Re: [PATCH] RDMA/uverbs: Prevent integer overflow issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 30 Nov 2024 13:06:41 +0300, Dan Carpenter wrote:
> In the expression "cmd.wqe_size * cmd.wr_count", both variables are u32
> values that come from the user so the multiplication can lead to integer
> wrapping.  Then we pass the result to uverbs_request_next_ptr() which also
> could potentially wrap.  The "cmd.sge_count * sizeof(struct ib_uverbs_sge)"
> multiplication can also overflow on 32bit systems although it's fine on
> 64bit systems.
> 
> [...]

Applied, thanks!

[1/1] RDMA/uverbs: Prevent integer overflow issue
      https://git.kernel.org/rdma/rdma/c/d0257e089d1bbd

Best regards,
-- 
Leon Romanovsky <leon@xxxxxxxxxx>





[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux