[PATCH] RDMA/uverbs: Fix the check for port number

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The port number is only valid if IB_QP_PORT is set in the mask.
So only check port number if it is valid to prevent modify_qp
from failing due to an invalid port number.

Fixes: 5ecce4c9b17b("Check port number supplied by user verbs cmds")
Cc: <stable@xxxxxxxxxxxxxxx> # v4.2-v4.9
Cc: <security@xxxxxxxxxx>
Cc: Doug Ledford <dledford@xxxxxxxxxx>
Cc: Steve Wise <swise@xxxxxxxxxxxxxxxxxxxxx>
Cc: Mike Marciniszyn <mike.marciniszyn@xxxxxxxxx>

Signed-off-by: Mustafa Ismail <mustafa.ismail@xxxxxxxxx>

Upstream commit 5a7a88f1b488("Fix the check for port number")
Modified from upstream commit: helper function rdma_is_port_valid does not
exist in these kernel versions.
---
 drivers/infiniband/core/uverbs_cmd.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c
index 01e3a37..d118ffe 100644
--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -2342,8 +2342,9 @@ ssize_t ib_uverbs_modify_qp(struct ib_uverbs_file *file,
 	if (copy_from_user(&cmd, buf, sizeof cmd))
 		return -EFAULT;
 
-	if (cmd.port_num < rdma_start_port(ib_dev) ||
-	    cmd.port_num > rdma_end_port(ib_dev))
+	if ((cmd.attr_mask & IB_QP_PORT) &&
+	    (cmd.port_num < rdma_start_port(ib_dev) ||
+	     cmd.port_num > rdma_end_port(ib_dev)))
 		return -EINVAL;
 
 	INIT_UDATA(&udata, buf + sizeof cmd, NULL, in_len - sizeof cmd,
-- 
1.8.3.1




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]