Commit 600a507ddcb99096731e1d96a3ebf43e20fc7f80
Committed by
Jeff Kirsher
1 parent
f6b03c10a1
ixgbe: check for vfs outside of sriov_num_vfs before dereference
The check for vfinfo is not sufficient because it does not protect against specifying vf that is outside of sriov_num_vfs range. All of the ndo functions have a check for it except for ixgbevf_ndo_set_spoofcheck(). The following patch is all we need to protect against this panic: ip link set p96p1 vf 0 spoofchk off BUG: unable to handle kernel NULL pointer dereference at 0000000000000052 IP: [<ffffffffa044a1c1>] ixgbe_ndo_set_vf_spoofchk+0x51/0x150 [ixgbe] Reported-by: Thierry Herbelot <thierry.herbelot@6wind.com> Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com> Acked-by: Thierry Herbelot <thierry.herbelot@6wind.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Showing 1 changed file with 3 additions and 0 deletions Side-by-side Diff
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
... | ... | @@ -1261,6 +1261,9 @@ |
1261 | 1261 | struct ixgbe_hw *hw = &adapter->hw; |
1262 | 1262 | u32 regval; |
1263 | 1263 | |
1264 | + if (vf >= adapter->num_vfs) | |
1265 | + return -EINVAL; | |
1266 | + | |
1264 | 1267 | adapter->vfinfo[vf].spoofchk_enabled = setting; |
1265 | 1268 | |
1266 | 1269 | regval = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg)); |