]> git.proxmox.com Git - mirror_ubuntu-kernels.git/commitdiff
projects / mirror_ubuntu-kernels.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ad97e36)
RDMA/siw: Fix potential page_array out of range access
authorDaniil Dulov <d.dulov@aladdin.ru>
Mon, 27 Feb 2023 09:17:51 +0000 (01:17 -0800)
committerStefan Bader <stefan.bader@canonical.com>
Fri, 7 Jul 2023 10:17:07 +0000 (12:17 +0200)
BugLink: https://bugs.launchpad.net/bugs/2025067
[ Upstream commit 271bfcfb83a9f77cbae3d6e1a16e3c14132922f0 ]

When seg is equal to MAX_ARRAY, the loop should break, otherwise
it will result in out of range access.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: b9be6f18cf9e ("rdma/siw: transmit path")
Signed-off-by: Daniil Dulov <d.dulov@aladdin.ru>
Link: https://lore.kernel.org/r/20230227091751.589612-1-d.dulov@aladdin.ru
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
drivers/infiniband/sw/siw/siw_qp_tx.c patch | blob | blame | history

diff --git a/drivers/infiniband/sw/siw/siw_qp_tx.c b/drivers/infiniband/sw/siw/siw_qp_tx.c
index 05052b49107f27a46e6374ef486886f071ad92fd..6bb9e9e81ff4cadac29f5e668874c7c406ef39fb 100644 (file)
--- a/drivers/infiniband/sw/siw/siw_qp_tx.c
+++ b/drivers/infiniband/sw/siw/siw_qp_tx.c
@@ -558,7 +558,7 @@ static int siw_tx_hdt(struct siw_iwarp_tx *c_tx, struct socket *s)
                        data_len -= plen;
                        fp_off = 0;
 
-                       if (++seg > (int)MAX_ARRAY) {
+                       if (++seg >= (int)MAX_ARRAY) {
                                siw_dbg_qp(tx_qp(c_tx), "to many fragments\n");
                                siw_unmap_pages(iov, kmap_mask, seg-1);
                                wqe->processed -= c_tx->bytes_unsent;
Ubuntu combined Linux kernel mirror