From: Colin Ian King <[email protected]>
idx can be returned as -ENOSPC, so we should check for this first
before using it as an index into nn->vxlan_usecnt[] to avoid an
out of bounds array offset read.
Signed-off-by: Colin Ian King <[email protected]>
---
drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 2 +-
drivers/nfc/fdp/fdp.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/netronome/nfp/nfp_net_common.c b/drivers/net/ethernet/netronome/nfp/nfp_net_common.c
index 1e74b91..88678c1 100644
--- a/drivers/net/ethernet/netronome/nfp/nfp_net_common.c
+++ b/drivers/net/ethernet/netronome/nfp/nfp_net_common.c
@@ -2578,7 +2578,7 @@ static void nfp_net_del_vxlan_port(struct net_device *netdev,
return;
idx = nfp_net_find_vxlan_idx(nn, ti->port);
- if (!nn->vxlan_usecnt[idx] || idx == -ENOSPC)
+ if (idx == -ENOSPC || !nn->vxlan_usecnt[idx])
return;
if (!--nn->vxlan_usecnt[idx])
diff --git a/drivers/nfc/fdp/fdp.c b/drivers/nfc/fdp/fdp.c
index e44a7a2..d93d314 100644
--- a/drivers/nfc/fdp/fdp.c
+++ b/drivers/nfc/fdp/fdp.c
@@ -345,7 +345,7 @@ static void fdp_nci_release_firmware(struct nci_dev *ndev)
if (info->ram_patch) {
release_firmware(info->ram_patch);
- info->otp_patch = NULL;
+ info->ram_patch = NULL;
}
}
--
2.8.1
Hi Colin,
On Mon, Jul 11, 2016 at 04:46:57PM +0100, Colin King wrote:
> diff --git a/drivers/nfc/fdp/fdp.c b/drivers/nfc/fdp/fdp.c
> index e44a7a2..d93d314 100644
> --- a/drivers/nfc/fdp/fdp.c
> +++ b/drivers/nfc/fdp/fdp.c
> @@ -345,7 +345,7 @@ static void fdp_nci_release_firmware(struct nci_dev *ndev)
>
> if (info->ram_patch) {
> release_firmware(info->ram_patch);
> - info->otp_patch = NULL;
> + info->ram_patch = NULL;
> }
> }
This chunk is unrelated and also already applied to my nfc-next tree.
Cheers,
Samuel.
Ignore this, got some other fix included by mistake. Will resend.
On 11/07/16 16:46, Colin King wrote:
> From: Colin Ian King <[email protected]>
>
> idx can be returned as -ENOSPC, so we should check for this first
> before using it as an index into nn->vxlan_usecnt[] to avoid an
> out of bounds array offset read.
>
> Signed-off-by: Colin Ian King <[email protected]>
> ---
> drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 2 +-
> drivers/nfc/fdp/fdp.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ethernet/netronome/nfp/nfp_net_common.c b/drivers/net/ethernet/netronome/nfp/nfp_net_common.c
> index 1e74b91..88678c1 100644
> --- a/drivers/net/ethernet/netronome/nfp/nfp_net_common.c
> +++ b/drivers/net/ethernet/netronome/nfp/nfp_net_common.c
> @@ -2578,7 +2578,7 @@ static void nfp_net_del_vxlan_port(struct net_device *netdev,
> return;
>
> idx = nfp_net_find_vxlan_idx(nn, ti->port);
> - if (!nn->vxlan_usecnt[idx] || idx == -ENOSPC)
> + if (idx == -ENOSPC || !nn->vxlan_usecnt[idx])
> return;
>
> if (!--nn->vxlan_usecnt[idx])
> diff --git a/drivers/nfc/fdp/fdp.c b/drivers/nfc/fdp/fdp.c
> index e44a7a2..d93d314 100644
> --- a/drivers/nfc/fdp/fdp.c
> +++ b/drivers/nfc/fdp/fdp.c
> @@ -345,7 +345,7 @@ static void fdp_nci_release_firmware(struct nci_dev *ndev)
>
> if (info->ram_patch) {
> release_firmware(info->ram_patch);
> - info->otp_patch = NULL;
> + info->ram_patch = NULL;
> }
> }
>
>