Re: [PATCH] RDMA/uverbs: Prevent integer overflow issue

From: Leon Romanovsky
Date: Wed Dec 04 2024 - 09:20:26 EST

Next message: Eliav Farber: "[PATCH v6 2/2] kexec: Prevent redundant IRQ masking by checking state before shutdown"
Previous message: syzbot: "Re: [syzbot] [netfs?] kernel BUG in iov_iter_revert (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 30 Nov 2024 13:06:41 +0300, Dan Carpenter wrote:
> In the expression "cmd.wqe_size * cmd.wr_count", both variables are u32
> values that come from the user so the multiplication can lead to integer
> wrapping. Then we pass the result to uverbs_request_next_ptr() which also
> could potentially wrap. The "cmd.sge_count * sizeof(struct ib_uverbs_sge)"
> multiplication can also overflow on 32bit systems although it's fine on
> 64bit systems.
>
> [...]

Applied, thanks!

[1/1] RDMA/uverbs: Prevent integer overflow issue
https://git.kernel.org/rdma/rdma/c/d0257e089d1bbd

Best regards,
--
Leon Romanovsky <leon@xxxxxxxxxx>

Next message: Eliav Farber: "[PATCH v6 2/2] kexec: Prevent redundant IRQ masking by checking state before shutdown"
Previous message: syzbot: "Re: [syzbot] [netfs?] kernel BUG in iov_iter_revert (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]