From: Michael J. Ruhl Date: Sun, 9 Apr 2017 17:16:03 +0000 (-0700) Subject: IB/hfi1: Validate the TID count before using it X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=db730894f4f7e7afcaf31d17679ed58b4f781500;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git IB/hfi1: Validate the TID count before using it Improve the safety of the code by validating the user supplied tidcnt before use. Reviewed-by: Mitko Haralanov Reviewed-by: Dennis Dalessandro Signed-off-by: Michael J. Ruhl Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford --- diff --git a/drivers/infiniband/hw/hfi1/user_exp_rcv.c b/drivers/infiniband/hw/hfi1/user_exp_rcv.c index 002214eef472..35c6e7ec8ad6 100644 --- a/drivers/infiniband/hw/hfi1/user_exp_rcv.c +++ b/drivers/infiniband/hw/hfi1/user_exp_rcv.c @@ -579,6 +579,9 @@ int hfi1_user_exp_rcv_clear(struct file *fp, struct hfi1_tid_info *tinfo) u32 *tidinfo; unsigned tididx; + if (unlikely(tinfo->tidcnt > fd->tid_used)) + return -EINVAL; + tidinfo = memdup_user((void __user *)(unsigned long)tinfo->tidlist, sizeof(tidinfo[0]) * tinfo->tidcnt); if (IS_ERR(tidinfo))