Commit 271bfcfb authored Feb 27, 2023 by Daniil Dulov Committed by Leon Romanovsky Mar 13, 2023

RDMA/siw: Fix potential page_array out of range access



When seg is equal to MAX_ARRAY, the loop should break, otherwise
it will result in out of range access.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: b9be6f18 ("rdma/siw: transmit path")
Signed-off-by: Daniil Dulov <d.dulov@aladdin.ru>
Link: https://lore.kernel.org/r/20230227091751.589612-1-d.dulov@aladdin.ru


Signed-off-by: Leon Romanovsky <leon@kernel.org>

parent c874ad87

drivers/infiniband/sw/siw/siw_qp_tx.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -558,7 +558,7 @@ static int siw_tx_hdt(struct siw_iwarp_tx c_tx, struct socket s)
		data_len -= plen;
		fp_off = 0;

		if (++seg > (int)MAX_ARRAY) {
		if (++seg >= (int)MAX_ARRAY) {
		siw_dbg_qp(tx_qp(c_tx), "to many fragments\n");
		siw_unmap_pages(iov, kmap_mask, seg-1);
		wqe->processed -= c_tx->bytes_unsent;