lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20250407162559.GA1562048@ziepe.ca>
Date: Mon, 7 Apr 2025 13:25:59 -0300
From: Jason Gunthorpe <jgg@...pe.ca>
To: luoqing <l1138897701@....com>
Cc: luoqing@...inos.cn, Leon Romanovsky <leon@...nel.org>,
	linux-rdma@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] rdma: infiniband: Added __alloc_cq request value Return
 value non-zero value determination

On Mon, Apr 07, 2025 at 05:33:41PM +0800, luoqing wrote:
> From: luoqing <luoqing@...inos.cn>
> 
> When the kernel allocates memory for completion queue object ib_cq on the specified
> InfiniBand device dev and ensures that the allocated memory is cleared to zero,
> if the ib_cq object is not initialized to 0, a non-null value is still returned,
> and the kernel should exit and give a warning.
> Avoid kernel crash when this memory is initialized.

?? This doesn't make any sense.

> ib_mad_init_device
> 	-->ib_mad_port_open
> 		-->__ib_alloc_cq
> 			-->rdma_zalloc_drv_obj(dev, ib_cq);

rdma_zalloc_drv_obj() must return memory that is validly castable to
the struct ib_cq.

> When ib_cq is zero, the return value of cq is ZERO_SIZE_PTR ((void *)16) and is not non-null
> cq = rdma_zalloc_drv_obj(dev, ib_cq);

It looks to me like the driver returned the wrong size for the ib_cq
in the ops->size_ib_cq. It is not allowed to be 0 if the driver is
supporting cq.

Arguably we should check that the size_* pointers have the requirement
minimum size when registering the driver.

Allocation time is too late.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