2019-10-19 08:00:15

by Chuhong Yuan

[permalink] [raw]
Subject: [PATCH] IB/uverbs: Add a check for uverbs_attr_get

Only uverbs_copy_to_struct_or_zero in uverbs_ioctl.c does not have a
check for uverbs_attr_get.
Although its usage in uverbs_response has a check for attr's validity,
UVERBS_HANDLER does not.
Therefore, it is better to add a check like other functions in
uverbs_ioctl.c.

Signed-off-by: Chuhong Yuan <[email protected]>
---
drivers/infiniband/core/uverbs_ioctl.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/drivers/infiniband/core/uverbs_ioctl.c b/drivers/infiniband/core/uverbs_ioctl.c
index 61758201d9b2..269938f59d3f 100644
--- a/drivers/infiniband/core/uverbs_ioctl.c
+++ b/drivers/infiniband/core/uverbs_ioctl.c
@@ -795,6 +795,9 @@ int uverbs_copy_to_struct_or_zero(const struct uverbs_attr_bundle *bundle,
{
const struct uverbs_attr *attr = uverbs_attr_get(bundle, idx);

+ if (IS_ERR(attr))
+ return PTR_ERR(attr);
+
if (size < attr->ptr_attr.len) {
if (clear_user(u64_to_user_ptr(attr->ptr_attr.data) + size,
attr->ptr_attr.len - size))
--
2.20.1


2019-10-22 19:13:26

by Jason Gunthorpe

[permalink] [raw]
Subject: Re: [PATCH] IB/uverbs: Add a check for uverbs_attr_get

On Fri, Oct 18, 2019 at 04:15:34PM +0800, Chuhong Yuan wrote:
> Only uverbs_copy_to_struct_or_zero in uverbs_ioctl.c does not have a
> check for uverbs_attr_get.
> Although its usage in uverbs_response has a check for attr's validity,
> UVERBS_HANDLER does not.
> Therefore, it is better to add a check like other functions in
> uverbs_ioctl.c.
>
> Signed-off-by: Chuhong Yuan <[email protected]>
> ---
> drivers/infiniband/core/uverbs_ioctl.c | 3 +++
> 1 file changed, 3 insertions(+)

The call in uverbs_ioctl.c is safe as well, that code path checks that
the attribute exists.

Still, it make sense that this check should be present, so applied to
for-next with a clearer commit message

Thanks,
Jason