From: Colin Ian King <colin.king@canonical.com>
To: Trond Myklebust <trond.myklebust@hammerspace.com>,
Anna Schumaker <anna.schumaker@netapp.com>,
"J. Bruce Fields" <bfields@fieldses.org>,
Chuck Lever <chuck.lever@oracle.com>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: re: xprtrdma: Prevent inline overflow
Date: Wed, 15 Jul 2020 16:56:58 +0100 [thread overview]
Message-ID: <ac00f855-e67c-b3d5-2be8-a18b07fcc8f8@canonical.com> (raw)
Hi,
Static analysis with Coverity has found a potential issue with the
header size calculations in source net/sunrpc/xprtrdma/rpc_rdma.c in
functions rpcrdma_max_call_header_size and rpcrdma_max_reply_header_size.
The commit in question is relatively old:
commit 302d3deb20682a076e1ab551821cacfdc81c5e4f
Author: Chuck Lever <chuck.lever@oracle.com>
Date: Mon May 2 14:41:05 2016 -0400
xprtrdma: Prevent inline overflow
The two issues are as follows:
Issue #1:
66 static unsigned int rpcrdma_max_call_header_size(unsigned int maxsegs)
67 {
68 unsigned int size;
69
70 /* Fixed header fields and list discriminators */
Unused value (UNUSED_VALUE)
71 size = RPCRDMA_HDRLEN_MIN;
72
73 /* Maximum Read list size */
74 size = maxsegs * rpcrdma_readchunk_maxsz * sizeof(__be32);
75
should the size assignment on line 74 be instead:
size += maxsegs * rpcrdma_readchunk_maxsz * sizeof(__be32);
Issue #2:
89 static unsigned int rpcrdma_max_reply_header_size(unsigned int maxsegs)
90 {
91 unsigned int size;
92
93 /* Fixed header fields and list discriminators */
Unused value (UNUSED_VALUE)
94 size = RPCRDMA_HDRLEN_MIN;
95
96 /* Maximum Write list size */
97 size = sizeof(__be32); /* segment count */
should the size assignment in line 97 be instead:
size += sizeof(__be32)?
Colin
next reply other threads:[~2020-07-15 15:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-15 15:56 Colin Ian King [this message]
2020-07-15 16:05 ` xprtrdma: Prevent inline overflow Chuck Lever
2020-07-15 16:07 ` Colin Ian King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ac00f855-e67c-b3d5-2be8-a18b07fcc8f8@canonical.com \
--to=colin.king@canonical.com \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).