On Tue, Mar 11, 2025 at 02:16:02PM +0900, Kyungwook Boo wrote: > When the device sends a specific input, an integer underflow can occur, > leading > to MMIO write access to an invalid page. > > Prevent the integer underflow by changing the type of related variables. > > Signed-off-by: Kyungwook Boo <[email protected]> > Link: > https://lore.kernel.org/lkml/[email protected]/T/ > --- > Changes in v2: > - Formatting properly > - Fix variable shadowing > - Link to v1: > https://lore.kernel.org/netdev/[email protected]/ > --- > drivers/net/ethernet/intel/i40e/i40e_common.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/drivers/net/ethernet/intel/i40e/i40e_common.c > b/drivers/net/ethernet/intel/i40e/i40e_common.c > index 370b4bddee44..b11c35e307ca 100644 > --- a/drivers/net/ethernet/intel/i40e/i40e_common.c > +++ b/drivers/net/ethernet/intel/i40e/i40e_common.c > @@ -817,10 +817,11 @@ int i40e_pf_reset(struct i40e_hw *hw) > void i40e_clear_hw(struct i40e_hw *hw) > { > u32 num_queues, base_queue; > - u32 num_pf_int; > - u32 num_vf_int; > + s32 num_pf_int; > + s32 num_vf_int; > u32 num_vfs; > - u32 i, j; > + s32 i; > + u32 j; > u32 val; > u32 eol = 0x7ff; > > --- > base-commit: 4d872d51bc9d7b899c1f61534e3dbde72613f627
I see that this addresses the problem at the first link above. And I'd happy to see it accepted as-is. Reviewed-by: Simon Horman <[email protected]> But, as an aside, wouldn't it be more appropriate to use generic types like int and unsigned int for most of the above variables? Perhaps this could be addressed by a follow-up. Or perhaps that would just be churn, IDK.
