Commit 5dacfde4 authored Apr 05, 2022 by Sasha Neftin Committed by Greg Kroah-Hartman Apr 27, 2022

e1000e: Fix possible overflow in LTR decoding



commit 04ebaa1cfddae5f240cc7404f009133bb0389a47 upstream.

When we decode the latency and the max_latency, u16 value may not fit
the required size and could lead to the wrong LTR representation.

Scaling is represented as:
scale 0 - 1         (2^(5*0)) = 2^0
scale 1 - 32        (2^(5 *1))= 2^5
scale 2 - 1024      (2^(5 *2)) =2^10
scale 3 - 32768     (2^(5 *3)) =2^15
scale 4 - 1048576   (2^(5 *4)) = 2^20
scale 5 - 33554432  (2^(5 *4)) = 2^25
scale 4 and scale 5 required 20 and 25 bits respectively.
scale 6 reserved.

Replace the u16 type with the u32 type and allow corrected LTR
representation.

Cc: stable@vger.kernel.org
Fixes: 44a13a5d99c7 ("e1000e: Fix the max snoop/no-snoop latency for 10M")
Reported-by: James Hutchinson <jahutchinson99@googlemail.com>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215689


Suggested-by: Dima Ruinskiy <dima.ruinskiy@intel.com>
Signed-off-by: Sasha Neftin <sasha.neftin@intel.com>
Tested-by: Naama Meir <naamax.meir@linux.intel.com>
Tested-by: James Hutchinson <jahutchinson99@googlemail.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 25f8b859

drivers/net/ethernet/intel/e1000e/ich8lan.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1010,8 +1010,8 @@ static s32 e1000_platform_pm_pch_lpt(struct e1000_hw *hw, bool link)
		{
		u32 reg = link << (E1000_LTRV_REQ_SHIFT + E1000_LTRV_NOSNOOP_SHIFT) \|
		link << E1000_LTRV_REQ_SHIFT \| E1000_LTRV_SEND;
		u16 max_ltr_enc_d = 0; /* maximum LTR decoded by platform */
		u16 lat_enc_d = 0; /* latency decoded */
		u32 max_ltr_enc_d = 0; /* maximum LTR decoded by platform */
		u32 lat_enc_d = 0; /* latency decoded */
		u16 lat_enc = 0; /* latency encoded */

		if (link) {