A field ID passed to the API may point to a gap in the array
of field descriptors. Turn down such invocations as improper.
Fixes: 370ed675a952 ("common/sfc_efx/base: support setting PPORT in match spec")
Cc: [email protected]
Reviewed-by: Andy Moreton <[email protected]>
Reviewed-by: Andrew Rybchenko <[email protected]>
Signed-off-by: Ivan Malov <[email protected]>
---
drivers/common/sfc_efx/base/efx_mae.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/common/sfc_efx/base/efx_mae.c
b/drivers/common/sfc_efx/base/efx_mae.c
index c1717d7b0..f4a529f5a 100644
--- a/drivers/common/sfc_efx/base/efx_mae.c
+++ b/drivers/common/sfc_efx/base/efx_mae.c
@@ -678,16 +678,22 @@ efx_mae_match_spec_field_set(
goto fail2;
}
- if (value_size != descp->emmd_value_size) {
+ if (descp->emmd_mask_size == 0) {
+ /* The ID points to a gap in the array of field descriptors. */
rc = EINVAL;
goto fail3;
}
- if (mask_size != descp->emmd_mask_size) {
+ if (value_size != descp->emmd_value_size) {
rc = EINVAL;
goto fail4;
}
+ if (mask_size != descp->emmd_mask_size) {
+ rc = EINVAL;
+ goto fail5;
+ }
+
if (descp->emmd_endianness == EFX_MAE_FIELD_BE) {
/*
* The mask/value are in network (big endian) order.
@@ -729,6 +735,8 @@ efx_mae_match_spec_field_set(
return (0);
+fail5:
+ EFSYS_PROBE(fail5);
fail4:
EFSYS_PROBE(fail4);
fail3:
--
2.20.1
