net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (!4148) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Kamal Heib requested to merge kheib/centos-stream-9:RHEL-30492 into main Apr 30, 2024

JIRA: https://issues.redhat.com/browse/RHEL-30492
CVE: CVE-2023-52626

commit 3876638b2c7ebb2c9d181de1191db0de8cac143a
Author: Rahul Rameshbabu rrameshbabu@nvidia.com
Date: Wed Nov 22 18:32:11 2023 -0800

net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context  

Indirection (*) is of lower precedence than postfix increment (++). Logic  
in napi_poll context would cause an out-of-bound read by first increment  
the pointer address by byte address space and then dereference the value.  
Rather, the intended logic was to dereference first and then increment the  
underlying value.  

Fixes: 92214be5979c ("net/mlx5e: Update doorbell for port timestamping CQ before the software counter")  
Signed-off-by: Rahul Rameshbabu <rrameshbabu@nvidia.com>  
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>  
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>

Signed-off-by: Kamal Heib kheib@redhat.com

net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context

Merge request reports