Revision - 9dfef3a - bnx2x: fix AFEX memory overflow

Revision 9dfef3adaebb42163d691be73e05b12da440cbe5 authored by Yuval Mintz on 05 January 2014, 16:33:53 UTC, committed by David S. Miller on 06 January 2014, 01:22:25 UTC

bnx2x: fix AFEX memory overflow

There are 2 different (related) flows in the slowpath configuration
that utilize the same pointer and cast it to different structs;
This is obviously incorrect as the intended allocated memory is that
of the smaller struct, possibly causing the flow utilizing the larger
struct to corrupt other slowpath configuration.

Since both flows are exclusive, set the allocated memory to be a union
of both structs.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 parent 5b62291

Files
Changes

Permalinks

File	Mode	Size
9p
adfs
affs
afs
autofs4
befs
bfs
btrfs
cachefiles
ceph
cifs
coda
configfs
cramfs
debugfs
devpts
dlm
ecryptfs
efivarfs
efs
exofs
exportfs
ext2
ext3
ext4
f2fs
fat
freevxfs
fscache
fuse
gfs2
hfs
hfsplus
hostfs
hpfs
hppfs
hugetlbfs
isofs
jbd
jbd2
jffs2
jfs
lockd
logfs
minix
ncpfs
nfs
nfs_common
nfsd
nilfs2
nls
notify
ntfs
ocfs2
omfs
openpromfs
proc
pstore
qnx4
qnx6
quota
ramfs
reiserfs
romfs
squashfs
sysfs
sysv
ubifs
udf
ufs
xfs
Kconfig	-rw-r--r--	6.0 KB
Kconfig.binfmt	-rw-r--r--	7.2 KB
Makefile	-rw-r--r--	4.2 KB
aio.c	-rw-r--r--	37.8 KB
anon_inodes.c	-rw-r--r--	5.2 KB
attr.c	-rw-r--r--	8.0 KB
bad_inode.c	-rw-r--r--	7.7 KB
binfmt_aout.c	-rw-r--r--	11.1 KB
binfmt_elf.c	-rw-r--r--	57.1 KB
binfmt_elf_fdpic.c	-rw-r--r--	47.1 KB
binfmt_em86.c	-rw-r--r--	2.6 KB
binfmt_flat.c	-rw-r--r--	26.4 KB
binfmt_misc.c	-rw-r--r--	14.8 KB
binfmt_script.c	-rw-r--r--	2.7 KB
binfmt_som.c	-rw-r--r--	7.1 KB
bio-integrity.c	-rw-r--r--	19.9 KB
bio.c	-rw-r--r--	49.0 KB
block_dev.c	-rw-r--r--	41.9 KB
buffer.c	-rw-r--r--	88.7 KB
char_dev.c	-rw-r--r--	14.1 KB
compat.c	-rw-r--r--	36.7 KB
compat_binfmt_elf.c	-rw-r--r--	3.6 KB
compat_ioctl.c	-rw-r--r--	45.3 KB
coredump.c	-rw-r--r--	17.9 KB
coredump.h	-rw-r--r--	106 bytes
dcache.c	-rw-r--r--	87.4 KB
dcookies.c	-rw-r--r--	6.9 KB
direct-io.c	-rw-r--r--	39.4 KB
drop_caches.c	-rw-r--r--	1.5 KB
eventfd.c	-rw-r--r--	11.3 KB
eventpoll.c	-rw-r--r--	59.1 KB
exec.c	-rw-r--r--	39.3 KB
fcntl.c	-rw-r--r--	16.3 KB
fhandle.c	-rw-r--r--	6.5 KB
file.c	-rw-r--r--	21.9 KB
file_table.c	-rw-r--r--	9.4 KB
filesystems.c	-rw-r--r--	6.4 KB
fs-writeback.c	-rw-r--r--	39.6 KB
fs_struct.c	-rw-r--r--	3.3 KB
generic_acl.c	-rw-r--r--	3.9 KB
inode.c	-rw-r--r--	48.7 KB
internal.h	-rw-r--r--	3.6 KB
ioctl.c	-rw-r--r--	15.5 KB
ioprio.c	-rw-r--r--	5.0 KB
libfs.c	-rw-r--r--	26.7 KB
locks.c	-rw-r--r--	64.8 KB
mbcache.c	-rw-r--r--	16.5 KB
mount.h	-rw-r--r--	2.8 KB
mpage.c	-rw-r--r--	20.0 KB
namei.c	-rw-r--r--	109.8 KB
namespace.c	-rw-r--r--	70.9 KB
no-block.c	-rw-r--r--	688 bytes
open.c	-rw-r--r--	25.8 KB
pipe.c	-rw-r--r--	29.2 KB
pnode.c	-rw-r--r--	9.0 KB
pnode.h	-rw-r--r--	1.5 KB
posix_acl.c	-rw-r--r--	9.2 KB
proc_namespace.c	-rw-r--r--	7.5 KB
read_write.c	-rw-r--r--	27.4 KB
readdir.c	-rw-r--r--	6.8 KB
select.c	-rw-r--r--	25.4 KB
seq_file.c	-rw-r--r--	21.7 KB
signalfd.c	-rw-r--r--	9.1 KB
splice.c	-rw-r--r--	47.3 KB
stack.c	-rw-r--r--	2.5 KB
stat.c	-rw-r--r--	12.0 KB
statfs.c	-rw-r--r--	5.3 KB
super.c	-rw-r--r--	34.4 KB
sync.c	-rw-r--r--	10.2 KB
timerfd.c	-rw-r--r--	11.4 KB
utimes.c	-rw-r--r--	5.9 KB
xattr.c	-rw-r--r--	23.5 KB
xattr_acl.c	-rw-r--r--	4.3 KB

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...