4.17-stable review patch. If anyone has any objections, please let me know. ------------------ From: Dan Carpenter <dan.carpenter@xxxxxxxxxx> [ Upstream commit c411104115e6821f26fc8f6de8b235ddf98de688 ] The ipsec->tx_tbl[] has IXGBE_IPSEC_MAX_SA_COUNT elements so the > needs to be changed to >= so we don't read one element beyond the end of the array. Fixes: 592594704761 ("ixgbe: process the Tx ipsec offload") Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Acked-by: Shannon Nelson <shannon.nelson@xxxxxxxxxx> Tested-by: Andrew Bowers <andrewx.bowers@xxxxxxxxx> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx> Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c @@ -759,7 +759,7 @@ int ixgbe_ipsec_tx(struct ixgbe_ring *tx } itd->sa_idx = xs->xso.offload_handle - IXGBE_IPSEC_BASE_TX_INDEX; - if (unlikely(itd->sa_idx > IXGBE_IPSEC_MAX_SA_COUNT)) { + if (unlikely(itd->sa_idx >= IXGBE_IPSEC_MAX_SA_COUNT)) { netdev_err(tx_ring->netdev, "%s: bad sa_idx=%d handle=%lu\n", __func__, itd->sa_idx, xs->xso.offload_handle); return 0;