net/sfc/base: fix potential buffer overflow in Tx queue init

Improve error checking to avoid a caller overflowing the MCDI
request buffer if the requested TXQ size was excessively large.

Coverity issue: 1305527
Fixes: e7cd430c864f ("net/sfc/base: import SFN7xxx family support")
CC: stable@dpdk.org
Signed-off-by: Andy Moreton <amoreton@solarflare.com>
Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>

diff --git a/drivers/net/sfc/base/ef10_tx.c b/drivers/net/sfc/base/ef10_tx.c
index 6ad11dd..0f8e9b1 100644 (file)
--- a/drivers/net/sfc/base/ef10_tx.c
+++ b/drivers/net/sfc/base/ef10_tx.c
@@ -67,7 +67,7 @@ efx_mcdi_init_txq(
            EFX_TXQ_NBUFS(enp->en_nic_cfg.enc_txq_max_ndescs));
 
        npages = EFX_TXQ_NBUFS(size);
-       if (npages > MC_CMD_INIT_TXQ_IN_DMA_ADDR_MAXNUM) {
+       if (MC_CMD_INIT_TXQ_IN_LEN(npages) > sizeof (payload)) {
                rc = EINVAL;
                goto fail1;
        }