rdma: check num_sge does not exceed MAX_SGE
rdma back-end has scatter/gather array ibv_sge[MAX_SGE=4] set to have 4 elements. A guest could send a 'PvrdmaSqWqe' ring element with 'num_sge' set to > MAX_SGE, which may lead to OOB access issue. Add check to avoid it. Reported-by: NSaar Amar <saaramar5@gmail.com> Signed-off-by: NPrasad J Pandit <pjp@fedoraproject.org> Reviewed-by: NYuval Shaia <yuval.shaia@oracle.com> Signed-off-by: NMarcel Apfelbaum <marcel.apfelbaum@gmail.com>
Showing
想要评论请 注册 或 登录