diff options
| author |   Arthur Kiyanovski <akiyano@amazon.com> | 2020-02-11 15:17:40 +0000 |
|---|---|---|
| committer |   David S. Miller <davem@davemloft.net> | 2020-02-11 17:08:30 -0800 |
| commit | 91a65b7d3ed8450f31ab717a65dcb5f9ceb5ab02 (patch) | |
| tree | a6b6914faa023a6c9f2d3813d3a3ae13878f3db8 | |
| parent | net/smc: fix leak of kernel memory to user space (diff) | |
| download | linux-dev-91a65b7d3ed8450f31ab717a65dcb5f9ceb5ab02.tar.xz linux-dev-91a65b7d3ed8450f31ab717a65dcb5f9ceb5ab02.zip | |
net: ena: fix potential crash when rxfh key is NULL
When ethtool -X is called without an hkey, ena_com_fill_hash_function()
is called with key=NULL, which is passed to memcpy causing a crash.
This commit fixes this issue by checking key is not NULL.
Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | drivers/net/ethernet/amazon/ena/ena_com.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/drivers/net/ethernet/amazon/ena/ena_com.c b/drivers/net/ethernet/amazon/ena/ena_com.c index ea62604fdf8c..e54c44fdcaa7 100644 --- a/drivers/net/ethernet/amazon/ena/ena_com.c +++ b/drivers/net/ethernet/amazon/ena/ena_com.c @@ -2297,15 +2297,16 @@ int ena_com_fill_hash_function(struct ena_com_dev *ena_dev, switch (func) { case ENA_ADMIN_TOEPLITZ: - if (key_len > sizeof(hash_key->key)) { - pr_err("key len (%hu) is bigger than the max supported (%zu)\n", - key_len, sizeof(hash_key->key)); - return -EINVAL; + if (key) { + if (key_len != sizeof(hash_key->key)) { + pr_err("key len (%hu) doesn't equal the supported size (%zu)\n", + key_len, sizeof(hash_key->key)); + return -EINVAL; + } + memcpy(hash_key->key, key, key_len); + rss->hash_init_val = init_val; + hash_key->keys_num = key_len >> 2; } - - memcpy(hash_key->key, key, key_len); - rss->hash_init_val = init_val; - hash_key->keys_num = key_len >> 2; break; case ENA_ADMIN_CRC32: rss->hash_init_val = init_val; |