linux/include/rdma
Noa Osherovich 498ca3c82a IB/core: Avoid accessing non-allocated memory when inferring port type
Commit 44c58487d5 ("IB/core: Define 'ib' and 'roce' rdma_ah_attr types")
introduced the concept of type in ah_attr:
 * During ib_register_device, each port is checked for its type which
   is stored in ib_device's port_immutable array.
 * During uverbs' modify_qp, the type is inferred using the port number
   in ib_uverbs_qp_dest struct (address vector) by accessing the
   relevant port_immutable array and the type is passed on to
   providers.

IB spec (version 1.3) enforces a valid port value only in Reset to
Init. During Init to RTR, the address vector must be valid but port
number is not mentioned as a field in the address vector, so its
value is not validated, which leads to accesses to a non-allocated
memory when inferring the port type.

Save the real port number in ib_qp during modify to Init (when the
comp_mask indicates that the port number is valid) and use this value
to infer the port type.

Avoid copying the address vector fields if the matching bit is not set
in the attr_mask. Address vector can't be modified before the port, so
no valid flow is affected.

Fixes: 44c58487d5 ('IB/core: Define 'ib' and 'roce' rdma_ah_attr types')
Signed-off-by: Noa Osherovich <noaos@mellanox.com>
Reviewed-by: Yishai Hadas <yishaih@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2017-08-24 15:33:33 -04:00
..
ib.h new helper: uaccess_kernel() 2017-03-28 16:43:25 -04:00
ib_addr.h IB/cma: Fix reference count leak when no ipv4 addresses are set 2017-07-20 11:24:13 -04:00
ib_cache.h RDMA/core: export ib_get_cached_port_state 2017-01-12 23:00:00 -05:00
ib_cm.h IB/SA: Rename ib_sa_path_rec to sa_path_rec 2017-05-01 14:37:28 -04:00
ib_fmr_pool.h
ib_hdrs.h IB/hfi1: Use defines from common headers 2017-04-28 13:48:01 -04:00
ib_mad.h IB/core: Enforce security on management datagrams 2017-05-23 12:27:21 -04:00
ib_marshall.h IB/SA: Rename ib_sa_path_rec to sa_path_rec 2017-05-01 14:37:28 -04:00
ib_pack.h IB/hfi1: Add transmit fault injection feature 2017-04-05 14:45:09 -04:00
ib_pma.h IB/core: Display extended counter set if available 2015-12-23 15:58:30 -05:00
ib_sa.h RDMA/SA: Fix kernel panic in CMA request handler flow 2017-06-01 17:20:14 -04:00
ib_smi.h IB/core: Move SM class defines from ib_mad.h to ib_smi.h 2015-09-03 15:50:32 -04:00
ib_umem.h IB/umem: Add contiguous ODP support 2017-04-25 15:40:28 -04:00
ib_umem_odp.h IB/umem: Add support to huge ODP 2017-04-25 15:40:28 -04:00
ib_verbs.h IB/core: Avoid accessing non-allocated memory when inferring port type 2017-08-24 15:33:33 -04:00
iw_cm.h rdma_cm: add rdma_reject_msg() helper function 2016-12-14 11:38:28 -05:00
iw_portmap.h RDMA/core: Enable the iWarp Port Mapper to provide the actual address of the connecting peer to its clients 2015-05-05 09:18:01 -04:00
mr_pool.h IB/core: add a simple MR pool 2016-05-13 13:37:18 -04:00
opa_addr.h IB/SA: Add OPA addr header 2017-05-01 16:35:59 -04:00
opa_port_info.h IB/hfi1: Virtual Network Interface Controller (VNIC) HW support 2017-04-20 15:19:35 -04:00
opa_smi.h IB/mad: Eliminate redundant SM class version defines for OPA 2016-12-14 11:01:58 -05:00
opa_vnic.h IB/opa-vnic: Virtual Network Interface Controller (VNIC) interface 2017-04-20 12:01:38 -04:00
rdma_cm.h IB/SA: Rename ib_sa_path_rec to sa_path_rec 2017-05-01 14:37:28 -04:00
rdma_cm_ib.h IB/SA: Rename ib_sa_path_rec to sa_path_rec 2017-05-01 14:37:28 -04:00
rdma_netlink.h RDMA/netlink: Reduce exposure of RDMA netlink functions 2017-06-01 17:20:11 -04:00
rdma_vt.h IB/{rdmavt, qib, hfi1}: Remove gfp flags argument 2017-07-17 21:21:23 -04:00
rdmavt_cq.h IB/rdmavt: Add completion queue functions 2016-03-10 20:37:24 -05:00
rdmavt_mr.h IB/hfi1, rdmavt: Move SGE state helper routines into rdmavt 2017-02-19 09:18:41 -05:00
rdmavt_qp.h IB/rdmavt: Setting of QP timeout can overflow jiffies computation 2017-07-20 11:20:50 -04:00
rw.h IB/core: add RW API support for signature MRs 2016-05-13 13:37:20 -04:00
uverbs_std_types.h IB/core: Change completion channel to use the reworked objects schema 2017-04-05 13:28:04 -04:00
uverbs_types.h IB/core: Rename write flag to exclusive in rdma_core 2017-04-20 11:44:07 -04:00