[PATCH for-3.11 0/3] rdma/cm: Fixes for AF

public inbox for linux-rdma@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH for-3.11 0/3] rdma/cm: Fixes for AF_IB patch series
@ 2013-07-24 22:06 sean.hefty-ral2JQCrhuEAvxtiuMwx3w
       [not found] ` <1374703569-16668-1-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
  0 siblings, 1 reply; 5+ messages in thread
From: sean.hefty-ral2JQCrhuEAvxtiuMwx3w @ 2013-07-24 22:06 UTC (permalink / raw)
  To: roland-BHEL68pLQRGGvPXPguhicg, linux-rdma-u79uwXL29TY76Z2rM5mHXA
  Cc: Sean Hefty

From: Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>

Additional testing of the latest AF_IB patch series showed that bugs
were introduced when mixing AF_IB with UD QPs.  Full support for
AF_IB with UD QPs is limited, but we should at least avoid crashing
the kernel!  Please apply two fixes for crashes to 3.11, plus one
minor fix to silence a compiler warning.

Signed-off-by: Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>

Paul Bolle (1):
  [v2] RDMA/cma: silence GCC warning

Sean Hefty (2):
  rdma/cm: Fix accessing invalid private data for UD
  rdma/cm: Only call cma_save_ib_info for CM REQs

 drivers/infiniband/core/cma.c |   29 ++++++++++++++++-------------
 1 files changed, 16 insertions(+), 13 deletions(-)

-- 
1.7.3

--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 5+ messages in thread

[parent not found: <1374703569-16668-1-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>]

* [PATCH for-3.11 1/3] [v2] RDMA/cma: silence GCC warning
       [not found] ` <1374703569-16668-1-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
@ 2013-07-24 22:06   ` sean.hefty-ral2JQCrhuEAvxtiuMwx3w
  2013-07-24 22:06   ` [PATCH for-3.11 2/3] rdma/cm: Fix accessing invalid private data for UD sean.hefty-ral2JQCrhuEAvxtiuMwx3w
  2013-07-24 22:06   ` [PATCH for-3.11 3/3] rdma/cm: Only call cma_save_ib_info for CM REQs sean.hefty-ral2JQCrhuEAvxtiuMwx3w
  2 siblings, 0 replies; 5+ messages in thread
From: sean.hefty-ral2JQCrhuEAvxtiuMwx3w @ 2013-07-24 22:06 UTC (permalink / raw)
  To: roland-BHEL68pLQRGGvPXPguhicg, linux-rdma-u79uwXL29TY76Z2rM5mHXA
  Cc: Paul Bolle, Sean Hefty

From: Paul Bolle <pebolle-IWqWACnzNjzz+pZb47iToQ@public.gmane.org>

Building cma.o triggers this GCC warning:
    drivers/infiniband/core/cma.c: In function ‘rdma_resolve_addr’:
    drivers/infiniband/core/cma.c:465:23: warning: ‘port’ may be used uninitialized in this function [-Wmaybe-uninitialized]
    drivers/infiniband/core/cma.c:426:5: note: ‘port’ was declared here

This is a false positive, as "port" will always be initialized if we're
at "found". But if we assign to "id_priv->id.port_num" directly, we can
drop "port". That will, obviously, silence GCC.

Signed-off-by: Paul Bolle <pebolle-IWqWACnzNjzz+pZb47iToQ@public.gmane.org>
Signed-off-by: Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
---
 drivers/infiniband/core/cma.c |    7 +++----
 1 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index f1c279f..84487a2 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -423,7 +423,7 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv)
 	struct sockaddr_ib *addr;
 	union ib_gid gid, sgid, *dgid;
 	u16 pkey, index;
-	u8 port, p;
+	u8 p;
 	int i;
 
 	cma_dev = NULL;
@@ -443,7 +443,7 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv)
 				if (!memcmp(&gid, dgid, sizeof(gid))) {
 					cma_dev = cur_dev;
 					sgid = gid;
-					port = p;
+					id_priv->id.port_num = p;
 					goto found;
 				}
 
