RDMA/irdma: Validate udata inlen and outlen - pm24.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Shiraz Saleem <shiraz.saleem@intel.com>	2022-09-07 14:13:24 -0500
committer	Leon Romanovsky <leon@kernel.org>	2022-09-20 13:19:53 +0300
commit	34acb833cc83bdea912a160ff99b537e62bb4cf3 (patch)
tree	953fbf6e968b314c8d80527cd6d9faa317524f95 /include
parent	7f51a961f8c6b84752a48e950074a8c4a0808d91 (diff)

RDMA/irdma: Validate udata inlen and outlen

Currently ib_copy_from_udata and ib_copy_to_udata could underfill the request and response buffer if the user-space passes an undersized value for udata->inlen or udata->outlen respectively [1] This could lead to undesirable behavior. Zero initing the buffer only goes as far as preventing using the buffer uninitialized. Validate udata->inlen and udata->outlen passed from user-space to ensure they are at least the required minimum size. [1] https://lore.kernel.org/linux-rdma/MWHPR11MB0029F37D40D9D4A993F8F549E9D79@MWHPR11MB0029.namprd11.prod.outlook.com/ Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb APIs") Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com> Link: https://lore.kernel.org/r/20220907191324.1173-3-shiraz.saleem@intel.com Signed-off-by: Leon Romanovsky <leon@kernel.org>

Diffstat (limited to 'include')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: