Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1023200pxb; Thu, 25 Feb 2021 23:58:31 -0800 (PST) X-Google-Smtp-Source: ABdhPJz1BU3hMUlEu+GVJYy0/G0tvtGdBRIZTKQCdMs2ty/a098Iv+48iOBpQbOqDZ1ox1JUHO8x X-Received: by 2002:a50:f284:: with SMTP id f4mr1977841edm.90.1614326311265; Thu, 25 Feb 2021 23:58:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614326311; cv=none; d=google.com; s=arc-20160816; b=lhUU/nEF4loqX60qRpcVxmuIyM0Enw9rUeGg1NkLWWmvIQ6BD6Hj7dw3/l0kklgVb7 cA5lCm1selhZy4UQusL89FhkLyVMdiqpjMLT6CfM0n4051I8BS+AZDFmcOxleslXPyrM v9OWWtYaB4LQ9uAuh0eZ+8T5Q+/n127FAo+Umk+4iK3GiNoyR7MhWz+Kxc3r4HIPy6A1 3hQS7a9bcLQSgfbPidQ9cDNu0vWY3v48a/8ZhTAlugWV6zJDLYjEcjGQsqDOuK9BkdLc u/JgxuvkR48bSTsyhFPHmngzZLYFaClz4W8PFG/KSUQnB+px3k2h3rNHA73X62luui6q cT0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from; bh=hladTKGI4EgcmuT/ckzbV6SlQxFBDdqTh2qx34VhkDs=; b=gnygGIa0pIAR3QiESb5rCObyAVTd8mY71H+7aOdltU8CGKStsaz/fDB/Jpk6G+jm09 zNQA2qUkA9hOMjUGgJwFyAHch00r05GI5Yu6+yfCFijMJdBeKR6BWmbr1z3kxXY/cjhw 8YJZoIZXoX55hLp7xCqrIWqGXYQDGM1pVgT5xFN86dCkJPxJitqkYcpWqR8Cc4lZ9Tf9 nIHX8UK6lf9XorNEtcwFAv6x8DJxMfwaN8DAdmnV7/UYTiwIv7DYWbzfrETMUgXX1Dxf qg22RuB+YXJVmwvtTePib4U/WcWsz8wR8Aw6I1kP86WOret1YY4ZywJoRAJWeMFxLRp/ Qeug== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v25si4290874edx.598.2021.02.25.23.58.08; Thu, 25 Feb 2021 23:58:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229590AbhBZH4Y (ORCPT + 99 others); Fri, 26 Feb 2021 02:56:24 -0500 Received: from spam.zju.edu.cn ([61.164.42.155]:12464 "EHLO zju.edu.cn" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S229449AbhBZH4W (ORCPT ); Fri, 26 Feb 2021 02:56:22 -0500 Received: from localhost.localdomain (unknown [10.192.85.18]) by mail-app2 (Coremail) with SMTP id by_KCgBHLollqThghRfHAQ--.22203S4; Fri, 26 Feb 2021 15:55:21 +0800 (CST) From: Dinghao Liu To: dinghao.liu@zju.edu.cn, kjlu@umn.edu Cc: Bernard Metzler , Doug Ledford , Jason Gunthorpe , linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] RDMA/siw: Fix missing check in siw_get_hdr Date: Fri, 26 Feb 2021 15:55:15 +0800 Message-Id: <20210226075515.21371-1-dinghao.liu@zju.edu.cn> X-Mailer: git-send-email 2.17.1 X-CM-TRANSID: by_KCgBHLollqThghRfHAQ--.22203S4 X-Coremail-Antispam: 1UD129KBjvdXoW7Gw45Jry7Kw18Ar15Wry8Krg_yoWkJFX_Kr 1rXr97Aw4jvrsrCw45uF15uryDtr4FvF1Fgas2g3W3AayYgw1rX3yIqF48Cr15WF4kCFWD ZrWUCws3CrW5JjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUIcSsGvfJTRUUUb2xFc2x0x2IEx4CE42xK8VAvwI8IcIk0rVWrJVCq3wAFIxvE14AK wVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK021l84ACjcxK6xIIjxv20x vE14v26w1j6s0DM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26rxl6s0DM28EF7xvwVC2z280 aVAFwI0_GcCE3s1l84ACjcxK6I8E87Iv6xkF7I0E14v26rxl6s0DM2AIxVAIcxkEcVAq07 x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40Ex7xfMcIj6xIIjxv20xvE14v26r1j6r18 McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7v_Jr0_Gr1lF7xvr2IYc2Ij64vIr4 1lF7I21c0EjII2zVCS5cI20VAGYxC7MxAIw28IcxkI7VAKI48JMxAIw28IcVCjz48v1sIE Y20_GFWkJr1UJwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14v26r1j6r18MI 8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_JF0_Jw1lIxkGc2Ij64vIr41l IxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxVAFwI0_Jr0_Gr1lIx AIcVCF04k26cxKx2IYs7xG6rW3Jr0E3s1lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2 z280aVCY1x0267AKxVWUJVW8JbIYCTnIWIevJa73UjIFyTuYvjfUoOJ5UUUUU X-CM-SenderInfo: qrrzjiaqtzq6lmxovvfxof0/1tbiAgQGBlZdtSfEeAAKsp Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We should also check the range of opcode after calling __rdmap_get_opcode() in the else branch to prevent potential overflow. Fixes: 8b6a361b8c482 ("rdma/siw: receive path") Signed-off-by: Dinghao Liu --- drivers/infiniband/sw/siw/siw_qp_rx.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/infiniband/sw/siw/siw_qp_rx.c b/drivers/infiniband/sw/siw/siw_qp_rx.c index 60116f20653c..301e7fe2c61a 100644 --- a/drivers/infiniband/sw/siw/siw_qp_rx.c +++ b/drivers/infiniband/sw/siw/siw_qp_rx.c @@ -1072,6 +1072,16 @@ static int siw_get_hdr(struct siw_rx_stream *srx) siw_dbg_qp(rx_qp(srx), "new header, opcode %u\n", opcode); } else { opcode = __rdmap_get_opcode(c_hdr); + + if (opcode > RDMAP_TERMINATE) { + pr_warn("siw: received unknown packet type %u\n", + opcode); + + siw_init_terminate(rx_qp(srx), TERM_ERROR_LAYER_RDMAP, + RDMAP_ETYPE_REMOTE_OPERATION, + RDMAP_ECODE_OPCODE, 0); + return -EINVAL; + } } set_rx_fpdu_context(qp, opcode); frx = qp->rx_fpdu; -- 2.17.1