Linux-RDMA Archive on lore.kernel.org
 help / color / Atom feed
* [bug report] RDMA/uverbs: Expose the new GID query API to user space
@ 2020-10-22 13:38 Dan Carpenter
  0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2020-10-22 13:38 UTC (permalink / raw)
  To: avihaih; +Cc: linux-rdma

Hello Avihai Horon,

The patch 9f85cbe50aa0: "RDMA/uverbs: Expose the new GID query API to
user space" from Sep 23, 2020, leads to the following static checker
warning:

	drivers/infiniband/core/uverbs_std_types_device.c:338 ib_uverbs_handler_UVERBS_METHOD_QUERY_GID_TABLE()
	warn: 'max_entries' unsigned <= 0

drivers/infiniband/core/uverbs_std_types_device.c
   312  static int UVERBS_HANDLER(UVERBS_METHOD_QUERY_GID_TABLE)(
   313          struct uverbs_attr_bundle *attrs)
   314  {
   315          struct ib_uverbs_gid_entry *entries;
   316          struct ib_ucontext *ucontext;
   317          struct ib_device *ib_dev;
   318          size_t user_entry_size;
   319          ssize_t num_entries;
   320          size_t max_entries;
   321          size_t num_bytes;
   322          u32 flags;
   323          int ret;
   324  
   325          ret = uverbs_get_flags32(&flags, attrs,
   326                                   UVERBS_ATTR_QUERY_GID_TABLE_FLAGS, 0);
   327          if (ret)
   328                  return ret;
   329  
   330          ret = uverbs_get_const(&user_entry_size, attrs,
   331                                 UVERBS_ATTR_QUERY_GID_TABLE_ENTRY_SIZE);
   332          if (ret)
   333                  return ret;
   334  
   335          max_entries = uverbs_attr_ptr_get_array_size(
   336                  attrs, UVERBS_ATTR_QUERY_GID_TABLE_RESP_ENTRIES,
   337                  user_entry_size);
   338          if (max_entries <= 0)
                    ^^^^^^^^^^^^^^^^
size_t is unsigned so negative returns from uverbs_attr_ptr_get_array_size()
are treated as high postives.

   339                  return -EINVAL;
   340  
   341          ucontext = ib_uverbs_get_ucontext(attrs);
   342          if (IS_ERR(ucontext))
   343                  return PTR_ERR(ucontext);
   344          ib_dev = ucontext->device;
   345  
   346          if (check_mul_overflow(max_entries, sizeof(*entries), &num_bytes))
   347                  return -EINVAL;
   348  
   349          entries = uverbs_zalloc(attrs, num_bytes);
   350          if (!entries)
   351                  return -ENOMEM;
   352  

regards,
dan carpenter

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-22 13:38 [bug report] RDMA/uverbs: Expose the new GID query API to user space Dan Carpenter

Linux-RDMA Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-rdma/0 linux-rdma/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-rdma linux-rdma/ https://lore.kernel.org/linux-rdma \
		linux-rdma@vger.kernel.org
	public-inbox-index linux-rdma

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-rdma


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git