Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp602637img; Fri, 22 Mar 2019 04:59:44 -0700 (PDT) X-Google-Smtp-Source: APXvYqz1zmxcmEmjW3F4xP/cnZJdx6jFqa2ztVF5t/vs4nYgG8txWnh1n/M0MjUdiq6LMAOi2GSu X-Received: by 2002:a63:4a4d:: with SMTP id j13mr8417242pgl.16.1553255984660; Fri, 22 Mar 2019 04:59:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553255984; cv=none; d=google.com; s=arc-20160816; b=GxnHwfiqG94xbWG6H8bTrL1wArPPDwLscJp68MRGQFOUz9VfI6EPICJeBq4RFSWXRO 6iF6ArcQZDnnq598s69wXzzutYD8bv25WiUzB2xAq9l6O1KdZO1Cn0Jj6EtJ4FEtUpWe Xt9w/k514da84eskzP+TGS6dkycWKbYtsB0wXMeQHhALYqQkrWqNLbQP5X8I/Ls0Wj6Y xoyyX7GtwqjB069lCObiw8ifeL7lhbfe8maW13lE6D/YIWCAI7hEyN/Vrfqod207DUJf N+2TVMZfxgFExhm0lxp20IBZjQrRX1n5m6MJa5joZM6ZPeLu6f8uyHSoOktfUPlhYHij L4OQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=vCOqbN7VUQsdz5A7gieUEV+KGnGglDPVUe4E4ARRHiY=; b=bM/ZXt9mB7KPLNk8axtxwJJmpJnpQDwCLYQzty6CF1qxz7+Oe+ncmTsgyFRZlOF0lp ccTzcWszu4xonScp5JwHi+sjBY81TtjHnuUUV5pcTmlDJrcyGl6vUVTspc5mZdsOA9Vd UxnSnEh0yfTDUwPHOmU9uUPM/Ou5479ZHVkHWPHs0QUh++xXom+QGrQd+wIaF+XBZfnA IrKcI8tIltGea2KDBwb0kHeMSrE+niR+gWgCzHyrneuXj3em4vPsiQwnaBIMcJMBMekB iAVPJuPe0CT4daj1rp61OxI297ArewgHd3SSEVa/Eu6Q0SqlfSm2ElqIw7v7nK46xbMA ZJhw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=daGPUkbE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id gn18si6723615plb.185.2019.03.22.04.59.29; Fri, 22 Mar 2019 04:59:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=daGPUkbE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387908AbfCVL65 (ORCPT + 99 others); Fri, 22 Mar 2019 07:58:57 -0400 Received: from mail.kernel.org ([198.145.29.99]:35800 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387902AbfCVL6z (ORCPT ); Fri, 22 Mar 2019 07:58:55 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3BC892192D; Fri, 22 Mar 2019 11:58:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553255934; bh=vuNW1LEWwRiD7aquPTeixFyYQtTqgO2ATrGLSTy7CwA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=daGPUkbEbhe54YPcOzjv9u07+IwYRa8AxN2vdp4pQsTkNndFQ2Qh5C+ij8Klw5WSj aCQRWRT8wM7aKpbKHpkfn+STXTH32NTs1uVoB47rpTZkc04jrcKd/67CvP+BZdSD7c Tu851ZMMJPx9uGGZE95FM4NNc5hMNZRXWkNosvxc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dan Carpenter , Vivien Didelot , "David S. Miller" , Sasha Levin Subject: [PATCH 4.19 059/280] net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() Date: Fri, 22 Mar 2019 12:13:32 +0100 Message-Id: <20190322111309.587317577@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190322111306.356185024@linuxfoundation.org> References: <20190322111306.356185024@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit 8d6ea932856c7087ce8c3d0e79494b7d5386f962 ] The value of ->num_ports comes from bcm_sf2_sw_probe() and it is less than or equal to DSA_MAX_PORTS. The ds->ports[] array is used inside the dsa_is_user_port() and dsa_is_cpu_port() functions. The ds->ports[] array is allocated in dsa_switch_alloc() and it has ds->num_ports elements so this leads to a static checker warning about a potential out of bounds read. Fixes: 8cfa94984c9c ("net: dsa: bcm_sf2: add suspend/resume callbacks") Signed-off-by: Dan Carpenter Reviewed-by: Vivien Didelot Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/dsa/bcm_sf2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_sf2.c index fc8b48adf38b..bb26a193361e 100644 --- a/drivers/net/dsa/bcm_sf2.c +++ b/drivers/net/dsa/bcm_sf2.c @@ -692,7 +692,7 @@ static int bcm_sf2_sw_suspend(struct dsa_switch *ds) * port, the other ones have already been disabled during * bcm_sf2_sw_setup */ - for (port = 0; port < DSA_MAX_PORTS; port++) { + for (port = 0; port < ds->num_ports; port++) { if (dsa_is_user_port(ds, port) || dsa_is_cpu_port(ds, port)) bcm_sf2_port_disable(ds, port, NULL); } -- 2.19.1