From patchwork Mon Apr 30 20:02:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marcel Apfelbaum X-Patchwork-Id: 906851 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=208.118.235.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="eUBxsNgS"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40ZbFn56ZMz9s2Y for ; Tue, 1 May 2018 06:08:28 +1000 (AEST) Received: from localhost ([::1]:33187 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fDF5z-0000FS-SQ for incoming@patchwork.ozlabs.org; Mon, 30 Apr 2018 16:08:23 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48808) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fDEzv-0003q4-67 for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:02:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fDEzs-0005w0-2j for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:02:07 -0400 Received: from mail-wr0-x242.google.com ([2a00:1450:400c:c0c::242]:46807) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fDEzr-0005vd-Sn for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:02:04 -0400 Received: by mail-wr0-x242.google.com with SMTP id o2-v6so6222091wrj.13 for ; Mon, 30 Apr 2018 13:02:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=7ugAkZJhfcx2u404ZDEySVaLZ85tbo/HJHmayOZiSLs=; b=eUBxsNgSMtqrMXSdRhj+GBRg1Dzf7GrumAtJtEDwOy3iW6raWcJTq3W6l/b3/cTLtI 21k/Bfd+JQHi461hBuC8HpMNn+KPYjTXd9NaK+prCl81PnftWf69rm4gMT+ZIv9iMrps thswYFZElJiWRF9+NdM9JKI4tDbjTLbmAj5flA4X63nsuWsaPBN72qzYfpk0TbNkGZuQ CdLw8sHmIP8l6tZiKmur98qt7hDXC3Psv3lMDdtDQYwGOWCR3mcBENfiF28uBhm9YFwr gNuhCWU7WhyoDzuqNMHKwYiUr686o0mV09HuGExPHA1l0PUcC94OCfjIpB/LUUmA9xs9 shwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=7ugAkZJhfcx2u404ZDEySVaLZ85tbo/HJHmayOZiSLs=; b=mrCmcXDClxqefab4pKjVg38VTIhG6Td3JS2vOYuOs7aZVxhBTBJoxV7sj2AFe2uH19 nV4kOTSov2YnPxASlqVdbJNUKVdeHXBB1LmBvqyWs1LpI7d4ZiQ8Vwm0q3cNAMQ2WQTv Y92+M7pfrt94+DnvPdYbEiPx0/PAaaT1nfbEioZr9Gx7vkWpYNaNsek93vAZvH9BdkDo VgmasSP5D/OSy0qNOPrf2OoX2Ha9Ly1kgLtWuNpLroXbv3+5k/5hqZErDF9ee6itHOYM UDLKNSecJAVLX1rkI4zmHc+QAfQUJUcr4wa/WZYT6qr/Y332tUehytok5A2D16zzMlWp mx4Q== X-Gm-Message-State: ALQs6tDiVXbHHBeAJwLitviRbk/6V0W/Uf9WLEJFWACpoqSyh+1oZulk a1EvoyKmzZ6WvjjpiF6tTEdyzw== X-Google-Smtp-Source: AB8JxZodR63eDS+5dxs2WpWEYXpw0Yh2Cu+Q8Zye/5t3Xjn3PqA3rukct/9wIbvzVE67HppZRfUGtA== X-Received: by 2002:adf:85dd:: with SMTP id 29-v6mr9792316wru.120.1525118522586; Mon, 30 Apr 2018 13:02:02 -0700 (PDT) Received: from localhost.localdomain ([176.228.154.53]) by smtp.gmail.com with ESMTPSA id u35-v6sm8455997wrc.29.2018.04.30.13.02.01 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Apr 2018 13:02:02 -0700 (PDT) From: Marcel Apfelbaum To: qemu-devel@nongnu.org Date: Mon, 30 Apr 2018 23:02:23 +0300 Message-Id: <20180430200223.4119-8-marcel.apfelbaum@gmail.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180430200223.4119-1-marcel.apfelbaum@gmail.com> References: <20180430200223.4119-1-marcel.apfelbaum@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::242 Subject: [Qemu-devel] [PATCH 7/7] hw/rdma: Fix possible out of bounds access to port GID index X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, yuval.shaia@oracle.com Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Make sure the backend GID index is less then port's git table length. Signed-off-by: Marcel Apfelbaum Reviewed-by: Yuval Shaia --- hw/rdma/rdma_backend.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c index 5c7b3d8949..e9ced6f9ef 100644 --- a/hw/rdma/rdma_backend.c +++ b/hw/rdma/rdma_backend.c @@ -774,7 +774,7 @@ int rdma_backend_init(RdmaBackendDev *backend_dev, goto out_destroy_comm_channel; } - if (backend_dev->backend_gid_idx > port_attr.gid_tbl_len) { + if (backend_dev->backend_gid_idx >= port_attr.gid_tbl_len) { error_setg(errp, "Invalid backend_gid_idx, should be less than %d", port_attr.gid_tbl_len); goto out_destroy_comm_channel;