mirror of https://gitee.com/openkylin/linux.git
RDMA/mlx5: Fix integer overflow while resizing CQ
The user can provide very large cqe_size which will cause to integer overflow as it can be seen in the following UBSAN warning: Signed-off-by: Doug Ledford <dledford@redhat.com>
This commit is contained in:
parent
6a21dfc0d0
commit
aa0de36a40
|
@ -1178,7 +1178,12 @@ static int resize_user(struct mlx5_ib_dev *dev, struct mlx5_ib_cq *cq,
|
|||
if (ucmd.reserved0 || ucmd.reserved1)
|
||||
return -EINVAL;
|
||||
|
||||
umem = ib_umem_get(context, ucmd.buf_addr, entries * ucmd.cqe_size,
|
||||
/* check multiplication overflow */
|
||||
if (ucmd.cqe_size && SIZE_MAX / ucmd.cqe_size <= entries - 1)
|
||||
return -EINVAL;
|
||||
|
||||
umem = ib_umem_get(context, ucmd.buf_addr,
|
||||
(size_t)ucmd.cqe_size * entries,
|
||||
IB_ACCESS_LOCAL_WRITE, 1);
|
||||
if (IS_ERR(umem)) {
|
||||
err = PTR_ERR(umem);
|
||||
|
|
Loading…
Reference in New Issue