ixgbe: Off by one in ixgbe_ipsec_tx() The ipsec->tx_tbl[] has IXGBE_IPSEC_MAX_SA_COUNT elements so the > needs to be changed to >= so we don't read one element beyond the end of the array. Fixes: 592594704761 ("ixgbe: process the Tx ipsec offload") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Shannon Nelson <shannon.nelson@oracle.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>

commit: c411104115e6821f26fc8f6de8b235ddf98de688 [log] [tgz]
author: Dan Carpenter <dan.carpenter@oracle.com> Wed Jul 04 12:53:37 2018 +0300
committer: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Thu Jul 12 08:03:09 2018 -0700
tree: 422a5e32a12a5a4e722cff735bdcee8b3b7e2d05
parent: d14c780c11fbc10f66c43e7b64eefe87ca442bd3 [diff] [blame]
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
index c116f45..da4322e 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c

@@ -839,7 +839,7 @@ int ixgbe_ipsec_tx(struct ixgbe_ring *tx_ring,
 	}
 
 	itd->sa_idx = xs->xso.offload_handle - IXGBE_IPSEC_BASE_TX_INDEX;
-	if (unlikely(itd->sa_idx > IXGBE_IPSEC_MAX_SA_COUNT)) {
+	if (unlikely(itd->sa_idx >= IXGBE_IPSEC_MAX_SA_COUNT)) {
 		netdev_err(tx_ring->netdev, "%s: bad sa_idx=%d handle=%lu\n",
 			   __func__, itd->sa_idx, xs->xso.offload_handle);
 		return 0;
commit	c411104115e6821f26fc8f6de8b235ddf98de688	[log] [tgz]
author	Dan Carpenter <dan.carpenter@oracle.com>	Wed Jul 04 12:53:37 2018 +0300
committer	Jeff Kirsher <jeffrey.t.kirsher@intel.com>	Thu Jul 12 08:03:09 2018 -0700
tree	422a5e32a12a5a4e722cff735bdcee8b3b7e2d05
parent	d14c780c11fbc10f66c43e7b64eefe87ca442bd3 [diff] [blame]