Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1924189imm; Thu, 24 May 2018 03:01:41 -0700 (PDT) X-Google-Smtp-Source: AB8JxZq+P9FoeWvnFNIDbXQ61Xn12eA4FBl1nfZqvPRDR3d6P7uzSFxffU1Q8G2AzNtcQYq51Wpm X-Received: by 2002:a17:902:aa03:: with SMTP id be3-v6mr6630896plb.61.1527156101503; Thu, 24 May 2018 03:01:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527156101; cv=none; d=google.com; s=arc-20160816; b=DWT87beP/byb99MkJcytq1da3B2Ysr0u2bdZ4W71p2aO5rmuAKglonYfsQOP+TvI7X Bjvi44B66YEvLOREAjp0ztQzTfjOCdBFDXmnk2hK1z9Z1riodG/8clyLv+Xxahxrddr/ yfBgFlefUubpNj2kndQc+BQBlm6+v9HWirgqzKvSRQWq33j0gsXOpcniIYVrrXwdud9L d/LrC5qhAs1uJEumR8R4qCc6ckUajyvcmx6igQkpg8tEpYYuQGFirxJ5BtQ36JWytkLF MZaY95qWkG/lEYR6XdNbwtXQmDErssNo7VBChk/WGbmPX44/ZlZHzYIeejH+qdnHKLdu YDeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=WzV3M7dDkMNK7DbVh0gd5xwxBLyG1e8+nyVZo5ohnkQ=; b=q0hRlXdlG4Uq3r2I8QuljHZPNjvCJcFi3e1s35HhacGR1T4L21w7w/0/thHHYT/wSj t3HXBa9bzwZAGlfBglbUC+KTeL69tJcIFySsOQAF6aMYQhIIWuRTKrdkAtX0SOtmF81E zE59WdCdPi5bFEyodPicPncoE+MEIflSd5oQg1jOwTTaWHaHeAkOHRKmvBmL1CrhhZZh zingbQGQmBsA7OwyNj1RHt1rqHfFujvFm/WQdkcj91+0EaBqU7ju8EWeBdnhwTmF6z5r bYkL9FDWnbp2ep7Y5hQWS2/Cu8+RdTTSRqJdyOtcWg/s1bpe1bDpOvw+7FUoBEyT3XDS M1Dg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=SfLKC2V4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 3-v6si21255441plp.515.2018.05.24.03.01.25; Thu, 24 May 2018 03:01:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=SfLKC2V4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1030765AbeEXJ70 (ORCPT + 99 others); Thu, 24 May 2018 05:59:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:40208 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1030750AbeEXJ7V (ORCPT ); Thu, 24 May 2018 05:59:21 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E55BE2088E; Thu, 24 May 2018 09:59:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1527155960; bh=2cQ6ulcj6YezKcWkNROiFjWo4/Aaoh+RWB4pD4IDt1Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SfLKC2V433GaVXFphRAXWnZk/vSKDvX7dWJ2hmOQQQlFz/ZjvwpfXPc0eREJ7LShO LQej/9BI050HdKKOteU3UU6rvUlq/ilYVjGUFaUrHpUMuTqQ7647+sW1MNYknfimrl 6DZd4pJo888KB3dOMKi/WX98FgX4Q0fSEJ7ThGFM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Florian Fainelli , "David S. Miller" Subject: [PATCH 4.16 014/161] net: dsa: bcm_sf2: Fix RX_CLS_LOC_ANY overwrite for last rule Date: Thu, 24 May 2018 11:37:19 +0200 Message-Id: <20180524093020.106555710@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180524093018.331893860@linuxfoundation.org> References: <20180524093018.331893860@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.16-stable review patch. If anyone has any objections, please let me know. ------------------ From: Florian Fainelli [ Upstream commit 43a5e00f38fe8933a1c716bfe5b30e97f749d94b ] When we let the kernel pick up a rule location with RX_CLS_LOC_ANY, we would be able to overwrite the last rules because of a number of issues. The IPv4 code path would not be checking that rule_index is within bounds, and it would also only be allowed to pick up rules from range 0..126 instead of the full 0..127 range. This would lead us to allow overwriting the last rule when we let the kernel pick-up the location. Fixes: 3306145866b6 ("net: dsa: bcm_sf2: Move IPv4 CFP processing to specific functions") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/dsa/bcm_sf2_cfp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/drivers/net/dsa/bcm_sf2_cfp.c +++ b/drivers/net/dsa/bcm_sf2_cfp.c @@ -354,10 +354,13 @@ static int bcm_sf2_cfp_ipv4_rule_set(str /* Locate the first rule available */ if (fs->location == RX_CLS_LOC_ANY) rule_index = find_first_zero_bit(priv->cfp.used, - bcm_sf2_cfp_rule_size(priv)); + priv->num_cfp_rules); else rule_index = fs->location; + if (rule_index > bcm_sf2_cfp_rule_size(priv)) + return -ENOSPC; + layout = &udf_tcpip4_layout; /* We only use one UDF slice for now */ slice_num = bcm_sf2_get_slice_number(layout, 0);