On 2021/3/22 15:29, Leon Romanovsky wrote: > On Mon, Mar 22, 2021 at 07:11:47AM +0000, liweihang wrote: >> On 2021/3/22 13:47, Leon Romanovsky wrote: >>> On Mon, Mar 22, 2021 at 03:29:09AM +0000, liweihang wrote: >>>> On 2021/3/20 17:34, Leon Romanovsky wrote: >>>>> On Fri, Mar 19, 2021 at 05:02:25PM +0800, Weihang Li wrote: >>>>>> From: Xi Wang <wangxi11@xxxxxxxxxx> >>>>>> >>>>>> Out-of-bounds may occur in 'qp_state_table' when the caller passing wrong >>>>>> QP state value. >>>>> How is it possible? Do you have call stack to support it? >>>>> >>>>> Thanks >>>>> >>>> ib_modify_qp_is_ok() is exported, I think any kernel modules can pass in >>>> invalid QP state. Should we check it in such case? >>> No, it is caller responsibility to supply valid input. >>> In general case, for the kernel code, it can be seen as anti-pattern >>> if in-kernel API performs input sanity check. >>> >>> You can add WARN_ON() if you want to catch programmers errors earlier. >>> However, I'm skeptical if it is really needed here. >>> >>> Thanks >>> >> >> Hi Leon, >> >> By the way, we made this change because we noticed that ib_event_msg() and >> ib_wc_status_msg() that tries to access an array performs input check in the >> same file. Is there anything different between these kernel APIs? Or there is >> some other reasons? > > The main difference between them is the execution flow. > * ib_modify_qp_is_ok() is called from the drivers, after verbs layer > sanitized everything already and at this stage we are pretty safe. > * ib_event_msg()/ib_wc_status_ms() are used by ULPs and maybe they can > send invalid event. I personally don't know if it is possible or not. > > Thanks > Thank you, this is helpful. Weihang
