Searched hist:"89 d9e8d3f14d807bbd7725f8f6f5eeb7f6f5c42f" (Results 1 – 2 of 2) sorted by relevance
| /openbmc/linux/include/rdma/ |
| H A D | uverbs_ioctl.h | diff 89d9e8d3f14d807bbd7725f8f6f5eeb7f6f5c42f Tue Feb 13 04:18:29 CST 2018 Matan Barak <matanb@mellanox.com> IB/uverbs: Always use the attribute size provided by the user
This fixes several bugs around the copy_to/from user path:
- copy_to used the user provided size of the attribute
and could copy data beyond the end of the kernel buffer into
userspace.
- copy_from didn't know the size of the kernel buffer and
could have left kernel memory unexpectedly un-initialized.
- copy_from did not use the user length to determine if the
attribute data is inlined or not.
Signed-off-by: Matan Barak <matanb@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
|
| /openbmc/linux/drivers/infiniband/core/ |
| H A D | uverbs_std_types.c | diff 89d9e8d3f14d807bbd7725f8f6f5eeb7f6f5c42f Tue Feb 13 04:18:29 CST 2018 Matan Barak <matanb@mellanox.com> IB/uverbs: Always use the attribute size provided by the user
This fixes several bugs around the copy_to/from user path:
- copy_to used the user provided size of the attribute
and could copy data beyond the end of the kernel buffer into
userspace.
- copy_from didn't know the size of the kernel buffer and
could have left kernel memory unexpectedly un-initialized.
- copy_from did not use the user length to determine if the
attribute data is inlined or not.
Signed-off-by: Matan Barak <matanb@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
|