On Tue, Oct 12, 2021 at 01:55:19PM -0400, Dennis Dalessandro wrote:

From: Mike Marciniszyn <redacted>

Overflowing either addrlimit or bytes_togo can allow userspace to trigger
a buffer overflow of kernel memory. Check for overflows in all the places
doing math on user controlled buffers.

Fixes: f931551bafe1 ("IB/qib: Add new qib driver for QLogic PCIe InfiniBand adapters")
Reported-by: Ilja Van Sprundel <redacted>
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Mike Marciniszyn <redacted>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
---
Changes from v1:

Incorporate Jason's suggestions and update commit message. Also added on the
fixes line. Mike identified a different commit that is more directly
responsible.

Changes from v2:

Remove unnecessary hunk.
---
 drivers/infiniband/hw/qib/qib_user_sdma.c |   33 ++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 10 deletions(-)

Applied to for-rc, thanks

Jason