On Tue, Oct 31, 2017 at 03:16:42AM +0000, Parav Pandit wrote:
> I am yet to review my below patch with Dan as he did most security
> dev, but I suspect this might be the cause where rmpp list is not
> initialized and mad processing is continued when security check
> fails.
This patch sure looks needed to me, ib_free_recv_mad touches
rmpp_list, so if it needs initializion then it certainly has to be
done earlier..
Adding the new return sure makes alot of sense as well..
Hal, Ira, would you check this routine too? kernel oops's are bad..
> diff --git a/drivers/infiniband/core/mad.c b/drivers/infiniband/core/mad.c
> index f8f53bb..cb91245 100644
> +++ b/drivers/infiniband/core/mad.c
> @@ -1974,14 +1974,15 @@ static void ib_mad_complete_recv(struct ib_mad_agent_private *mad_agent_priv,
> unsigned long flags;
> int ret;
>
> + INIT_LIST_HEAD(&mad_recv_wc->rmpp_list);
> ret = ib_mad_enforce_security(mad_agent_priv,
> mad_recv_wc->wc->pkey_index);
> if (ret) {
> ib_free_recv_mad(mad_recv_wc);
> deref_mad_agent(mad_agent_priv);
> + return;
> }
>
> - INIT_LIST_HEAD(&mad_recv_wc->rmpp_list);
> list_add(&mad_recv_wc->recv_buf.list, &mad_recv_wc->rmpp_list);
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
