Mark Zhang
64733956eb
RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string
...
When copying the device name, the length of the data memcpy copied exceeds
the length of the source buffer, which cause the KASAN issue below. Use
strscpy_pad() instead.
BUG: KASAN: slab-out-of-bounds in ib_nl_set_path_rec_attrs+0x136/0x320 [ib_core]
Read of size 64 at addr ffff88811a10f5e0 by task rping/140263
CPU: 3 PID: 140263 Comm: rping Not tainted 5.15.0-rc1+ #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack_lvl+0x57/0x7d
print_address_description.constprop.0+0x1d/0xa0
kasan_report+0xcb/0x110
kasan_check_range+0x13d/0x180
memcpy+0x20/0x60
ib_nl_set_path_rec_attrs+0x136/0x320 [ib_core]
ib_nl_make_request+0x1c6/0x380 [ib_core]
send_mad+0x20a/0x220 [ib_core]
ib_sa_path_rec_get+0x3e3/0x800 [ib_core]
cma_query_ib_route+0x29b/0x390 [rdma_cm]
rdma_resolve_route+0x308/0x3e0 [rdma_cm]
ucma_resolve_route+0xe1/0x150 [rdma_ucm]
ucma_write+0x17b/0x1f0 [rdma_ucm]
vfs_write+0x142/0x4d0
ksys_write+0x133/0x160
do_syscall_64+0x43/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f26499aa90f
Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 5c fd ff ff 48
RSP: 002b:00007f26495f2dc0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000000007d0 RCX: 00007f26499aa90f
RDX: 0000000000000010 RSI: 00007f26495f2e00 RDI: 0000000000000003
RBP: 00005632a8315440 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000293 R12: 00007f26495f2e00
R13: 00005632a83154e0 R14: 00005632a8315440 R15: 00005632a830a810
Allocated by task 131419:
kasan_save_stack+0x1b/0x40
__kasan_kmalloc+0x7c/0x90
proc_self_get_link+0x8b/0x100
pick_link+0x4f1/0x5c0
step_into+0x2eb/0x3d0
walk_component+0xc8/0x2c0
link_path_walk+0x3b8/0x580
path_openat+0x101/0x230
do_filp_open+0x12e/0x240
do_sys_openat2+0x115/0x280
__x64_sys_openat+0xce/0x140
do_syscall_64+0x43/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
Fixes: 2ca546b92a
("IB/sa: Route SA pathrecord query through netlink")
Link: https://lore.kernel.org/r/72ede0f6dab61f7f23df9ac7a70666e07ef314b0.1635055496.git.leonro@nvidia.com
Signed-off-by: Mark Zhang <markzhang@nvidia.com >
Reviewed-by: Mark Bloch <mbloch@nvidia.com >
Signed-off-by: Leon Romanovsky <leonro@nvidia.com >
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com >
2021-10-25 11:51:51 -03:00
..
2021-04-08 16:14:56 -03:00
2018-12-19 16:28:03 -07:00
2021-07-16 10:57:28 -03:00
2019-06-05 17:36:37 +02:00
2021-04-12 14:52:22 -03:00
2020-08-24 19:41:41 -03:00
2020-08-24 19:41:41 -03:00
2021-06-21 15:38:30 -03:00
2021-03-26 09:31:21 -03:00
2021-09-23 17:03:09 -03:00
2020-01-07 16:10:53 -04:00
2020-08-24 16:01:47 -03:00
2021-09-23 17:03:09 -03:00
2021-08-03 15:26:19 -03:00
2021-06-16 20:58:29 -03:00
2020-12-10 15:05:17 -04:00
2021-08-03 13:44:27 -03:00
2020-01-25 14:48:33 -04:00
2021-07-30 10:01:40 -03:00
2021-06-08 14:35:44 -03:00
2021-07-30 10:01:41 -03:00
2021-07-30 10:01:41 -03:00
2021-07-30 10:01:41 -03:00
2020-05-06 16:51:43 -03:00
2021-06-08 14:43:28 -03:00
2021-04-12 14:56:48 -03:00
2021-06-21 15:38:30 -03:00
2021-01-20 16:07:52 -04:00
2019-06-28 21:18:23 -03:00
2021-06-08 14:45:07 -03:00
2021-06-21 15:38:30 -03:00
2021-06-16 20:58:29 -03:00
2021-03-26 09:31:21 -03:00
2021-03-26 11:58:26 -03:00
2020-05-21 20:39:36 -03:00
2021-08-03 13:44:27 -03:00
2020-09-22 19:47:35 -03:00
2021-06-21 20:32:50 -03:00
2021-06-21 15:38:30 -03:00
2021-10-25 11:51:51 -03:00
2021-03-26 09:31:21 -03:00
2021-06-21 20:49:32 -03:00
2021-03-26 09:31:21 -03:00
2021-03-26 09:31:21 -03:00
2021-06-21 15:38:30 -03:00
2020-07-06 14:54:46 -03:00
2021-05-28 20:39:51 -03:00
2021-06-21 15:38:30 -03:00
2021-08-24 19:52:40 -03:00
2021-08-23 13:43:08 -03:00
2021-08-24 19:52:40 -03:00
2021-06-21 15:38:30 -03:00
2021-08-03 15:26:19 -03:00
2021-03-11 20:20:36 -04:00
2021-06-08 15:04:36 -03:00
2020-11-12 12:32:17 -04:00
2020-11-12 12:32:17 -04:00
2020-11-12 12:32:17 -04:00
2021-05-19 15:32:07 -03:00
2020-11-12 12:32:17 -04:00
2020-11-12 12:32:17 -04:00
2021-08-19 09:59:53 -03:00
2021-08-03 15:26:19 -03:00
2020-11-12 12:32:17 -04:00
2020-11-12 12:32:17 -04:00
2020-11-12 12:32:17 -04:00
2021-06-21 15:38:30 -03:00
2021-06-08 15:04:36 -03:00
2021-08-03 15:26:19 -03:00