iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
54d87913f147a983589923c7f651f97de9af5be1
linux/drivers/infiniband/core
History
Leon Romanovsky 54d87913f1 RDMA/core: Prevent divide-by-zero error triggered by the user 
The user_entry_size is supplied by the user and later used as a
denominator to calculate number of entries. The zero supplied by the user
will trigger the following divide-by-zero error:

 divide error: 0000 [#1] SMP KASAN PTI
 CPU: 4 PID: 497 Comm: c_repro Not tainted 5.13.0-rc1+ #281
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
 RIP: 0010:ib_uverbs_handler_UVERBS_METHOD_QUERY_GID_TABLE+0x1b1/0x510
 Code: 87 59 03 00 00 e8 9f ab 1e ff 48 8d bd a8 00 00 00 e8 d3 70 41 ff 44 0f b7 b5 a8 00 00 00 e8 86 ab 1e ff 31 d2 4c 89 f0 31 ff <49> f7 f5 48 89 d6 48 89 54 24 10 48 89 04 24 e8 1b ad 1e ff 48 8b
 RSP: 0018:ffff88810416f828 EFLAGS: 00010246
 RAX: 0000000000000008 RBX: 1ffff1102082df09 RCX: ffffffff82183f3d
 RDX: 0000000000000000 RSI: ffff888105f2da00 RDI: 0000000000000000
 RBP: ffff88810416fa98 R08: 0000000000000001 R09: ffffed102082df5f
 R10: ffff88810416faf7 R11: ffffed102082df5e R12: 0000000000000000
 R13: 0000000000000000 R14: 0000000000000008 R15: ffff88810416faf0
 FS:  00007f5715efa740(0000) GS:ffff88811a700000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000020000840 CR3: 000000010c2e0001 CR4: 0000000000370ea0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 Call Trace:
  ? ib_uverbs_handler_UVERBS_METHOD_INFO_HANDLES+0x4b0/0x4b0
  ib_uverbs_cmd_verbs+0x1546/0x1940
  ib_uverbs_ioctl+0x186/0x240
  __x64_sys_ioctl+0x38a/0x1220
  do_syscall_64+0x3f/0x80
  entry_SYSCALL_64_after_hwframe+0x44/0xae

Fixes: 9f85cbe50a ("RDMA/uverbs: Expose the new GID query API to user space")
Link: https://lore.kernel.org/r/b971cc70a8b240a8b5eda33c99fa0558a0071be2.1620657876.git.leonro@nvidia.com
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
2021-05-10 14:06:45 -03:00
..
addr.c
RDMA/addr: Be strict with gid size
2021-04-08 16:14:56 -03:00
agent.c
RDMA: Mark if destroy address handle is in a sleepable context
2018-12-19 16:28:03 -07:00
agent.h
cache.c
RDMA/core: Correct format of braces
2021-04-12 14:56:51 -03:00
cgroup.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288
2019-06-05 17:36:37 +02:00
cm_msgs.h
RDMA/core: Add necessary spaces
2021-04-12 14:52:22 -03:00
cm_trace.c
RDMA/cm: Replace pr_debug() call sites with tracepoints
2020-08-24 19:41:41 -03:00
cm_trace.h
RDMA/cm: Add tracepoints to track MAD send operations
2020-08-24 19:41:41 -03:00
cm.c
RDMA/core: Unify RoCE check and re-factor code
2021-04-19 12:56:53 -03:00
cma_configfs.c
RDMA: Support more than 255 rdma ports
2021-03-26 09:31:21 -03:00
cma_priv.h
IB/cma: Introduce rdma_set_min_rnr_timer()
2021-04-12 19:51:48 -03:00
cma_trace.c
RDMA/cma: Add trace points in RDMA Connection Manager
2020-01-07 16:10:53 -04:00
cma_trace.h
RDMA/core: Move the rdma_show_ib_cm_event() macro
2020-08-24 16:01:47 -03:00
cma.c
RDMA/core: Add CM to restrack after successful attachment to a device
2021-04-21 20:53:14 -03:00
core_priv.h
RDMA: Support more than 255 rdma ports
2021-03-26 09:31:21 -03:00
counters.c
RDMA/uverbs: Refactor rdma_counter_set_auto_mode and __counter_set_mode
2021-03-26 11:52:09 -03:00
cq.c
RDMA/core: Clean up cq pool mechanism
2020-12-10 15:05:17 -04:00
device.c
RDMA: Support more than 255 rdma ports
2021-03-26 09:31:21 -03:00
ib_core_uverbs.c
RDMA/core: Ensure that rdma_user_mmap_entry_remove() is a fence
2020-01-25 14:48:33 -04:00
iwcm.c
RDMA/iwcm: Fix iwcm work deallocation
2020-03-04 14:28:25 -04:00
iwcm.h
iwpm_msg.c
RDMA/core: Correct format of block comments
2021-04-12 14:56:51 -03:00
iwpm_util.c
RDMA/core/iwpm_util: Fix some param description misspellings
2021-01-19 20:33:44 -04:00
iwpm_util.h
IB: Fix kernel-doc markups
2020-12-07 15:45:00 -04:00
lag.c
RDMA/core: Consider flow label when building skb
2020-05-06 16:51:43 -03:00
mad_priv.h
IB/mad: Change atomics to refcount API
2020-06-24 16:43:45 -03:00
