* Patch "IB/core: disallow registering 0-sized memory region" has been added to the 3.19-stable tree
@ 2015-05-02 17:18 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2015-05-02 17:18 UTC (permalink / raw)
To: ydroneaud, dledford, gregkh, jackm, ogerlitz, raindel
Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
IB/core: disallow registering 0-sized memory region
to the 3.19-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ib-core-disallow-registering-0-sized-memory-region.patch
and it can be found in the queue-3.19 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From 8abaae62f3fdead8f4ce0ab46b4ab93dee39bab2 Mon Sep 17 00:00:00 2001
From: Yann Droneaud <ydroneaud@opteya.com>
Date: Mon, 13 Apr 2015 14:56:22 +0200
Subject: IB/core: disallow registering 0-sized memory region
From: Yann Droneaud <ydroneaud@opteya.com>
commit 8abaae62f3fdead8f4ce0ab46b4ab93dee39bab2 upstream.
If ib_umem_get() is called with a size equal to 0 and an
non-page aligned address, one page will be pinned and a
0-sized umem will be returned to the caller.
This should not be allowed: it's not expected for a memory
region to have a size equal to 0.
This patch adds a check to explicitly refuse to register
a 0-sized region.
Link: http://mid.gmane.org/cover.1428929103.git.ydroneaud@opteya.com
Cc: Shachar Raindel <raindel@mellanox.com>
Cc: Jack Morgenstein <jackm@mellanox.com>
Cc: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/umem.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/infiniband/core/umem.c
+++ b/drivers/infiniband/core/umem.c
@@ -99,6 +99,9 @@ struct ib_umem *ib_umem_get(struct ib_uc
if (dmasync)
dma_set_attr(DMA_ATTR_WRITE_BARRIER, &attrs);
+ if (!size)
+ return ERR_PTR(-EINVAL);
+
/*
* If the combination of the addr and size requested for this memory
* region causes an integer overflow, return error.
Patches currently in stable-queue which might be from ydroneaud@opteya.com are
queue-3.19/perf-tools-work-around-lack-of-sched_getcpu-in-glibc-2.6.patch
queue-3.19/ib-core-don-t-disallow-registering-region-starting-at-0x0.patch
queue-3.19/ib-core-disallow-registering-0-sized-memory-region.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-05-02 17:20 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-05-02 17:18 Patch "IB/core: disallow registering 0-sized memory region" has been added to the 3.19-stable tree gregkh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).