From: Yann Droneaud <ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
To: Haggai Eran <haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Cc: Roland Dreier <roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Liran Liss <liranl-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Or Gerlitz <ogerlitz-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Sagi Grimberg <sagig-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Majd Dibbiny <majd-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Jerome Glisse <j.glisse-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Eli Cohen <eli-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Subject: Re: [PATCH v3 06/17] IB/core: Add support for extended query device caps
Date: Wed, 17 Dec 2014 15:00:11 +0100 [thread overview]
Message-ID: <1418824811.3334.3.camel@dworkin> (raw)
In-Reply-To: <549128B4.5010301-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Hi,
Le mercredi 17 décembre 2014 à 08:54 +0200, Haggai Eran a écrit :
> On 16/12/2014 14:33, Yann Droneaud wrote:
> > Le jeudi 11 décembre 2014 à 17:04 +0200, Haggai Eran a écrit :
> >> static inline int ib_copy_to_udata(struct ib_udata *udata, void *src, size_t len)
> >> {
> >> - return copy_to_user(udata->outbuf, src, len) ? -EFAULT : 0;
> >> + size_t copy_sz;
> >> +
> >> + copy_sz = min_t(size_t, len, udata->outlen);
> >> + return copy_to_user(udata->outbuf, src, copy_sz) ? -EFAULT : 0;
> >> }
> >
> >
> > This is not the place to do this: as I'm guessing the purpose of this
> > change from the patch in '[PATCH v3 07/17] IB/core: Add flags for on
> > demand paging support', you're trying to handle uverbs call from
> > a userspace program using a previous, shorter ABI.
>
> Yes, that was my intention.
>
> >
> > But that's hidding bug where userspace will get it wrong at passing the
> > correct buffer / size for all others uverb calls.
> >
> > That cannot work that way.
> >
> > In a previous patchset [1], I've suggested to add a check in
> > ib_copy_{from,to}_udata()[2][3] in order to check the input/output
> > buffer size to not read/write past userspace provided buffer
> > boundaries: in case of mismatch an error would be returned to
> > userspace.
> >
> > With the suggested change here, buffer overflow won't happen,
> > but the error is silently ignored, allowing uverb to return a
> > partial result, which is likely not expected by userspace as
> > it's a bit difficult to handle it gracefully.
> >
> > So this has to be removed, and a check on userspace response
> > buffer must be added to ib_uverbs_ex_query_device() instead.
>
> I agree that we shouldn't silently ignore bugs in userspace, but I'm not
> sure the alternative is maintainable. If we have in the future N new
> extensions to this verb, will we need to validate the user space given
> output buffer is one of the N possible sizes?
>
Yes.
Additionnaly the size should be checked related to the flags set in the
"comp_mask": eg. requiring IB_USER_VERBS_EX_QUERY_DEVICE_ODP but not
providing the expected response buffer should be an error.
Regards.
--
Yann Droneaud
OPTEYA
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2014-12-17 14:00 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-11 15:04 [PATCH v3 00/17] On demand paging Haggai Eran
[not found] ` <1418310266-9584-1-git-send-email-haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2014-12-11 15:04 ` [PATCH v3 01/17] IB/mlx5: Remove per-MR pas and dma pointers Haggai Eran
2014-12-11 15:04 ` [PATCH v3 02/17] IB/mlx5: Enhance UMR support to allow partial page table update Haggai Eran
2014-12-11 15:04 ` [PATCH v3 03/17] IB/core: Replace ib_umem's offset field with a full address Haggai Eran
2014-12-11 15:04 ` [PATCH v3 04/17] IB/core: Add umem function to read data from user-space Haggai Eran
2014-12-11 15:04 ` [PATCH v3 05/17] IB/mlx5: Add function to read WQE " Haggai Eran
2014-12-11 15:04 ` [PATCH v3 06/17] IB/core: Add support for extended query device caps Haggai Eran
[not found] ` <1418310266-9584-7-git-send-email-haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2014-12-16 12:33 ` Yann Droneaud
[not found] ` <1418733236.2779.26.camel-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
2014-12-16 17:41 ` Roland Dreier
[not found] ` <CAG4TOxP9OhPigPseCzhUacHADoH2pEdj672V0SVfZuBTjKLHVg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-12-16 20:07 ` Or Gerlitz
[not found] ` <CAJ3xEMi+SCakMD=PYamYjqYWb0oCmccLzyR-4+K-fhF1bGfykQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-12-16 20:14 ` Yann Droneaud
2015-01-21 10:32 ` Yann Droneaud
[not found] ` <1421836353.13543.7.camel-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
2015-01-21 11:14 ` Haggai Eran
2014-12-17 6:54 ` Haggai Eran
[not found] ` <549128B4.5010301-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2014-12-17 14:00 ` Yann Droneaud [this message]
2014-12-17 14:12 ` Haggai Eran
[not found] ` <54918F50.7020705-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-01-21 12:50 ` Yann Droneaud
2014-12-11 15:04 ` [PATCH v3 07/17] IB/core: Add flags for on demand paging support Haggai Eran
[not found] ` <1418310266-9584-8-git-send-email-haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2014-12-16 12:02 ` Yann Droneaud
[not found] ` <1418731378.2779.6.camel-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
2014-12-16 12:13 ` Yann Droneaud
2014-12-11 15:04 ` [PATCH v3 08/17] IB/core: Add support for on demand paging regions Haggai Eran
2014-12-11 15:04 ` [PATCH v3 09/17] IB/core: Implement support for MMU notifiers regarding " Haggai Eran
2014-12-11 15:04 ` [PATCH v3 10/17] net/mlx5_core: Add support for page faults events and low level handling Haggai Eran
2014-12-11 15:04 ` [PATCH v3 11/17] IB/mlx5: Implement the ODP capability query verb Haggai Eran
2014-12-11 15:04 ` [PATCH v3 12/17] IB/mlx5: Changes in memory region creation to support on-demand paging Haggai Eran
2014-12-11 15:04 ` [PATCH v3 13/17] IB/mlx5: Add mlx5_ib_update_mtt to update page tables after creation Haggai Eran
2014-12-11 15:04 ` [PATCH v3 14/17] IB/mlx5: Page faults handling infrastructure Haggai Eran
2014-12-11 15:04 ` [PATCH v3 15/17] IB/mlx5: Handle page faults Haggai Eran
2014-12-11 15:04 ` [PATCH v3 16/17] IB/mlx5: Add support for RDMA read/write responder " Haggai Eran
2014-12-11 15:04 ` [PATCH v3 17/17] IB/mlx5: Implement on demand paging by adding support for MMU notifiers Haggai Eran
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1418824811.3334.3.camel@dworkin \
--to=ydroneaud-rly5vtjfyj3qt0dzr+alfa@public.gmane.org \
--cc=eli-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=j.glisse-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=liranl-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=majd-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=ogerlitz-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=sagig-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox