From: Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Yann Droneaud <ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
Cc: Roland Dreier <roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCHv1 0/6] IB/uverbs: check request parameters
Date: Mon, 04 May 2015 13:45:19 -0400 [thread overview]
Message-ID: <1430761519.2407.87.camel@redhat.com> (raw)
In-Reply-To: <cover.1430743694.git.ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 2718 bytes --]
On Mon, 2015-05-04 at 15:00 +0200, Yann Droneaud wrote:
> Hi,
>
> Please find a patchset against uverbs to improve the checks done
> on uverbs request parameters. This patchset in an extract of a
> previous patchset sent some times ago[1].
I reviewed those patches last time they came around. In general, I'm on
board with the idea of cleaning up option checking, but in your original
patch submission you point out that the patches have a non-0 chance of
breaking user applications that pass in parameters that wouldn't pass
these checks but work anyway. Have you done any looking into that
possibility?
> I've provided some explanation of the issues partialy addressed
> by this patchset in a previous message[2].
>
> As we're now addressing overflows, I think it's time to apply
> this patchset.
>
> Changes since v0 [3]
> - updated against v4.1-rc2
> - incorporated patches to add check on response buffer using
> access_ok()
>
> [1] "[PATCH 00/22] infiniband: improve userspace input check"
>
> http://marc.info/?i=cover.1376847403.git.ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org
> http://mid.gmane.org/cover.1376847403.git.ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org
>
> [2] "Re: [PATCHv4 for-3.13 00/10] create_flow/destroy_flow fixes for v3.13"
>
> http://marc.info/?i=1387493822.11925.217.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org
> http://mid.gmane.org/1387493822.11925.217.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org
>
> [3] "[PATCH 0/4] IB/uverbs: check request parameters"
>
> http://marc.info/?i=cover.1405884453.git.ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org
> http://mid.gmane.org/cover.1405884453.git.ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org
>
> Yann Droneaud (6):
> IB/uverbs: check userspace input buffer size
> IB/uverbs: check userspace output buffer size
> IB/uverbs: check userspace output buffer size in ib_uverbs_poll_cq()
> IB/uverbs: subtract command header from input size
> IB/uverbs: move cast from u64 to void __user pointer to its own
> variable
> IB/uverbs: check access to userspace response buffer
>
> drivers/infiniband/core/uverbs_cmd.c | 449 +++++++++++++++++++++------
> drivers/infiniband/core/uverbs_main.c | 29 +-
> drivers/infiniband/hw/mlx5/cq.c | 6 +-
> drivers/infiniband/hw/mlx5/main.c | 2 +-
> drivers/infiniband/hw/mlx5/srq.c | 6 +-
> drivers/infiniband/hw/mthca/mthca_provider.c | 2 +-
> 6 files changed, 382 insertions(+), 112 deletions(-)
>
--
Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
GPG KeyID: 0E572FDD
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2015-05-04 17:45 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-04 13:00 [PATCHv1 0/6] IB/uverbs: check request parameters Yann Droneaud
[not found] ` <cover.1430743694.git.ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
2015-05-04 13:00 ` [PATCHv1 1/6] IB/uverbs: check userspace input buffer size Yann Droneaud
2015-05-04 13:00 ` [PATCHv1 2/6] IB/uverbs: check userspace output " Yann Droneaud
2015-05-04 13:00 ` [PATCHv1 3/6] IB/uverbs: check userspace output buffer size in ib_uverbs_poll_cq() Yann Droneaud
2015-05-04 13:00 ` [PATCHv1 4/6] IB/uverbs: subtract command header from input size Yann Droneaud
2015-05-04 13:00 ` [PATCHv1 5/6] IB/uverbs: move cast from u64 to void __user pointer to its own variable Yann Droneaud
2015-05-04 13:00 ` [PATCHv1 6/6] IB/uverbs: check access to userspace response buffer Yann Droneaud
2015-05-04 17:45 ` Doug Ledford [this message]
[not found] ` <1430761519.2407.87.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-05-04 19:56 ` [PATCHv1 0/6] IB/uverbs: check request parameters Yann Droneaud
[not found] ` <1430769382.19516.9.camel-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
2015-05-05 19:55 ` Yann Droneaud
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1430761519.2407.87.camel@redhat.com \
--to=dledford-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox