On Wed, Feb 14, 2018 at 04:46:35PM -0700, Jason Gunthorpe wrote:
> On Wed, Feb 14, 2018 at 02:38:41PM +0200, Leon Romanovsky wrote:
> > From: Leon Romanovsky <leonro@xxxxxxxxxxxx>
> >
> > Move all header validation logic to be performed before SRCU read lock.
> >
> > Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
> > drivers/infiniband/core/uverbs_main.c | 90 ++++++++++++++++++-----------------
> > 1 file changed, 47 insertions(+), 43 deletions(-)
> >
> > diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c
> > index f8f2182ab86b..e07326139ce9 100644
> > +++ b/drivers/infiniband/core/uverbs_main.c
> > @@ -677,6 +677,42 @@ static ssize_t process_hdr(struct ib_uverbs_cmd_hdr *hdr,
> > return 0;
> > }
> >
> > +static ssize_t verify_hdr(struct ib_uverbs_cmd_hdr *hdr,
> > + struct ib_uverbs_ex_cmd_hdr *ex_hdr,
> > + size_t count, bool extended)
> > +{
> > + if (extended) {
> > + count -= sizeof(*hdr) + sizeof(*ex_hdr);
> > +
> > + if ((hdr->in_words + ex_hdr->provider_in_words) * 8 != count)
> > + return -EINVAL;
> > +
> > + if (ex_hdr->cmd_hdr_reserved)
> > + return -EINVAL;
> > +
> > + if (ex_hdr->response) {
> > + if (!hdr->out_words && !ex_hdr->provider_out_words)
> > + return -EINVAL;
> > +
> > + if (!access_ok(VERIFY_WRITE,
> > + u64_to_user_ptr(ex_hdr->response),
> > + (hdr->out_words + ex_hdr->provider_out_words) * 8))
> > + return -EFAULT;
> > + } else {
> > + if (hdr->out_words || ex_hdr->provider_out_words)
> > + return -EINVAL;
> > + }
> > +
> > + return 0;
> > + }
> > +
> > + /* not extended command */
> > + if (hdr->in_words * 4 != count)
> > + return -EINVAL;
> > +
> > + return 0;
> > +}
> > +
>
> I think you should squish this with the prior two patches
I preferred to split patches as much as possible in this area
to minimize chances of errors.
>
> Jason
Attachment:
signature.asc
Description: PGP signature
