Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751797AbdINPw1 (ORCPT <rfc822;w@1wt.eu>);
        Thu, 14 Sep 2017 11:52:27 -0400
Received: from omzsmtpe02.verizonbusiness.com ([199.249.25.209]:7301 "EHLO
        omzsmtpe02.verizonbusiness.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1751681AbdINPwV (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 14 Sep 2017 11:52:21 -0400
From: "Levin, Alexander (Sasha Levin)" <alexander.levin@verizon.com>
Cc: Bart Van Assche <bart.vanassche@sandisk.com>,
        Moni Shoua <monis@mellanox.com>, Doug Ledford <dledford@redhat.com>,
        "Levin, Alexander (Sasha Levin)" <alexander.levin@verizon.com>
X-Host: discovery.odc.vzwcorp.com
To: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: [PATCH for 4.9 29/59] IB/rxe: Add a runtime check in alloc_index()
Thread-Topic: [PATCH for 4.9 29/59] IB/rxe: Add a runtime check in
 alloc_index()
Thread-Index: AQHTLXFLSyPofLoBPUmzPlfjoIcM3w==
Date: Thu, 14 Sep 2017 15:51:13 +0000
Message-ID: <20170914155051.8289-29-alexander.levin@verizon.com>
References: <20170914155051.8289-1-alexander.levin@verizon.com>
In-Reply-To: <20170914155051.8289-1-alexander.levin@verizon.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.144.60.250]
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by nfs id v8EFqkZY013936
Content-Length: 1040
Lines: 30

From: Bart Van Assche <bart.vanassche@sandisk.com>

[ Upstream commit 642c7cbcaf2ffc1e27f67eda3dc47347ac5aff37 ]

Since index values equal to or above 'range' can trigger memory
corruption, complain if index >= range.

Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Reviewed-by: Andrew Boyer <andrew.boyer@dell.com>
Cc: Moni Shoua <monis@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
---
 drivers/infiniband/sw/rxe/rxe_pool.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/infiniband/sw/rxe/rxe_pool.c b/drivers/infiniband/sw/rxe/rxe_pool.c
index 6bac0717c540..ee26a1b1b4ed 100644
--- a/drivers/infiniband/sw/rxe/rxe_pool.c
+++ b/drivers/infiniband/sw/rxe/rxe_pool.c
@@ -274,6 +274,7 @@ static u32 alloc_index(struct rxe_pool *pool)
 	if (index >= range)
 		index = find_first_zero_bit(pool->table, range);
 
+	WARN_ON_ONCE(index >= range);
 	set_bit(index, pool->table);
 	pool->last = index;
 	return index + pool->min_index;
-- 
2.11.0