On Wed, Jul 11, 2018 at 11:23:52AM +0300, Leon Romanovsky wrote:
> From: Jack Morgenstein <jackm@xxxxxxxxxxxxxxxxxx>
>
> The commit cited below checked that the port numbers
> provided in the primary and alt AVs are legal.
>
> That is sufficient to prevent a kernel panic. However, it
> is not sufficient for correct operation.
>
> In Linux, AVs (both primary and alt) must be completely self-described.
> We do not accept an AV from userspace without an embedded port number.
> (This has been the case since kernel 3.14 commit dbf727de7440
> ("IB/core: Use GID table in AH creation and dmac resolution")).
>
> For the primary AV, this embedded port number must match the port
> number specified with IB_QP_PORT.
>
> We also expect the port number embedded in the alt AV to match the
> alt_port_num value passed by the userspace driver in the modify_qp
> command base structure.
>
> Add these checks to modify_qp.
>
> Cc: <stable@xxxxxxxxxxxxxxx> # 4.16
> Fixes: 5d4c05c3ee36 ("RDMA/uverbs: Sanitize user entered port numbers prior to access it")
> Signed-off-by: Jack Morgenstein <jackm@xxxxxxxxxxxxxxxxxx>
> Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
> ---
> drivers/infiniband/core/uverbs_cmd.c | 59 +++++++++++++++++++++++++++++++++---
> 1 file changed, 54 insertions(+), 5 deletions(-)
Applied to for-rc, thanks
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
