evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/include/rdma
History
Roland Dreier f9105c23a3 RDMA/ucma: Introduce safer rdma_addr_size() variants 
commit 84652aefb347297aa08e91e283adf7b18f77c2d5 upstream.

There are several places in the ucma ABI where userspace can pass in a
sockaddr but set the address family to AF_IB.  When that happens,
rdma_addr_size() will return a size bigger than sizeof struct sockaddr_in6,
and the ucma kernel code might end up copying past the end of a buffer
not sized for a struct sockaddr_ib.

Fix this by introducing new variants

    int rdma_addr_size_in6(struct sockaddr_in6 *addr);
    int rdma_addr_size_kss(struct __kernel_sockaddr_storage *addr);

that are type-safe for the types used in the ucma ABI and return 0 if the
size computed is bigger than the size of the type passed in.  We can use
these new variants to check what size userspace has passed in before
copying any addresses.

Reported-by: <syzbot+6800425d54ed3ed8135d@syzkaller.appspotmail.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-04-08 11:51:59 +02:00
..
ib.h IB/security: Restrict use of the write() interface 2016-05-04 14:48:48 -07:00
ib_addr.h RDMA/ucma: Introduce safer rdma_addr_size() variants 2018-04-08 11:51:59 +02:00
ib_cache.h IB/cache: Add ib_find_gid_by_filter cache API 2015-10-21 23:48:17 -04:00
ib_cm.h IB/cm: Remove compare_data checks 2015-08-30 15:48:24 -04:00
ib_fmr_pool.h RDMA: Improve include file coding style 2008-07-14 23:48:44 -07:00
ib_mad.h IB/mad: Require CM send method for everything except ClassPortInfo 2015-12-08 12:19:11 -05:00
ib_marshall.h RDMA/cma: Export rdma cm interface to userspace 2006-12-12 11:50:22 -08:00
ib_pack.h ib_pack.h: Fix commentary IBA reference for CNP in IB opcode enum 2015-10-21 16:41:54 -04:00
ib_pma.h IB/pma: Add include file for IBA performance counters definitions 2011-07-18 21:04:35 -07:00
ib_sa.h RDMA/core: Fix incorrect structure packing for booleans 2017-03-12 06:37:29 +01:00
ib_smi.h IB/core: Move SM class defines from ib_mad.h to ib_smi.h 2015-09-03 15:50:32 -04:00
ib_umem.h IB/core: Add support for on demand paging regions 2014-12-15 18:13:36 -08:00
ib_umem_odp.h IB/core: Implement support for MMU notifiers regarding on demand paging regions 2014-12-15 18:13:36 -08:00
ib_verbs.h IB/core: use RCU for uverbs id lookup 2015-12-07 16:39:26 -05:00
iw_cm.h RDMA/iw_cm: Export tos field to iwarp providers 2015-06-02 09:22:30 -04:00
iw_portmap.h RDMA/core: Enable the iWarp Port Mapper to provide the actual address of the connecting peer to its clients 2015-05-05 09:18:01 -04:00
opa_port_info.h IB/hfi1: fix pstateinfo from returning improperly byteswapped value 2015-09-18 11:28:47 -04:00
opa_smi.h IB/core: Add core header changes needed for OPA 2015-08-28 22:54:50 -04:00
rdma_cm.h IB/core, cma: Make __attribute_const__ declarations sparse-friendly 2015-10-30 17:57:49 -04:00
rdma_cm_ib.h RDMA: Fix license text 2008-07-14 23:48:43 -07:00
rdma_netlink.h IB/core: Add rdma netlink helper functions 2015-08-30 18:12:25 -04:00