From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Christoph Hellwig <hch@lst.de>,
Jason Gunthorpe <jgunthorpe@obsidianresearch.com>,
Sagi Grimberg <sagig@mellanox.com>,
Doug Ledford <dledford@redhat.com>
Subject: [PATCH 3.10 25/56] IB/uverbs: reject invalid or unknown opcodes
Date: Tue, 29 Sep 2015 15:47:13 +0200 [thread overview]
Message-ID: <20150929134701.487855540@linuxfoundation.org> (raw)
In-Reply-To: <20150929134700.376714360@linuxfoundation.org>
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
commit b632ffa7cee439ba5dce3b3bc4a5cbe2b3e20133 upstream.
We have many WR opcodes that are only supported in kernel space
and/or require optional information to be copied into the WR
structure. Reject all those not explicitly handled so that we
can't pass invalid information to drivers.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/uverbs_cmd.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -2106,6 +2106,12 @@ ssize_t ib_uverbs_post_send(struct ib_uv
next->send_flags = user_wr->send_flags;
if (is_ud) {
+ if (next->opcode != IB_WR_SEND &&
+ next->opcode != IB_WR_SEND_WITH_IMM) {
+ ret = -EINVAL;
+ goto out_put;
+ }
+
next->wr.ud.ah = idr_read_ah(user_wr->wr.ud.ah,
file->ucontext);
if (!next->wr.ud.ah) {
@@ -2142,9 +2148,11 @@ ssize_t ib_uverbs_post_send(struct ib_uv
user_wr->wr.atomic.compare_add;
next->wr.atomic.swap = user_wr->wr.atomic.swap;
next->wr.atomic.rkey = user_wr->wr.atomic.rkey;
+ case IB_WR_SEND:
break;
default:
- break;
+ ret = -EINVAL;
+ goto out_put;
}
}
next prev parent reply other threads:[~2015-09-29 13:48 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-29 13:46 [PATCH 3.10 00/56] 3.10.90-stable review Greg Kroah-Hartman
2015-09-29 13:46 ` [PATCH 3.10 01/56] unshare: Unsharing a thread does not require unsharing a vm Greg Kroah-Hartman
2015-09-29 13:46 ` [PATCH 3.10 02/56] rtlwifi: rtl8192cu: Add new device ID Greg Kroah-Hartman
2015-09-29 13:46 ` [PATCH 3.10 03/56] tg3: Fix temperature reporting Greg Kroah-Hartman
2015-09-29 13:46 ` [PATCH 3.10 04/56] mac80211: enable assoc check for mesh interfaces Greg Kroah-Hartman
2015-09-29 13:46 ` [PATCH 3.10 05/56] arm64: kconfig: Move LIST_POISON to a safe value Greg Kroah-Hartman
2015-09-29 13:46 ` [PATCH 3.10 06/56] arm64: compat: fix vfp save/restore across signal handlers in big-endian Greg Kroah-Hartman
2015-09-29 13:46 ` [PATCH 3.10 07/56] arm64: head.S: initialise mdcr_el2 in el2_setup Greg Kroah-Hartman
2015-09-29 13:46 ` [PATCH 3.10 08/56] Input: synaptics - fix handling of disabling gesture mode Greg Kroah-Hartman
2015-09-29 13:57 ` Dmitry Torokhov
2015-09-29 14:18 ` Greg Kroah-Hartman
2015-09-29 13:46 ` [PATCH 3.10 09/56] ALSA: hda - Enable headphone jack detect on old Fujitsu laptops Greg Kroah-Hartman
2015-09-29 13:46 ` [PATCH 3.10 10/56] ALSA: hda - Use ALC880_FIXUP_FUJITSU for FSC Amilo M1437 Greg Kroah-Hartman
2015-09-29 13:46 ` [PATCH 3.10 11/56] powerpc/mm: Fix pte_pagesize_index() crash on 4K w/64K hash Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 12/56] powerpc/rtas: Introduce rtas_get_sensor_fast() for IRQ handlers Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 13/56] Add radeon suspend/resume quirk for HP Compaq dc5750 Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 14/56] x86/mm: Initialize pmd_idx in page_table_range_init_count() Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 16/56] NFSv4: dont set SETATTR for O_RDONLY|O_EXCL Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 17/56] NFS: nfs_set_pgio_error sometimes misses errors Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 18/56] parisc: Filter out spurious interrupts in PA-RISC irq handler Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 19/56] vmscan: fix increasing nr_isolated incurred by putback unevictable pages Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 20/56] fs: if a coredump already exists, unlink and recreate with O_EXCL Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 21/56] mmc: core: fix race condition in mmc_wait_data_done Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 22/56] md/raid10: always set reshape_safe when initializing reshape_position Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 23/56] xen/gntdev: convert priv->lock to a mutex Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 24/56] hfs: fix B-tree corruption after insertion at position 0 Greg Kroah-Hartman
