* [PATCH for-3.11 0/3] rdma/cm: Fixes for AF_IB patch series
@ 2013-07-24 22:06 sean.hefty-ral2JQCrhuEAvxtiuMwx3w
[not found] ` <1374703569-16668-1-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
0 siblings, 1 reply; 5+ messages in thread
From: sean.hefty-ral2JQCrhuEAvxtiuMwx3w @ 2013-07-24 22:06 UTC (permalink / raw)
To: roland-BHEL68pLQRGGvPXPguhicg, linux-rdma-u79uwXL29TY76Z2rM5mHXA
Cc: Sean Hefty
From: Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Additional testing of the latest AF_IB patch series showed that bugs
were introduced when mixing AF_IB with UD QPs. Full support for
AF_IB with UD QPs is limited, but we should at least avoid crashing
the kernel! Please apply two fixes for crashes to 3.11, plus one
minor fix to silence a compiler warning.
Signed-off-by: Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Paul Bolle (1):
[v2] RDMA/cma: silence GCC warning
Sean Hefty (2):
rdma/cm: Fix accessing invalid private data for UD
rdma/cm: Only call cma_save_ib_info for CM REQs
drivers/infiniband/core/cma.c | 29 ++++++++++++++++-------------
1 files changed, 16 insertions(+), 13 deletions(-)
--
1.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH for-3.11 1/3] [v2] RDMA/cma: silence GCC warning
[not found] ` <1374703569-16668-1-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
@ 2013-07-24 22:06 ` sean.hefty-ral2JQCrhuEAvxtiuMwx3w
2013-07-24 22:06 ` [PATCH for-3.11 2/3] rdma/cm: Fix accessing invalid private data for UD sean.hefty-ral2JQCrhuEAvxtiuMwx3w
2013-07-24 22:06 ` [PATCH for-3.11 3/3] rdma/cm: Only call cma_save_ib_info for CM REQs sean.hefty-ral2JQCrhuEAvxtiuMwx3w
2 siblings, 0 replies; 5+ messages in thread
From: sean.hefty-ral2JQCrhuEAvxtiuMwx3w @ 2013-07-24 22:06 UTC (permalink / raw)
To: roland-BHEL68pLQRGGvPXPguhicg, linux-rdma-u79uwXL29TY76Z2rM5mHXA
Cc: Paul Bolle, Sean Hefty
From: Paul Bolle <pebolle-IWqWACnzNjzz+pZb47iToQ@public.gmane.org>
Building cma.o triggers this GCC warning:
drivers/infiniband/core/cma.c: In function ‘rdma_resolve_addr’:
drivers/infiniband/core/cma.c:465:23: warning: ‘port’ may be used uninitialized in this function [-Wmaybe-uninitialized]
drivers/infiniband/core/cma.c:426:5: note: ‘port’ was declared here
This is a false positive, as "port" will always be initialized if we're
at "found". But if we assign to "id_priv->id.port_num" directly, we can
drop "port". That will, obviously, silence GCC.
Signed-off-by: Paul Bolle <pebolle-IWqWACnzNjzz+pZb47iToQ@public.gmane.org>
Signed-off-by: Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
---
drivers/infiniband/core/cma.c | 7 +++----
1 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index f1c279f..84487a2 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -423,7 +423,7 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv)
struct sockaddr_ib *addr;
union ib_gid gid, sgid, *dgid;
u16 pkey, index;
- u8 port, p;
+ u8 p;
int i;
cma_dev = NULL;
@@ -443,7 +443,7 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv)
if (!memcmp(&gid, dgid, sizeof(gid))) {
cma_dev = cur_dev;
sgid = gid;
- port = p;
+ id_priv->id.port_num = p;
goto found;
}
@@ -451,7 +451,7 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv)
dgid->global.subnet_prefix)) {
cma_dev = cur_dev;
sgid = gid;
- port = p;
+ id_priv->id.port_num = p;
}
}
}
@@ -462,7 +462,6 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv)
found:
cma_attach_to_dev(id_priv, cma_dev);
- id_priv->id.port_num = port;
addr = (struct sockaddr_ib *) cma_src_addr(id_priv);
memcpy(&addr->sib_addr, &sgid, sizeof sgid);
cma_translate_ib(addr, &id_priv->id.route.addr.dev_addr);
--
1.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH for-3.11 2/3] rdma/cm: Fix accessing invalid private data for UD
[not found] ` <1374703569-16668-1-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2013-07-24 22:06 ` [PATCH for-3.11 1/3] [v2] RDMA/cma: silence GCC warning sean.hefty-ral2JQCrhuEAvxtiuMwx3w
@ 2013-07-24 22:06 ` sean.hefty-ral2JQCrhuEAvxtiuMwx3w
[not found] ` <1374703569-16668-3-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2013-07-24 22:06 ` [PATCH for-3.11 3/3] rdma/cm: Only call cma_save_ib_info for CM REQs sean.hefty-ral2JQCrhuEAvxtiuMwx3w
2 siblings, 1 reply; 5+ messages in thread
From: sean.hefty-ral2JQCrhuEAvxtiuMwx3w @ 2013-07-24 22:06 UTC (permalink / raw)
To: roland-BHEL68pLQRGGvPXPguhicg, linux-rdma-u79uwXL29TY76Z2rM5mHXA
Cc: Sean Hefty
From: Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
If a application is using AF_IB with a UD QP, but does not
provide any private data, we will end up accessing invalid
memory. Check for this case and handle it appropriately.
