On Tue, Apr 10, 2018 at 10:26:23AM -0400, Shamir Rabinovitch wrote:
> Commit 6a21dfc ("RDMA/ucma: Limit possible option size") introduced
> a bug. running below command would cause tool hanged task warning:
> $ udaddy -c 1000 -C 1000 -S 1024 -t 3 -s <server-ip>
>
> Below prints explain what happen:
> udaddy: set TOS option failed: Invalid argument
>
> This issue is taken care by commit, 5f3e3b8 ("RDMA/ucma: Correct option
> size check using optlen") however this commit did not fix another
> issue introduced by commit 6a21dfc where ucma_context ref can leak in
> error path.
>
> Fix it!
>
> Fixes: 6a21dfc ("6a21dfc RDMA/ucma: Limit possible option size")
> Signed-off-by: Shamir Rabinovitch <shamir.rabinovitch@xxxxxxxxxx>
> ---
> drivers/infiniband/core/ucma.c | 6 ++++--
> 1 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c
> index 7432948..53cac78 100644
> --- a/drivers/infiniband/core/ucma.c
> +++ b/drivers/infiniband/core/ucma.c
> @@ -1320,8 +1320,10 @@ static ssize_t ucma_set_option(struct ucma_file *file, const char __user *inbuf,
> if (IS_ERR(ctx))
> return PTR_ERR(ctx);
>
> - if (unlikely(cmd.optlen > KMALLOC_MAX_SIZE))
> - return -EINVAL;
> + if (unlikely(cmd.optlen > KMALLOC_MAX_SIZE)) {
> + ret = -EINVAL;
> + goto out;
> + }
>
The better way to fix it is to put that chunk of the code above ucma_get_ctx(),
but this solution is good enough too.
Thanks,
Reviewed-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
Attachment:
signature.asc
Description: PGP signature
