| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <780facb8-b308-4e11-a7e7-7c258545e9e1@kernel.dk>
Date: Thu, 31 Oct 2024 11:41:08 -0600
From: Jens Axboe <axboe@...nel.dk>
To: George Rurikov <grurikov@...il.com>, Christoph Hellwig <hch@....de>
Cc: MrRurikov <grurikov@...l.com>, Sagi Grimberg <sagi@...mberg.me>,
Chaitanya Kulkarni <kch@...dia.com>, Keith Busch <kbusch@...nel.org>,
Israel Rukshin <israelr@...lanox.com>, Max Gurtovoy <maxg@...lanox.com>,
linux-nvme@...ts.infradead.org, linux-kernel@...r.kernel.org,
stable@...r.kernel.org, George Rurikov <g.ryurikov@...uritycode.ru>
Subject: Re: [PATCH] nvme: rdma: Add check for queue in
nvmet_rdma_cm_handler()
> diff --git a/drivers/nvme/target/rdma.c b/drivers/nvme/target/rdma.c
> index 1b6264fa5803..becebc95f349 100644
> --- a/drivers/nvme/target/rdma.c
> +++ b/drivers/nvme/target/rdma.c
> @@ -1770,8 +1770,10 @@ static int nvmet_rdma_cm_handler(struct rdma_cm_id *cm_id,
> ret = nvmet_rdma_queue_connect(cm_id, event);
> break;
> case RDMA_CM_EVENT_ESTABLISHED:
> - nvmet_rdma_queue_established(queue);
> - break;
> + if (!queue) {
> + nvmet_rdma_queue_established(queue);
> + break;
> + }
This, and the other hunks, just look like nonsense. Why on earth verify
that the queue is NULL, then not use NULL after that. Let alone that
whatever you pass it into happily dereference it, and now you've also
got fallthrough errors all over the place.
This needs to go back to the drawing board. I'd worry a lot more about
bad code than "potentially malicious hardware", to be honest.
--
Jens Axboe
Powered by blists - more mailing lists