vf 0 spoofchk off BUG: unable to handle kernel NULL pointer dereference at 0000000000000052 IP: [] ixgbe_ndo_set_vf_spoofchk+0x51/0x150 [ixgbe] Reported-by: Thierry Herbelot Signed-off-by: Emil Tantilov Acked-by: Thierry Herbelot Signed-off-by: Jeff Kirsher --- diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c index 706fc69aa0c5..97c85b859536 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c @@ -1261,6 +1261,9 @@ int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting) struct ixgbe_hw *hw = &adapter->hw; u32 regval; + if (vf >= adapter->num_vfs) + return -EINVAL; + adapter->vfinfo[vf].spoofchk_enabled = setting; regval = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg));