IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (d39bf40e) · Commits · Mirrors / github.com / raspberrypi_linux · GitLab

Commit d39bf40e authored Oct 12, 2021 by

Mike Marciniszyn Committed by Jason Gunthorpe Oct 13, 2021

IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields

Overflowing either addrlimit or bytes_togo can allow userspace to trigger
a buffer overflow of kernel memory. Check for overflows in all the places
doing math on user controlled buffers.

Fixes: f931551b ("IB/qib: Add new qib driver for QLogic PCIe InfiniBand adapters")
Link: https://lore.kernel.org/r/20211012175519.7298.77738.stgit@awfm-01.cornelisnetworks.com

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

parent 1ab52ac1

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 7cf6466e
· Jan 03, 2022

mentioned in commit 7cf6466e

mentioned in commit 7cf6466e00a77b0a914b7b2c28a1fc7947d55e59

Toggle commit list

Please register or to comment