[PATCH linux-next-20131029] IB/ipath: Fix random stack overflow.

From: Tetsuo Handa
Date: Wed Oct 30 2013 - 07:45:32 EST


>From bbba584a502b9417af06e4a55401c013a7e90eb1 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 30 Oct 2013 16:12:58 +0900
Subject: [PATCH linux-next-20131029] IB/ipath: Fix random stack overflow.

Commit 18fec3c6 "IB/ipath: Convert ipath_user_sdma_pin_pages() to use
get_user_pages_fast()" requested for undefined number of pages with buffer for
2 pages.

drivers/infiniband/hw/ipath/ipath_user_sdma.c: In function 'ipath_user_sdma_pin_pages':
drivers/infiniband/hw/ipath/ipath_user_sdma.c:283: warning: 'j' is used uninitialized in this function

ipath_user_sdma_pin_pages() assumes that npages is either 1 or 2 because
ipath_user_sdma_queue_pkts() checks that 0 < iov->iov_len <= PAGE_SIZE
which lets ipath_user_sdma_num_pages() return either 1 or 2.

Please check whether commit 18fec3c6 was backported
because that commit has "Cc: <stable@xxxxxxxxxxxxxxx>" line.

Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>
---
drivers/infiniband/hw/ipath/ipath_user_sdma.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/infiniband/hw/ipath/ipath_user_sdma.c b/drivers/infiniband/hw/ipath/ipath_user_sdma.c
index 06cbfd4..cc04b7b 100644
--- a/drivers/infiniband/hw/ipath/ipath_user_sdma.c
+++ b/drivers/infiniband/hw/ipath/ipath_user_sdma.c
@@ -280,7 +280,7 @@ static int ipath_user_sdma_pin_pages(const struct ipath_devdata *dd,
int j;
int ret;

- ret = get_user_pages_fast(addr, j, 0, pages);
+ ret = get_user_pages_fast(addr, npages, 0, pages);
if (ret != npages) {
int i;

--
1.7.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/