gve: Fix off by one in gve_tx_timeout()

[ Upstream commit 1c360cc1cc883fbdf0a258b4df376571fbeac5ee ]

The priv->ntfy_blocks[] has "priv->num_ntfy_blks" elements so this >
needs to be >= to prevent an off by one bug.  The priv->ntfy_blocks[]
array is allocated in gve_alloc_notify_blocks().

Fixes: 87a7f321bb6a ("gve: Recover from queue stall due to missed IRQ")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/net/ethernet/google/gve/gve_main.c b/drivers/net/ethernet/google/gve/gve_main.c
index 3e96b2a11c5bf9df0bd5aa08b51971b121e1ec2b..6cb75bb1ed052fb73bdff058e9909bc2c81eee06 100644 (file)
--- a/drivers/net/ethernet/google/gve/gve_main.c
+++ b/drivers/net/ethernet/google/gve/gve_main.c
@@ -959,7 +959,7 @@ static void gve_tx_timeout(struct net_device *dev, unsigned int txqueue)
                goto reset;
 
        ntfy_idx = gve_tx_idx_to_ntfy(priv, txqueue);
-       if (ntfy_idx > priv->num_ntfy_blks)
+       if (ntfy_idx >= priv->num_ntfy_blks)
                goto reset;
 
        block = &priv->ntfy_blocks[ntfy_idx];