@@ -451,7 +451,7 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv)
 						 dgid->global.subnet_prefix)) {
 					cma_dev = cur_dev;
 					sgid = gid;
-					port = p;
+					id_priv->id.port_num = p;
 				}
 			}
 		}
@@ -462,7 +462,6 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv)
 
 found:
 	cma_attach_to_dev(id_priv, cma_dev);
-	id_priv->id.port_num = port;
 	addr = (struct sockaddr_ib *) cma_src_addr(id_priv);
 	memcpy(&addr->sib_addr, &sgid, sizeof sgid);
 	cma_translate_ib(addr, &id_priv->id.route.addr.dev_addr);
-- 
1.7.3

--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH for-3.11 2/3] rdma/cm: Fix accessing invalid private data for UD
       [not found] ` <1374703569-16668-1-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
  2013-07-24 22:06   ` [PATCH for-3.11 1/3] [v2] RDMA/cma: silence GCC warning sean.hefty-ral2JQCrhuEAvxtiuMwx3w
@ 2013-07-24 22:06   ` sean.hefty-ral2JQCrhuEAvxtiuMwx3w
       [not found]     ` <1374703569-16668-3-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
  2013-07-24 22:06   ` [PATCH for-3.11 3/3] rdma/cm: Only call cma_save_ib_info for CM REQs sean.hefty-ral2JQCrhuEAvxtiuMwx3w
  2 siblings, 1 reply; 5+ messages in thread
From: sean.hefty-ral2JQCrhuEAvxtiuMwx3w @ 2013-07-24 22:06 UTC (permalink / raw)
  To: roland-BHEL68pLQRGGvPXPguhicg, linux-rdma-u79uwXL29TY76Z2rM5mHXA
  Cc: Sean Hefty

From: Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>

If a application is using AF_IB with a UD QP, but does not
provide any private data, we will end up accessing invalid
memory.  Check for this case and handle it appropriately.

Signed-off-by: Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
---
 drivers/infiniband/core/cma.c |   19 +++++++++++--------
 1 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index 84487a2..4314655 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -2676,29 +2676,32 @@ static int cma_resolve_ib_udp(struct rdma_id_private *id_priv,
 {
 	struct ib_cm_sidr_req_param req;
 	struct ib_cm_id	*id;
+	void *private_data;
 	int offset, ret;
 
+	memset(&req, 0, sizeof req);
 	offset = cma_user_data_offset(id_priv);
 	req.private_data_len = offset + conn_param->private_data_len;
 	if (req.private_data_len < conn_param->private_data_len)
 		return -EINVAL;
 
 	if (req.private_data_len) {
-		req.private_data = kzalloc(req.private_data_len, GFP_ATOMIC);
-		if (!req.private_data)
+		private_data = kzalloc(req.private_data_len, GFP_ATOMIC);
+		if (!private_data)
 			return -ENOMEM;
 	} else {
-		req.private_data = NULL;
+		private_data = NULL;
 	}
 
 	if (conn_param->private_data && conn_param->private_data_len)
-		memcpy((void *) req.private_data + offset,
-		       conn_param->private_data, conn_param->private_data_len);
+		memcpy(private_data + offset, conn_param->private_data,
+		       conn_param->private_data_len);
 
-	if (req.private_data) {
-		ret = cma_format_hdr((void *) req.private_data, id_priv);
+	if (private_data) {
+		ret = cma_format_hdr(private_data, id_priv);
 		if (ret)
 			goto out;
+		req.private_data = private_data;
 	}
 
 	id = ib_create_cm_id(id_priv->id.device, cma_sidr_rep_handler,
@@ -2720,7 +2723,7 @@ static int cma_resolve_ib_udp(struct rdma_id_private *id_priv,
 		id_priv->cm_id.ib = NULL;
 	}
 out:
-	kfree(req.private_data);
+	kfree(private_data);
 	return ret;
 }
 
