aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatan Barak <matanb@mellanox.com>2018-06-17 12:59:54 +0300
committerJason Gunthorpe <jgg@mellanox.com>2018-06-19 10:53:02 -0600
commit19b9def25852caf710b978cd27955090650f115b (patch)
tree016cbeb1b578c662b41573af8ba96a469331a088
parentIB/uverbs: Add a macro to define a type with no kernel known size (diff)
downloadlinux-dev-19b9def25852caf710b978cd27955090650f115b.tar.xz
linux-dev-19b9def25852caf710b978cd27955090650f115b.zip
IB/uverbs: Allow an empty namespace in ioctl() framework
The ioctl parser framework wrongly assumed that each namespace is populated. This could lead to NULL dereferences. Fix the parser to always check that a given namespace indeed exists. Fixes: fac9658cabb9 ("IB/core: Add new ioctl interface") Signed-off-by: Matan Barak <matanb@mellanox.com> Signed-off-by: Leon Romanovsky <leonro@mellanox.com> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
-rw-r--r--drivers/infiniband/core/uverbs_ioctl.c15
1 files changed, 13 insertions, 2 deletions
diff --git a/drivers/infiniband/core/uverbs_ioctl.c b/drivers/infiniband/core/uverbs_ioctl.c
index 5ac2950978d2..20be6835291e 100644
--- a/drivers/infiniband/core/uverbs_ioctl.c
+++ b/drivers/infiniband/core/uverbs_ioctl.c
@@ -199,6 +199,9 @@ static int uverbs_finalize_attrs(struct uverbs_attr_bundle *attrs_bundle,
spec_hash[i];
unsigned int j;
+ if (!curr_spec_bucket)
+ continue;
+
for (j = 0; j < curr_bundle->num_attrs; j++) {
struct uverbs_attr *attr;
const struct uverbs_attr_spec *spec;
@@ -247,7 +250,7 @@ static int uverbs_uattrs_process(struct ib_device *ibdev,
struct uverbs_attr_spec_hash *attr_spec_bucket;
ret = uverbs_ns_idx(&attr_id, method->num_buckets);
- if (ret < 0) {
+ if (ret < 0 || !method->attr_buckets[ret]) {
if (uattr->flags & UVERBS_ATTR_F_MANDATORY) {
uverbs_finalize_attrs(attr_bundle,
method->attr_buckets,
@@ -290,6 +293,9 @@ static int uverbs_validate_kernel_mandatory(const struct uverbs_method_spec *met
struct uverbs_attr_spec_hash *attr_spec_bucket =
method_spec->attr_buckets[i];
+ if (!attr_spec_bucket)
+ continue;
+
if (!bitmap_subset(attr_spec_bucket->mandatory_attrs_bitmask,
attr_bundle->hash[i].valid_bitmap,
attr_spec_bucket->num_attrs))
@@ -403,7 +409,12 @@ static long ib_uverbs_cmd_verbs(struct ib_device *ib_dev,
* filled at a later stage (uverbs_process_attr)
*/
for (i = 0; i < method_spec->num_buckets; i++) {
- unsigned int curr_num_attrs = method_spec->attr_buckets[i]->num_attrs;
+ unsigned int curr_num_attrs;
+
+ if (!method_spec->attr_buckets[i])
+ continue;
+
+ curr_num_attrs = method_spec->attr_buckets[i]->num_attrs;
ctx->uverbs_attr_bundle->hash[i].attrs = curr_attr;
curr_attr += curr_num_attrs;