mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-06 08:46:46 +00:00
RDMA/siw: Fix potential page_array out of range access
[ Upstream commit271bfcfb83
] When seg is equal to MAX_ARRAY, the loop should break, otherwise it will result in out of range access. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes:b9be6f18cf
("rdma/siw: transmit path") Signed-off-by: Daniil Dulov <d.dulov@aladdin.ru> Link: https://lore.kernel.org/r/20230227091751.589612-1-d.dulov@aladdin.ru Signed-off-by: Leon Romanovsky <leon@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
8d909684bd
commit
9721b14e6c
1 changed files with 1 additions and 1 deletions
|
@ -558,7 +558,7 @@ static int siw_tx_hdt(struct siw_iwarp_tx *c_tx, struct socket *s)
|
|||
data_len -= plen;
|
||||
fp_off = 0;
|
||||
|
||||
if (++seg > (int)MAX_ARRAY) {
|
||||
if (++seg >= (int)MAX_ARRAY) {
|
||||
siw_dbg_qp(tx_qp(c_tx), "to many fragments\n");
|
||||
siw_unmap_pages(iov, kmap_mask, seg-1);
|
||||
wqe->processed -= c_tx->bytes_unsent;
|
||||
|
|
Loading…
Reference in a new issue