| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5C5647B5F4794941BAAC07CF28785CBC33E4EC25@fmsmsx101.amr.corp.intel.com>
Date: Thu, 13 Jul 2017 18:44:38 +0000
From: "Ismail, Mustafa" <mustafa.ismail@...el.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-rdma@...r.kernel.org" <linux-rdma@...r.kernel.org>,
"stable@...r.kernel.org" <stable@...r.kernel.org>,
Yevgeny Kliteynik <kliteyn@...lanox.com>,
Tziporet Koren <tziporet@...lanox.com>,
Alex Polak <alexpo@...lanox.com>,
Boris Pismenny <borisp@...lanox.com>,
Leon Romanovsky <leon@...nel.org>,
Doug Ledford <dledford@...hat.com>
Subject: RE: [PATCH 4.4 29/57] RDMA/uverbs: Check port number supplied by
user verbs cmds
> -----Original Message-----
> From: Greg Kroah-Hartman [mailto:gregkh@...uxfoundation.org]
> Sent: Thursday, July 13, 2017 11:26 AM
> To: Ismail, Mustafa <mustafa.ismail@...el.com>
> Cc: linux-kernel@...r.kernel.org; linux-rdma@...r.kernel.org;
> stable@...r.kernel.org; Yevgeny Kliteynik <kliteyn@...lanox.com>;
> Tziporet Koren <tziporet@...lanox.com>; Alex Polak
> <alexpo@...lanox.com>; Boris Pismenny <borisp@...lanox.com>; Leon
> Romanovsky <leon@...nel.org>; Doug Ledford <dledford@...hat.com>
> Subject: Re: [PATCH 4.4 29/57] RDMA/uverbs: Check port number supplied
> by user verbs cmds
>
> On Thu, Jul 13, 2017 at 03:54:28PM +0000, Ismail, Mustafa wrote:
> > > Subject: [PATCH 4.4 29/57] RDMA/uverbs: Check port number supplied
> > > by user verbs cmds
> > >
> > > 4.4-stable review patch. If anyone has any objections, please let me
> know.
> >
> > Yes, this breaks modify qp.
> > See https://patchwork.kernel.org/patch/9830663/
>
> I don't understand this response at all, sorry.
>
> What should I do about this? Is this patch alone a problem? Is there some
> other patch I should apply that is in Linus's tree? Where is the problem,
> only in this old release?
>
Applying this patch will break RDMA functionality with respect to modify_qp.
Specifically this part:
+ if (cmd.port_num < rdma_start_port(ib_dev) ||
+ cmd.port_num > rdma_end_port(ib_dev))
+ return -EINVAL;
+
The cmd.port_num is only valid if (cmd->base.attr_mask & IB_QP_PORT).
So the above can be fixed with:
if ((cmd->base.attr_mask & IB_QP_PORT) &&
(cmd.port_num < rdma_start_port(ib_dev) ||
cmd.port_num > rdma_end_port(ib_dev)))
return -EINVAL;
A version of this patch is in Linus's tree and it has the same problem:
commit 5ecce4c9b17bed4dc9cb58bfb10447307569b77b "RDMA/uverbs: Check port number supplied by user verbs cmds"
We will be submitting a patch to fix this shortly.
Mustafa
Powered by blists - more mailing lists