From: Dennis Dalessandro <dennis.dalessandro-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
To: dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Cc: linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
"Michael J. Ruhl"
<michael.j.ruhl-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Kamenee Arumugam
<kamenee.arumugam-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Subject: [PATCH for-next 5/8] IB/hfi1: Stricter bounds checking of MAD trap index
Date: Sun, 13 Aug 2017 08:08:46 -0700 [thread overview]
Message-ID: <20170813150845.23208.61782.stgit@scvm10.sc.intel.com> (raw)
In-Reply-To: <20170813150659.23208.66243.stgit-9QXIwq+3FY+1XWohqUldA0EOCMrvLtNR@public.gmane.org>
From: Kamenee Arumugame <kamenee.arumugam-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
The macro size is valid. This change makes it less ambiguous.
Bounds check trap type for better security.
Reviewed-by: Michael J. Ruhl <michael.j.ruhl-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Signed-off-by: Kamenee Arumugam <kamenee.arumugam-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
---
drivers/infiniband/hw/hfi1/mad.c | 13 ++++++++++++-
include/rdma/rdma_vt.h | 2 +-
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/hw/hfi1/mad.c b/drivers/infiniband/hw/hfi1/mad.c
index 1be1d74..ba6f58e 100644
--- a/drivers/infiniband/hw/hfi1/mad.c
+++ b/drivers/infiniband/hw/hfi1/mad.c
@@ -151,13 +151,24 @@ static void cleanup_traps(struct hfi1_ibport *ibp, struct trap_node *trap)
unsigned long flags;
unsigned long timeout;
int found = 0;
+ unsigned int queue_id;
+ static int trap_count;
+
+ queue_id = trap->data.generic_type & 0x0F;
+ if (queue_id >= RVT_MAX_TRAP_LISTS) {
+ trap_count++;
+ pr_err_ratelimited("hfi1: Invalid trap 0x%0x dropped. Total dropped: %d\n",
+ trap->data.generic_type, trap_count);
+ kfree(trap);
+ return NULL;
+ }
/*
* Since the retry (handle timeout) does not remove a trap request
* from the list, all we have to do is compare the node.
*/
spin_lock_irqsave(&ibp->rvp.lock, flags);
- trap_list = &ibp->rvp.trap_lists[trap->data.generic_type & 0x0F];
+ trap_list = &ibp->rvp.trap_lists[queue_id];
list_for_each_entry(node, &trap_list->list, list) {
if (node == trap) {
diff --git a/include/rdma/rdma_vt.h b/include/rdma/rdma_vt.h
index 1d94f3c..1ba84a7 100644
--- a/include/rdma/rdma_vt.h
+++ b/include/rdma/rdma_vt.h
@@ -64,7 +64,7 @@
#define RVT_MAX_PKEY_VALUES 16
#define RVT_MAX_TRAP_LEN 100 /* Limit pending trap list */
-#define RVT_MAX_TRAP_LISTS ((IB_NOTICE_TYPE_INFO & 0x0F) + 1)
+#define RVT_MAX_TRAP_LISTS 5 /*((IB_NOTICE_TYPE_INFO & 0x0F) + 1)*/
#define RVT_TRAP_TIMEOUT 4096 /* 4.096 usec */
struct trap_list {
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-08-13 15:08 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-13 15:08 [PATCH for-next 0/8] IB/hfi1: patches for next 08/13/2017 Dennis Dalessandro
[not found] ` <20170813150659.23208.66243.stgit-9QXIwq+3FY+1XWohqUldA0EOCMrvLtNR@public.gmane.org>
2017-08-13 15:08 ` [PATCH for-next 1/8] IB/hfi1: Check xchg returned value for queuing link down entry Dennis Dalessandro
2017-08-13 15:08 ` [PATCH for-next 2/8] IB/hfi1: Document phys port state bits not used in IB Dennis Dalessandro
[not found] ` <20170813150827.23208.83131.stgit-9QXIwq+3FY+1XWohqUldA0EOCMrvLtNR@public.gmane.org>
2017-08-14 4:56 ` Leon Romanovsky
2017-08-13 15:08 ` [PATCH for-next 3/8] IB/hfi1: Add flag for platform config scratch register read Dennis Dalessandro
2017-08-13 15:08 ` [PATCH for-next 4/8] IB/hfi1: Load fallback platform configuration per HFI device Dennis Dalessandro
2017-08-13 15:08 ` Dennis Dalessandro [this message]
2017-08-13 15:08 ` [PATCH for-next 6/8] IB/hfi1: Remove pstate from hfi1_pportdata Dennis Dalessandro
2017-08-13 15:08 ` [PATCH for-next 7/8] IB/hfi1: Remove HFI1_VERBS_31BIT_PSN option Dennis Dalessandro
2017-08-13 15:09 ` [PATCH for-next 8/8] IB/hfi1: Add kernel receive context info to debugfs Dennis Dalessandro
2017-08-14 4:54 ` [PATCH for-next 0/8] IB/hfi1: patches for next 08/13/2017 Leon Romanovsky
2017-08-22 18:30 ` Doug Ledford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170813150845.23208.61782.stgit@scvm10.sc.intel.com \
--to=dennis.dalessandro-ral2jqcrhueavxtiumwx3w@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=kamenee.arumugam-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=michael.j.ruhl-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.