Signed-off-by: Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
---
drivers/infiniband/core/cma.c | 19 +++++++++++--------
1 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index 84487a2..4314655 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -2676,29 +2676,32 @@ static int cma_resolve_ib_udp(struct rdma_id_private *id_priv,
{
struct ib_cm_sidr_req_param req;
struct ib_cm_id *id;
+ void *private_data;
int offset, ret;
+ memset(&req, 0, sizeof req);
offset = cma_user_data_offset(id_priv);
req.private_data_len = offset + conn_param->private_data_len;
if (req.private_data_len < conn_param->private_data_len)
return -EINVAL;
if (req.private_data_len) {
- req.private_data = kzalloc(req.private_data_len, GFP_ATOMIC);
- if (!req.private_data)
+ private_data = kzalloc(req.private_data_len, GFP_ATOMIC);
+ if (!private_data)
return -ENOMEM;
} else {
- req.private_data = NULL;
+ private_data = NULL;
}
if (conn_param->private_data && conn_param->private_data_len)
- memcpy((void *) req.private_data + offset,
- conn_param->private_data, conn_param->private_data_len);
+ memcpy(private_data + offset, conn_param->private_data,
+ conn_param->private_data_len);
- if (req.private_data) {
- ret = cma_format_hdr((void *) req.private_data, id_priv);
+ if (private_data) {
+ ret = cma_format_hdr(private_data, id_priv);
if (ret)
goto out;
+ req.private_data = private_data;
}
id = ib_create_cm_id(id_priv->id.device, cma_sidr_rep_handler,
@@ -2720,7 +2723,7 @@ static int cma_resolve_ib_udp(struct rdma_id_private *id_priv,
id_priv->cm_id.ib = NULL;
}
out:
- kfree(req.private_data);
+ kfree(private_data);
return ret;
}
--
1.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH for-3.11 3/3] rdma/cm: Only call cma_save_ib_info for CM REQs
[not found] ` <1374703569-16668-1-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2013-07-24 22:06 ` [PATCH for-3.11 1/3] [v2] RDMA/cma: silence GCC warning sean.hefty-ral2JQCrhuEAvxtiuMwx3w
2013-07-24 22:06 ` [PATCH for-3.11 2/3] rdma/cm: Fix accessing invalid private data for UD sean.hefty-ral2JQCrhuEAvxtiuMwx3w
@ 2013-07-24 22:06 ` sean.hefty-ral2JQCrhuEAvxtiuMwx3w
2 siblings, 0 replies; 5+ messages in thread
From: sean.hefty-ral2JQCrhuEAvxtiuMwx3w @ 2013-07-24 22:06 UTC (permalink / raw)
To: roland-BHEL68pLQRGGvPXPguhicg, linux-rdma-u79uwXL29TY76Z2rM5mHXA
Cc: Sean Hefty
From: Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Calling cma_save_ib_info for CM SIDR REQs results in a crash
accessing an invalid path record pointer.
Signed-off-by: Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
---
drivers/infiniband/core/cma.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index 4314655..7c0f953 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -879,7 +879,8 @@ static int cma_save_net_info(struct rdma_cm_id *id, struct rdma_cm_id *listen_id
{
struct cma_hdr *hdr;
- if (listen_id->route.addr.src_addr.ss_family == AF_IB) {
+ if ((listen_id->route.addr.src_addr.ss_family == AF_IB) &&
+ (ib_event->event == IB_CM_REQ_RECEIVED)) {
cma_save_ib_info(id, listen_id, ib_event->param.req_rcvd.primary_path);
return 0;
}
--
1.7.3
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 5+ messages in thread
* RE: [PATCH for-3.11 2/3] rdma/cm: Fix accessing invalid private data for UD
[not found] ` <1374703569-16668-3-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
@ 2013-08-01 5:46 ` Hefty, Sean
0 siblings, 0 replies; 5+ messages in thread
From: Hefty, Sean @ 2013-08-01 5:46 UTC (permalink / raw)
To: roland-BHEL68pLQRGGvPXPguhicg@public.gmane.org,
linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> If a application is using AF_IB with a UD QP, but does not
> provide any private data, we will end up accessing invalid
> memory. Check for this case and handle it appropriately.
>
> Signed-off-by: Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Roland, hold off on this patch, but please push the other 2 for 3-11.
After looking at this patch again, it doesn't end up doing much more than introducing a stack variable as an alias for the private data. The problem I was trying to fix (conn_param->private_data_len too small) shouldn't result in a crash.
- Sean
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-08-01 5:46 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-07-24 22:06 [PATCH for-3.11 0/3] rdma/cm: Fixes for AF_IB patch series sean.hefty-ral2JQCrhuEAvxtiuMwx3w
[not found] ` <1374703569-16668-1-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2013-07-24 22:06 ` [PATCH for-3.11 1/3] [v2] RDMA/cma: silence GCC warning sean.hefty-ral2JQCrhuEAvxtiuMwx3w
2013-07-24 22:06 ` [PATCH for-3.11 2/3] rdma/cm: Fix accessing invalid private data for UD sean.hefty-ral2JQCrhuEAvxtiuMwx3w
[not found] ` <1374703569-16668-3-git-send-email-sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2013-08-01 5:46 ` Hefty, Sean
2013-07-24 22:06 ` [PATCH for-3.11 3/3] rdma/cm: Only call cma_save_ib_info for CM REQs sean.hefty-ral2JQCrhuEAvxtiuMwx3w
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox