leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1250c3048c
linux/drivers/infiniband/core
History
Jason Gunthorpe 1250c3048c IB/uverbs: Handle IDR and FD types without truncation 
Our ABI for write() uses a s32 for FDs and a u32 for IDRs, but internally
we ended up implicitly casting these ABI values into an 'int'. For ioctl()
we use a s64 for FDs and a u64 for IDRs, again casting to an int.

The various casts to int are all missing range checks which can cause
userspace values that should be considered invalid to be accepted.

Fix this by making the generic lookup routine accept a s64, which does not
truncate the write API's u32/s32 or the ioctl API's s64. Then push the
detailed range checking down to the actual type implementations to be
shared by both interfaces.

Finally, change the copy of the uobj->id to sign extend into a s64, so eg,
if we ever wish to return a negative value for a FD it is carried
properly.

This ensures that userspace values are never weirdly interpreted due to
the various trunctations and everything that is really out of range gets
an EINVAL.

Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2018-07-25 14:21:21 -06:00
..
addr.c IB/cm: Remove now useless rcu_lock in dst_fetch_ha 2018-06-29 11:45:50 -06:00
agent.c IB/core: Rename ib_destroy_ah to rdma_destroy_ah 2017-05-01 14:32:43 -04:00
agent.h
cache.c RDMA/core: Remove set-but-not-used variables 2018-07-09 12:11:22 -06:00
cgroup.c IB/core: added support to use rdma cgroup controller 2017-01-10 11:14:27 -05:00
cm_msgs.h IB/cm: Remove unused and erroneous msg sequence encoding 2018-07-09 11:39:28 -06:00
cm.c IB/cm: Remove unused and erroneous msg sequence encoding 2018-07-09 11:39:28 -06:00
cma_configfs.c IB/cma: use strlcpy() instead of strncpy() 2018-01-15 15:33:21 -07:00
cma_priv.h RDMA/cma: Move rdma_cm_state to cma_priv.h 2018-03-29 13:54:21 -06:00
cma.c IB/cm: Remove cma_multicast->igmp_joined 2018-07-13 12:18:55 -06:00
core_priv.h RDMA/core: Remove indirection through ib_cache_setup() 2018-05-29 15:19:31 -06:00
cq.c RDMA/core: Reduce poll batch for direct cq polling 2018-03-06 20:08:39 -07:00
device.c IB: Replace ib_query_gid/ib_get_cached_gid with rdma_query_gid 2018-06-18 11:09:05 -06:00
fmr_pool.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
iwcm.c RDMA/netlink: Fix general protection fault 2017-12-07 15:28:07 -05:00
iwcm.h iw_cm: free cm_id resources on the last deref 2016-08-02 13:15:18 -04:00
iwpm_msg.c RDMA/iwpm: Properly mark end of NL messages 2017-09-29 11:32:42 -04:00
iwpm_util.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
iwpm_util.h iwpm: crash fix for large connections test 2016-03-16 13:48:32 -04:00
mad_priv.h IB/mad: Use IDR for agent IDs 2018-06-18 11:22:54 -06:00
mad_rmpp.c IB/mad: Change slid in RMPP recv from 16 to 32 bits 2017-08-08 14:47:18 -04:00
mad_rmpp.h
mad.c RDMA/core: Simplify ib_post_(send|recv|srq_recv)() calls 2018-07-24 16:06:36 -06:00
Makefile Verbs flow counters support 2018-06-04 08:48:11 -06:00
mr_pool.c IB/core: add a simple MR pool 2016-05-13 13:37:18 -04:00
multicast.c IB: Make ib_init_ah_from_mcmember set sgid_attr 2018-06-25 14:19:56 -06:00
netlink.c RDMA/netlink: Simplify code of autoload modules 2018-01-02 13:36:57 -07:00
nldev.c RDMA/nldev: Return port capability flag for IB only 2018-06-18 11:09:05 -06:00
opa_smi.h
packer.c IB/core: trivial prink cleanup. 2016-03-03 10:20:25 -05:00
rdma_core.c IB/uverbs: Handle IDR and FD types without truncation 2018-07-25 14:21:21 -06:00
rdma_core.h IB/uverbs: Handle IDR and FD types without truncation 2018-07-25 14:21:21 -06:00
restrack.c RDMA/restrack: Change SPDX tag to properly reflect license 2018-06-05 14:04:20 -06:00
roce_gid_mgmt.c IB/core: Remove duplicate declaration of gid_cache_wq 2018-05-24 09:39:25 -06:00
rw.c RDMA/core: Simplify ib_post_(send|recv|srq_recv)() calls 2018-07-24 16:06:36 -06:00
sa_query.c RDMA: Validate grh_required when handling AVs 2018-07-10 11:13:04 -06:00
sa.h
security.c IB/core: Use CONFIG_SECURITY_INFINIBAND to compile out security code 2018-05-01 11:16:36 -04:00
smi.c
smi.h
sysfs.c IB/core: Replace ib_query_gid with rdma_get_gid_attr 2018-06-18 11:09:05 -06:00
ucm.c RDMA: Use u64_to_user_ptr everywhere 2018-03-29 13:42:29 -06:00
ucma.c infiniband: fix a possible use-after-free bug 2018-06-04 09:37:03 -06:00
ud_header.c IB/core: trivial prink cleanup. 2016-03-03 10:20:25 -05:00
umem_odp.c treewide: Use array_size() in vzalloc() 2018-06-12 16:19:22 -07:00
umem.c RDMA/umem: Refactor exit paths in ib_umem_get 2018-07-13 12:15:05 -06:00
user_mad.c IB: Make ib_init_ah_attr_from_wc set sgid_attr 2018-06-25 14:19:56 -06:00
uverbs_cmd.c IB/uverbs: Handle IDR and FD types without truncation 2018-07-25 14:21:21 -06:00
uverbs_ioctl_merge.c RDMA/uverbs: Combine MIN_SZ_OR_ZERO with UVERBS_ATTR_STRUCT 2018-07-04 13:47:01 -06:00
uverbs_ioctl.c IB/uverbs: Handle IDR and FD types without truncation 2018-07-25 14:21:21 -06:00
uverbs_main.c IB/uverbs: Replace ib_ucq_object uverbs_file with the one in ib_uobject 2018-07-09 11:26:17 -06:00
uverbs_marshall.c IB/cm: Replace members of sa_path_rec with 'struct sgid_attr *' 2018-06-25 14:19:57 -06:00
uverbs_std_types_counters.c RDMA/uverbs: Use UVERBS_ATTR_MIN_SIZE correctly and uniformly 2018-07-04 13:47:01 -06:00
uverbs_std_types_cq.c IB/uverbs: Do not use uverbs_cmd_mask in the ioctl path 2018-07-09 13:19:01 -06:00
uverbs_std_types_dm.c IB/uverbs: Tidy up remaining references to ucontext 2018-07-09 11:26:17 -06:00
uverbs_std_types_flow_action.c IB/mlx5: Introduce flow steering matcher uapi object 2018-07-24 13:34:37 -06:00
uverbs_std_types_mr.c RDMA/uverbs: Remove UA_FLAGS 2018-07-04 13:47:01 -06:00
uverbs_std_types.c IB: Support ib_flow creation in drivers 2018-07-24 13:34:55 -06:00
uverbs.h IB: Enable uverbs_destroy_def_handler to be used by drivers 2018-07-10 11:52:06 -06:00
verbs.c RDMA/core: Simplify ib_post_(send|recv|srq_recv)() calls 2018-07-24 16:06:36 -06:00