Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b24e0e46 authored by Daniil Dulov's avatar Daniil Dulov Committed by Greg Kroah-Hartman
Browse files

RDMA/siw: Fix potential page_array out of range access 



[ Upstream commit 271bfcfb83a9f77cbae3d6e1a16e3c14132922f0 ]

When seg is equal to MAX_ARRAY, the loop should break, otherwise
it will result in out of range access.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: b9be6f18 ("rdma/siw: transmit path")
Signed-off-by: default avatarDaniil Dulov <d.dulov@aladdin.ru>
Link: https://lore.kernel.org/r/20230227091751.589612-1-d.dulov@aladdin.ru


Signed-off-by: default avatarLeon Romanovsky <leon@kernel.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 318bc22d

drivers/infiniband/sw/siw/siw_qp_tx.c

+1 −1
Original line number Diff line number Diff line
@@ -548,7 +548,7 @@ static int siw_tx_hdt(struct siw_iwarp_tx *c_tx, struct socket *s) 
			data_len -= plen;

			fp_off = 0;



			if (++seg > (int)MAX_ARRAY) {

			if (++seg >= (int)MAX_ARRAY) {

				siw_dbg_qp(tx_qp(c_tx), "to many fragments\n");

				siw_unmap_pages(page_array, kmap_mask);

				wqe->processed -= c_tx->bytes_unsent;