linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* re: xprtrdma: Prevent inline overflow
@ 2020-07-15 15:56 Colin Ian King
  2020-07-15 16:05 ` Chuck Lever
  0 siblings, 1 reply; 3+ messages in thread
From: Colin Ian King @ 2020-07-15 15:56 UTC (permalink / raw)
  To: Trond Myklebust, Anna Schumaker, J. Bruce Fields, Chuck Lever,
	David S. Miller, Jakub Kicinski, linux-nfs, netdev
  Cc: linux-kernel

Hi,

Static analysis with Coverity has found a potential issue with the
header size calculations in source net/sunrpc/xprtrdma/rpc_rdma.c in
functions rpcrdma_max_call_header_size and rpcrdma_max_reply_header_size.

The commit in question is relatively old:

commit 302d3deb20682a076e1ab551821cacfdc81c5e4f
Author: Chuck Lever <chuck.lever@oracle.com>
Date:   Mon May 2 14:41:05 2016 -0400

    xprtrdma: Prevent inline overflow

The two issues are as follows:

Issue #1:

66 static unsigned int rpcrdma_max_call_header_size(unsigned int maxsegs)
 67 {
 68        unsigned int size;
 69
 70        /* Fixed header fields and list discriminators */

Unused value (UNUSED_VALUE)

 71        size = RPCRDMA_HDRLEN_MIN;
 72
 73        /* Maximum Read list size */
 74        size = maxsegs * rpcrdma_readchunk_maxsz * sizeof(__be32);
 75

should the size assignment on line 74 be instead:

	size += maxsegs * rpcrdma_readchunk_maxsz * sizeof(__be32);


Issue #2:

 89 static unsigned int rpcrdma_max_reply_header_size(unsigned int maxsegs)
 90 {
 91        unsigned int size;
 92
 93        /* Fixed header fields and list discriminators */

Unused value (UNUSED_VALUE)

 94        size = RPCRDMA_HDRLEN_MIN;
 95
 96        /* Maximum Write list size */
 97        size = sizeof(__be32);          /* segment count */

should the size assignment in line 97 be instead:

 	size += sizeof(__be32)?


Colin



^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: xprtrdma: Prevent inline overflow
  2020-07-15 15:56 xprtrdma: Prevent inline overflow Colin Ian King
@ 2020-07-15 16:05 ` Chuck Lever
  2020-07-15 16:07   ` Colin Ian King
  0 siblings, 1 reply; 3+ messages in thread
From: Chuck Lever @ 2020-07-15 16:05 UTC (permalink / raw)
  To: Colin Ian King
  Cc: Trond Myklebust, Anna Schumaker, Bruce Fields, David S. Miller,
	Jakub Kicinski, Linux NFS Mailing List, netdev, linux-kernel



> On Jul 15, 2020, at 11:56 AM, Colin Ian King <colin.king@canonical.com> wrote:
> 
> Hi,
> 
> Static analysis with Coverity has found a potential issue with the
> header size calculations in source net/sunrpc/xprtrdma/rpc_rdma.c in
> functions rpcrdma_max_call_header_size and rpcrdma_max_reply_header_size.
> 
> The commit in question is relatively old:
> 
> commit 302d3deb20682a076e1ab551821cacfdc81c5e4f
> Author: Chuck Lever <chuck.lever@oracle.com>
> Date:   Mon May 2 14:41:05 2016 -0400
> 
>    xprtrdma: Prevent inline overflow
> 
> The two issues are as follows:
> 
> Issue #1:
> 
> 66 static unsigned int rpcrdma_max_call_header_size(unsigned int maxsegs)
> 67 {
> 68        unsigned int size;
> 69
> 70        /* Fixed header fields and list discriminators */
> 
> Unused value (UNUSED_VALUE)
> 
> 71        size = RPCRDMA_HDRLEN_MIN;
> 72
> 73        /* Maximum Read list size */
> 74        size = maxsegs * rpcrdma_readchunk_maxsz * sizeof(__be32);
> 75
> 
> should the size assignment on line 74 be instead:
> 
> 	size += maxsegs * rpcrdma_readchunk_maxsz * sizeof(__be32);
> 
> 
> Issue #2:
> 
> 89 static unsigned int rpcrdma_max_reply_header_size(unsigned int maxsegs)
> 90 {
> 91        unsigned int size;
> 92
> 93        /* Fixed header fields and list discriminators */
> 
> Unused value (UNUSED_VALUE)
> 
> 94        size = RPCRDMA_HDRLEN_MIN;
> 95
> 96        /* Maximum Write list size */
> 97        size = sizeof(__be32);          /* segment count */
> 
> should the size assignment in line 97 be instead:
> 
> 	size += sizeof(__be32)?

