Re: [PATCH for-next] RDMA/core: Check invalid QP state for ib_modify_qp_is_ok()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Mar 19, 2021 at 05:02:25PM +0800, Weihang Li wrote:
> From: Xi Wang <wangxi11@xxxxxxxxxx>
> 
> Out-of-bounds may occur in 'qp_state_table' when the caller passing wrong
> QP state value.

How is it possible? Do you have call stack to support it?

Thanks

> 
> Signed-off-by: Xi Wang <wangxi11@xxxxxxxxxx>
> Signed-off-by: Weihang Li <liweihang@xxxxxxxxxx>
> ---
>  drivers/infiniband/core/verbs.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/drivers/infiniband/core/verbs.c b/drivers/infiniband/core/verbs.c
> index 28464c5..66ba4e6 100644
> --- a/drivers/infiniband/core/verbs.c
> +++ b/drivers/infiniband/core/verbs.c
> @@ -1613,6 +1613,10 @@ bool ib_modify_qp_is_ok(enum ib_qp_state cur_state, enum ib_qp_state next_state,
>  	    cur_state != IB_QPS_SQD && cur_state != IB_QPS_SQE)
>  		return false;
>  
> +	if (cur_state >= ARRAY_SIZE(qp_state_table) ||
> +	    next_state >= ARRAY_SIZE(qp_state_table[0]))
> +		return false;
> +
>  	if (!qp_state_table[cur_state][next_state].valid)
>  		return false;
>  
> -- 
> 2.8.1
>
[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux