| Message ID | 1637661978-18770-1-git-send-email-haakon.bugge@oracle.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Jason Gunthorpe |
| Headers | show |
| Series | [for-rc,v2] RDMA/cma: Remove open coding of overflow checking for private_data_len | expand |
On Tue, Nov 23, 2021 at 11:06:18AM +0100, Håkon Bugge wrote: > The existing tests are a little hard to comprehend. Use > check_add_overflow() instead. > > Fixes: 04ded1672402 ("RDMA/cma: Verify private data length") > Signed-off-by: Håkon Bugge <haakon.bugge@oracle.com> > > --- > > v1 -> v2: > > * Also fixed same issue in cma_resolve_ib_udp() as pointed out > by Leon > --- > drivers/infiniband/core/cma.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > Thanks, Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
On Tue, Nov 23, 2021 at 11:06:18AM +0100, Håkon Bugge wrote: > The existing tests are a little hard to comprehend. Use > check_add_overflow() instead. > > Fixes: 04ded1672402 ("RDMA/cma: Verify private data length") > Signed-off-by: Håkon Bugge <haakon.bugge@oracle.com> > Reviewed-by: Leon Romanovsky <leonro@nvidia.com> > --- > > v1 -> v2: > > * Also fixed same issue in cma_resolve_ib_udp() as pointed out > by Leon > --- > drivers/infiniband/core/cma.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) Applied to for-next, thanks Jason
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c index 835ac54..8a98aa9 100644 --- a/drivers/infiniband/core/cma.c +++ b/drivers/infiniband/core/cma.c @@ -4033,8 +4033,7 @@ static int cma_resolve_ib_udp(struct rdma_id_private *id_priv, memset(&req, 0, sizeof req); offset = cma_user_data_offset(id_priv); - req.private_data_len = offset + conn_param->private_data_len; - if (req.private_data_len < conn_param->private_data_len) + if (check_add_overflow(offset, conn_param->private_data_len, &req.private_data_len)) return -EINVAL; if (req.private_data_len) { @@ -4093,8 +4092,7 @@ static int cma_connect_ib(struct rdma_id_private *id_priv, memset(&req, 0, sizeof req); offset = cma_user_data_offset(id_priv); - req.private_data_len = offset + conn_param->private_data_len; - if (req.private_data_len < conn_param->private_data_len) + if (check_add_overflow(offset, conn_param->private_data_len, &req.private_data_len)) return -EINVAL; if (req.private_data_len) {
The existing tests are a little hard to comprehend. Use check_add_overflow() instead. Fixes: 04ded1672402 ("RDMA/cma: Verify private data length") Signed-off-by: Håkon Bugge <haakon.bugge@oracle.com> --- v1 -> v2: * Also fixed same issue in cma_resolve_ib_udp() as pointed out by Leon --- drivers/infiniband/core/cma.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)