mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-11-25 17:50:54 +07:00
IB/rxe: Fix mem_check_range integer overflow
Update the range check to avoid integer-overflow in edge case. Resolves CVE 2016-8636. Signed-off-by: Eyal Itkin <eyal.itkin@gmail.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Leon Romanovsky <leonro@mellanox.com> Signed-off-by: Doug Ledford <dledford@redhat.com>
This commit is contained in:
parent
628f07d33c
commit
647bf3d8a8
@ -59,9 +59,11 @@ int mem_check_range(struct rxe_mem *mem, u64 iova, size_t length)
|
||||
|
||||
case RXE_MEM_TYPE_MR:
|
||||
case RXE_MEM_TYPE_FMR:
|
||||
return ((iova < mem->iova) ||
|
||||
((iova + length) > (mem->iova + mem->length))) ?
|
||||
-EFAULT : 0;
|
||||
if (iova < mem->iova ||
|
||||
length > mem->length ||
|
||||
iova > mem->iova + mem->length - length)
|
||||
return -EFAULT;
|
||||
return 0;
|
||||
|
||||
default:
|
||||
return -EFAULT;
|
||||
|
Loading…
Reference in New Issue
Block a user