Message ID | 20230227091751.589612-1-d.dulov@aladdin.ru |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp2326992wrd; Mon, 27 Feb 2023 01:55:03 -0800 (PST) X-Google-Smtp-Source: AK7set98YqCWTgn31GpQOm3EP+lsVCWrymCH+SZL6Z3UjLWOIz8oi5awdFVlB0g4dpVZPGv7hN8d X-Received: by 2002:aa7:dbd4:0:b0:4ac:d3bc:cb0d with SMTP id v20-20020aa7dbd4000000b004acd3bccb0dmr20382950edt.3.1677491703288; Mon, 27 Feb 2023 01:55:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1677491703; cv=none; d=google.com; s=arc-20160816; b=EVGPE5+bpgGSlWgtcHY5CBykkJ+nIlY+gVLK6NwYreR5b7DVz7QUneEqVsGppttxis GEN4Oh7w2GEXDOO9x3hcFV9O85cYHStTIyVsAyVTxtBeZL0qmdmAHv1q0ZwBCV+XLeQr ur9dDc4SMfz/mVKDwUGmkPwKUDMareWocpUh3YnTKSQ0hbNW6AYMHgDcjAEkLLEeDWZB 9tUrEU180YSLTFAY/bW13YPDrPFDtcd86Cu8GULFwIG3ZraDchTYXLFAi6lOrc3VpRuY zWA+huH/u22kg+CeivPdWoB4PtVf7U9nmkUwraQRoYPgeacuHhyZ48BKnmpCBLaQfJ46 6+MA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=cGH8MOYZbMivkVqwTyvAv96uCSOvYs3hvRfJgaxwC2w=; b=T1sWLnaw1rRGiYOBRaGZNNUZOlBcg1Knjs5/+JzMF4CnkNoKnrmnvSwBBpNYgk9ZJw vlSyfkBenPJHhjzj/86lx+bLuw26IT3BVWBnhkBkg7Onv6yCLulFhIZZxs72vt75wDVt BDFu/XfqoPiqY6oDYSLYJdiBTDbf8rIMbUjBh/KI4Z0aTO4hsorJFPYngJKhUdDgj5zw 9kJoCMTjhMuXlGMz7RLqI3yTJpMupoAcKGkYYPsmZrziFyhEBxX5BqHQEjCUvKUIVtNx KgUzeM4EP/RYKN6v1XuaE7O1vfEiiCue9TLJ+4zW1+3Q8+u4dAPDG2Iy++OXFjvx94/5 hJmQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aladdin.ru Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id de11-20020a1709069bcb00b008b1801cac0esi6011371ejc.529.2023.02.27.01.54.40; Mon, 27 Feb 2023 01:55:03 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aladdin.ru Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229849AbjB0Jse (ORCPT <rfc822;wenzhi022@gmail.com> + 99 others); Mon, 27 Feb 2023 04:48:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58232 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229574AbjB0Jsd (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Mon, 27 Feb 2023 04:48:33 -0500 X-Greylist: delayed 907 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Mon, 27 Feb 2023 01:48:27 PST Received: from mail-out.aladdin-rd.ru (mail-out.aladdin-rd.ru [91.199.251.16]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA436193C3 for <linux-kernel@vger.kernel.org>; Mon, 27 Feb 2023 01:48:27 -0800 (PST) From: Daniil Dulov <d.dulov@aladdin.ru> To: Bernard Metzler <bmt@zurich.ibm.com> CC: Daniil Dulov <d.dulov@aladdin.ru>, Doug Ledford <dledford@redhat.com>, Jason Gunthorpe <jgg@ziepe.ca>, <linux-rdma@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <lvc-project@linuxtesting.org> Subject: [PATCH] RDMA/siw: Fix potential page_array out of range access Date: Mon, 27 Feb 2023 01:17:51 -0800 Message-ID: <20230227091751.589612-1-d.dulov@aladdin.ru> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.0.20.32] X-ClientProxiedBy: EXCH-2016-02.aladdin.ru (192.168.1.102) To EXCH-2016-01.aladdin.ru (192.168.1.101) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1758977539828930161?= X-GMAIL-MSGID: =?utf-8?q?1758977539828930161?= |
