]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6bee0b2) | patch
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
authorMike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
Tue, 12 Oct 2021 17:55:19 +0000 (13:55 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 2 Nov 2021 18:46:13 +0000 (19:46 +0100)
commit29f04d0f2eb4d1e383a074558ef4128c0a5d05e8
treeab754ed472121c9e1bd7062a283b256dbe44bef9tree | snapshot
parent6bee0b2a1886bd70c80f2199759f878637a4bb8ecommit | diff
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields

commit d39bf40e55e666b5905fdbd46a0dced030ce87be upstream.

Overflowing either addrlimit or bytes_togo can allow userspace to trigger
a buffer overflow of kernel memory. Check for overflows in all the places
doing math on user controlled buffers.

Fixes: 31ab18b4f628 ("IB/qib: Add new qib driver for QLogic PCIe InfiniBand adapters")
Link: https://lore.kernel.org/r/20211012175519.7298.77738.stgit@awfm-01.cornelisnetworks.com
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/infiniband/hw/qib/qib_user_sdma.c diff | blob | history
Linux Kernel Source Tree.