git.ipfire.org Git - thirdparty/kernel/stable.git/commit

IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields

commit d39bf40e55e666b5905fdbd46a0dced030ce87be upstream.

Overflowing either addrlimit or bytes_togo can allow userspace to trigger
a buffer overflow of kernel memory. Check for overflows in all the places
doing math on user controlled buffers.

Fixes: f931551bafe1 ("IB/qib: Add new qib driver for QLogic PCIe InfiniBand adapters")
Link: https://lore.kernel.org/r/20211012175519.7298.77738.stgit@awfm-01.cornelisnetworks.com
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

author	Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
	Tue, 12 Oct 2021 17:55:19 +0000 (13:55 -0400)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 6 Nov 2021 12:58:45 +0000 (13:58 +0100)
commit	73d2892148aa4397a885b4f4afcfc5b27a325c42
tree	0c5b1c84c7472dd5a97030647119f8d18bfad9c6	tree \| snapshot
parent	cde048c5fe6ff79b6f26fb68d94c165d4a420c09	commit \| diff