> -----Original Message-----
> From: Leon Romanovsky <leonro@xxxxxxxxxx>
> Sent: Wednesday, 9 November 2022 14:29
> To: Bernard Metzler <BMT@xxxxxxxxxxxxxx>
> Cc: linux-rdma@xxxxxxxxxxxxxxx; jgg@xxxxxxxxxx; Olga Kornievskaia
> <kolga@xxxxxxxxxx>; Tom Talpey <tom@xxxxxxxxxx>
> Subject: [EXTERNAL] Re: [PATCH v3] RDMA/siw: Fix immediate work request
> flush to completion queue.
>
> On Mon, Nov 07, 2022 at 03:50:57PM +0100, Bernard Metzler wrote:
> > Correctly set send queue element opcode during immediate work request
> > flushing in post sendqueue operation, if the QP is in ERROR state.
> > An undefined ocode value results in out-of-bounds access to an array
> > for mapping the opcode between siw internal and RDMA core
> representation
> > in work completion generation. It resulted in a KASAN BUG report
> > of type 'global-out-of-bounds' during NFSoRDMA testing.
> >
> > This patch further fixes a potential case of a malicious user which
> may
> > write undefined values for completion queue elements status or opcode,
> > if the CQ is memory mapped to user land. It avoids the same out-of-
> bounds
> > access to arrays for status and opcode mapping as described above.
> >
> > Fixes: 303ae1cdfdf7 ("rdma/siw: application interface")
> > Fixes: b0fff7317bb4 ("rdma/siw: completion queue methods")
> > Reported-by: Olga Kornievskaia <kolga@xxxxxxxxxx>
> > Reviewed-by: Tom Talpey <tom@xxxxxxxxxx>
> > Signed-off-by: Bernard Metzler <bmt@xxxxxxxxxxxxxx>
>
> Please don't add dot at the end of the title. I fixed it locally.
>
Thanks for the patience!
Best,
Bernard.
