| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Jan 2022 09:35:00 +0200
From: Leon Romanovsky <leon@...nel.org>
To: Jason Gunthorpe <jgg@...dia.com>
Cc: Maor Gottlieb <maorg@...dia.com>, linux-kernel@...r.kernel.org,
linux-rdma@...r.kernel.org
Subject: [PATCH rdma-next 1/3] RDMA/cma: Use correct address when leaving multicast group
From: Maor Gottlieb <maorg@...dia.com>
In RoCE we should use cma_iboe_set_mgid and not cma_set_mgid to generate
the mgid, otherwise we will try to remove incorrect address.
Fixes: b5de0c60cc30 ("RDMA/cma: Fix use after free race in roce multicast join")
Signed-off-by: Maor Gottlieb <maorg@...dia.com>
Signed-off-by: Leon Romanovsky <leonro@...dia.com>
---
drivers/infiniband/core/cma.c | 61 +++++++++++++++++------------------
1 file changed, 30 insertions(+), 31 deletions(-)
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index 27a00ce2e101..69c9a12dd14e 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -1830,6 +1830,31 @@ static void cma_release_port(struct rdma_id_private *id_priv)
mutex_unlock(&lock);
}
+static void cma_iboe_set_mgid(struct sockaddr *addr, union ib_gid *mgid,
+ enum ib_gid_type gid_type)
+{
+ struct sockaddr_in *sin = (struct sockaddr_in *)addr;
+ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr;
+
+ if (!cma_any_addr(addr) && addr->sa_family == AF_INET6) {
+ memcpy(mgid, &sin6->sin6_addr, sizeof(*mgid));
+ return;
+ }
+
+ memset(mgid, 0, sizeof(*mgid));
+ if (cma_any_addr(addr))
+ return;
+
+ /* AF_INET4 */
+ if (gid_type != IB_GID_TYPE_ROCE_UDP_ENCAP) {
+ mgid->raw[0] = 0xff;
+ mgid->raw[1] = 0x0e;
+ }
+ mgid->raw[10] = 0xff;
+ mgid->raw[11] = 0xff;
+ *(__be32 *)(&mgid->raw[12]) = sin->sin_addr.s_addr;
+}
+
static void destroy_mc(struct rdma_id_private *id_priv,
struct cma_multicast *mc)
{
@@ -1847,10 +1872,13 @@ static void destroy_mc(struct rdma_id_private *id_priv,
ndev = dev_get_by_index(dev_addr->net,
dev_addr->bound_dev_if);
if (ndev) {
+ enum ib_gid_type gid_type;
union ib_gid mgid;
- cma_set_mgid(id_priv, (struct sockaddr *)&mc->addr,
- &mgid);
+ gid_type = cma_get_default_gid_type(
+ id_priv->cma_dev, id_priv->id.port_num);
+ cma_iboe_set_mgid((struct sockaddr *)&mc->addr, &mgid,
+ gid_type);
if (!send_only)
cma_igmp_send(ndev, &mgid, false);
@@ -4702,35 +4730,6 @@ static int cma_join_ib_multicast(struct rdma_id_private *id_priv,
return PTR_ERR_OR_ZERO(mc->sa_mc);
}
-static void cma_iboe_set_mgid(struct sockaddr *addr, union ib_gid *mgid,
- enum ib_gid_type gid_type)
-{
- struct sockaddr_in *sin = (struct sockaddr_in *)addr;
- struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr;
-
- if (cma_any_addr(addr)) {
- memset(mgid, 0, sizeof *mgid);
- } else if (addr->sa_family == AF_INET6) {
- memcpy(mgid, &sin6->sin6_addr, sizeof *mgid);
- } else {
- mgid->raw[0] =
- (gid_type == IB_GID_TYPE_ROCE_UDP_ENCAP) ? 0 : 0xff;
- mgid->raw[1] =
- (gid_type == IB_GID_TYPE_ROCE_UDP_ENCAP) ? 0 : 0x0e;
- mgid->raw[2] = 0;
- mgid->raw[3] = 0;
- mgid->raw[4] = 0;
- mgid->raw[5] = 0;
- mgid->raw[6] = 0;
- mgid->raw[7] = 0;
- mgid->raw[8] = 0;
- mgid->raw[9] = 0;
- mgid->raw[10] = 0xff;
- mgid->raw[11] = 0xff;
- *(__be32 *)(&mgid->raw[12]) = sin->sin_addr.s_addr;
- }
-}
-
static int cma_iboe_join_multicast(struct rdma_id_private *id_priv,
struct cma_multicast *mc)
{
--
2.34.1
Powered by blists - more mailing lists