Commit d80e8a91 authored by Mike Marciniszyn's avatar Mike Marciniszyn Committed by Zeng Heng
Browse files

IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields 

stable inclusion
from stable-v4.19.216
commit 73d2892148aa4397a885b4f4afcfc5b27a325c42
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9RD02
CVE: CVE-2021-47485

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=73d2892148aa4397a885b4f4afcfc5b27a325c42

--------------------------------

commit d39bf40e upstream.

Overflowing either addrlimit or bytes_togo can allow userspace to trigger
a buffer overflow of kernel memory. Check for overflows in all the places
doing math on user controlled buffers.

Fixes: f931551b ("IB/qib: Add new qib driver for QLogic PCIe InfiniBand adapters")
Link: https://lore.kernel.org/r/20211012175519.7298.77738.stgit@awfm-01.cornelisnetworks.com


Reported-by: default avatarIlja Van Sprundel <ivansprundel@ioactive.com>
Reviewed-by: default avatarDennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: default avatarMike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
Signed-off-by: default avatarDennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: default avatarJason Gunthorpe <jgg@nvidia.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarZeng Heng <zengheng4@huawei.com>
parent efc3f2d3
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment