On Wed, Jul 19, 2017 at 02:04:42PM +0300, Yuval Shaia wrote: > On Wed, Jul 19, 2017 at 10:51:19AM +0300, Leon Romanovsky wrote: > > On Wed, Jul 19, 2017 at 10:11:50AM +0300, Moni Shoua wrote: > > > > How this code can be executed? IB/core ensures that port_num is in range. > > > > You can remove this check. > > > > > > > In this case ah_attr can come from the application and a validity > > > check is necessary. > > > > It is a bug if it comes directly without rdma_is_port_valid() check in the > > IB/core. Currently modify_qp and create_ah are checking it and ensuring that > > user won't provide illegal port number. > > Not sure i see the whole picture but something does not fit, will > appreciate a guidance here. > > 1. Application calls ibv_modify_qp which in turn fills out a cmd object and > "calls" ib_uverbs.ib_uverbs_modify_qp. > 2. ib_uverbs_modify_qp copy the cmd from userspace and calls modify_qp. > 3. modify_qp, among some other stuff, verifies port validity (which prove > your point) and calls driver's modify_qp hook (in our case rxe_modify_qp). > > Is the above correct? > > What i do not understand is the check that is done in step #2 since > port_num is not set when moving from state INIT to state RTR. > RXE on the other hands validate port_num only when needed (mask & > IB_QP_AV). > > Looks like the check in step #2 is wrong. > What am i missing here? Maybe you missing the Mustafa's patch? https://patchwork.kernel.org/patch/9841241/ Thanks > > Yuval > > > > > Thanks > >
Attachment:
signature.asc
Description: PGP signature