Colin, Yes to both questions. Can you send a fix to Anna?

--
Chuck Lever




^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: xprtrdma: Prevent inline overflow
  2020-07-15 16:05 ` Chuck Lever
@ 2020-07-15 16:07   ` Colin Ian King
  0 siblings, 0 replies; 3+ messages in thread
From: Colin Ian King @ 2020-07-15 16:07 UTC (permalink / raw)
  To: Chuck Lever
  Cc: Trond Myklebust, Anna Schumaker, Bruce Fields, David S. Miller,
	Jakub Kicinski, Linux NFS Mailing List, netdev, linux-kernel

On 15/07/2020 17:05, Chuck Lever wrote:
> 
> 
>> On Jul 15, 2020, at 11:56 AM, Colin Ian King <colin.king@canonical.com> wrote:
>>
>> Hi,
>>
>> Static analysis with Coverity has found a potential issue with the
>> header size calculations in source net/sunrpc/xprtrdma/rpc_rdma.c in
>> functions rpcrdma_max_call_header_size and rpcrdma_max_reply_header_size.
>>
>> The commit in question is relatively old:
>>
>> commit 302d3deb20682a076e1ab551821cacfdc81c5e4f
>> Author: Chuck Lever <chuck.lever@oracle.com>
>> Date:   Mon May 2 14:41:05 2016 -0400
>>
>>    xprtrdma: Prevent inline overflow
>>
>> The two issues are as follows:
>>
>> Issue #1:
>>
>> 66 static unsigned int rpcrdma_max_call_header_size(unsigned int maxsegs)
>> 67 {
>> 68        unsigned int size;
>> 69
>> 70        /* Fixed header fields and list discriminators */
>>
>> Unused value (UNUSED_VALUE)
>>
>> 71        size = RPCRDMA_HDRLEN_MIN;
>> 72
>> 73        /* Maximum Read list size */
>> 74        size = maxsegs * rpcrdma_readchunk_maxsz * sizeof(__be32);
>> 75
>>
>> should the size assignment on line 74 be instead:
>>
>> 	size += maxsegs * rpcrdma_readchunk_maxsz * sizeof(__be32);
>>
>>
>> Issue #2:
>>
>> 89 static unsigned int rpcrdma_max_reply_header_size(unsigned int maxsegs)
>> 90 {
>> 91        unsigned int size;
>> 92
>> 93        /* Fixed header fields and list discriminators */
>>
>> Unused value (UNUSED_VALUE)
>>
>> 94        size = RPCRDMA_HDRLEN_MIN;
>> 95
>> 96        /* Maximum Write list size */
>> 97        size = sizeof(__be32);          /* segment count */
>>
>> should the size assignment in line 97 be instead:
>>
>> 	size += sizeof(__be32)?
> 
> Colin, Yes to both questions. Can you send a fix to Anna?

OK, thanks for confirming. Will send a fix in the next hour or so.

Colin
> 
> --
> Chuck Lever
> 
> 
> 


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-07-15 16:08 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-15 15:56 xprtrdma: Prevent inline overflow Colin Ian King
2020-07-15 16:05 ` Chuck Lever
2020-07-15 16:07   ` Colin Ian King

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).