OpenCloudOS-Kernel/drivers/infiniband/core
Shachar Raindel 8494057ab5 IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic
Properly verify that the resulting page aligned end address is larger
than both the start address and the length of the memory area requested.

Both the start and length arguments for ib_umem_get are controlled by
the user. A misbehaving user can provide values which will cause an
integer overflow when calculating the page aligned end address.

This overflow can cause also miscalculation of the number of pages
mapped, and additional logic issues.

Addresses: CVE-2014-8159
Cc: <stable@vger.kernel.org>
Signed-off-by: Shachar Raindel <raindel@mellanox.com>
Signed-off-by: Jack Morgenstein <jackm@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
2015-04-02 09:53:59 -07:00
..
Makefile IB/core: Implement support for MMU notifiers regarding on demand paging regions 2014-12-15 18:13:36 -08:00
addr.c IB/addr: Improve address resolution callback scheduling 2014-12-15 18:10:13 -08:00
agent.c IB/mad: add new ioctl to ABI to support new registration options 2014-08-10 20:36:00 -07:00
agent.h
cache.c IB/core: Add ib_find_exact_cached_pkey() 2012-09-30 20:33:30 -07:00
cm.c IB/mad: add new ioctl to ABI to support new registration options 2014-08-10 20:36:00 -07:00
cm_msgs.h IB/core: Move CM_xxx_ATTR_ID macros from cm_msgs.h to ib_cm.h 2012-07-08 18:05:06 -07:00
cma.c RDMA/core: Add support for iWARP Port Mapper user space service 2014-06-10 10:11:45 -07:00
core_priv.h IB/core: Resolve Ethernet L2 addresses when modifying QP 2014-01-19 15:14:04 -08:00
device.c IB/core: Handle table with full and partial membership for the same P_Key 2012-09-30 20:33:29 -07:00
fmr_pool.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
iwcm.c RDMA/iwcm: Use a default listen backlog if needed 2014-08-05 07:33:24 -07:00
iwcm.h
iwpm_msg.c RDMA/core: Add support for iWARP Port Mapper user space service 2014-06-10 10:11:45 -07:00
iwpm_util.c RDMA/core: Add support for iWARP Port Mapper user space service 2014-06-10 10:11:45 -07:00
iwpm_util.h RDMA/core: Add support for iWARP Port Mapper user space service 2014-06-10 10:11:45 -07:00
mad.c IB/mad: Add user space RMPP support 2014-08-10 20:36:00 -07:00
mad_priv.h IB/mad: Update module to [pr|dev]_* style print messages 2014-08-10 20:35:39 -07:00
mad_rmpp.c
mad_rmpp.h
multicast.c IB/core: Fix mgid key handling in SA agent multicast data-base 2014-12-15 18:10:13 -08:00
netlink.c RDMA/core: Add support for iWARP Port Mapper user space service 2014-06-10 10:11:45 -07:00
packer.c infiniband: add in export.h for files using EXPORT_SYMBOL/THIS_MODULE 2011-10-31 19:31:35 -04:00
sa.h
sa_query.c IB/mad: add new ioctl to ABI to support new registration options 2014-08-10 20:36:00 -07:00
smi.c
smi.h
sysfs.c IB/core: Fix kobject leak on device register error flow 2014-06-05 09:37:10 -07:00
ucm.c IB/core: convert to idr_alloc() 2013-02-27 19:10:16 -08:00
ucma.c IB/core: When marshaling ucma path from user-space, clear unused fields 2015-02-17 12:34:52 -08:00
ud_header.c infiniband: add in export.h for files using EXPORT_SYMBOL/THIS_MODULE 2011-10-31 19:31:35 -04:00
umem.c IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic 2015-04-02 09:53:59 -07:00
umem_odp.c IB/core: Properly handle registration of on-demand paging MRs after dereg 2015-02-17 22:14:56 -08:00
umem_rbtree.c IB/core: Implement support for MMU notifiers regarding on demand paging regions 2014-12-15 18:13:36 -08:00
user_mad.c IB/mad: Add user space RMPP support 2014-08-10 20:36:00 -07:00
uverbs.h IB/core: Add support for extended query device caps 2015-02-18 08:36:26 -08:00
uverbs_cmd.c Merge branches 'core', 'cxgb4', 'iser', 'mlx4', 'mlx5', 'ocrdma', 'odp', 'qib' and 'srp' into for-next 2015-02-20 09:04:40 -08:00
uverbs_main.c IB/core: Add support for extended query device caps 2015-02-18 08:36:26 -08:00
uverbs_marshall.c IB/core: When marshaling uverbs path, clear unused fields 2014-09-22 09:46:52 -07:00
verbs.c IB/core: Do not resolve VLAN if already resolved 2014-12-15 18:10:12 -08:00