From 6e965040b3d10a542d00c62b7356823a3cc22368 Mon Sep 17 00:00:00 2001 From: Lukasz Czapnik Date: Tue, 21 Oct 2025 10:00:49 +0800 Subject: [PATCH] i40e: add max boundary check for VF filters stable inclusion from stable-v6.6.109 commit edecce7abd7152b48e279b4fa0a883d1839bb577 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/ID22AQ CVE: CVE-2025-39968 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=edecce7abd7152b48e279b4fa0a883d1839bb577 -------------------------------- commit cb79fa7118c150c3c76a327894bb2eb878c02619 upstream. There is no check for max filters that VF can request. Add it. Fixes: e284fc280473 ("i40e: Add and delete cloud filter") Cc: stable@vger.kernel.org Signed-off-by: Lukasz Czapnik Reviewed-by: Aleksandr Loktionov Signed-off-by: Przemek Kitszel Reviewed-by: Simon Horman Tested-by: Rafal Romanowski Signed-off-by: Tony Nguyen Signed-off-by: Greg Kroah-Hartman Signed-off-by: Fanhua Li --- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c index 9a9195a7e5d4..2b77b23dc503 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c +++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c @@ -3891,6 +3891,8 @@ static int i40e_vc_del_cloud_filter(struct i40e_vf *vf, u8 *msg) aq_ret); } +#define I40E_MAX_VF_CLOUD_FILTER 0xFF00 + /** * i40e_vc_add_cloud_filter * @vf: pointer to the VF info @@ -3930,6 +3932,14 @@ static int i40e_vc_add_cloud_filter(struct i40e_vf *vf, u8 *msg) goto err_out; } + if (vf->num_cloud_filters >= I40E_MAX_VF_CLOUD_FILTER) { + dev_warn(&pf->pdev->dev, + "VF %d: Max number of filters reached, can't apply cloud filter\n", + vf->vf_id); + aq_ret = -ENOSPC; + goto err_out; + } + cfilter = kzalloc(sizeof(*cfilter), GFP_KERNEL); if (!cfilter) { aq_ret = -ENOMEM; -- Gitee