Patch "IB/core: disallow registering 0-sized memory region" has been added to the 4.0-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sat, 02 May 2015 19:17:59 +0200

This is a note to let you know that I've just added the patch titled

    IB/core: disallow registering 0-sized memory region

to the 4.0-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ib-core-disallow-registering-0-sized-memory-region.patch
and it can be found in the queue-4.0 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 8abaae62f3fdead8f4ce0ab46b4ab93dee39bab2 Mon Sep 17 00:00:00 2001
From: Yann Droneaud <ydroneaud@xxxxxxxxxx>
Date: Mon, 13 Apr 2015 14:56:22 +0200
Subject: IB/core: disallow registering 0-sized memory region

From: Yann Droneaud <ydroneaud@xxxxxxxxxx>

commit 8abaae62f3fdead8f4ce0ab46b4ab93dee39bab2 upstream.

If ib_umem_get() is called with a size equal to 0 and an
non-page aligned address, one page will be pinned and a
0-sized umem will be returned to the caller.

This should not be allowed: it's not expected for a memory
region to have a size equal to 0.

This patch adds a check to explicitly refuse to register
a 0-sized region.

Link: http://mid.gmane.org/cover.1428929103.git.ydroneaud@xxxxxxxxxx
Cc: Shachar Raindel <raindel@xxxxxxxxxxxx>
Cc: Jack Morgenstein <jackm@xxxxxxxxxxxx>
Cc: Or Gerlitz <ogerlitz@xxxxxxxxxxxx>
Signed-off-by: Yann Droneaud <ydroneaud@xxxxxxxxxx>
Signed-off-by: Doug Ledford <dledford@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 drivers/infiniband/core/umem.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/infiniband/core/umem.c
+++ b/drivers/infiniband/core/umem.c
@@ -99,6 +99,9 @@ struct ib_umem *ib_umem_get(struct ib_uc
 	if (dmasync)
 		dma_set_attr(DMA_ATTR_WRITE_BARRIER, &attrs);
 
+	if (!size)
+		return ERR_PTR(-EINVAL);
+
 	/*
 	 * If the combination of the addr and size requested for this memory
 	 * region causes an integer overflow, return error.


Patches currently in stable-queue which might be from ydroneaud@xxxxxxxxxx are

queue-4.0/perf-tools-work-around-lack-of-sched_getcpu-in-glibc-2.6.patch
queue-4.0/ib-core-don-t-disallow-registering-region-starting-at-0x0.patch
queue-4.0/ib-core-disallow-registering-0-sized-memory-region.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html







