From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Thu, 26 May 2022 08:02:42 +0000 (+0300)
Subject: net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
X-Git-Tag: baikal/aarch64/sdk6.1~3836^2~43
X-Git-Url: https://git.baikalelectronics.ru/sdk/?a=commitdiff_plain;h=9a1ac7adaf5400dbdf21a246e6b97db8788a7313;p=kernel.git

net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()

The "fsp->location" variable comes from user via ethtool_get_rxnfc().
Check that it is valid to prevent an out of bounds read.

Fixes: 754bb21bfd99 ("net: ethernet: mediatek: add ethtool functions to configure RX flows of HW LRO")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
index a9d4fd8945bbe..b3b3c079a0faf 100644
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
@@ -2212,6 +2212,9 @@ static int mtk_hwlro_get_fdir_entry(struct net_device *dev,
 	struct ethtool_rx_flow_spec *fsp =
 		(struct ethtool_rx_flow_spec *)&cmd->fs;
 
+	if (fsp->location >= ARRAY_SIZE(mac->hwlro_ip))
+		return -EINVAL;
+
 	/* only tcp dst ipv4 is meaningful, others are meaningless */
 	fsp->flow_type = TCP_V4_FLOW;
 	fsp->h_u.tcp_ip4_spec.ip4dst = ntohl(mac->hwlro_ip[fsp->location]);