On Mon, Nov 04, 2024 at 04:57:04PM +0800, Philo Lu wrote:
> Add hash_key_length check in virtnet_probe() to avoid possible out of
> bound errors when setting/reading the hash key.
>
> Fixes: c7114b1249fa ("drivers/net/virtio_net: Added basic RSS support.")
> Signed-off-by: Philo Lu <lulie@xxxxxxxxxxxxxxxxx>
> Signed-off-by: Xuan Zhuo <xuanzhuo@xxxxxxxxxxxxxxxxx>
> ---
> drivers/net/virtio_net.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
> index 75c1ff4efd13..acc3e5dc112e 100644
> --- a/drivers/net/virtio_net.c
> +++ b/drivers/net/virtio_net.c
> @@ -6451,6 +6451,12 @@ static int virtnet_probe(struct virtio_device *vdev)
> if (vi->has_rss || vi->has_rss_hash_report) {
> vi->rss_key_size =
> virtio_cread8(vdev, offsetof(struct virtio_net_config, rss_max_key_size));
> + if (vi->rss_key_size > VIRTIO_NET_RSS_MAX_KEY_SIZE) {
> + dev_err(&vdev->dev, "rss_max_key_size=%u exceeds the limit %u.\n",
> + vi->rss_key_size, VIRTIO_NET_RSS_MAX_KEY_SIZE);
> + err = -EINVAL;
> + goto free;
> + }
I agree that an out of bounds error could occur and a check here
is needed.
I have no idea if returning -EINVAL from probe is the correct
solution (vs say using min()) as I am just a casual observer of
virtio_net and not a maintainer.
Acked-by: Joe Damato <jdamato@xxxxxxxxxx>
