net: aquantia: fixed buffer overflow

The overflow is detected by smatch: drivers/net/ethernet/aquantia/atlantic/aq_pci_func.c: 175 aq_pci_func_free_irqs() error: buffer overflow 'self->aq_vec' 8 <= 31 In reality msix_entry_mask always restricts number of iterations. Adding extra condition to make logic clear and smatch happy. Signed-off-by: Nikita Danilov <nikita.danilov@aquantia.com> Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com> Signed-off-by: David S. Miller <davem@davemloft.net>

net: aquantia: fixed buffer overflow
The overflow is detected by smatch: drivers/net/ethernet/aquantia/atlantic/aq_pci_func.c: 175 aq_pci_func_free_irqs() error: buffer overflow 'self->aq_vec' 8 <= 31 In reality msix_entry_mask always restricts number of iterations. Adding extra condition to make logic clear and smatch happy. Signed-off-by: Nikita Danilov <nikita.danilov@aquantia.com> Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
13b7997a · Nikita Danilov · David S. Miller · ea4854dd · 13b7997a
Commit 13b7997a authored Feb 27, 2019 by Nikita Danilov Committed by David S. Miller Mar 01, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

drivers/net/ethernet/aquantia/atlantic/aq_pci_func.c drivers/net/ethernet/aquantia/atlantic/aq_pci_func.c +2 -0

No files found.
--- a/drivers/net/ethernet/aquantia/atlantic/aq_pci_func.c
+++ b/drivers/net/ethernet/aquantia/atlantic/aq_pci_func.c
@@ -170,6 +170,8 @@ void aq_pci_func_free_irqs(struct aq_nic_s *self)
 	for (i = 32U; i--;) {
 		if (!((1U << i) & self->msix_entry_mask))
 			continue;
+		if (i >= AQ_CFG_VECS_MAX)
+			continue;

 		if (pdev->msix_enabled)
 			irq_set_affinity_hint(pci_irq_vector(pdev, i), NULL);