stuartl/linux-stable
1
0
Fork 0
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git synced 2025-09-13 11:07:46 +10:00
Code Issues Releases Wiki Activity
v6.16.7
linux-stable/drivers/vfio
History
Artem Sadovnikov 9ffc8ba21c vfio/mlx5: fix possible overflow in tracking max message size 
[ Upstream commit b306019848 ]

MLX cap pg_track_log_max_msg_size consists of 5 bits, value of which is
used as power of 2 for max_msg_size. This can lead to multiplication
overflow between max_msg_size (u32) and integer constant, and afterwards
incorrect value is being written to rq_size.

Fix this issue by extending integer constant to u64 type.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Suggested-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Artem Sadovnikov <a.sadovnikov@ispras.ru>
Reviewed-by: Yishai Hadas <yishaih@nvidia.com>
Link: https://lore.kernel.org/r/20250701144017.2410-2-a.sadovnikov@ispras.ru
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-08-20 18:41:30 +02:00
..
cdx
fsl-mc
mdev
pci vfio/mlx5: fix possible overflow in tracking max message size 2025-08-20 18:41:30 +02:00
platform
container.c
debugfs.c
device_cdev.c vfio/pci: Do vf_token checks for VFIO_DEVICE_BIND_IOMMUFD 2025-08-15 16:39:21 +02:00
group.c
iommufd.c
Kconfig
Makefile
vfio_iommu_spapr_tce.c
vfio_iommu_type1.c vfio/type1: conditional rescheduling while pinning 2025-08-20 18:41:30 +02:00
vfio_main.c
vfio.h
virqfd.c