* [PATCH] RDMA/irdma: Initialize struct members in irdma_reg_user_mr()
@ 2022-05-24 15:23 Dan Carpenter
2022-05-24 15:35 ` Saleem, Shiraz
2022-05-24 15:36 ` Jason Gunthorpe
0 siblings, 2 replies; 6+ messages in thread
From: Dan Carpenter @ 2022-05-24 15:23 UTC (permalink / raw)
To: Mustafa Ismail
Cc: Shiraz Saleem, Jason Gunthorpe, Leon Romanovsky, linux-rdma,
kernel-janitors
The ib_copy_from_udata() function does not always initialize the whole
struct. It depends on the value of udata->inlen. So initialize it to
zero at the start.
Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb APIs")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
What I know is that RDMA takes fast paths very seriously.
This is probably a fast path so you may want to implement a different
solution. If you want to do something else then, just feel free to do
that and give me a Reported-by tag.
That business about you guys trying to explain what you want me to type
and then I wait for a day and resend but I misunderstood something so
I have to redo it again. You all are very dear to my heart, but what a
headache! None of us need a long back an forth over trivial stuff like
this. It's just easier for everyone if people write their own patches.
It takes five minutes instead of three days or whatever.
drivers/infiniband/hw/irdma/verbs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/irdma/verbs.c b/drivers/infiniband/hw/irdma/verbs.c
index c4412ece5a6d..8f4a6b7ebcce 100644
--- a/drivers/infiniband/hw/irdma/verbs.c
+++ b/drivers/infiniband/hw/irdma/verbs.c
@@ -2741,7 +2741,7 @@ static struct ib_mr *irdma_reg_user_mr(struct ib_pd *pd, u64 start, u64 len,
struct irdma_pbl *iwpbl;
struct irdma_mr *iwmr;
struct ib_umem *region;
- struct irdma_mem_reg_req req;
+ struct irdma_mem_reg_req req = {};
u32 total, stag = 0;
u8 shadow_pgcnt = 1;
bool use_pbles = false;
--
2.35.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* RE: [PATCH] RDMA/irdma: Initialize struct members in irdma_reg_user_mr()
2022-05-24 15:23 [PATCH] RDMA/irdma: Initialize struct members in irdma_reg_user_mr() Dan Carpenter
@ 2022-05-24 15:35 ` Saleem, Shiraz
2022-05-24 15:36 ` Jason Gunthorpe
1 sibling, 0 replies; 6+ messages in thread
From: Saleem, Shiraz @ 2022-05-24 15:35 UTC (permalink / raw)
To: Dan Carpenter, Ismail, Mustafa
Cc: Jason Gunthorpe, Leon Romanovsky, linux-rdma, kernel-janitors
> Subject: [PATCH] RDMA/irdma: Initialize struct members in irdma_reg_user_mr()
>
> The ib_copy_from_udata() function does not always initialize the whole struct. It
> depends on the value of udata->inlen. So initialize it to zero at the start.
>
> Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb APIs")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
Acked-by: Shiraz Saleem <shiraz.saleem@intel.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] RDMA/irdma: Initialize struct members in irdma_reg_user_mr()
2022-05-24 15:23 [PATCH] RDMA/irdma: Initialize struct members in irdma_reg_user_mr() Dan Carpenter
2022-05-24 15:35 ` Saleem, Shiraz
@ 2022-05-24 15:36 ` Jason Gunthorpe
2022-05-24 16:53 ` Saleem, Shiraz
1 sibling, 1 reply; 6+ messages in thread
From: Jason Gunthorpe @ 2022-05-24 15:36 UTC (permalink / raw)
To: Dan Carpenter
Cc: Mustafa Ismail, Shiraz Saleem, Leon Romanovsky, linux-rdma,
kernel-janitors
On Tue, May 24, 2022 at 06:23:53PM +0300, Dan Carpenter wrote:
> The ib_copy_from_udata() function does not always initialize the whole
> struct. It depends on the value of udata->inlen. So initialize it to
> zero at the start.
>
> Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb APIs")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> What I know is that RDMA takes fast paths very seriously.
>
> This is probably a fast path so you may want to implement a different
> solution. If you want to do something else then, just feel free to do
> that and give me a Reported-by tag.
This isn't fast path..
But the bug here is not validating inlen properly and should be fixed
there, not by zero-initing and allowing userspace to pass in an
invalid inlen..
Jason
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [PATCH] RDMA/irdma: Initialize struct members in irdma_reg_user_mr()
2022-05-24 15:36 ` Jason Gunthorpe
@ 2022-05-24 16:53 ` Saleem, Shiraz
2022-05-25 17:54 ` Jason Gunthorpe
0 siblings, 1 reply; 6+ messages in thread
From: Saleem, Shiraz @ 2022-05-24 16:53 UTC (permalink / raw)
To: Jason Gunthorpe, Dan Carpenter
Cc: Ismail, Mustafa, Leon Romanovsky, linux-rdma, kernel-janitors
> Subject: Re: [PATCH] RDMA/irdma: Initialize struct members in
> irdma_reg_user_mr()
>
> On Tue, May 24, 2022 at 06:23:53PM +0300, Dan Carpenter wrote:
> > The ib_copy_from_udata() function does not always initialize the whole
> > struct. It depends on the value of udata->inlen. So initialize it to
> > zero at the start.
