| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250407162559.GA1562048@ziepe.ca> Date: Mon, 7 Apr 2025 13:25:59 -0300 From: Jason Gunthorpe <jgg@...pe.ca> To: luoqing <l1138897701@....com> Cc: luoqing@...inos.cn, Leon Romanovsky <leon@...nel.org>, linux-rdma@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] rdma: infiniband: Added __alloc_cq request value Return value non-zero value determination On Mon, Apr 07, 2025 at 05:33:41PM +0800, luoqing wrote: > From: luoqing <luoqing@...inos.cn> > > When the kernel allocates memory for completion queue object ib_cq on the specified > InfiniBand device dev and ensures that the allocated memory is cleared to zero, > if the ib_cq object is not initialized to 0, a non-null value is still returned, > and the kernel should exit and give a warning. > Avoid kernel crash when this memory is initialized. ?? This doesn't make any sense. > ib_mad_init_device > -->ib_mad_port_open > -->__ib_alloc_cq > -->rdma_zalloc_drv_obj(dev, ib_cq); rdma_zalloc_drv_obj() must return memory that is validly castable to the struct ib_cq. > When ib_cq is zero, the return value of cq is ZERO_SIZE_PTR ((void *)16) and is not non-null > cq = rdma_zalloc_drv_obj(dev, ib_cq); It looks to me like the driver returned the wrong size for the ib_cq in the ops->size_ib_cq. It is not allowed to be 0 if the driver is supporting cq. Arguably we should check that the size_* pointers have the requirement minimum size when registering the driver. Allocation time is too late. Jason
Powered by blists - more mailing lists