| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20181220171319.GB3940@mtr-leonro.mtl.com>
Date: Thu, 20 Dec 2018 19:13:19 +0200
From: Leon Romanovsky <leon@...nel.org>
To: Jason Gunthorpe <jgg@...lanox.com>
Cc: Doug Ledford <dledford@...hat.com>,
Yishai Hadas <yishaih@...lanox.com>,
RDMA mailing list <linux-rdma@...r.kernel.org>,
Achiad Shochat <achiad@...lanox.com>,
Saeed Mahameed <saeedm@...lanox.com>,
linux-netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH mlx5-next] IB/mlx5: Prevent allocating UMEM and UCTX as
some general object
On Thu, Dec 20, 2018 at 05:02:12PM +0000, Jason Gunthorpe wrote:
> On Thu, Dec 20, 2018 at 08:21:33AM +0200, Leon Romanovsky wrote:
> > On Wed, Dec 19, 2018 at 07:14:12PM +0000, Jason Gunthorpe wrote:
> > > On Wed, Dec 19, 2018 at 04:28:15PM +0200, Leon Romanovsky wrote:
> > > > From: Yishai Hadas <yishaih@...lanox.com>
> > > >
> > > > The driver needs to prevent a user space application to create a
> > > > UMEM and UCTX via the general object command.
> > > >
> > > > The UMEM must go through the kernel UMEM_REG method to prevent the user
> > > > from setting physical addresses by himself. The UCTX is some internal
> > > > kernel object and shouldn't be exposed.
> > > >
> > > > As of not being any more part of the general object the caps bits were
> > > > moved to be some log_xxx indication in the general HCA caps, 0 means not
> > > > supported.
> > > >
> > > > The firmware code was adapted as well to match the above.
> > >
> > > This commit message is a bit wonky.. how about
> > >
> > > IB/mlx5: Use the correct commands for UMEM and UCTX allocation
> > >
> > > During testing the command format was changed to close a security
> > > hole. Revise the driver to use the command format that will actually
> > > be supported in GA firmware.
> > >
> > > Both the UMEM and UCTX are intended only for use by the kernel and
> > > cannot be executed using a general command.
> > >
> > > Since the UMEM and CTX are not part of the general object the caps
> > > bits were moved to be some log_xxx location in the general HCA caps.
> >
> > I'm fine with this description too.
> >
> > >
> > > > Signed-off-by: Yishai Hadas <yishaih@...lanox.com>
> > > > Reviewed-by: Achiad Shochat <achiad@...lanox.com>
> > > > Signed-off-by: Leon Romanovsky <leonro@...lanox.com>
> > >
> > > Also add a fixes line please, any kernel with the devx needs this
> > > patch to work with GA firmware.
> >
> > Fixes: a8b92ca1b0e5 ("IB/mlx5: Introduce DEVX")
> >
> > >
> > > > drivers/infiniband/hw/mlx5/devx.c | 34 ++++++++---------
> > > > drivers/infiniband/hw/mlx5/main.c | 3 +-
> > > > include/linux/mlx5/mlx5_ifc.h | 62 +++++++++++++++++++++----------
> > > > 3 files changed, 58 insertions(+), 41 deletions(-)
> > >
> > > Otherwise the patch looks fine, please apply to the shared branch..
> >
> > Jason,
> >
> > I have procedural question. This patch is based on rdma-next and there
> > is diversion in both devx.c and main.c in those areas, enough do not
> > apply cleanly. Will it be easier if you take this patch to rdma-next,
> > instead me applying different patch to mlx5-next and you hitting merge
> > conflict later on while trying to merge it into rdma-next?
>
> Sure, but it has the unsplit _ifc update...
If it was possible, I wouldn't bother you. This change should be as one
piece otherwise we will have failed to build patch.
>
> I think we are at the end of the cycle so this probably won't make a
> conflict - lets just go in RDMA then.
From what I see in queues, you are right, merge conflict is unlikely to happen.
Thanks
>
> Jason
Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)
Powered by blists - more mailing lists