Commit bcdac70a authored Apr 24, 2024 by Bui Quang Minh Committed by Greg Kroah-Hartman May 17, 2024

octeontx2-af: avoid off-by-one read from userspace



[ Upstream commit f299ee70 ]

We try to access count + 1 byte from userspace with memdup_user(buffer,
count + 1). However, the userspace only provides buffer of count bytes and
only these count bytes are verified to be okay to access. To ensure the
copied buffer is NUL terminated, we use memdup_user_nul instead.

Fixes: 3a2eb515 ("octeontx2-af: Fix an off by one in rvu_dbg_qsize_write()")
Signed-off-by: Bui Quang Minh <minhquangbui99@gmail.com>
Link: https://lore.kernel.org/r/20240424-fix-oob-read-v2-6-f1f1b53a10f4@gmail.com


Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 6f0f19b7

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit c761121f
· Nov 05, 2025

mentioned in commit c761121f

mentioned in commit c761121f9ae11e53146016e89100ab08a553a09d

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit b263a7ce
· Nov 05, 2025

mentioned in commit b263a7ce

mentioned in commit b263a7ceec8cfef020ecb8a5d0123699418f0ead

Toggle commit list

Please to comment