qed: potential overflow in qed_cxt_src_t2_alloc()
authorDan Carpenter <dan.carpenter@oracle.com>
Tue, 7 Jun 2016 12:04:16 +0000 (15:04 +0300)
committerDavid S. Miller <davem@davemloft.net>
Wed, 8 Jun 2016 07:33:25 +0000 (00:33 -0700)
commit01e517f16e38fc2345d4d555a7764b5f3f35af84
tree6b200ac9cb1a5f75e3f9e53052e32d69d5f4191f
parentf02ea21548171fa3dacc11fbca358a0fc863bb51
qed: potential overflow in qed_cxt_src_t2_alloc()

In the current code "ent_per_page" could be more than "conn_num" making
"conn_num" negative after the subtraction.  In the next iteration
through the loop then the negative is treated as a very high positive
meaning we don't put a limit on "ent_num".  It could lead to memory
corruption.

Fixes: dbb799c39717 ('qed: Initialize hardware for new protocols')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Yuval Mintz <Yuval.Mintz@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/ethernet/qlogic/qed/qed_cxt.c