kernel / kernel-source

Clone
Source Code
GIT

Blame patches.suse/RDMA-siw-Fix-potential-page_array-out-of-range-acces.patch

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   f6338a922805871d7e3591b6e26e26026659c03b
  2.   patches.suse
  3.   RDMA-siw-Fix-potential-page_array-out-of-range-acces.patch
Blob History Raw
Nicolas Morey 9b285a 
From 271bfcfb83a9f77cbae3d6e1a16e3c14132922f0 Mon Sep 17 00:00:00 2001
Nicolas Morey 9b285a 
From: Daniil Dulov <d.dulov@aladdin.ru>
Nicolas Morey 9b285a 
Date: Mon, 27 Feb 2023 01:17:51 -0800
Nicolas Morey 9b285a 
Subject: [PATCH 1/1] RDMA/siw: Fix potential page_array out of range access
Nicolas Morey 9b285a 
Git-commit: 271bfcfb83a9f77cbae3d6e1a16e3c14132922f0
Nicolas Morey 9b285a 
Patch-mainline: v6.4-rc1
Nicolas Morey 9b285a 
References: git-fixes
Nicolas Morey 9b285a
Nicolas Morey 9b285a 
When seg is equal to MAX_ARRAY, the loop should break, otherwise
Nicolas Morey 9b285a 
it will result in out of range access.
Nicolas Morey 9b285a
Nicolas Morey 9b285a 
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Nicolas Morey 9b285a
Nicolas Morey 9b285a 
Fixes: b9be6f18cf9e ("rdma/siw: transmit path")
Nicolas Morey 9b285a 
Signed-off-by: Daniil Dulov <d.dulov@aladdin.ru>
Nicolas Morey 9b285a 
Link: https://lore.kernel.org/r/20230227091751.589612-1-d.dulov@aladdin.ru
Nicolas Morey 9b285a 
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Nicolas Morey 9b285a 
Acked-by: Nicolas Morey <nmorey@suse.com>
Nicolas Morey 9b285a 
---
Nicolas Morey 9b285a 
 drivers/infiniband/sw/siw/siw_qp_tx.c | 2 +-
Nicolas Morey 9b285a 
 1 file changed, 1 insertion(+), 1 deletion(-)
Nicolas Morey 9b285a
Nicolas Morey 9b285a 
diff --git a/drivers/infiniband/sw/siw/siw_qp_tx.c b/drivers/infiniband/sw/siw/siw_qp_tx.c
Nicolas Morey 9b285a 
index 05052b49107f..6bb9e9e81ff4 100644
Nicolas Morey 9b285a 
--- a/drivers/infiniband/sw/siw/siw_qp_tx.c
Nicolas Morey 9b285a 
+++ b/drivers/infiniband/sw/siw/siw_qp_tx.c
Nicolas Morey 9b285a 
@@ -558,7 +558,7 @@ static int siw_tx_hdt(struct siw_iwarp_tx *c_tx, struct socket *s)
Nicolas Morey 9b285a 
 			data_len -= plen;
Nicolas Morey 9b285a 
 			fp_off = 0;
Nicolas Morey 9b285a
Nicolas Morey 9b285a 
-			if (++seg > (int)MAX_ARRAY) {
Nicolas Morey 9b285a 
+			if (++seg >= (int)MAX_ARRAY) {
Nicolas Morey 9b285a 
 				siw_dbg_qp(tx_qp(c_tx), "to many fragments\n");
Nicolas Morey 9b285a 
 				siw_unmap_pages(iov, kmap_mask, seg-1);
Nicolas Morey 9b285a 
 				wqe->processed -= c_tx->bytes_unsent;
Nicolas Morey 9b285a 
--
Nicolas Morey 9b285a 
2.39.1.1.gbe015eda0162
Nicolas Morey 9b285a
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.