git.baikalelectronics.ru Git - kernel.git/commit

author	Roi Dayan <roid@nvidia.com>
	Thu, 3 Nov 2022 06:55:47 +0000 (23:55 -0700)
committer	Saeed Mahameed <saeedm@nvidia.com>
	Wed, 9 Nov 2022 18:30:43 +0000 (10:30 -0800)
commit	8567bb065bce5e74ac4572bc7ca31d1b2ec1048b
tree	159db4bf9eee890a321f1a9ceb287e023b92f881	tree \| snapshot
parent	cdf4a8e1b81798fb15d90f583b316e8a8e0c6210	commit \| diff

net/mlx5e: TC, Fix slab-out-of-bounds in parse_tc_actions

esw_attr is only allocated if namespace is fdb.

BUG: KASAN: slab-out-of-bounds in parse_tc_actions+0xdc6/0x10e0 [mlx5_core]
Write of size 4 at addr ffff88815f185b04 by task tc/2135

CPU: 5 PID: 2135 Comm: tc Not tainted 6.1.0-rc2+ #2
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x57/0x7d
print_report+0x170/0x471
? parse_tc_actions+0xdc6/0x10e0 [mlx5_core]
kasan_report+0xbc/0xf0
? parse_tc_actions+0xdc6/0x10e0 [mlx5_core]
parse_tc_actions+0xdc6/0x10e0 [mlx5_core]

Fixes: a65dadc7724e ("net/mlx5e: TC, Fix cloned flow attr instance dests are not zeroed")
Signed-off-by: Roi Dayan <roid@nvidia.com>
Reviewed-by: Maor Dickman <maord@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>