From: Haggai Eran <haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
To: Yann Droneaud <ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
Cc: Roland Dreier <roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Liran Liss <liranl-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Or Gerlitz <ogerlitz-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Sagi Grimberg <sagig-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Majd Dibbiny <majd-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Jerome Glisse <j.glisse-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Eli Cohen <eli-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Subject: Re: [PATCH v3 06/17] IB/core: Add support for extended query device caps
Date: Wed, 17 Dec 2014 08:54:44 +0200 [thread overview]
Message-ID: <549128B4.5010301@mellanox.com> (raw)
In-Reply-To: <1418733236.2779.26.camel-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
On 16/12/2014 14:33, Yann Droneaud wrote:
> Le jeudi 11 décembre 2014 à 17:04 +0200, Haggai Eran a écrit :
>> static inline int ib_copy_to_udata(struct ib_udata *udata, void *src, size_t len)
>> {
>> - return copy_to_user(udata->outbuf, src, len) ? -EFAULT : 0;
>> + size_t copy_sz;
>> +
>> + copy_sz = min_t(size_t, len, udata->outlen);
>> + return copy_to_user(udata->outbuf, src, copy_sz) ? -EFAULT : 0;
>> }
>
>
> This is not the place to do this: as I'm guessing the purpose of this
> change from the patch in '[PATCH v3 07/17] IB/core: Add flags for on
> demand paging support', you're trying to handle uverbs call from
> a userspace program using a previous, shorter ABI.
Yes, that was my intention.
>
> But that's hidding bug where userspace will get it wrong at passing the
> correct buffer / size for all others uverb calls.
>
> That cannot work that way.
>
> In a previous patchset [1], I've suggested to add a check in
> ib_copy_{from,to}_udata()[2][3] in order to check the input/output
> buffer size to not read/write past userspace provided buffer
> boundaries: in case of mismatch an error would be returned to
> userspace.
>
> With the suggested change here, buffer overflow won't happen,
> but the error is silently ignored, allowing uverb to return a
> partial result, which is likely not expected by userspace as
> it's a bit difficult to handle it gracefully.
>
> So this has to be removed, and a check on userspace response
> buffer must be added to ib_uverbs_ex_query_device() instead.
I agree that we shouldn't silently ignore bugs in userspace, but I'm not
sure the alternative is maintainable. If we have in the future N new
extensions to this verb, will we need to validate the user space given
output buffer is one of the N possible sizes?
Regards,
Haggai
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2014-12-17 6:54 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-11 15:04 [PATCH v3 00/17] On demand paging Haggai Eran
[not found] ` <1418310266-9584-1-git-send-email-haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2014-12-11 15:04 ` [PATCH v3 01/17] IB/mlx5: Remove per-MR pas and dma pointers Haggai Eran
2014-12-11 15:04 ` [PATCH v3 02/17] IB/mlx5: Enhance UMR support to allow partial page table update Haggai Eran
2014-12-11 15:04 ` [PATCH v3 03/17] IB/core: Replace ib_umem's offset field with a full address Haggai Eran
2014-12-11 15:04 ` [PATCH v3 04/17] IB/core: Add umem function to read data from user-space Haggai Eran
2014-12-11 15:04 ` [PATCH v3 05/17] IB/mlx5: Add function to read WQE " Haggai Eran
2014-12-11 15:04 ` [PATCH v3 06/17] IB/core: Add support for extended query device caps Haggai Eran
[not found] ` <1418310266-9584-7-git-send-email-haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2014-12-16 12:33 ` Yann Droneaud
[not found] ` <1418733236.2779.26.camel-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
2014-12-16 17:41 ` Roland Dreier
[not found] ` <CAG4TOxP9OhPigPseCzhUacHADoH2pEdj672V0SVfZuBTjKLHVg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-12-16 20:07 ` Or Gerlitz
[not found] ` <CAJ3xEMi+SCakMD=PYamYjqYWb0oCmccLzyR-4+K-fhF1bGfykQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-12-16 20:14 ` Yann Droneaud
2015-01-21 10:32 ` Yann Droneaud
[not found] ` <1421836353.13543.7.camel-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
2015-01-21 11:14 ` Haggai Eran
2014-12-17 6:54 ` Haggai Eran [this message]
[not found] ` <549128B4.5010301-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2014-12-17 14:00 ` Yann Droneaud
2014-12-17 14:12 ` Haggai Eran
[not found] ` <54918F50.7020705-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-01-21 12:50 ` Yann Droneaud
2014-12-11 15:04 ` [PATCH v3 07/17] IB/core: Add flags for on demand paging support Haggai Eran
[not found] ` <1418310266-9584-8-git-send-email-haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2014-12-16 12:02 ` Yann Droneaud
[not found] ` <1418731378.2779.6.camel-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
2014-12-16 12:13 ` Yann Droneaud
2014-12-11 15:04 ` [PATCH v3 08/17] IB/core: Add support for on demand paging regions Haggai Eran
2014-12-11 15:04 ` [PATCH v3 09/17] IB/core: Implement support for MMU notifiers regarding " Haggai Eran
2014-12-11 15:04 ` [PATCH v3 10/17] net/mlx5_core: Add support for page faults events and low level handling Haggai Eran
2014-12-11 15:04 ` [PATCH v3 11/17] IB/mlx5: Implement the ODP capability query verb Haggai Eran
2014-12-11 15:04 ` [PATCH v3 12/17] IB/mlx5: Changes in memory region creation to support on-demand paging Haggai Eran
2014-12-11 15:04 ` [PATCH v3 13/17] IB/mlx5: Add mlx5_ib_update_mtt to update page tables after creation Haggai Eran
2014-12-11 15:04 ` [PATCH v3 14/17] IB/mlx5: Page faults handling infrastructure Haggai Eran
2014-12-11 15:04 ` [PATCH v3 15/17] IB/mlx5: Handle page faults Haggai Eran
2014-12-11 15:04 ` [PATCH v3 16/17] IB/mlx5: Add support for RDMA read/write responder " Haggai Eran
2014-12-11 15:04 ` [PATCH v3 17/17] IB/mlx5: Implement on demand paging by adding support for MMU notifiers Haggai Eran
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=549128B4.5010301@mellanox.com \
--to=haggaie-vpraknaxozvwk0htik3j/w@public.gmane.org \
--cc=eli-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=j.glisse-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=liranl-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=majd-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=ogerlitz-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=sagig-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.