git.ipfire.org Git - people/ms/linux.git/commit

IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields

Overflowing either addrlimit or bytes_togo can allow userspace to trigger
a buffer overflow of kernel memory. Check for overflows in all the places
doing math on user controlled buffers.

Fixes: f931551bafe1 ("IB/qib: Add new qib driver for QLogic PCIe InfiniBand adapters")
Link: https://lore.kernel.org/r/20211012175519.7298.77738.stgit@awfm-01.cornelisnetworks.com
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

author	Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
	Tue, 12 Oct 2021 17:55:19 +0000 (13:55 -0400)
committer	Jason Gunthorpe <jgg@nvidia.com>
	Wed, 13 Oct 2021 16:26:04 +0000 (13:26 -0300)
commit	d39bf40e55e666b5905fdbd46a0dced030ce87be
tree	5d74bc4459cfbf5e0bda3ce9173be3ef0318c528	tree \| snapshot
parent	1ab52ac1e9bc9391f592c9fa8340a6e3e9c36286	commit \| diff