* [PATCH] IB/ocrdma: fix out of bounds access to local buffer
@ 2017-05-01 6:41 Michael Mera
[not found] ` <20170501064116.3900-1-dev-5Y08+B5RRAgbhb6IIWwbbQ@public.gmane.org>
0 siblings, 1 reply; 3+ messages in thread
From: Michael Mera @ 2017-05-01 6:41 UTC (permalink / raw)
To: Selvin Xavier
Cc: Michael Mera, Devesh Sharma, Doug Ledford, Sean Hefty,
Hal Rosenstock, linux-rdma-u79uwXL29TY76Z2rM5mHXA
In write to debugfs file 'resource_stats' the local buffer 'tmp_str' is
written at index 'count-1' where 'count' is the size of the write, so
potentially 0.
This patch filters odd values for the write size/position to avoid this
type of problem.
Signed-off-by: Michael Mera <dev-5Y08+B5RRAgbhb6IIWwbbQ@public.gmane.org>
---
drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/ocrdma/ocrdma_stats.c b/drivers/infiniband/hw/ocrdma/ocrdma_stats.c
index f8e4b0a6486f..66056f9a9700 100644
--- a/drivers/infiniband/hw/ocrdma/ocrdma_stats.c
+++ b/drivers/infiniband/hw/ocrdma/ocrdma_stats.c
@@ -643,7 +643,7 @@ static ssize_t ocrdma_dbgfs_ops_write(struct file *filp,
struct ocrdma_stats *pstats = filp->private_data;
struct ocrdma_dev *dev = pstats->dev;
- if (count > 32)
+ if (*ppos != 0 || count == 0 || count > sizeof(tmp_str))
goto err;
if (copy_from_user(tmp_str, buffer, count))
--
2.9.3
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] IB/ocrdma: fix out of bounds access to local buffer
[not found] ` <20170501064116.3900-1-dev-5Y08+B5RRAgbhb6IIWwbbQ@public.gmane.org>
@ 2017-05-01 8:57 ` Leon Romanovsky
[not found] ` <20170501085736.GW14088-U/DQcQFIOTAAJjI8aNfphQ@public.gmane.org>
0 siblings, 1 reply; 3+ messages in thread
From: Leon Romanovsky @ 2017-05-01 8:57 UTC (permalink / raw)
To: Michael Mera
Cc: Selvin Xavier, Devesh Sharma, Doug Ledford, Sean Hefty,
Hal Rosenstock, linux-rdma-u79uwXL29TY76Z2rM5mHXA
[-- Attachment #1: Type: text/plain, Size: 596 bytes --]
On Mon, May 01, 2017 at 03:41:16PM +0900, Michael Mera wrote:
> In write to debugfs file 'resource_stats' the local buffer 'tmp_str' is
> written at index 'count-1' where 'count' is the size of the write, so
> potentially 0.
>
> This patch filters odd values for the write size/position to avoid this
> type of problem.
>
> Signed-off-by: Michael Mera <dev-5Y08+B5RRAgbhb6IIWwbbQ@public.gmane.org>
> ---
> drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
Thanks,
Reviewed-by: Leon Romanovsky <leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] IB/ocrdma: fix out of bounds access to local buffer
[not found] ` <20170501085736.GW14088-U/DQcQFIOTAAJjI8aNfphQ@public.gmane.org>
@ 2017-05-01 20:57 ` Doug Ledford
0 siblings, 0 replies; 3+ messages in thread
From: Doug Ledford @ 2017-05-01 20:57 UTC (permalink / raw)
To: Leon Romanovsky, Michael Mera
Cc: Selvin Xavier, Devesh Sharma, Sean Hefty, Hal Rosenstock,
linux-rdma-u79uwXL29TY76Z2rM5mHXA
On Mon, 2017-05-01 at 11:57 +0300, Leon Romanovsky wrote:
> On Mon, May 01, 2017 at 03:41:16PM +0900, Michael Mera wrote:
> >
> > In write to debugfs file 'resource_stats' the local buffer
> > 'tmp_str' is
> > written at index 'count-1' where 'count' is the size of the write,
> > so
> > potentially 0.
> >
> > This patch filters odd values for the write size/position to avoid
> > this
> > type of problem.
> >
> > Signed-off-by: Michael Mera <dev-5Y08+B5RRAgbhb6IIWwbbQ@public.gmane.org>
> > ---
> > drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
>
> Thanks,
> Reviewed-by: Leon Romanovsky <leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Thanks, applied.
--
Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
GPG KeyID: B826A3330E572FDD
Key fingerprint = AE6B 1BDA 122B 23B4 265B 1274 B826 A333 0E57 2FDD
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-05-01 20:57 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-01 6:41 [PATCH] IB/ocrdma: fix out of bounds access to local buffer Michael Mera
[not found] ` <20170501064116.3900-1-dev-5Y08+B5RRAgbhb6IIWwbbQ@public.gmane.org>
2017-05-01 8:57 ` Leon Romanovsky
[not found] ` <20170501085736.GW14088-U/DQcQFIOTAAJjI8aNfphQ@public.gmane.org>
2017-05-01 20:57 ` Doug Ledford
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.