[ofw] RE: [PATCH 2/7] mthca/mlx: add check to validate output data size

Hefty, Sean sean.hefty at intel.com
Tue Jan 20 13:57:03 PST 2009 

committed in svn 1858

>-----Original Message-----
>From: Hefty, Sean
>Sent: Friday, January 16, 2009 1:30 PM
>To: Hefty, Sean; ofw at lists.openfabrics.org
>Subject: [PATCH 2/7] mthca/mlx: add check to validate output data size
>
>Only the hardware drivers know what size the output data buffer must be for
>ndi_modify_qp.  Have the drivers verify that the provided data buffer is
>large enough.
>
>This fixes a crash if (say, a buggy) userspace (library under development) does
>not provide a response buffer.
>
>Signed-off-by: Sean Hefty <sean.hefty at intel.com>
>---
>To make things easier, I can commit this if approved.
>
>\winverbs/hw/mthca/kernel/hca_verbs.c
>--- trunk/hw/mthca/kernel/hca_verbs.c	2008-10-29 11:24:08.234375000 -0700
>+++ branches\winverbs/hw/mthca/kernel/hca_verbs.c	2009-01-13
>23:13:27.468750000 -0800
>@@ -1266,6 +1266,11 @@ mlnx_ndi_modify_qp (
>
> 	HCA_ENTER(HCA_DBG_QP);
>
>+	if (buf_size < sizeof(resp.qp_state)) {
>+		status = IB_INVALID_PARAMETER;
>+		goto out;
>+	}
>+
> 	/* imitate umv_buf */
> 	umv_buf.command = TRUE;	/* special case for NDI. Usually it's TRUE */
> 	umv_buf.input_size = 0;
>@@ -1279,6 +1284,7 @@ mlnx_ndi_modify_qp (
> 		*p_outbuf = resp.qp_state;
> 	}
>
>+out:
> 	HCA_EXIT(HCA_DBG_QP);
> 	return status;
> }
>diff -up -r -X trunk\docs\dontdiff.txt -I '\$Id:' trunk/hw/mlx4/kernel/hca/qp.c
>branches\winverbs/hw/mlx4/kernel/hca/qp.c
>--- trunk/hw/mlx4/kernel/hca/qp.c	2008-08-26 13:56:37.762625000 -0700
>+++ branches\winverbs/hw/mlx4/kernel/hca/qp.c	2009-01-07 14:21:38.945465400 -
>0800
>@@ -326,6 +326,11 @@ mlnx_ndi_modify_qp (
>
> 	HCA_ENTER(HCA_DBG_QP);
>
>+	if (buf_size < sizeof(resp.qp_state)) {
>+		status = IB_INVALID_PARAMETER;
>+		goto out;
>+	}
>+
> 	/* imitate umv_buf */
> 	umv_buf.command = TRUE;	/* special case for NDI. Usually it's TRUE */
> 	umv_buf.input_size = 0;
>@@ -339,6 +344,7 @@ mlnx_ndi_modify_qp (
> 		*p_outbuf = resp.qp_state;
> 	}
>
>+out:
> 	HCA_EXIT(HCA_DBG_QP);
> 	return status;
> }
>

More information about the ofw mailing list