subject:"\[PATCH\] net\/rds\: restrict iovecs length for RDS_CMSG_RDMA

Re: [PATCH] net/rds: restrict iovecs length for RDS_CMSG_RDMA_ARGS

2021-02-02 Thread patchwork-bot+netdevbpf

Hello: This patch was applied to netdev/net.git (refs/heads/master): On Tue, 2 Feb 2021 02:32:33 +0600 you wrote: > syzbot found WARNING in rds_rdma_extra_size [1] when RDS_CMSG_RDMA_ARGS > control message is passed with user-controlled > 0x40001 bytes of args->nr_local, causing order >=

Re: [PATCH] net/rds: restrict iovecs length for RDS_CMSG_RDMA_ARGS

2021-02-01 Thread Santosh Shilimkar

On Feb 1, 2021, at 12:32 PM, Sabyrzhan Tasbolatov wrote: > > syzbot found WARNING in rds_rdma_extra_size [1] when RDS_CMSG_RDMA_ARGS > control message is passed with user-controlled > 0x40001 bytes of args->nr_local, causing order >= MAX_ORDER condition. > > The exact value 0x40001 can be

[PATCH] net/rds: restrict iovecs length for RDS_CMSG_RDMA_ARGS

2021-02-01 Thread Sabyrzhan Tasbolatov

syzbot found WARNING in rds_rdma_extra_size [1] when RDS_CMSG_RDMA_ARGS control message is passed with user-controlled 0x40001 bytes of args->nr_local, causing order >= MAX_ORDER condition. The exact value 0x40001 can be checked with UIO_MAXIOV which is 0x400. So for kcalloc() 0x400 iovecs with

Re: [PATCH] net/rds: restrict iovecs length for RDS_CMSG_RDMA_ARGS

Re: [PATCH] net/rds: restrict iovecs length for RDS_CMSG_RDMA_ARGS

[PATCH] net/rds: restrict iovecs length for RDS_CMSG_RDMA_ARGS

3 matches

Site Navigation

Mail list logo

Footer information