[PATCH for-next] RDMA/core: Check invalid QP state for ib_modify_qp_is_ok()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Xi Wang <wangxi11@xxxxxxxxxx>

Out-of-bounds may occur in 'qp_state_table' when the caller passing wrong
QP state value.

Signed-off-by: Xi Wang <wangxi11@xxxxxxxxxx>
Signed-off-by: Weihang Li <liweihang@xxxxxxxxxx>
---
 drivers/infiniband/core/verbs.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/infiniband/core/verbs.c b/drivers/infiniband/core/verbs.c
index 28464c5..66ba4e6 100644
--- a/drivers/infiniband/core/verbs.c
+++ b/drivers/infiniband/core/verbs.c
@@ -1613,6 +1613,10 @@ bool ib_modify_qp_is_ok(enum ib_qp_state cur_state, enum ib_qp_state next_state,
 	    cur_state != IB_QPS_SQD && cur_state != IB_QPS_SQE)
 		return false;
 
+	if (cur_state >= ARRAY_SIZE(qp_state_table) ||
+	    next_state >= ARRAY_SIZE(qp_state_table[0]))
+		return false;
+
 	if (!qp_state_table[cur_state][next_state].valid)
 		return false;
 
-- 
2.8.1
[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux