linux/drivers/infiniband/core
Sean Hefty 04ded16724 RDMA/cma: Verify private data length
private_data_len is defined as a u8.  If the user specifies a large
private_data size (> 220 bytes), we will calculate a total length that
exceeds 255, resulting in private_data_len wrapping back to 0.  This
can lead to overwriting random kernel memory.  Avoid this by verifying
that the resulting size fits into a u8.

Reported-by: B. Thery <benjamin.thery@bull.net>
Addresses: <http://bugs.openfabrics.org/bugzilla/show_bug.cgi?id=2335>
Signed-off-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
2011-12-19 09:15:33 -08:00
..
addr.c IB: Fix RCU lockdep splats 2011-11-29 13:37:11 -08:00
agent.c IB/mad: Improve an error message so error code is included 2011-03-18 09:42:20 -07:00
agent.h RDMA: Remove subversion $Id tags 2008-07-14 23:48:44 -07:00
cache.c IB/core: Add GID change event 2011-07-18 21:04:30 -07:00
cm_msgs.h IB/cm: Update XRC support based on XRC annex errata 2011-10-13 09:38:35 -07:00
cm.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
cma.c RDMA/cma: Verify private data length 2011-12-19 09:15:33 -08:00
core_priv.h IB/core: Allow device-specific per-port sysfs files 2010-05-21 10:34:44 -07:00
device.c RDMA: Allow for NULL .modify_device() and .modify_port() methods 2011-07-18 16:44:30 -07:00
fmr_pool.c infiniband: add in export.h for files using EXPORT_SYMBOL/THIS_MODULE 2011-10-31 19:31:35 -04:00
iwcm.c infiniband: Fix up module files that need to include module.h 2011-10-31 19:31:35 -04:00
iwcm.h RDMA: iWARP Connection Manager. 2006-09-22 15:22:46 -07:00
mad_priv.h IB/mad: Allow tuning of QP0 and QP1 sizes 2009-09-07 08:28:48 -07:00
mad_rmpp.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
mad_rmpp.h RDMA: Remove subversion $Id tags 2008-07-14 23:48:44 -07:00
mad.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
Makefile RDMA: Add netlink infrastructure 2011-05-20 11:46:11 -07:00
multicast.c infiniband: add in export.h for files using EXPORT_SYMBOL/THIS_MODULE 2011-10-31 19:31:35 -04:00
netlink.c infiniband: add in export.h for files using EXPORT_SYMBOL/THIS_MODULE 2011-10-31 19:31:35 -04:00
packer.c infiniband: add in export.h for files using EXPORT_SYMBOL/THIS_MODULE 2011-10-31 19:31:35 -04:00
sa_query.c RDMA: Update missed conversion of flush_scheduled_work() 2011-01-28 16:39:08 -08:00
sa.h IB: Remove garbage non-ASCII characters from comments 2007-07-09 16:17:32 -07:00
smi.c IB/mad: Check hop count field in directed route MAD to avoid array overflow 2009-09-05 20:24:10 -07:00
smi.h IB/mad: Enable loopback of DR SMP responses from userspace 2008-01-25 14:15:25 -08:00
sysfs.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
ucm.c RDMA/ucm: Removed checks for unsigned value < 0 2011-10-06 09:33:05 -07:00
ucma.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
ud_header.c infiniband: add in export.h for files using EXPORT_SYMBOL/THIS_MODULE 2011-10-31 19:31:35 -04:00
umem.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
user_mad.c RDMA/ucm: Removed checks for unsigned value < 0 2011-10-06 09:33:05 -07:00
uverbs_cmd.c RDMA/uverbs: Export ib_open_qp() capability to user space 2011-10-13 09:50:56 -07:00
uverbs_main.c Merge branches 'amso1100', 'cma', 'cxgb3', 'cxgb4', 'fdr', 'ipath', 'ipoib', 'misc', 'mlx4', 'misc', 'nes', 'qib' and 'xrc' into for-next 2011-11-01 09:37:08 -07:00
uverbs_marshall.c infiniband: add in export.h for files using EXPORT_SYMBOL/THIS_MODULE 2011-10-31 19:31:35 -04:00
uverbs.h RDMA/uverbs: Export ib_open_qp() capability to user space 2011-10-13 09:50:56 -07:00
verbs.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00