Re: [PATCH net, v3] net: mana: Fix crash from unvalidated SHM offset read from BAR0 during FLR
From: Paolo Abeni <pabeni@redhat.com>
Date: 2026-05-05 13:43:00
Also in:
bpf, linux-hyperv, linux-rdma, lkml
On 5/1/26 4:47 AM, Dipayaan Roy wrote:
quoted hunk ↗ jump to hunk
@@ -73,10 +74,28 @@ static int mana_gd_init_pf_regs(struct pci_dev *pdev) gc->phys_db_page_base = gc->bar0_pa + gc->db_page_off; sriov_base_off = mana_gd_r64(gc, GDMA_SRIOV_REG_CFG_BASE_OFF); + if (sriov_base_off >= gc->bar0_size || + gc->bar0_size - sriov_base_off < + GDMA_PF_REG_SHM_OFF + sizeof(u64) || + !IS_ALIGNED(sriov_base_off, sizeof(u64))) { + dev_err(gc->dev, + "SRIOV base offset 0x%llx out of range or unaligned (BAR0 size 0x%llx)\n", + sriov_base_off, (u64)gc->bar0_size); + return -EPROTO; + }
I think that the additional fix suggested by sashiko is really worthy, but should go in a separate patch. @Dipayaan: please follow-up on that one, thanks! Paolo