On Mon, Aug 07, 2017 at 02:03:08PM +0300, Yuval Shaia wrote: > On Wed, Jul 26, 2017 at 11:14:46AM -0500, Mustafa Ismail wrote: > > The port number is only valid if IB_QP_PORT is set in the mask. > > So only check port number if it is valid to prevent modify_qp > > from failing due to an invalid port number. > > > > Fixes: 5ecce4c9b17b("Check port number supplied by user verbs cmds") > > Cc: <stable@xxxxxxxxxxxxxxx> # v4.2-v4.9 > > Cc: <security@xxxxxxxxxx> > > Cc: Doug Ledford <dledford@xxxxxxxxxx> > > Cc: Steve Wise <swise@xxxxxxxxxxxxxxxxxxxxx> > > Cc: Mike Marciniszyn <mike.marciniszyn@xxxxxxxxx> > > > > Signed-off-by: Mustafa Ismail <mustafa.ismail@xxxxxxxxx> > > > > Upstream commit 5a7a88f1b488("Fix the check for port number") > > Modified from upstream commit: helper function rdma_is_port_valid does not > > exist in these kernel versions. > > --- > > drivers/infiniband/core/uverbs_cmd.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c > > index 01e3a37..d118ffe 100644 > > --- a/drivers/infiniband/core/uverbs_cmd.c > > +++ b/drivers/infiniband/core/uverbs_cmd.c > > @@ -2342,8 +2342,9 @@ ssize_t ib_uverbs_modify_qp(struct ib_uverbs_file *file, > > if (copy_from_user(&cmd, buf, sizeof cmd)) > > return -EFAULT; > > > > - if (cmd.port_num < rdma_start_port(ib_dev) || > > - cmd.port_num > rdma_end_port(ib_dev)) > > + if ((cmd.attr_mask & IB_QP_PORT) && > > + (cmd.port_num < rdma_start_port(ib_dev) || > > + cmd.port_num > rdma_end_port(ib_dev))) > > Please use rdma_is_port_valid Yuval, This patch is meant for Stable v4.2-v4.9 which does not have rdma_is_port_valid. The patch upstream is using rdma_is_port_valid. Here is a link to it: https://patchwork.kernel.org/patch/9841243/ Chien