Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-01 00:21:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
34acb833cc
linux/drivers/infiniband
History
Shiraz Saleem 34acb833cc RDMA/irdma: Validate udata inlen and outlen 
Currently ib_copy_from_udata and ib_copy_to_udata could underfill
the request and response buffer if the user-space passes an undersized
value for udata->inlen or udata->outlen respectively [1]
This could lead to undesirable behavior.

Zero initing the buffer only goes as far as preventing using the buffer
uninitialized.

Validate udata->inlen and udata->outlen passed from user-space to ensure
they are at least the required minimum size.

[1] https://lore.kernel.org/linux-rdma/MWHPR11MB0029F37D40D9D4A993F8F549E9D79@MWHPR11MB0029.namprd11.prod.outlook.com/

Fixes: b48c24c2d7 ("RDMA/irdma: Implement device supported verb APIs")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Link: https://lore.kernel.org/r/20220907191324.1173-3-shiraz.saleem@intel.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2022-09-20 13:19:53 +03:00
..
core IB/cm: Refactor cm_insert_listen() and cm_find_listen() 2022-08-30 12:14:23 +03:00
hw RDMA/irdma: Validate udata inlen and outlen 2022-09-20 13:19:53 +03:00
sw RDMA/rxe: convert pr_warn to pr_debug 2022-09-08 11:03:15 +03:00
ulp RDMA/rtrs-clt: Kill xchg_paths 2022-09-06 14:12:03 +03:00
Kconfig RDMA/erdma: Add driver to kernel build environment 2022-07-27 16:04:05 -03:00
Makefile