Hi,
Le lundi 02 février 2015 à 14:10 +0100, Yann Droneaud a écrit :
> Le dimanche 01 février 2015 à 15:35 +0200, Haggai Eran a écrit :
> > Commit 5a77abf9a97a ("IB/core: Add support for extended query device caps")
> > added a new extended verb to query the capabilities of RDMA devices, but the
> > semantics of this verb are still under debate [1].
> >
> > Block access to this verb from user-space until the new semantics are in
> > place.
> >
> > Cc: Yann Droneaud <ydroneaud@xxxxxxxxxx>
> > Cc: Jason Gunthorpe <jgunthorpe@xxxxxxxxxxxxxxxxxxxx>
> > Cc: Eli Cohen <eli@xxxxxxxxxxxx>
> >
> > [1] [PATCH v1 0/5] IB/core: extended query device caps cleanup for v3.19
> > http://www.spinics.net/lists/linux-rdma/msg22904.html
> >
> > Signed-off-by: Haggai Eran <haggaie@xxxxxxxxxxxx>
>
> Reviewed-by: Yann Droneaud <ydroneaud@xxxxxxxxxx>
> > drivers/infiniband/core/uverbs_main.c | 1 -
> > 1 file changed, 1 deletion(-)
> >
> > diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c
> > index e6c23b9eab33..5db1a8cc388d 100644
> > --- a/drivers/infiniband/core/uverbs_main.c
> > +++ b/drivers/infiniband/core/uverbs_main.c
> > @@ -123,7 +123,6 @@ static int (*uverbs_ex_cmd_table[])(struct ib_uverbs_file *file,
> > struct ib_udata *uhw) = {
> > [IB_USER_VERBS_EX_CMD_CREATE_FLOW] = ib_uverbs_ex_create_flow,
> > [IB_USER_VERBS_EX_CMD_DESTROY_FLOW] = ib_uverbs_ex_destroy_flow,
> > - [IB_USER_VERBS_EX_CMD_QUERY_DEVICE] = ib_uverbs_ex_query_device
> > };
> >
> > static void ib_uverbs_add_one(struct ib_device *device);
>
> That's the smallest (and smartest) patch to be applied instead of
> reverting.
>
Unfortunately, I've missed the issue I was complaining about in the
first place [1]. And I feel a bit guilty having missed the issue.
The present patch is fine as it fully disable the new extended
QUERY_DEVICE uverb, but it doesn't disable the broken logic added in
ib_copy_to_udata() by commit 5a77abf9a97a ('IB/core: Add support for
extended query device caps'):
diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h
index 470a011d6fa4..97a999f9e4d8 100644
--- a/include/rdma/ib_verbs.h
+++ b/include/rdma/ib_verbs.h
@@ -1662,7 +1662,10 @@ static inline int ib_copy_from_udata(void *dest, struct ib_udata *udata, size_t
static inline int ib_copy_to_udata(struct ib_udata *udata, void *src, size_t len)
{
- return copy_to_user(udata->outbuf, src, len) ? -EFAULT : 0;
+ size_t copy_sz;
+
+ copy_sz = min_t(size_t, len, udata->outlen);
+ return copy_to_user(udata->outbuf, src, copy_sz) ? -EFAULT : 0;
}
That part of commit 5a77abf9a97a should be reverted as I'm not sure
it doesn't introduce regressions, especially difficult to notice ones.
Regards.
[1] Re: [PATCH v3 06/17] IB/core: Add support for extended query device caps
http://mid.gmane.org/1418733236.2779.26.camel@xxxxxxxxxx
Regards.
--
Yann Droneaud
OPTEYA
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
