lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <913bc6783fd7a95fe71ad9454e01653ee6fb4a9a.1642491047.git.leonro@nvidia.com>
Date:   Tue, 18 Jan 2022 09:35:00 +0200
From:   Leon Romanovsky <leon@...nel.org>
To:     Jason Gunthorpe <jgg@...dia.com>
Cc:     Maor Gottlieb <maorg@...dia.com>, linux-kernel@...r.kernel.org,
        linux-rdma@...r.kernel.org
Subject: [PATCH rdma-next 1/3] RDMA/cma: Use correct address when leaving multicast group

From: Maor Gottlieb <maorg@...dia.com>

In RoCE we should use cma_iboe_set_mgid and not cma_set_mgid to generate
the mgid, otherwise we will try to remove incorrect address.

Fixes: b5de0c60cc30 ("RDMA/cma: Fix use after free race in roce multicast join")
Signed-off-by: Maor Gottlieb <maorg@...dia.com>
Signed-off-by: Leon Romanovsky <leonro@...dia.com>
---
 drivers/infiniband/core/cma.c | 61 +++++++++++++++++------------------
 1 file changed, 30 insertions(+), 31 deletions(-)

diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index 27a00ce2e101..69c9a12dd14e 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -1830,6 +1830,31 @@ static void cma_release_port(struct rdma_id_private *id_priv)
 	mutex_unlock(&lock);
 }
 
+static void cma_iboe_set_mgid(struct sockaddr *addr, union ib_gid *mgid,
+			      enum ib_gid_type gid_type)
+{
+	struct sockaddr_in *sin = (struct sockaddr_in *)addr;
+	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr;
+
+	if (!cma_any_addr(addr) && addr->sa_family == AF_INET6) {
+		memcpy(mgid, &sin6->sin6_addr, sizeof(*mgid));
+		return;
+	}
+
+	memset(mgid, 0, sizeof(*mgid));
+	if (cma_any_addr(addr))
+		return;
+
+	/* AF_INET4 */
+	if (gid_type != IB_GID_TYPE_ROCE_UDP_ENCAP) {
+		mgid->raw[0] = 0xff;
+		mgid->raw[1] = 0x0e;
+	}
+	mgid->raw[10] = 0xff;
+	mgid->raw[11] = 0xff;
+	*(__be32 *)(&mgid->raw[12]) = sin->sin_addr.s_addr;
+}
+
 static void destroy_mc(struct rdma_id_private *id_priv,
 		       struct cma_multicast *mc)
 {
@@ -1847,10 +1872,13 @@ static void destroy_mc(struct rdma_id_private *id_priv,
 			ndev = dev_get_by_index(dev_addr->net,
 						dev_addr->bound_dev_if);
 		if (ndev) {
+			enum ib_gid_type gid_type;
 			union ib_gid mgid;
 
-			cma_set_mgid(id_priv, (struct sockaddr *)&mc->addr,
-				     &mgid);
+			gid_type = cma_get_default_gid_type(
+				id_priv->cma_dev, id_priv->id.port_num);
+			cma_iboe_set_mgid((struct sockaddr *)&mc->addr, &mgid,
+					  gid_type);
 
 			if (!send_only)
 				cma_igmp_send(ndev, &mgid, false);
@@ -4702,35 +4730,6 @@ static int cma_join_ib_multicast(struct rdma_id_private *id_priv,
 	return PTR_ERR_OR_ZERO(mc->sa_mc);
 }
 
-static void cma_iboe_set_mgid(struct sockaddr *addr, union ib_gid *mgid,
-			      enum ib_gid_type gid_type)
-{
-	struct sockaddr_in *sin = (struct sockaddr_in *)addr;
-	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr;
-
-	if (cma_any_addr(addr)) {
-		memset(mgid, 0, sizeof *mgid);
-	} else if (addr->sa_family == AF_INET6) {
-		memcpy(mgid, &sin6->sin6_addr, sizeof *mgid);
-	} else {
-		mgid->raw[0] =
-			(gid_type == IB_GID_TYPE_ROCE_UDP_ENCAP) ? 0 : 0xff;
-		mgid->raw[1] =
-			(gid_type == IB_GID_TYPE_ROCE_UDP_ENCAP) ? 0 : 0x0e;
-		mgid->raw[2] = 0;
-		mgid->raw[3] = 0;
-		mgid->raw[4] = 0;
-		mgid->raw[5] = 0;
-		mgid->raw[6] = 0;
-		mgid->raw[7] = 0;
-		mgid->raw[8] = 0;
-		mgid->raw[9] = 0;
-		mgid->raw[10] = 0xff;
-		mgid->raw[11] = 0xff;
-		*(__be32 *)(&mgid->raw[12]) = sin->sin_addr.s_addr;
-	}
-}
-
 static int cma_iboe_join_multicast(struct rdma_id_private *id_priv,
 				   struct cma_multicast *mc)
 {
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