From: Eugenia Emantayev Date: Tue, 14 Feb 2012 06:37:16 +0000 (+0000) Subject: mlx4_core: fix buffer overrun X-Git-Tag: firefly_0821_release~3680^2~3338^2~294 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=58a30d6a3c2397f18a826f401e0f0e61e8868f19;p=firefly-linux-kernel-4.4.55.git mlx4_core: fix buffer overrun When passing MLX4_UC_STEER=1 it was translated to value 2 after mlx4_QP_ATTACH_wrapper. Therefore in new_steering_entry() unicast steer entries were added to index 2 of array of size 2. Fixing this bug by shift right to one position. Signed-off-by: Eugenia Emantayev Reviewed-by: Yevgeny Petrilin Signed-off-by: David S. Miller --- diff --git a/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c b/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c index dcd819bfb2f0..1420dbc947c2 100644 --- a/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c +++ b/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c @@ -2538,7 +2538,7 @@ int mlx4_QP_ATTACH_wrapper(struct mlx4_dev *dev, int slave, int attach = vhcr->op_modifier; int block_loopback = vhcr->in_modifier >> 31; u8 steer_type_mask = 2; - enum mlx4_steer_type type = gid[7] & steer_type_mask; + enum mlx4_steer_type type = (gid[7] & steer_type_mask) >> 1; qpn = vhcr->in_modifier & 0xffffff; err = get_res(dev, slave, qpn, RES_QP, &rqp);