lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170714064908.GC16816@kroah.com>
Date:   Fri, 14 Jul 2017 08:49:08 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     "Ismail, Mustafa" <mustafa.ismail@...el.com>
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-rdma@...r.kernel.org" <linux-rdma@...r.kernel.org>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        Yevgeny Kliteynik <kliteyn@...lanox.com>,
        Tziporet Koren <tziporet@...lanox.com>,
        Alex Polak <alexpo@...lanox.com>,
        Boris Pismenny <borisp@...lanox.com>,
        Leon Romanovsky <leon@...nel.org>,
        Doug Ledford <dledford@...hat.com>
Subject: Re: [PATCH 4.4 29/57] RDMA/uverbs: Check port number supplied by
 user verbs cmds

On Thu, Jul 13, 2017 at 06:44:38PM +0000, Ismail, Mustafa wrote:
> > -----Original Message-----
> > From: Greg Kroah-Hartman [mailto:gregkh@...uxfoundation.org]
> > Sent: Thursday, July 13, 2017 11:26 AM
> > To: Ismail, Mustafa <mustafa.ismail@...el.com>
> > Cc: linux-kernel@...r.kernel.org; linux-rdma@...r.kernel.org;
> > stable@...r.kernel.org; Yevgeny Kliteynik <kliteyn@...lanox.com>;
> > Tziporet Koren <tziporet@...lanox.com>; Alex Polak
> > <alexpo@...lanox.com>; Boris Pismenny <borisp@...lanox.com>; Leon
> > Romanovsky <leon@...nel.org>; Doug Ledford <dledford@...hat.com>
> > Subject: Re: [PATCH 4.4 29/57] RDMA/uverbs: Check port number supplied
> > by user verbs cmds
> > 
> > On Thu, Jul 13, 2017 at 03:54:28PM +0000, Ismail, Mustafa wrote:
> > > > Subject: [PATCH 4.4 29/57] RDMA/uverbs: Check port number supplied
> > > > by user verbs cmds
> > > >
> > > > 4.4-stable review patch.  If anyone has any objections, please let me
> > know.
> > >
> > > Yes, this breaks modify qp.
> > > See https://patchwork.kernel.org/patch/9830663/
> > 
> > I don't understand this response at all, sorry.
> > 
> > What should I do about this?  Is this patch alone a problem?  Is there some
> > other patch I should apply that is in Linus's tree?  Where is the problem,
> > only in this old release?
> > 
> Applying this patch will break RDMA functionality with respect to modify_qp.
> Specifically this part:
> +	if (cmd.port_num < rdma_start_port(ib_dev) ||
> +	    cmd.port_num > rdma_end_port(ib_dev))
> +		return -EINVAL;
> +
> The cmd.port_num is only valid if (cmd->base.attr_mask & IB_QP_PORT).
> So the above can be fixed with:
> 	if ((cmd->base.attr_mask & IB_QP_PORT) && 
> 	    (cmd.port_num < rdma_start_port(ib_dev) ||
> 	    cmd.port_num > rdma_end_port(ib_dev)))
> 		return -EINVAL;
> 
> A version of this patch is in Linus's tree and it has the same problem:
> commit 5ecce4c9b17bed4dc9cb58bfb10447307569b77b    "RDMA/uverbs: Check port number supplied by user verbs cmds"
> 
> We will be submitting a patch to fix this shortly.

Ok, so we will be "bug compatible" with Linus's tree then, right? :)

Should I hold off on applying this now, or just stay in sync and wait
for your fixes to land in Linus's tree?  I vote stay-in-sync, as the
other stable trees are also "broken" in the same way right now...

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