From: Md Haris Iqbal <haris.iqbal@ionos.com>
To: linux-rdma@vger.kernel.org
Cc: leon@kernel.org, jgg@ziepe.ca, haris.iqbal@ionos.com,
jinpu.wang@ionos.com,
Grzegorz Prajsner <grzegorz.prajsner@ionos.com>
Subject: [PATCH v2 for-next 06/11] RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds
Date: Wed, 21 Aug 2024 13:22:12 +0200 [thread overview]
Message-ID: <20240821112217.41827-7-haris.iqbal@ionos.com> (raw)
In-Reply-To: <20240821112217.41827-1-haris.iqbal@ionos.com>
In the function init_conns(), after the create_con() and create_cm() for
loop if something fails. In the cleanup for loop after the destroy tag, we
access out of bound memory because cid is set to clt_path->s.con_num.
This commits resets the cid to clt_path->s.con_num - 1, to stay in bounds
in the cleanup loop later.
Fixes: 6a98d71daea1 ("RDMA/rtrs: client: main functionality")
Signed-off-by: Md Haris Iqbal <haris.iqbal@ionos.com>
Signed-off-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Grzegorz Prajsner <grzegorz.prajsner@ionos.com>
---
drivers/infiniband/ulp/rtrs/rtrs-clt.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/infiniband/ulp/rtrs/rtrs-clt.c b/drivers/infiniband/ulp/rtrs/rtrs-clt.c
index e1557b0cda05..777f8e52ed7c 100644
--- a/drivers/infiniband/ulp/rtrs/rtrs-clt.c
+++ b/drivers/infiniband/ulp/rtrs/rtrs-clt.c
@@ -2347,6 +2347,12 @@ static int init_conns(struct rtrs_clt_path *clt_path)
if (err)
goto destroy;
}
+
+ /*
+ * Set the cid to con_num - 1, since if we fail later, we want to stay in bounds.
+ */
+ cid = clt_path->s.con_num - 1;
+
err = alloc_path_reqs(clt_path);
if (err)
goto destroy;
--
2.25.1
next prev parent reply other threads:[~2024-08-21 11:23 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-21 11:22 [PATCH v2 for-next 00/11] Misc patches for RTRS Md Haris Iqbal
2024-08-21 11:22 ` [PATCH v2 for-next 01/11] RDMA/rtrs: For HB error add additional clt/srv specific logging Md Haris Iqbal
2024-08-21 11:22 ` [PATCH v2 for-next 02/11] RDMA/rtrs-clt: Fix need_inv setting in error case Md Haris Iqbal
2024-08-21 11:22 ` [PATCH v2 for-next 03/11] RDMA/rtrs-clt: Rate limit errors in IO path Md Haris Iqbal
2024-08-21 11:22 ` [PATCH v2 for-next 04/11] RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer Md Haris Iqbal
2024-08-21 11:22 ` [PATCH v2 for-next 05/11] RDMA/rtrs-clt: Reuse need_inval from mr Md Haris Iqbal
2024-08-21 11:22 ` Md Haris Iqbal [this message]
2024-08-21 11:22 ` [PATCH v2 for-next 07/11] RDMA/rtrs-clt: Print request type for errors Md Haris Iqbal
2024-08-21 11:22 ` [PATCH v2 for-next 08/11] RDMA/rtrs-srv: Avoid null pointer deref during path establishment Md Haris Iqbal
2024-08-21 11:22 ` [PATCH v2 for-next 09/11] RDMA/rtrs: register ib event handler Md Haris Iqbal
2024-08-21 11:22 ` [PATCH v2 for-next 10/11] RDMA/rtrs-clt: Do local invalidate after write io completion Md Haris Iqbal
2024-08-21 11:22 ` [PATCH v2 for-next 11/11] RDMA/rtrs-clt: Remove an extra space Md Haris Iqbal
2024-08-28 11:00 ` [PATCH v2 for-next 00/11] Misc patches for RTRS Haris Iqbal
2024-08-28 11:05 ` Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240821112217.41827-7-haris.iqbal@ionos.com \
--to=haris.iqbal@ionos.com \
--cc=grzegorz.prajsner@ionos.com \
--cc=jgg@ziepe.ca \
--cc=jinpu.wang@ionos.com \
--cc=leon@kernel.org \
--cc=linux-rdma@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox