On Wed, Feb 14, 2018 at 02:38:41PM +0200, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@xxxxxxxxxxxx>
>
> Move all header validation logic to be performed before SRCU read lock.
>
> Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
> drivers/infiniband/core/uverbs_main.c | 90 ++++++++++++++++++-----------------
> 1 file changed, 47 insertions(+), 43 deletions(-)
>
> diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c
> index f8f2182ab86b..e07326139ce9 100644
> +++ b/drivers/infiniband/core/uverbs_main.c
> @@ -677,6 +677,42 @@ static ssize_t process_hdr(struct ib_uverbs_cmd_hdr *hdr,
> return 0;
> }
>
> +static ssize_t verify_hdr(struct ib_uverbs_cmd_hdr *hdr,
> + struct ib_uverbs_ex_cmd_hdr *ex_hdr,
> + size_t count, bool extended)
> +{
> + if (extended) {
> + count -= sizeof(*hdr) + sizeof(*ex_hdr);
> +
> + if ((hdr->in_words + ex_hdr->provider_in_words) * 8 != count)
> + return -EINVAL;
> +
> + if (ex_hdr->cmd_hdr_reserved)
> + return -EINVAL;
> +
> + if (ex_hdr->response) {
> + if (!hdr->out_words && !ex_hdr->provider_out_words)
> + return -EINVAL;
> +
> + if (!access_ok(VERIFY_WRITE,
> + u64_to_user_ptr(ex_hdr->response),
> + (hdr->out_words + ex_hdr->provider_out_words) * 8))
> + return -EFAULT;
> + } else {
> + if (hdr->out_words || ex_hdr->provider_out_words)
> + return -EINVAL;
> + }
> +
> + return 0;
> + }
> +
> + /* not extended command */
> + if (hdr->in_words * 4 != count)
> + return -EINVAL;
> +
> + return 0;
> +}
> +
I think you should squish this with the prior two patches
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
