MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
882efbdd9d
linux-yocto/drivers/vfio
History
Artem Sadovnikov 0e9c464c5b vfio/mlx5: fix possible overflow in tracking max message size 
[ Upstream commit b306019848 ]

MLX cap pg_track_log_max_msg_size consists of 5 bits, value of which is
used as power of 2 for max_msg_size. This can lead to multiplication
overflow between max_msg_size (u32) and integer constant, and afterwards
incorrect value is being written to rq_size.

Fix this issue by extending integer constant to u64 type.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Suggested-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Artem Sadovnikov <a.sadovnikov@ispras.ru>
Reviewed-by: Yishai Hadas <yishaih@nvidia.com>
Link: https://lore.kernel.org/r/20250701144017.2410-2-a.sadovnikov@ispras.ru
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-08-28 16:26:02 +02:00
..
fsl-mc vfio/fsl-mc: Block calling interrupt handler without trigger 2024-04-03 15:19:47 +02:00
mdev
pci vfio/mlx5: fix possible overflow in tracking max message size 2025-08-28 16:26:02 +02:00
platform vfio/platform: check the bounds of read/write syscalls 2025-02-21 13:49:50 +01:00
container.c
iova_bitmap.c iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() 2025-02-21 13:49:17 +01:00
Kconfig
Makefile
vfio_iommu_spapr_tce.c
vfio_iommu_type1.c vfio/type1: conditional rescheduling while pinning 2025-08-28 16:26:02 +02:00
vfio_main.c
vfio_spapr_eeh.c
vfio.h
virqfd.c vfio: Introduce interface to flush virqfd inject workqueue 2024-04-03 15:19:46 +02:00