From: Jason Gunthorpe <jgg@mellanox.com>
To: Gal Pressman <galpress@amazon.com>
Cc: Maor Gottlieb <maorg@mellanox.com>,
Leon Romanovsky <leon@kernel.org>,
Doug Ledford <dledford@redhat.com>,
RDMA mailing list <linux-rdma@vger.kernel.org>,
Daniel Jurgens <danielj@mellanox.com>,
Leon Romanovsky <leonro@mellanox.com>
Subject: Re: [PATCH rdma-next] RDMA/core: Fix protection fault in get_pkey_idx_qp_list
Date: Wed, 29 Jan 2020 20:11:07 +0000 [thread overview]
Message-ID: <20200129201102.GR21192@mellanox.com> (raw)
In-Reply-To: <a2028a8f-bf41-44cc-4b65-0df77ec3406c@amazon.com>
On Wed, Jan 29, 2020 at 02:43:51PM +0200, Gal Pressman wrote:
> On 29/01/2020 14:14, Maor Gottlieb wrote:
> >
> > On 1/29/2020 2:06 PM, Gal Pressman wrote:
> >> On 26/01/2020 19:15, Leon Romanovsky wrote:
> >>> From: Maor Gottlieb <maorg@mellanox.com>
> >>>
> >>> We don't need to set pkey as valid in case that user set only one
> >>> of pkey index or port number, otherwise it will be resulted in NULL
> >>> pointer dereference while accessing to uninitialized pkey list.
> >> Why would the pkey list be uninitialized? Isn't it initialized as an empty list
> >> on device registration?
> >
> > It will try to access to list of invalid port / pkey, e.g. to list of
> > port 0. port_data is indexed by port number.
> > dev->port_data[pp->port_num].pkey_list
>
> Makes sense.
> Shouldn't there be a check in the (!qp_pps) section as well? We shouldn't assign
> the field unless the mask is given.
Indeed, reading a qp_attr field without the corresponding bt in
qp_attr_mask set should be wrong.
> Does this work correctly if the user issues two calls to modify_qp where the
> first one modifies the pkey index and the second the port number (if that's even
> possible)?
> Is it expected that the state would stay invalid?
Also sounds wrong
.. and then there is the confusing testing of state !=
IB_PORT_PKEY_NOT_VALID but nothing ever assigns
IB_PORT_PKEY_NOT_VALID.. Humm.
Jason
next prev parent reply other threads:[~2020-01-29 20:11 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-26 17:15 [PATCH rdma-next] RDMA/core: Fix protection fault in get_pkey_idx_qp_list Leon Romanovsky
2020-01-29 12:06 ` Gal Pressman
2020-01-29 12:14 ` Maor Gottlieb
2020-01-29 12:43 ` Gal Pressman
2020-01-29 20:11 ` Jason Gunthorpe [this message]
2020-01-30 7:32 ` Maor Gottlieb
2020-02-02 9:33 ` Leon Romanovsky
2020-02-05 19:16 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200129201102.GR21192@mellanox.com \
--to=jgg@mellanox.com \
--cc=danielj@mellanox.com \
--cc=dledford@redhat.com \
--cc=galpress@amazon.com \
--cc=leon@kernel.org \
--cc=leonro@mellanox.com \
--cc=linux-rdma@vger.kernel.org \
--cc=maorg@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.