[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <OF56E5E5C1.78489712-ON00258688.0032E2EA-00258688.003301A1@notes.na.collabserv.com>
Date: Fri, 26 Feb 2021 09:17:07 +0000
From: "Bernard Metzler" <BMT@...ich.ibm.com>
To: "Dinghao Liu" <dinghao.liu@....edu.cn>
Cc: "kjlu" <kjlu@....edu>, "Doug Ledford" <dledford@...hat.com>,
"Jason Gunthorpe" <jgg@...pe.ca>,
"linux-rdma" <linux-rdma@...r.kernel.org>,
"linux-kernel" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] RDMA/siw: Fix missing check in siw_get_hdr
-----"Dinghao Liu" <dinghao.liu@....edu.cn> wrote: -----
>To: dinghao.liu@....edu.cn, kjlu@....edu
>From: "Dinghao Liu" <dinghao.liu@....edu.cn>
>Date: 02/26/2021 08:56AM
>Cc: "Bernard Metzler" <bmt@...ich.ibm.com>, "Doug Ledford"
><dledford@...hat.com>, "Jason Gunthorpe" <jgg@...pe.ca>,
>linux-rdma@...r.kernel.org, linux-kernel@...r.kernel.org
>Subject: [EXTERNAL] [PATCH] RDMA/siw: Fix missing check in
>siw_get_hdr
>
>We should also check the range of opcode after calling
>__rdmap_get_opcode() in the else branch to prevent potential
>overflow.
Hi Dinghao,
No this is not needed. We always first read the minimum
header information (MPA len, DDP flags, RDMAP opcode,
STag, target offset). Only if we have received that
into local buffer, we check for the opcode this one time.
Now the opcode determines the remaining length of the
variably sized part of the header to be received.
We do not have to check the opcode again, since we
already received and checked it.
Best,
Bernard.
>
>Fixes: 8b6a361b8c482 ("rdma/siw: receive path")
>Signed-off-by: Dinghao Liu <dinghao.liu@....edu.cn>
>---
> drivers/infiniband/sw/siw/siw_qp_rx.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
>diff --git a/drivers/infiniband/sw/siw/siw_qp_rx.c
>b/drivers/infiniband/sw/siw/siw_qp_rx.c
>index 60116f20653c..301e7fe2c61a 100644
>--- a/drivers/infiniband/sw/siw/siw_qp_rx.c
>+++ b/drivers/infiniband/sw/siw/siw_qp_rx.c
>@@ -1072,6 +1072,16 @@ static int siw_get_hdr(struct siw_rx_stream
>*srx)
> siw_dbg_qp(rx_qp(srx), "new header, opcode %u\n", opcode);
> } else {
> opcode = __rdmap_get_opcode(c_hdr);
>+
>+ if (opcode > RDMAP_TERMINATE) {
>+ pr_warn("siw: received unknown packet type %u\n",
>+ opcode);
>+
>+ siw_init_terminate(rx_qp(srx), TERM_ERROR_LAYER_RDMAP,
>+ RDMAP_ETYPE_REMOTE_OPERATION,
>+ RDMAP_ECODE_OPCODE, 0);
>+ return -EINVAL;
>+ }
> }
> set_rx_fpdu_context(qp, opcode);
> frx = qp->rx_fpdu;
>--
>2.17.1
>
>
Powered by blists - more mailing lists