net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing()
Radu Nicolae Pirea (OSS) authored
commit f8bac7f9 upstream.

The SJA1105 family has 45 L2 policing table entries
(SJA1105_MAX_L2_POLICING_COUNT) and SJA1110 has 110
(SJA1110_MAX_L2_POLICING_COUNT). Keeping the table structure but
accounting for the difference in port count (5 in SJA1105 vs 10 in
SJA1110) does not fully explain the difference. Rather, the SJA1110 also
has L2 ingress policers for multicast traffic. If a packet is classified
as multicast, it will be processed by the policer index 99 + SRCPORT.

The sja1105_init_l2_policing() function initializes all L2 policers such
that they don't interfere with normal packet reception by default. To have
a common code between SJA1105 and SJA1110, the index of the multicast
policer for the port is calculated because it's an index that is out of
bounds for SJA1105 but in bounds for SJA1110, and a bounds check is
performed.

The code fails to do the proper thing when determining what to...
5e88c6f4
Name Last commit Last update
Documentation docs: update mediator contact information in CoC doc
LICENSES LICENSES/dual/CC-BY-4.0: Git rid of "smart quotes"
arch KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
block block, bfq: fix null pointer dereference in bfq_bio_bfqg()
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist
crypto crypto: akcipher - default implementation for setting a private key
drivers net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing()
fs cifs: fix use-after-free caused by invalid pointer `hostname`
include memcg: fix possible use-after-free in memcg_write_event_control()
init init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
ipc ipc/sem: Fix dangling sem_array access in semtimedop race
kernel memcg: fix possible use-after-free in memcg_write_event_control()
lib Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled
mm mm/gup: fix gup_pud_range() for dax
net Bluetooth: Fix crash when replugging CSR fake controllers
samples samples/landlock: Format with clang-format
scripts scripts/faddr2line: Fix regression in name resolution on ppc64le
security capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
sound ASoC: soc-pcm: Add NULL check in BE reparenting
tools selftests/net: Find nettest in current directory
usr usr/include/Makefile: add linux/nfc.h to the compile-test coverage
virt kvm: Add support for arch compat vm ioctls
.clang-format clang-format: Update with the latest for_each macro list
.cocciconfig scripts: add Linux .cocciconfig for coccinelle
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl
.gitattributes .gitattributes: use 'dts' diff driver for dts files
.gitignore .gitignore: ignore only top-level modules.builtin
.mailmap mailmap: add Andrej Shadura
COPYING COPYING: state that all contributions really are covered by this file
CREDITS MAINTAINERS: Move Daniel Drake to credits
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y
Kconfig kbuild: ensure full rebuild when the compiler is updated
MAINTAINERS Input: goodix - add a goodix.h header file
Makefile Linux 5.15.82
README Drop all 00-INDEX files from Documentation/
Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.