Skip to content

Commit

Permalink
ixgbe: check for vfs outside of sriov_num_vfs before dereference
Browse files Browse the repository at this point in the history 
The check for vfinfo is not sufficient because it does not protect
against specifying vf that is outside of sriov_num_vfs range.
All of the ndo functions have a check for it except for
ixgbevf_ndo_set_spoofcheck().

The following patch is all we need to protect against this panic:

ip link set p96p1 vf 0 spoofchk off
BUG: unable to handle kernel NULL pointer dereference at 0000000000000052
IP: [<ffffffffa044a1c1>]
ixgbe_ndo_set_vf_spoofchk+0x51/0x150 [ixgbe]

Reported-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com>
Acked-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
  • Loading branch information
Emil Tantilov authored and Jeff Kirsher committed Oct 16, 2014
1 parent f6b03c1 commit 600a507
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1261,6 +1261,9 @@ int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting)
struct ixgbe_hw *hw = &adapter->hw;
u32 regval;

if (vf >= adapter->num_vfs)
return -EINVAL;

adapter->vfinfo[vf].spoofchk_enabled = setting;

regval = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg));
Expand Down

0 comments on commit 600a507

Please sign in to comment.