hamza.kesraoui/sst-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a1.2
sst-linux/drivers/infiniband/hw/cxgb4
History
Dan Carpenter 4422f452d0 rdma/cxgb4: Prevent potential integer overflow on 32bit 
[ Upstream commit bd96a3935e89486304461a21752f824fc25e0f0b ]

The "gl->tot_len" variable is controlled by the user.  It comes from
process_responses().  On 32bit systems, the "gl->tot_len + sizeof(struct
cpl_pass_accept_req) + sizeof(struct rss_header)" addition could have an
integer wrapping bug.  Use size_add() to prevent this.

Fixes: 1cab775c3e ("RDMA/cxgb4: Fix LE hash collision bug for passive open connection")
Link: https://patch.msgid.link/r/86b404e1-4a75-4a35-a34e-e3054fa554c7@stanley.mountain
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-02-21 13:49:11 +01:00
..
cm.c
cq.c
device.c rdma/cxgb4: Prevent potential integer overflow on 32bit 2025-02-21 13:49:11 +01:00
ev.c
id_table.c
iw_cxgb4.h
Kconfig
Makefile
mem.c
provider.c RDMA/cxgb4: Dump vendor specific QP details 2024-11-08 16:26:40 +01:00
qp.c
resource.c
restrack.c
t4.h
t4fw_ri_api.h