Re: [PATCH next] RDMA/bnxt_re: Fix buffer overflow in debugfs code

From: Selvin Xavier
Date: Sat Feb 08 2025 - 08:20:26 EST

Next message: Jonathan Cameron: "Re: [PATCH v2 00/13] gpiolib: add gpiod_multi_set_value_cansleep"
Previous message: Christophe Leroy: "Re: [PATCH v3 5/9] powerpc: Use preempt_model_str()."
Next in thread: Leon Romanovsky: "Re: [PATCH next] RDMA/bnxt_re: Fix buffer overflow in debugfs code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Feb 7, 2025 at 2:46 PM Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
>
> Add some bounds checking to prevent memory corruption in
> bnxt_re_cc_config_set(). This is debugfs code so the bug can only be
> triggered by root.
>
> Fixes: 656dff55da19 ("RDMA/bnxt_re: Congestion control settings using debugfs hook")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Acked-by: Selvin Xavier <selvin.xavier@xxxxxxxxxxxx>

Thanks,
Selvin
> ---
> drivers/infiniband/hw/bnxt_re/debugfs.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/infiniband/hw/bnxt_re/debugfs.c b/drivers/infiniband/hw/bnxt_re/debugfs.c
> index f4dd2fb51867..d7354e7753fe 100644
> --- a/drivers/infiniband/hw/bnxt_re/debugfs.c
> +++ b/drivers/infiniband/hw/bnxt_re/debugfs.c
> @@ -285,6 +285,9 @@ static ssize_t bnxt_re_cc_config_set(struct file *filp, const char __user *buffe
> u32 val;
> int rc;
>
> + if (count >= sizeof(buf))
> + return -EINVAL;
> +
> if (copy_from_user(buf, buffer, count))
> return -EFAULT;
>
> --
> 2.47.2
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Next message: Jonathan Cameron: "Re: [PATCH v2 00/13] gpiolib: add gpiod_multi_set_value_cansleep"
Previous message: Christophe Leroy: "Re: [PATCH v3 5/9] powerpc: Use preempt_model_str()."
Next in thread: Leon Romanovsky: "Re: [PATCH next] RDMA/bnxt_re: Fix buffer overflow in debugfs code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]