Message ID | 0329de90095bb2eb1ae24c4c3ed2958cb5c125f8.1547878835.git.igor.russkikh@aquantia.com |
---|---|
State | Changes Requested |
Delegated to: | David Miller |
Headers | show |
Series | net: aquantia: minor bug fixes after static analysis | expand |
On Mon, Jan 21, 2019 at 02:53:51PM +0000, Igor Russkikh wrote: > This is a real stack undercorruption found by kasan build. > > The issue did no harm normally because it only overflowed > 2 bytes after `bitary` array which on most architectures > were mapped into `err` local. Hi Igor Since this is a real bug, please add a fixes: tag, and post it to net. Thanks Andrew
diff --git a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c index b58ca7cb8e9d..c4cdc51350b2 100644 --- a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c +++ b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c @@ -199,8 +199,8 @@ static int hw_atl_b0_hw_rss_set(struct aq_hw_s *self, u32 i = 0U; u32 num_rss_queues = max(1U, self->aq_nic_cfg->num_rss_queues); int err = 0; - u16 bitary[(HW_ATL_B0_RSS_REDIRECTION_MAX * - HW_ATL_B0_RSS_REDIRECTION_BITS / 16U)]; + u16 bitary[1 + (HW_ATL_B0_RSS_REDIRECTION_MAX * + HW_ATL_B0_RSS_REDIRECTION_BITS / 16U)]; memset(bitary, 0, sizeof(bitary));