IB/qib: Stricter bounds checking for copy and array access
Added checking on index value of array 'guids' in qib_ruc.c. Pass in corrrect size of array for memset operation in qib_mad.c. Reviewed-by: Michael J. Ruhl <michael.j.ruhl@intel.com> Signed-off-by: Kamenee Arumugam <kamenee.arumugam@intel.com> Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com> Signed-off-by: Doug Ledford <dledford@redhat.com>
This commit is contained in:
parent
3b7169338c
commit
27147273a6
|
@ -1573,8 +1573,8 @@ static int pma_get_portcounters_cong(struct ib_pma_mad *pmp,
|
|||
cntrs.port_xmit_packets -= ibp->z_port_xmit_packets;
|
||||
cntrs.port_rcv_packets -= ibp->z_port_rcv_packets;
|
||||
|
||||
memset(pmp->reserved, 0, sizeof(pmp->reserved) +
|
||||
sizeof(pmp->data));
|
||||
memset(pmp->reserved, 0, sizeof(pmp->reserved));
|
||||
memset(pmp->data, 0, sizeof(pmp->data));
|
||||
|
||||
/*
|
||||
* Set top 3 bits to indicate interval in picoseconds in
|
||||
|
|
|
@ -645,8 +645,10 @@ u32 qib_make_grh(struct qib_ibport *ibp, struct ib_grh *hdr,
|
|||
hdr->hop_limit = grh->hop_limit;
|
||||
/* The SGID is 32-bit aligned. */
|
||||
hdr->sgid.global.subnet_prefix = ibp->rvp.gid_prefix;
|
||||
hdr->sgid.global.interface_id = grh->sgid_index ?
|
||||
ibp->guids[grh->sgid_index - 1] : ppd_from_ibp(ibp)->guid;
|
||||
if (!grh->sgid_index)
|
||||
hdr->sgid.global.interface_id = ppd_from_ibp(ibp)->guid;
|
||||
else if (grh->sgid_index < QIB_GUIDS_PER_PORT)
|
||||
hdr->sgid.global.interface_id = ibp->guids[grh->sgid_index - 1];
|
||||
hdr->dgid = grh->dgid;
|
||||
|
||||
/* GRH header size in 32-bit words. */
|
||||
|
|
Loading…
Reference in New Issue