mad_rmpp.c
RDMA/core: Remove redundant spaces
2021-04-12 14:56:48 -03:00
mad_rmpp.h
mad.c
RDMA/core: Correct format of block comments
2021-04-12 14:56:51 -03:00
Makefile
RDMA/umem: Support importing dma-buf as user memory region
2021-01-20 16:07:52 -04:00
mr_pool.c
Merge tag 'v5.2-rc6' into rdma.git for-next
2019-06-28 21:18:23 -03:00
multicast.c
RDMA: Support more than 255 rdma ports
2021-03-26 09:31:21 -03:00
netlink.c
IB/core: Avoid deadlock during netlink message handling
2019-10-24 20:49:37 -03:00
nldev.c
RDMA/nldev: Add copy-on-fork attribute to get sys command
2021-04-27 15:33:20 -03:00
opa_smi.h
RDMA: Support more than 255 rdma ports
2021-03-26 09:31:21 -03:00
packer.c
rdma_core.c
RDMA/core: Correct misspellings of two words in comments
2021-03-26 11:58:26 -03:00
rdma_core.h
IB/uverbs: Introduce create/destroy QP commands over ioctl
2020-05-21 20:39:36 -03:00
restrack.c
RDMA/restrack: Add support to get resource tracking for SRQ
2021-04-22 10:30:27 -03:00
restrack.h
RDMA/restrack: Improve readability in task name management
2020-09-22 19:47:35 -03:00
roce_gid_mgmt.c
RDMA: Support more than 255 rdma ports
2021-03-26 09:31:21 -03:00
rw.c
RDMA: Support more than 255 rdma ports
2021-03-26 09:31:21 -03:00
sa_query.c
RDMA: Support more than 255 rdma ports
2021-03-26 09:31:21 -03:00
sa.h
RDMA: Support more than 255 rdma ports
2021-03-26 09:31:21 -03:00
security.c
RDMA: Support more than 255 rdma ports
2021-03-26 09:31:21 -03:00
smi.c
RDMA: Support more than 255 rdma ports
2021-03-26 09:31:21 -03:00
smi.h
RDMA: Support more than 255 rdma ports
2021-03-26 09:31:21 -03:00
sysfs.c
RDMA/core: Correct format of braces
2021-04-12 14:56:51 -03:00
trace.c
RDMA/core: Clean up tracepoint headers
2020-07-06 14:54:46 -03:00
ucma.c
RDMA/core: Add necessary spaces
2021-04-12 14:52:22 -03:00
ud_header.c
RDMA/core: Use sizeof_field() helper
2020-05-27 13:46:05 -03:00
umem_dmabuf.c
RDMA/mlx5: Consolidate MR destruction to mlx5_ib_dereg_mr()
2021-03-11 20:03:25 -04:00
umem_odp.c
IB/core: Enable ODP sync without faulting
2020-10-01 16:44:05 -03:00
umem.c
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
2021-05-01 09:15:05 -07:00
user_mad.c
RDMA/core: Remove redundant spaces
2021-04-12 14:56:48 -03:00
uverbs_cmd.c
RDMA/core: Remove redundant spaces
2021-04-12 14:56:48 -03:00
uverbs_ioctl.c
IB/core: Split uverbs_get_const/default to consider target type
2021-03-11 20:20:36 -04:00
uverbs_main.c
RDMA: Convert sysfs device * show functions to use sysfs_emit()
2020-10-26 19:53:21 -03:00
uverbs_marshall.c
uverbs_std_types_async_fd.c
RDMA/core: Make FD destroy callback void
2020-11-12 12:32:17 -04:00
uverbs_std_types_counters.c
RDMA/core: Postpone uobject cleanup on failure till FD close
2020-11-12 12:32:17 -04:00
uverbs_std_types_cq.c
RDMA/core: Postpone uobject cleanup on failure till FD close
2020-11-12 12:32:17 -04:00
uverbs_std_types_device.c
RDMA/core: Prevent divide-by-zero error triggered by the user
2021-05-10 14:06:45 -03:00
uverbs_std_types_dm.c
RDMA/core: Postpone uobject cleanup on failure till FD close
2020-11-12 12:32:17 -04:00
uverbs_std_types_flow_action.c
RDMA/core: Postpone uobject cleanup on failure till FD close
2020-11-12 12:32:17 -04:00
uverbs_std_types_mr.c
RDMA/uverbs: Add uverbs command for dma-buf based MR registration
2021-01-20 16:07:52 -04:00
uverbs_std_types_qp.c
RDMA/restrack: Support all QP types
2020-11-27 11:38:46 -04:00
uverbs_std_types_srq.c
RDMA/core: Postpone uobject cleanup on failure till FD close
2020-11-12 12:32:17 -04:00
uverbs_std_types_wq.c
RDMA/core: Postpone uobject cleanup on failure till FD close
2020-11-12 12:32:17 -04:00
uverbs_std_types.c
RDMA/core: Make FD destroy callback void
2020-11-12 12:32:17 -04:00
uverbs_uapi.c
RDMA/core Remove uverbs_ex_cmd_mask
2020-10-26 19:27:59 -03:00
uverbs.h
IB/uverbs: Extend CQ to get its own asynchronous event FD
2020-05-21 20:34:53 -03:00
verbs.c
RDMA/restrack: Add support to get resource tracking for SRQ
2021-04-22 10:30:27 -03:00