Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

net/mlx4: Fix memory corruption in mlx4_MAD_IFC_wrapper

Fix a memory corruption at mlx4_MAD_IFC_wrapper.

A table of size dev->caps.pkey_table_len[port]*sizeof(*table)
was allocated, but get_full_pkey_table() assumes that the number
of entries in the table is a multiplication of 32 (which isn't always
correct).

Fixes: 0a9a018 ('mlx4: MAD_IFC paravirtualization')
Signed-off-by: Matan Barak <matanb@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Amir Vadai <amirv@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Matan Barak 10 years ago
parent
5a228c03d8
commit
19ab574f62
1 changed files with 3 additions and 1 deletions
Split View Show Diff Stats
  1. 3 1
      drivers/net/ethernet/mellanox/mlx4/cmd.c

+ 3 - 1
drivers/net/ethernet/mellanox/mlx4/cmd.c
View File 

@@ -901,7 +901,9 @@ static int mlx4_MAD_IFC_wrapper(struct mlx4_dev *dev, int slave,
 
 				index = be32_to_cpu(smp->attr_mod);
 
 				if (port < 1 || port > dev->caps.num_ports)
 
 					return -EINVAL;
 
-				table = kcalloc(dev->caps.pkey_table_len[port], sizeof *table, GFP_KERNEL);
 
+				table = kcalloc((dev->caps.pkey_table_len[port] / 32) + 1,
 
+						sizeof(*table) * 32, GFP_KERNEL);
 
+
 
 				if (!table)
 
 					return -ENOMEM;
 
 				/* need to get the full pkey table because the paravirtualized