From: Leon Romanovsky <leon@kernel.org>
To: liweihang <liweihang@huawei.com>
Cc: "dledford@redhat.com" <dledford@redhat.com>,
"jgg@nvidia.com" <jgg@nvidia.com>,
"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
Linuxarm <linuxarm@huawei.com>
Subject: Re: [PATCH for-next] RDMA/core: Check invalid QP state for ib_modify_qp_is_ok()
Date: Mon, 22 Mar 2021 09:28:50 +0200 [thread overview]
Message-ID: <YFhHMlnzdcAMp3qs@unreal> (raw)
In-Reply-To: <d1cbb0213aba493695162ee07d0d0338@huawei.com>
On Mon, Mar 22, 2021 at 07:11:47AM +0000, liweihang wrote:
> On 2021/3/22 13:47, Leon Romanovsky wrote:
> > On Mon, Mar 22, 2021 at 03:29:09AM +0000, liweihang wrote:
> >> On 2021/3/20 17:34, Leon Romanovsky wrote:
> >>> On Fri, Mar 19, 2021 at 05:02:25PM +0800, Weihang Li wrote:
> >>>> From: Xi Wang <wangxi11@huawei.com>
> >>>>
> >>>> Out-of-bounds may occur in 'qp_state_table' when the caller passing wrong
> >>>> QP state value.
> >>> How is it possible? Do you have call stack to support it?
> >>>
> >>> Thanks
> >>>
> >> ib_modify_qp_is_ok() is exported, I think any kernel modules can pass in
> >> invalid QP state. Should we check it in such case?
> > No, it is caller responsibility to supply valid input.
> > In general case, for the kernel code, it can be seen as anti-pattern
> > if in-kernel API performs input sanity check.
> >
> > You can add WARN_ON() if you want to catch programmers errors earlier.
> > However, I'm skeptical if it is really needed here.
> >
> > Thanks
> >
>
> Hi Leon,
>
> By the way, we made this change because we noticed that ib_event_msg() and
> ib_wc_status_msg() that tries to access an array performs input check in the
> same file. Is there anything different between these kernel APIs? Or there is
> some other reasons?
The main difference between them is the execution flow.
* ib_modify_qp_is_ok() is called from the drivers, after verbs layer
sanitized everything already and at this stage we are pretty safe.
* ib_event_msg()/ib_wc_status_ms() are used by ULPs and maybe they can
send invalid event. I personally don't know if it is possible or not.
Thanks
>
> Thanks,
> Weihang
>
next prev parent reply other threads:[~2021-03-22 7:29 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-19 9:02 [PATCH for-next] RDMA/core: Check invalid QP state for ib_modify_qp_is_ok() Weihang Li
2021-03-20 9:34 ` Leon Romanovsky
2021-03-22 3:29 ` liweihang
2021-03-22 5:47 ` Leon Romanovsky
2021-03-22 6:21 ` liweihang
2021-03-22 7:11 ` liweihang
2021-03-22 7:28 ` Leon Romanovsky [this message]
2021-03-22 7:55 ` liweihang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YFhHMlnzdcAMp3qs@unreal \
--to=leon@kernel.org \
--cc=dledford@redhat.com \
--cc=jgg@nvidia.com \
--cc=linux-rdma@vger.kernel.org \
--cc=linuxarm@huawei.com \
--cc=liweihang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.