On Sun, Jan 26, 2020 at 07:15:00PM +0200, Leon Romanovsky wrote:
> From: Avihai Horon <avihaih@xxxxxxxxxxxx>
>
> Add a check that the size specified in the flow spec header doesn't
> cause an overflow when calculating the filter size, and thus prevent
> access to invalid memory.
> The following crash from syzkaller revealed it.
>
> Fixes: 94e03f11ad1f ("IB/uverbs: Add support for flow tag")
> Signed-off-by: Avihai Horon <avihaih@xxxxxxxxxxxx>
> Reviewed-by: Maor Gottlieb <maorg@xxxxxxxxxxxx>
> Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
> drivers/infiniband/core/uverbs_cmd.c | 15 +++++++--------
> 1 file changed, 7 insertions(+), 8 deletions(-)
Applied to for-rc, thanks
Jason
