diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2010-10-28 15:40:55 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-10-30 16:34:16 -0700 |
commit | 1b1f693d7ad6d193862dcb1118540a030c5e761f (patch) | |
tree | cf216d1bfb8a51f3df2c989dcffd5381a0e446f1 /COPYING | |
parent | bdfa3d8fe123a940be121daf374581727b3b6547 (diff) | |
download | linux-1b1f693d7ad6d193862dcb1118540a030c5e761f.tar.bz2 |
net: fix rds_iovec page count overflow
As reported by Thomas Pollet, the rdma page counting can overflow. We
get the rdma sizes in 64-bit unsigned entities, but then limit it to
UINT_MAX bytes and shift them down to pages (so with a possible "+1" for
an unaligned address).
So each individual page count fits comfortably in an 'unsigned int' (not
even close to overflowing into signed), but as they are added up, they
might end up resulting in a signed return value. Which would be wrong.
Catch the case of tot_pages turning negative, and return the appropriate
error code.
Reported-by: Thomas Pollet <thomas.pollet@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andy Grover <andy.grover@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'COPYING')
0 files changed, 0 insertions, 0 deletions