On Tue, Apr 10, 2018 at 10:26:23AM -0400, Shamir Rabinovitch wrote: > Commit 6a21dfc ("RDMA/ucma: Limit possible option size") introduced > a bug. running below command would cause tool hanged task warning: > $ udaddy -c 1000 -C 1000 -S 1024 -t 3 -s <server-ip> > > Below prints explain what happen: > udaddy: set TOS option failed: Invalid argument > > This issue is taken care by commit, 5f3e3b8 ("RDMA/ucma: Correct option > size check using optlen") however this commit did not fix another > issue introduced by commit 6a21dfc where ucma_context ref can leak in > error path. > > Fix it! > > Fixes: 6a21dfc ("6a21dfc RDMA/ucma: Limit possible option size") > Signed-off-by: Shamir Rabinovitch <shamir.rabinovitch@xxxxxxxxxx> > --- > drivers/infiniband/core/ucma.c | 6 ++++-- > 1 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c > index 7432948..53cac78 100644 > --- a/drivers/infiniband/core/ucma.c > +++ b/drivers/infiniband/core/ucma.c > @@ -1320,8 +1320,10 @@ static ssize_t ucma_set_option(struct ucma_file *file, const char __user *inbuf, > if (IS_ERR(ctx)) > return PTR_ERR(ctx); > > - if (unlikely(cmd.optlen > KMALLOC_MAX_SIZE)) > - return -EINVAL; > + if (unlikely(cmd.optlen > KMALLOC_MAX_SIZE)) { > + ret = -EINVAL; > + goto out; > + } > The better way to fix it is to put that chunk of the code above ucma_get_ctx(), but this solution is good enough too. Thanks, Reviewed-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
Attachment:
signature.asc
Description: PGP signature