Re: [PATCH next] RDMA/bnxt_re: Fix buffer overflow in debugfs code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Feb 7, 2025 at 2:46 PM Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
>
> Add some bounds checking to prevent memory corruption in
> bnxt_re_cc_config_set().  This is debugfs code so the bug can only be
> triggered by root.
>
> Fixes: 656dff55da19 ("RDMA/bnxt_re: Congestion control settings using debugfs hook")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Acked-by: Selvin Xavier <selvin.xavier@xxxxxxxxxxxx>

Thanks,
Selvin
> ---
>  drivers/infiniband/hw/bnxt_re/debugfs.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/drivers/infiniband/hw/bnxt_re/debugfs.c b/drivers/infiniband/hw/bnxt_re/debugfs.c
> index f4dd2fb51867..d7354e7753fe 100644
> --- a/drivers/infiniband/hw/bnxt_re/debugfs.c
> +++ b/drivers/infiniband/hw/bnxt_re/debugfs.c
> @@ -285,6 +285,9 @@ static ssize_t bnxt_re_cc_config_set(struct file *filp, const char __user *buffe
>         u32 val;
>         int rc;
>
> +       if (count >= sizeof(buf))
> +               return -EINVAL;
> +
>         if (copy_from_user(buf, buffer, count))
>                 return -EFAULT;
>
> --
> 2.47.2
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux