From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Mark Bloch <markb@mellanox.com>,
Maor Gottlieb <maorg@mellanox.com>,
Leon Romanovsky <leon@kernel.org>,
Doug Ledford <dledford@redhat.com>
Subject: [PATCH 4.4 28/31] IB/core: Avoid unsigned int overflow in sg_alloc_table
Date: Thu, 24 Nov 2016 15:55:49 +0100 [thread overview]
Message-ID: <20161124145448.399695757@linuxfoundation.org> (raw)
In-Reply-To: <20161124145446.993225208@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Bloch <markb@mellanox.com>
commit 3c7ba5760ab8eedec01159b267bb9bfcffe522ac upstream.
sg_alloc_table gets unsigned int as parameter while the driver
returns it as size_t. Check npages isn't greater than maximum
unsigned int.
Fixes: eeb8461e36c9 ("IB: Refactor umem to use linear SG table")
Signed-off-by: Mark Bloch <markb@mellanox.com>
Signed-off-by: Maor Gottlieb <maorg@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/umem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/infiniband/core/umem.c
+++ b/drivers/infiniband/core/umem.c
@@ -175,7 +175,7 @@ struct ib_umem *ib_umem_get(struct ib_uc
cur_base = addr & PAGE_MASK;
- if (npages == 0) {
+ if (npages == 0 || npages > UINT_MAX) {
ret = -EINVAL;
goto out;
}
next prev parent reply other threads:[~2016-11-24 15:00 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20161124145446.993225208@linuxfoundation.org>
2016-11-24 14:55 ` [PATCH 4.4 01/31] x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 04/31] fuse: fix fuse_write_end() if zero bytes were copied Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 05/31] mfd: intel-lpss: Do not put device in reset state on suspend Greg Kroah-Hartman
2016-11-24 15:25 ` Shaikh, Azhar
2016-11-24 14:55 ` [PATCH 4.4 06/31] can: bcm: fix warning in bcm_connect/proc_register Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 07/31] i2c: mux: fix up dependencies Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 09/31] scripts/has-stack-protector: add -fno-PIE Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 10/31] x86/kexec: " Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 11/31] kbuild: Steal gccs pie from the very beginning Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 12/31] ext4: sanity check the block and cluster size at mount time Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 15/31] clk: mmp: pxa910: fix return value check in pxa910_clk_init() Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 16/31] clk: mmp: pxa168: fix return value check in pxa168_clk_init() Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 17/31] clk: mmp: mmp2: fix return value check in mmp2_clk_init() Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 18/31] rtc: omap: Fix selecting external osc Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 19/31] iwlwifi: pcie: fix SPLC structure parsing Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 20/31] mfd: core: Fix device reference leak in mfd_clone_cell Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 21/31] uwb: fix device reference leaks Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 22/31] PM / sleep: fix device reference leak in test_suspend Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 23/31] PM / sleep: dont suspend parent when async child suspend_{noirq, late} fails Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 24/31] IB/mlx4: Check gid_index return value Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 25/31] IB/mlx4: Fix create CQ error flow Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 26/31] IB/mlx5: Use cache line size to select CQE stride Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 27/31] IB/mlx5: Fix fatal error dispatching Greg Kroah-Hartman
2016-11-24 14:55 ` Greg Kroah-Hartman [this message]
2016-11-24 14:55 ` [PATCH 4.4 29/31] IB/uverbs: Fix leak of XRC target QPs Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 30/31] IB/cm: Mark stale CM ids whenever the mad agent was unregistered Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 31/31] netfilter: nft_dynset: fix element timeout for HZ != 1000 Greg Kroah-Hartman
2016-11-24 23:13 ` [PATCH 4.4 00/31] 4.4.35-stable review Guenter Roeck
[not found] ` <5837c0c8.54161c0a.7b168.f7d1@mx.google.com>
2016-11-25 9:47 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161124145448.399695757@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dledford@redhat.com \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maorg@mellanox.com \
--cc=markb@mellanox.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.