Tree - kernel/kernel-source - Pagure for openSUSE

kernel / kernel-source

Source
Stats

Files

Commit: 7df24046a1510e64670d278fbacd785c50635908

Blob Blame History Raw

From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue, 19 May 2020 18:45:25 +0300
Subject: RDMA/rtrs: Fix a couple off by one bugs in rtrs_srv_rdma_done()
Patch-mainline: v5.8-rc1
Git-commit: bf1d8edb38bbf0628c1f2de7d13ab98533c1fe60
References: jsc#SLE-15176

These > comparisons should be >= to prevent accessing one element beyond
the end of the buffer.

Fixes: 9cb837480424 ("RDMA/rtrs: server: main functionality")
Link: https://lore.kernel.org/r/20200519154525.GA66801@mwanda
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Danil Kipnis <danil.kipnis@cloud.ionos.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
---
 drivers/infiniband/ulp/rtrs/rtrs-srv.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/infiniband/ulp/rtrs/rtrs-srv.c
+++ b/drivers/infiniband/ulp/rtrs/rtrs-srv.c
@@ -1213,8 +1213,8 @@ static void rtrs_srv_rdma_done(struct ib
 
 			msg_id = imm_payload >> sess->mem_bits;
 			off = imm_payload & ((1 << sess->mem_bits) - 1);
-			if (unlikely(msg_id > srv->queue_depth ||
-				     off > max_chunk_size)) {
+			if (unlikely(msg_id >= srv->queue_depth ||
+				     off >= max_chunk_size)) {
 				rtrs_err(s, "Wrong msg_id %u, off %u\n",
 					  msg_id, off);
 				close_sess(sess);

kernel / kernel-source

Source Code

Files