2015-09-29 13:47 ` Greg Kroah-Hartman [this message]
2015-09-29 13:47 ` [PATCH 3.10 26/56] IB/uverbs: Fix race between ib_uverbs_open and remove_one Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 27/56] IB/mlx4: Forbid using sysfs to change RoCE pkeys Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 28/56] IB/mlx4: Use correct SL on AH query under RoCE Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 29/56] stmmac: fix check for phydev being open Greg Kroah-Hartman
2015-09-30 11:20 ` Sergei Shtylyov
2015-09-29 13:47 ` [PATCH 3.10 30/56] hfs,hfsplus: cache pages correctly between bnode_create and bnode_free Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 31/56] sctp: fix ASCONF list handling Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 32/56] vhost/scsi: potential memory corruption Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 33/56] x86: bpf_jit: fix compilation of large bpf programs Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 34/56] ipv6: Make MLD packets to only be processed locally Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 35/56] net/tipc: initialize security state for new connection socket Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 36/56] bridge: mdb: zero out the local br_ip variable before use Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 37/56] net: pktgen: fix race between pktgen_thread_worker() and kthread_stop() Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 38/56] net: call rcu_read_lock early in process_backlog Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 39/56] net: Clone skb before setting peeked flag Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 40/56] net: Fix skb csum races when peeking Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 41/56] net: Fix skb_set_peeked use-after-free bug Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 42/56] bridge: mdb: fix double add notification Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 43/56] isdn/gigaset: reset tty->receive_room when attaching ser_gigaset Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 44/56] ipv6: lock socket in ip6_datagram_connect() Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 45/56] bonding: fix destruction of bond with devices different from arphrd_ether Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 46/56] inet: frags: fix defragmented packets IP header for af_packet Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 47/56] netlink: dont hold mutex in rcu callback when releasing mmapd ring Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 48/56] rds: fix an integer overflow test in rds_info_getsockopt() Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 49/56] ip6_gre: release cached dst on tunnel removal Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 50/56] usbnet: Get EVENT_NO_RUNTIME_PM bit before it is cleared Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 51/56] ipv6: fix exthdrs offload registration in out_rt path Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 52/56] net/ipv6: Correct PIM6 mrt_lock handling Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 53/56] sctp: fix race on protocol/netns initialization Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 54/56] fib_rules: fix fib rule dumps across multiple skbs Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 55/56] vfs: Remove incorrect debugging WARN in prepend_path Greg Kroah-Hartman
2015-09-29 13:47 ` [PATCH 3.10 56/56] Revert "iio: bmg160: IIO_BUFFER and IIO_TRIGGERED_BUFFER are required" Greg Kroah-Hartman
2015-09-29 16:53 ` [PATCH 3.10 00/56] 3.10.90-stable review Shuah Khan
2015-09-29 21:14 ` Guenter Roeck
2015-09-30 5:45 ` Sudip Mukherjee
[not found] ` <562a7d97.a9c6b40a.4a84c.46d4@mx.google.com>
2015-10-23 18:36 ` Kevin Hilman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150929134701.487855540@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dledford@redhat.com \
--cc=hch@lst.de \
--cc=jgunthorpe@obsidianresearch.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sagig@mellanox.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).