On 11/21/2016 12:17 PM, Hal Rosenstock wrote:
> I think there is also similar thing in missing check in ib_register_mad_agent where:
>
> /*
> * Make sure MAD registration (if supplied)
> * is non overlapping with any existing ones
> */
> if (mad_reg_req) {
> mgmt_class = convert_mgmt_class(mad_reg_req->mgmt_class);
> if (!is_vendor_class(mgmt_class)) {
> class = port_priv->version[mad_reg_req->
> mgmt_class_version].class;
> if (class) {
> method = class->method_table[mgmt_class];
>
> so here the class' method_table is also accessed without checking mgmt_class for range violation, right ?
Hello Hal,
I think such a check is already present in ib_register_mad_agent():
if (mad_reg_req->mgmt_class >= MAX_MGMT_CLASS) {
/*
* IB_MGMT_CLASS_SUBN_DIRECTED_ROUTE is the only
* one in this range currently allowed
*/
if (mad_reg_req->mgmt_class !=
IB_MGMT_CLASS_SUBN_DIRECTED_ROUTE) {
dev_notice(&device->dev,
"%s: Invalid Mgmt Class 0x%x\n",
__func__, mad_reg_req->mgmt_class);
goto error1;
}
} [ ... ]
Bart.
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
