tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma

Pull rdma fix from Jason Gunthorpe:
"One bug for missing user input validation: refuse invalid port numbers
in the modify_qp system call"

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
RDMA/uverbs: Expand primary and alt AV port checks

Linus Torvalds f6229c39 71abe042

+54 -5
+54 -5
drivers/infiniband/core/uverbs_cmd.c
··· 1984 1984 goto release_qp; 1985 1985 } 1986 1986 1987 - if ((cmd->base.attr_mask & IB_QP_AV) && 1988 - !rdma_is_port_valid(qp->device, cmd->base.dest.port_num)) { 1989 - ret = -EINVAL; 1990 - goto release_qp; 1987 + if ((cmd->base.attr_mask & IB_QP_AV)) { 1988 + if (!rdma_is_port_valid(qp->device, cmd->base.dest.port_num)) { 1989 + ret = -EINVAL; 1990 + goto release_qp; 1991 + } 1992 + 1993 + if (cmd->base.attr_mask & IB_QP_STATE && 1994 + cmd->base.qp_state == IB_QPS_RTR) { 1995 + /* We are in INIT->RTR TRANSITION (if we are not, 1996 + * this transition will be rejected in subsequent checks). 1997 + * In the INIT->RTR transition, we cannot have IB_QP_PORT set, 1998 + * but the IB_QP_STATE flag is required. 1999 + * 2000 + * Since kernel 3.14 (commit dbf727de7440), the uverbs driver, 2001 + * when IB_QP_AV is set, has required inclusion of a valid 2002 + * port number in the primary AV. (AVs are created and handled 2003 + * differently for infiniband and ethernet (RoCE) ports). 2004 + * 2005 + * Check the port number included in the primary AV against 2006 + * the port number in the qp struct, which was set (and saved) 2007 + * in the RST->INIT transition. 2008 + */ 2009 + if (cmd->base.dest.port_num != qp->real_qp->port) { 2010 + ret = -EINVAL; 2011 + goto release_qp; 2012 + } 2013 + } else { 2014 + /* We are in SQD->SQD. (If we are not, this transition will 2015 + * be rejected later in the verbs layer checks). 2016 + * Check for both IB_QP_PORT and IB_QP_AV, these can be set 2017 + * together in the SQD->SQD transition. 2018 + * 2019 + * If only IP_QP_AV was set, add in IB_QP_PORT as well (the 2020 + * verbs layer driver does not track primary port changes 2021 + * resulting from path migration. Thus, in SQD, if the primary 2022 + * AV is modified, the primary port should also be modified). 2023 + * 2024 + * Note that in this transition, the IB_QP_STATE flag 2025 + * is not allowed. 2026 + */ 2027 + if (((cmd->base.attr_mask & (IB_QP_AV | IB_QP_PORT)) 2028 + == (IB_QP_AV | IB_QP_PORT)) && 2029 + cmd->base.port_num != cmd->base.dest.port_num) { 2030 + ret = -EINVAL; 2031 + goto release_qp; 2032 + } 2033 + if ((cmd->base.attr_mask & (IB_QP_AV | IB_QP_PORT)) 2034 + == IB_QP_AV) { 2035 + cmd->base.attr_mask |= IB_QP_PORT; 2036 + cmd->base.port_num = cmd->base.dest.port_num; 2037 + } 2038 + } 1991 2039 } 1992 2040 1993 2041 if ((cmd->base.attr_mask & IB_QP_ALT_PATH) && 1994 2042 (!rdma_is_port_valid(qp->device, cmd->base.alt_port_num) || 1995 - !rdma_is_port_valid(qp->device, cmd->base.alt_dest.port_num))) { 2043 + !rdma_is_port_valid(qp->device, cmd->base.alt_dest.port_num) || 2044 + cmd->base.alt_port_num != cmd->base.alt_dest.port_num)) { 1996 2045 ret = -EINVAL; 1997 2046 goto release_qp; 1998 2047 }