From: Sean Hefty <sean.hefty@intel.com>
Date: Tue, 6 Dec 2011 21:17:11 +0000 (+0000)
Subject: RDMA/cma: Verify private data length
X-Git-Tag: v3.2-rc7~39^2~1
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=04ded1672402577cd3f390c764f3046cc704a42a;p=pandora-kernel.git

RDMA/cma: Verify private data length

private_data_len is defined as a u8.  If the user specifies a large
private_data size (> 220 bytes), we will calculate a total length that
exceeds 255, resulting in private_data_len wrapping back to 0.  This
can lead to overwriting random kernel memory.  Avoid this by verifying
that the resulting size fits into a u8.

Reported-by: B. Thery <benjamin.thery@bull.net>
Addresses: <http://bugs.openfabrics.org/bugzilla/show_bug.cgi?id=2335>
Signed-off-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
---

Reading git-diff-tree failed