Series |
RDMA/siw: Fix potential page_array out of range access
|
|
Commit Message
Daniil Dulov
Feb. 27, 2023, 9:17 a.m. UTC
When seg is equal to MAX_ARRAY, the loop should break, otherwise
it will result in out of range access.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: b9be6f18cf9e ("rdma/siw: transmit path")
Signed-off-by: Daniil Dulov <d.dulov@aladdin.ru>
---
drivers/infiniband/sw/siw/siw_qp_tx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
> -----Original Message----- > From: Daniil Dulov <d.dulov@aladdin.ru> > Sent: Monday, 27 February 2023 10:18 > To: Bernard Metzler <BMT@zurich.ibm.com> > Cc: Daniil Dulov <d.dulov@aladdin.ru>; Doug Ledford <dledford@redhat.com>; > Jason Gunthorpe <jgg@ziepe.ca>; linux-rdma@vger.kernel.org; linux- > kernel@vger.kernel.org; lvc-project@linuxtesting.org > Subject: [EXTERNAL] [PATCH] RDMA/siw: Fix potential page_array out of range > access > > When seg is equal to MAX_ARRAY, the loop should break, otherwise > it will result in out of range access. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: b9be6f18cf9e ("rdma/siw: transmit path") > Signed-off-by: Daniil Dulov <d.dulov@aladdin.ru> > --- > drivers/infiniband/sw/siw/siw_qp_tx.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/infiniband/sw/siw/siw_qp_tx.c > b/drivers/infiniband/sw/siw/siw_qp_tx.c > index 3c3ae5ef2942..f9eb314c6e14 100644 > --- a/drivers/infiniband/sw/siw/siw_qp_tx.c > +++ b/drivers/infiniband/sw/siw/siw_qp_tx.c > @@ -548,7 +548,7 @@ static int siw_tx_hdt(struct siw_iwarp_tx *c_tx, struct > socket *s) > data_len -= plen; > fp_off = 0; > > - if (++seg > (int)MAX_ARRAY) { > + if (++seg == (int)MAX_ARRAY) { Absolutely! For superstitious people like me, maybe even write '>=' here. Thank you! > siw_dbg_qp(tx_qp(c_tx), "to many fragments\n"); > siw_unmap_pages(page_array, kmap_mask); > wqe->processed -= c_tx->bytes_unsent; > -- > 2.25.1
On Mon, Feb 27, 2023 at 01:17:51AM -0800, Daniil Dulov wrote: > When seg is equal to MAX_ARRAY, the loop should break, otherwise > it will result in out of range access. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: b9be6f18cf9e ("rdma/siw: transmit path") > Signed-off-by: Daniil Dulov <d.dulov@aladdin.ru> > --- > drivers/infiniband/sw/siw/siw_qp_tx.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Thanks, applied and changed as Bernard suggested.
diff --git a/drivers/infiniband/sw/siw/siw_qp_tx.c b/drivers/infiniband/sw/siw/siw_qp_tx.c index 3c3ae5ef2942..f9eb314c6e14 100644 --- a/drivers/infiniband/sw/siw/siw_qp_tx.c +++ b/drivers/infiniband/sw/siw/siw_qp_tx.c @@ -548,7 +548,7 @@ static int siw_tx_hdt(struct siw_iwarp_tx *c_tx, struct socket *s) data_len -= plen; fp_off = 0; - if (++seg > (int)MAX_ARRAY) { + if (++seg == (int)MAX_ARRAY) { siw_dbg_qp(tx_qp(c_tx), "to many fragments\n"); siw_unmap_pages(page_array, kmap_mask); wqe->processed -= c_tx->bytes_unsent;