On 11/21/2019 4:44 PM, David Miller wrote:
> From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Date: Wed, 20 Nov 2019 15:34:38 +0300
>
>> The "ivm->vf" variable is a u32, but the problem is that a number of
>> drivers cast it to an int and then forget to check for negatives. An
>> example of this is in the cxgb4 driver.
>>
>> drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
>> 2890 static int cxgb4_mgmt_get_vf_config(struct net_device *dev,
>> 2891 int vf, struct ifla_vf_info *ivi)
>> ^^^^^^
>> 2892 {
>> 2893 struct port_info *pi = netdev_priv(dev);
>> 2894 struct adapter *adap = pi->adapter;
>> 2895 struct vf_info *vfinfo;
>> 2896
>> 2897 if (vf >= adap->num_vfs)
>> ^^^^^^^^^^^^^^^^^^^
>> 2898 return -EINVAL;
>> 2899 vfinfo = &adap->vfinfo[vf];
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>> There are 48 functions affected.
> ...
>> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> I'm going to apply this and queue it up for -stable.
>
> The u32 conversion should happen in next.
okay.
When Dan reported, I reviewed and wrote the patch for u32, and some more
code consolidation with it.
But hit the block with u32 leading to overflow to 0 which modifies the
first VF incorrectly.
Checking num_vfs of pci dev, without device_lock() is equally buggy as
it stands today.
Creating a lock in each vendor driver(s) doesn't make sense.
Haven't had chance yet after that.
Let me know if someone has a suggestion that I should incorporate.