> >
> > Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb
> > APIs")
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> What I know is
> > that RDMA takes fast paths very seriously.
> >
> > This is probably a fast path so you may want to implement a different
> > solution. If you want to do something else then, just feel free to do
> > that and give me a Reported-by tag.
>
> This isn't fast path..
>
> But the bug here is not validating inlen properly and should be fixed there, not by
> zero-initing and allowing userspace to pass in an invalid inlen..
>
Hi Jason -
So something like this is appropriate?
diff --git a/drivers/infiniband/hw/irdma/verbs.c b/drivers/infiniband/hw/irdma/verbs.c
index 52f3e88..aecfedc 100644
--- a/drivers/infiniband/hw/irdma/verbs.c
+++ b/drivers/infiniband/hw/irdma/verbs.c
@@ -2735,6 +2735,9 @@ static struct ib_mr *irdma_reg_user_mr(struct ib_pd *pd, u64 start, u64 len,
if (len > iwdev->rf->sc_dev.hw_attrs.max_mr_size)
return ERR_PTR(-EINVAL);
+ if (udata->inlen < sizeof(req))
+ return ERR_PTR(-EINVAL);
+
region = ib_umem_get(pd->device, start, len, access);
if (IS_ERR(region)) {
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] RDMA/irdma: Initialize struct members in irdma_reg_user_mr()
2022-05-24 16:53 ` Saleem, Shiraz
@ 2022-05-25 17:54 ` Jason Gunthorpe
2022-05-25 23:41 ` Saleem, Shiraz
0 siblings, 1 reply; 6+ messages in thread
From: Jason Gunthorpe @ 2022-05-25 17:54 UTC (permalink / raw)
To: Saleem, Shiraz
Cc: Dan Carpenter, Ismail, Mustafa, Leon Romanovsky, linux-rdma,
kernel-janitors
On Tue, May 24, 2022 at 04:53:46PM +0000, Saleem, Shiraz wrote:
> > Subject: Re: [PATCH] RDMA/irdma: Initialize struct members in
> > irdma_reg_user_mr()
> >
> > On Tue, May 24, 2022 at 06:23:53PM +0300, Dan Carpenter wrote:
> > > The ib_copy_from_udata() function does not always initialize the whole
> > > struct. It depends on the value of udata->inlen. So initialize it to
> > > zero at the start.
> > >
> > > Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb
> > > APIs")
> > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> What I know is
> > > that RDMA takes fast paths very seriously.
> > >
> > > This is probably a fast path so you may want to implement a different
> > > solution. If you want to do something else then, just feel free to do
> > > that and give me a Reported-by tag.
> >
> > This isn't fast path..
> >
> > But the bug here is not validating inlen properly and should be fixed there, not by
> > zero-initing and allowing userspace to pass in an invalid inlen..
> >
> Hi Jason -
>
> So something like this is appropriate?
Yes
Jason
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [PATCH] RDMA/irdma: Initialize struct members in irdma_reg_user_mr()
2022-05-25 17:54 ` Jason Gunthorpe
@ 2022-05-25 23:41 ` Saleem, Shiraz
0 siblings, 0 replies; 6+ messages in thread
From: Saleem, Shiraz @ 2022-05-25 23:41 UTC (permalink / raw)
To: Jason Gunthorpe
Cc: Dan Carpenter, Ismail, Mustafa, Leon Romanovsky, linux-rdma,
kernel-janitors
> Subject: Re: [PATCH] RDMA/irdma: Initialize struct members in
> irdma_reg_user_mr()
>
> On Tue, May 24, 2022 at 04:53:46PM +0000, Saleem, Shiraz wrote:
> > > Subject: Re: [PATCH] RDMA/irdma: Initialize struct members in
> > > irdma_reg_user_mr()
> > >
> > > On Tue, May 24, 2022 at 06:23:53PM +0300, Dan Carpenter wrote:
> > > > The ib_copy_from_udata() function does not always initialize the
> > > > whole struct. It depends on the value of udata->inlen. So
> > > > initialize it to zero at the start.
> > > >
> > > > Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb
> > > > APIs")
> > > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> What I
> > > > know is that RDMA takes fast paths very seriously.
> > > >
> > > > This is probably a fast path so you may want to implement a
> > > > different solution. If you want to do something else then, just
> > > > feel free to do that and give me a Reported-by tag.
> > >
> > > This isn't fast path..
> > >
> > > But the bug here is not validating inlen properly and should be
> > > fixed there, not by zero-initing and allowing userspace to pass in an invalid
> inlen..
> > >
> > Hi Jason -
> >
> > So something like this is appropriate?
>
> Yes
>
Ok. Thanks. It seems we have other places in irdma which should be fixed this way too. I will send a fix.
Shiraz
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-05-25 23:41 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-24 15:23 [PATCH] RDMA/irdma: Initialize struct members in irdma_reg_user_mr() Dan Carpenter
2022-05-24 15:35 ` Saleem, Shiraz
2022-05-24 15:36 ` Jason Gunthorpe
2022-05-24 16:53 ` Saleem, Shiraz
2022-05-25 17:54 ` Jason Gunthorpe
2022-05-25 23:41 ` Saleem, Shiraz
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.