lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <201310302045.AEH12985.FSOOJOQLHFtMFV@I-love.SAKURA.ne.jp>
Date:	Wed, 30 Oct 2013 20:45:10 +0900
From:	Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To:	jack@...e.cz, mike.marciniszyn@...el.com, roland@...estorage.com
Cc:	linux-kernel@...r.kernel.org
Subject: [PATCH linux-next-20131029] IB/ipath: Fix random stack overflow.

>>From bbba584a502b9417af06e4a55401c013a7e90eb1 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Date: Wed, 30 Oct 2013 16:12:58 +0900
Subject: [PATCH linux-next-20131029] IB/ipath: Fix random stack overflow.

Commit 18fec3c6 "IB/ipath: Convert ipath_user_sdma_pin_pages() to use
get_user_pages_fast()" requested for undefined number of pages with buffer for
2 pages.

  drivers/infiniband/hw/ipath/ipath_user_sdma.c: In function 'ipath_user_sdma_pin_pages':
  drivers/infiniband/hw/ipath/ipath_user_sdma.c:283: warning: 'j' is used uninitialized in this function

ipath_user_sdma_pin_pages() assumes that npages is either 1 or 2 because
ipath_user_sdma_queue_pkts() checks that 0 < iov->iov_len <= PAGE_SIZE
which lets ipath_user_sdma_num_pages() return either 1 or 2.

Please check whether commit 18fec3c6 was backported
because that commit has "Cc: <stable@...r.kernel.org>" line.

Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Cc: <stable@...r.kernel.org>
---
 drivers/infiniband/hw/ipath/ipath_user_sdma.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/infiniband/hw/ipath/ipath_user_sdma.c b/drivers/infiniband/hw/ipath/ipath_user_sdma.c
index 06cbfd4..cc04b7b 100644
--- a/drivers/infiniband/hw/ipath/ipath_user_sdma.c
+++ b/drivers/infiniband/hw/ipath/ipath_user_sdma.c
@@ -280,7 +280,7 @@ static int ipath_user_sdma_pin_pages(const struct ipath_devdata *dd,
 	int j;
 	int ret;
 
-	ret = get_user_pages_fast(addr, j, 0, pages);
+	ret = get_user_pages_fast(addr, npages, 0, pages);
 	if (ret != npages) {
 		int i;
 
-- 
1.7.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