]> git.baikalelectronics.ru Git - kernel.git/commit
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
authorMike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
Tue, 12 Oct 2021 17:55:19 +0000 (13:55 -0400)
committerJason Gunthorpe <jgg@nvidia.com>
Wed, 13 Oct 2021 16:26:04 +0000 (13:26 -0300)
commitd39bf40e55e666b5905fdbd46a0dced030ce87be
tree5d74bc4459cfbf5e0bda3ce9173be3ef0318c528
parent1ab52ac1e9bc9391f592c9fa8340a6e3e9c36286
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields

Overflowing either addrlimit or bytes_togo can allow userspace to trigger
a buffer overflow of kernel memory. Check for overflows in all the places
doing math on user controlled buffers.

Fixes: f931551bafe1 ("IB/qib: Add new qib driver for QLogic PCIe InfiniBand adapters")
Link: https://lore.kernel.org/r/20211012175519.7298.77738.stgit@awfm-01.cornelisnetworks.com
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
drivers/infiniband/hw/qib/qib_user_sdma.c