lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 26 Feb 2021 09:17:07 +0000
From:   "Bernard Metzler" <BMT@...ich.ibm.com>
To:     "Dinghao Liu" <dinghao.liu@....edu.cn>
Cc:     "kjlu" <kjlu@....edu>, "Doug Ledford" <dledford@...hat.com>,
        "Jason Gunthorpe" <jgg@...pe.ca>,
        "linux-rdma" <linux-rdma@...r.kernel.org>,
        "linux-kernel" <linux-kernel@...r.kernel.org>
Subject: Re:  [PATCH] RDMA/siw: Fix missing check in siw_get_hdr

-----"Dinghao Liu" <dinghao.liu@....edu.cn> wrote: -----

>To: dinghao.liu@....edu.cn, kjlu@....edu
>From: "Dinghao Liu" <dinghao.liu@....edu.cn>
>Date: 02/26/2021 08:56AM
>Cc: "Bernard Metzler" <bmt@...ich.ibm.com>, "Doug Ledford"
><dledford@...hat.com>, "Jason Gunthorpe" <jgg@...pe.ca>,
>linux-rdma@...r.kernel.org, linux-kernel@...r.kernel.org
>Subject: [EXTERNAL] [PATCH] RDMA/siw: Fix missing check in
>siw_get_hdr
>
>We should also check the range of opcode after calling
>__rdmap_get_opcode() in the else branch to prevent potential
>overflow.

Hi Dinghao,
No this is not needed. We always first read the minimum
header information (MPA len, DDP flags, RDMAP opcode,
STag, target offset). Only if we have received that
into local buffer, we check for the opcode this one time.
Now the opcode determines the remaining length of the
variably sized part of the header to be received.

We do not have to check the opcode again, since we
already received and checked it.

Best,
Bernard.

>
>Fixes: 8b6a361b8c482 ("rdma/siw: receive path")
>Signed-off-by: Dinghao Liu <dinghao.liu@....edu.cn>
>---
> drivers/infiniband/sw/siw/siw_qp_rx.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
>diff --git a/drivers/infiniband/sw/siw/siw_qp_rx.c
>b/drivers/infiniband/sw/siw/siw_qp_rx.c
>index 60116f20653c..301e7fe2c61a 100644
>--- a/drivers/infiniband/sw/siw/siw_qp_rx.c
>+++ b/drivers/infiniband/sw/siw/siw_qp_rx.c
>@@ -1072,6 +1072,16 @@ static int siw_get_hdr(struct siw_rx_stream
>*srx)
> 		siw_dbg_qp(rx_qp(srx), "new header, opcode %u\n", opcode);
> 	} else {
> 		opcode = __rdmap_get_opcode(c_hdr);
>+
>+		if (opcode > RDMAP_TERMINATE) {
>+			pr_warn("siw: received unknown packet type %u\n",
>+				opcode);
>+
>+			siw_init_terminate(rx_qp(srx), TERM_ERROR_LAYER_RDMAP,
>+					   RDMAP_ETYPE_REMOTE_OPERATION,
>+					   RDMAP_ECODE_OPCODE, 0);
>+			return -EINVAL;
>+		}
> 	}
> 	set_rx_fpdu_context(qp, opcode);
> 	frx = qp->rx_fpdu;
>-- 
>2.17.1
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