linux/drivers/infiniband/core
Vlad Tsyrklevich 4f7f4dcfff infiniband/uverbs: Fix integer overflows
The 'num_sge' variable is verfied to be smaller than the 'sge_count'
variable; however, since both are user-controlled it's possible to cause
an integer overflow for the kmalloc multiply on 32-bit platforms
(num_sge and sge_count are both defined u32). By crafting an input that
causes a smaller-than-expected allocation it's possible to write
controlled data out-of-bounds.

Signed-off-by: Vlad Tsyrklevich <vlad@tsyrklevich.net>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2017-04-25 15:18:02 -04:00
..
addr.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
agent.c IB/core: Remove debug prints after allocation failure 2016-12-03 13:12:52 -05:00
agent.h IB/mad: Add final OPA MAD processing 2015-06-12 14:49:18 -04:00
cache.c IB/core: Add inline function to validate port 2017-01-27 14:33:59 -05:00
cgroup.c IB/core: added support to use rdma cgroup controller 2017-01-10 11:14:27 -05:00
cm_msgs.h IB/core: Fix unaligned accesses 2015-05-05 13:21:27 -04:00
cm.c IB/cma: Add debug messages to error flows 2017-01-24 16:20:37 -05:00
cma_configfs.c IB/cma: Add default RoCE TOS to CMA configfs 2017-02-15 09:51:28 -05:00
cma.c IB/cma: Send MRA for reply messages 2017-04-21 12:29:31 -04:00
core_priv.h Merge branch 'for-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup 2017-02-27 21:41:08 -08:00
cq.c IB/cq: Don't process more than the given budget 2017-03-24 22:19:48 -04:00
device.c IB/core: Fix kernel crash during fail to initialize device 2017-04-21 12:26:05 -04:00
fmr_pool.c IB/fmr_pool: Convert the cleanup thread into kthread worker API 2017-04-25 14:24:17 -04:00
iwcm.c rdma_cm: add rdma_reject_msg() helper function 2016-12-14 11:38:28 -05:00
iwcm.h iw_cm: free cm_id resources on the last deref 2016-08-02 13:15:18 -04:00
iwpm_msg.c IB/core: Remove debug prints after allocation failure 2016-12-03 13:12:52 -05:00
iwpm_util.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
iwpm_util.h iwpm: crash fix for large connections test 2016-03-16 13:48:32 -04:00
mad_priv.h IB/mad: use CQ abstraction 2016-01-19 15:25:45 -05:00
mad_rmpp.c IB/mad: Add final OPA MAD processing 2015-06-12 14:49:18 -04:00
mad_rmpp.h
mad.c IB/mad: Add port_num to error message 2017-01-24 14:20:42 -05:00
Makefile IB/core: Add idr based standard types 2017-04-05 13:28:04 -04:00
mr_pool.c IB/core: add a simple MR pool 2016-05-13 13:37:18 -04:00
multicast.c IB/multicast: Check ib_find_pkey() return value 2016-12-14 13:27:34 -05:00
netlink.c netlink: extended ACK reporting 2017-04-13 13:58:20 -04:00
opa_smi.h IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
packer.c IB/core: trivial prink cleanup. 2016-03-03 10:20:25 -05:00
rdma_core.c IB/core: Nullify ib_uobject during allocation 2017-04-20 11:44:07 -04:00
rdma_core.h IB/core: Add support for fd objects 2017-04-05 13:28:04 -04:00
roce_gid_mgmt.c IB/core: Remove pointer casting from void to net_device 2017-02-15 09:51:28 -05:00
rw.c IB/core, RDMA RW API: Do not exceed QP SGE send limit 2016-08-02 12:02:41 -04:00
sa_query.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
sa.h
smi.c IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
smi.h IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
sysfs.c IB/core: Add HDR speed enum 2017-04-21 12:29:31 -04:00
ucm.c IB/core: Use dev.parent instead of dma_device 2017-01-24 12:23:35 -05:00
ucma.c infiniband: remove WARN that is not kernel bug 2016-12-03 13:17:07 -05:00
ud_header.c IB/core: trivial prink cleanup. 2016-03-03 10:20:25 -05:00
umem_odp.c sched/headers: Prepare to move the get_task_struct()/put_task_struct() and related APIs from <linux/sched.h> to <linux/sched/task.h> 2017-03-02 08:42:40 +01:00
umem_rbtree.c IB/umem: Update on demand page (ODP) support 2017-02-14 11:41:17 -05:00
umem.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> 2017-03-02 08:42:29 +01:00
user_mad.c IB/core: Use dev.parent instead of dma_device 2017-01-24 12:23:35 -05:00
uverbs_cmd.c infiniband/uverbs: Fix integer overflows 2017-04-25 15:18:02 -04:00
uverbs_main.c IB/core: Rename uverbs event file structure 2017-04-20 11:44:07 -04:00
uverbs_marshall.c IB/core: Add gid_type to gid attribute 2015-12-23 10:35:10 -05:00
uverbs_std_types.c IB/core: Rename uverbs event file structure 2017-04-20 11:44:07 -04:00
uverbs.h IB/core: Introduce drop flow specification 2017-04-21 12:26:05 -04:00
verbs.c IB/core: Add support for draining IB_POLL_DIRECT completion queues 2017-02-19 09:51:55 -05:00