Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1065109pxb; Fri, 26 Feb 2021 01:23:12 -0800 (PST) X-Google-Smtp-Source: ABdhPJy5XVIhubD3Pq5sRf+729qDBj6tZ0uQViKGRF88rJKagYXuf16McdPFrhdpUkCp0tOv96BT X-Received: by 2002:a05:6402:524f:: with SMTP id t15mr2246640edd.158.1614331392007; Fri, 26 Feb 2021 01:23:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614331391; cv=none; d=google.com; s=arc-20160816; b=Skgk0kNc2tkKM1Q2v4s0YDS3w6jDdKr5jCH0yko9ZIMiF9ZA28NwwD4cMdVjATsWJ6 aRyhVTzwyq7UoC+LvGes8fxVb2jo2x822lHTc2PeEFN9Nv9+Iv/TWt/CRTOwKvZldc4G HIUR5JxW5YMG4GQy4UOS6CdjagVtFcyRESIhU1eii68m1nMcEEFjKwMWl7eoD1Dix4wZ Jnxk4x+of89krnwR4SyRyM1Y+yro3yAb/sMkhDGOvaX23eqPThsyiuaocJiY8MIcViTa 3514Jlnbgk1uA90P1K6Vv2S/K3OD3J9y5Yq0qoXHGb7/uz5HJq/rEoThlZhHQUDWhOpI PgrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:message-id:content-transfer-encoding :references:importance:sensitivity:mime-version:date:cc:to:from :in-reply-to:dkim-signature; bh=PotH5JG2MHJrOoczVTQTAqzpckFfWobxnwyEJO3Vjpk=; b=WXDtOVkQon7bIBf7o1QNQCC671tkI4YFB1ZmvDGQijvFo7TXINJhhkoVT30l/iks6B dkW9EzgvikoktPCmFmEBO8rMpxGTuMfa7Q/04mgEZ+88LSfjfnEQiWy4hqBry756TTGU 7D9ZrTkLb2AZh+r3pUQsjAoFhRCfSNwiybW2ksDw0ASkznkDhnSgFY+JUZ+8K63qhNrT L5Clz59XAR4t+zJSBZNDKuMl/ofE9TsV7yncsGroV1zEQ2drcgsC6gjsa+3++DdWICT4 2PKwyp/FB9IFvPcNlSBqRd70fwWOee/lMnVTLP88bNt0MoVIDJR8/IWYQKYfD/DYji5Z tbVw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=s41TMNVJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a8si2659800ejt.44.2021.02.26.01.22.49; Fri, 26 Feb 2021 01:23:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=s41TMNVJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230121AbhBZJTs (ORCPT + 99 others); Fri, 26 Feb 2021 04:19:48 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:10988 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230313AbhBZJR4 (ORCPT ); Fri, 26 Feb 2021 04:17:56 -0500 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 11Q93C71057230 for ; Fri, 26 Feb 2021 04:17:10 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=in-reply-to : from : to : cc : date : mime-version : references : content-transfer-encoding : content-type : message-id : subject; s=pp1; bh=PotH5JG2MHJrOoczVTQTAqzpckFfWobxnwyEJO3Vjpk=; b=s41TMNVJ6kLaZ9KHcRK3pU+cUGC38FZMO+e2hPu8KJPdc7nka9dTew8ba138K5Zob8LX pHABIloUSzblVoQAkIYt6HeMSxg2RlWOVbxKqTDI9sYp1q6CrhElIC6ADXcrIMHQW3Y6 4BnaNEKFNMCBTNQYZ45S51dM4lR88f9ywt6koMBFBO2e6DOy8UBzzjcQMLAgVO8gow4H vlNM+8dpJcxrDVrB4NFGYJMl4y7I4fPCiICBR8MZND0tzrLKkx++yWc7qpq/rTwf5Yt9 FzwX5RuuD0YGySw9ViHM69LCDPyYCtdRE3HdcPEZUPxAq6dhEhYVBIjLnPUk4aUv+AFp eg== Received: from smtp.notes.na.collabserv.com (smtp.notes.na.collabserv.com [192.155.248.74]) by mx0a-001b2d01.pphosted.com with ESMTP id 36xphukfp1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 26 Feb 2021 04:17:10 -0500 Received: from localhost by smtp.notes.na.collabserv.com with smtp.notes.na.collabserv.com ESMTP for from ; Fri, 26 Feb 2021 09:17:10 -0000 Received: from us1a3-smtp02.a3.dal06.isc4sb.com (10.106.154.159) by smtp.notes.na.collabserv.com (10.106.227.92) with smtp.notes.na.collabserv.com ESMTP; Fri, 26 Feb 2021 09:17:08 -0000 Received: from us1a3-mail162.a3.dal06.isc4sb.com ([10.146.71.4]) by us1a3-smtp02.a3.dal06.isc4sb.com with ESMTP id 2021022609170854-204592 ; Fri, 26 Feb 2021 09:17:08 +0000 In-Reply-To: <20210226075515.21371-1-dinghao.liu@zju.edu.cn> From: "Bernard Metzler" To: "Dinghao Liu" Cc: "kjlu" , "Doug Ledford" , "Jason Gunthorpe" , "linux-rdma" , "linux-kernel" Date: Fri, 26 Feb 2021 09:17:07 +0000 MIME-Version: 1.0 Sensitivity: Importance: Normal X-Priority: 3 (Normal) References: <20210226075515.21371-1-dinghao.liu@zju.edu.cn> X-Mailer: IBM iNotes ($HaikuForm 1054.1) | IBM Domino Build SCN1812108_20180501T0841_FP130 January 13, 2021 at 14:04 X-LLNOutbound: False X-Disclaimed: 2983 X-TNEFEvaluated: 1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 x-cbid: 21022609-3165-0000-0000-000005880C6A X-IBM-SpamModules-Scores: BY=0.05931; FL=0; FP=0; FZ=0; HX=0; KW=0; PH=0; SC=0.40962; ST=0; TS=0; UL=0; ISC=; MB=0.017918 X-IBM-SpamModules-Versions: BY=3.00014794; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000295; SDB=6.01513339; UDB=6.00817410; IPR=6.01295862; MB=3.00036258; MTD=3.00000008; XFM=3.00000015; UTC=2021-02-26 09:17:09 X-IBM-AV-DETECTION: SAVI=unsuspicious REMOTE=unsuspicious XFE=unused X-IBM-AV-VERSION: SAVI=2021-02-26 08:29:56 - 6.00012332 x-cbparentid: 21022609-3166-0000-0000-0000CD7A0FDD Message-Id: Subject: Re: [PATCH] RDMA/siw: Fix missing check in siw_get_hdr X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369,18.0.761 definitions=2021-02-26_02:2021-02-24,2021-02-26 signatures=0 X-Proofpoint-Spam-Reason: orgsafe Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org -----"Dinghao Liu" wrote: ----- >To: dinghao.liu@zju.edu.cn, kjlu@umn.edu >From: "Dinghao Liu" >Date: 02/26/2021 08:56AM >Cc: "Bernard Metzler" , "Doug Ledford" >, "Jason Gunthorpe" , >linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org >Subject: [EXTERNAL] [PATCH] RDMA/siw: Fix missing check in >siw=5Fget=5Fhdr > >We should also check the range of opcode after calling >=5F=5Frdmap=5Fget=5Fopcode() in the else branch to prevent potential >overflow. Hi Dinghao, No this is not needed. We always first read the minimum header information (MPA len, DDP flags, RDMAP opcode, STag, target offset). Only if we have received that into local buffer, we check for the opcode this one time. Now the opcode determines the remaining length of the variably sized part of the header to be received. We do not have to check the opcode again, since we already received and checked it. Best, Bernard. > >Fixes: 8b6a361b8c482 ("rdma/siw: receive path") >Signed-off-by: Dinghao Liu >--- > drivers/infiniband/sw/siw/siw=5Fqp=5Frx.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > >diff --git a/drivers/infiniband/sw/siw/siw=5Fqp=5Frx.c >b/drivers/infiniband/sw/siw/siw=5Fqp=5Frx.c >index 60116f20653c..301e7fe2c61a 100644 >--- a/drivers/infiniband/sw/siw/siw=5Fqp=5Frx.c >+++ b/drivers/infiniband/sw/siw/siw=5Fqp=5Frx.c >@@ -1072,6 +1072,16 @@ static int siw=5Fget=5Fhdr(struct siw=5Frx=5Fstream >*srx) > siw=5Fdbg=5Fqp(rx=5Fqp(srx), "new header, opcode %u\n", opcode); > } else { > opcode =3D =5F=5Frdmap=5Fget=5Fopcode(c=5Fhdr); >+ >+ if (opcode > RDMAP=5FTERMINATE) { >+ pr=5Fwarn("siw: received unknown packet type %u\n", >+ opcode); >+ >+ siw=5Finit=5Fterminate(rx=5Fqp(srx), TERM=5FERROR=5FLAYER=5FRDMAP, >+ RDMAP=5FETYPE=5FREMOTE=5FOPERATION, >+ RDMAP=5FECODE=5FOPCODE, 0); >+ return -EINVAL; >+ } > } > set=5Frx=5Ffpdu=5Fcontext(qp, opcode); > frx =3D qp->rx=5Ffpdu; >--=20 >2.17.1 > >