-- 
1.7.3

--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply related	[flat|nested] 5+ messages in thread

[parent not found: <1374703569-16668-3-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>]

* RE: [PATCH for-3.11 2/3] rdma/cm: Fix accessing invalid private data for UD
       [not found]     ` <1374703569-16668-3-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
@ 2013-08-01  5:46       ` Hefty, Sean
  0 siblings, 0 replies; 5+ messages in thread
From: Hefty, Sean @ 2013-08-01  5:46 UTC (permalink / raw)
  To: roland-BHEL68pLQRGGvPXPguhicg@public.gmane.org,
	linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org

> If a application is using AF_IB with a UD QP, but does not
> provide any private data, we will end up accessing invalid
> memory.  Check for this case and handle it appropriately.
> 
> Signed-off-by: Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>

Roland, hold off on this patch, but please push the other 2 for 3-11.

After looking at this patch again, it doesn't end up doing much more than introducing a stack variable as an alias for the private data.  The problem I was trying to fix (conn_param->private_data_len too small) shouldn't result in a crash.

- Sean

--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH for-3.11 3/3] rdma/cm: Only call cma_save_ib_info for CM REQs
       [not found] ` <1374703569-16668-1-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
  2013-07-24 22:06   ` [PATCH for-3.11 1/3] [v2] RDMA/cma: silence GCC warning sean.hefty-ral2JQCrhuEAvxtiuMwx3w
  2013-07-24 22:06   ` [PATCH for-3.11 2/3] rdma/cm: Fix accessing invalid private data for UD sean.hefty-ral2JQCrhuEAvxtiuMwx3w
@ 2013-07-24 22:06   ` sean.hefty-ral2JQCrhuEAvxtiuMwx3w
  2 siblings, 0 replies; 5+ messages in thread
From: sean.hefty-ral2JQCrhuEAvxtiuMwx3w @ 2013-07-24 22:06 UTC (permalink / raw)
  To: roland-BHEL68pLQRGGvPXPguhicg, linux-rdma-u79uwXL29TY76Z2rM5mHXA
  Cc: Sean Hefty

From: Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>

Calling cma_save_ib_info for CM SIDR REQs results in a crash
accessing an invalid path record pointer.

Signed-off-by: Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
---
 drivers/infiniband/core/cma.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index 4314655..7c0f953 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -879,7 +879,8 @@ static int cma_save_net_info(struct rdma_cm_id *id, struct rdma_cm_id *listen_id
 {
 	struct cma_hdr *hdr;
 
-	if (listen_id->route.addr.src_addr.ss_family == AF_IB) {
+	if ((listen_id->route.addr.src_addr.ss_family == AF_IB) &&
+	    (ib_event->event == IB_CM_REQ_RECEIVED)) {
 		cma_save_ib_info(id, listen_id, ib_event->param.req_rcvd.primary_path);
 		return 0;
 	}
-- 
1.7.3

--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply related	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2013-08-01  5:46 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-07-24 22:06 [PATCH for-3.11 0/3] rdma/cm: Fixes for AF_IB patch series sean.hefty-ral2JQCrhuEAvxtiuMwx3w
     [not found] ` <1374703569-16668-1-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2013-07-24 22:06   ` [PATCH for-3.11 1/3] [v2] RDMA/cma: silence GCC warning sean.hefty-ral2JQCrhuEAvxtiuMwx3w
2013-07-24 22:06   ` [PATCH for-3.11 2/3] rdma/cm: Fix accessing invalid private data for UD sean.hefty-ral2JQCrhuEAvxtiuMwx3w
     [not found]     ` <1374703569-16668-3-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2013-08-01  5:46       ` Hefty, Sean
2013-07-24 22:06   ` [PATCH for-3.11 3/3] rdma/cm: Only call cma_save_ib_info for CM REQs sean.hefty-ral2JQCrhuEAvxtiuMwx3w

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox