diff mbox series

[rdma-next,5/6] RDMA/mana_ib: boundary check before installing cq callbacks

Message ID 1713459125-14914-6-git-send-email-kotaranov@linux.microsoft.com (mailing list archive)
State Superseded
Headers show
Series RDMA/mana_ib: Implement RNIC CQs | expand

Commit Message

Konstantin Taranov April 18, 2024, 4:52 p.m. UTC 
From: Konstantin Taranov <kotaranov@microsoft.com>

Add a boundary check inside mana_ib_install_cq_cb to prevent index overflow.

Fixes: 2a31c5a7e0d8 ("RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function")
Signed-off-by: Konstantin Taranov <kotaranov@microsoft.com>
---
 drivers/infiniband/hw/mana/cq.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Long Li April 23, 2024, 11:45 p.m. UTC | #1 
> Subject: [PATCH rdma-next 5/6] RDMA/mana_ib: boundary check before
> installing cq callbacks
> 
> From: Konstantin Taranov <kotaranov@microsoft.com>
> 
> Add a boundary check inside mana_ib_install_cq_cb to prevent index
> overflow.

How is this condition possible that we are getting an out of bound queue id from SOC?

> 
> Fixes: 2a31c5a7e0d8 ("RDMA/mana_ib: Introduce mana_ib_install_cq_cb
> helper function")
> Signed-off-by: Konstantin Taranov <kotaranov@microsoft.com>
> ---
>  drivers/infiniband/hw/mana/cq.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/infiniband/hw/mana/cq.c
> b/drivers/infiniband/hw/mana/cq.c index 6c3bb8c..8323085 100644
> --- a/drivers/infiniband/hw/mana/cq.c
> +++ b/drivers/infiniband/hw/mana/cq.c
> @@ -70,6 +70,8 @@ int mana_ib_install_cq_cb(struct mana_ib_dev *mdev,
> struct mana_ib_cq *cq)
>  	struct gdma_context *gc = mdev_to_gc(mdev);
>  	struct gdma_queue *gdma_cq;
> 
> +	if (cq->queue.id >= gc->max_num_cqs)
> +		return -EINVAL;
>  	/* Create CQ table entry */
>  	WARN_ON(gc->cq_table[cq->queue.id]);
>  	gdma_cq = kzalloc(sizeof(*gdma_cq), GFP_KERNEL);
> --
> 2.43.0
Konstantin Taranov April 24, 2024, 8:58 a.m. UTC | #2 
> > Add a boundary check inside mana_ib_install_cq_cb to prevent index
> > overflow.
> 
> How is this condition possible that we are getting an out of bound queue id
> from SOC?
> 

Yes, it should not happen as the HW says the upper limit on CQ_ID,
but I think it is safer to have it to dodge bugs/faulty HW.
Better safe than sorry.
You can see the same check all over the mana.ko module.


> >
> > Fixes: 2a31c5a7e0d8 ("RDMA/mana_ib: Introduce mana_ib_install_cq_cb
> > helper function")
> > Signed-off-by: Konstantin Taranov <kotaranov@microsoft.com>
> > ---
> >  drivers/infiniband/hw/mana/cq.c | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/drivers/infiniband/hw/mana/cq.c
> > b/drivers/infiniband/hw/mana/cq.c index 6c3bb8c..8323085 100644
> > --- a/drivers/infiniband/hw/mana/cq.c
> > +++ b/drivers/infiniband/hw/mana/cq.c
> > @@ -70,6 +70,8 @@ int mana_ib_install_cq_cb(struct mana_ib_dev
> *mdev,
> > struct mana_ib_cq *cq)
> >  	struct gdma_context *gc = mdev_to_gc(mdev);
> >  	struct gdma_queue *gdma_cq;
> >
> > +	if (cq->queue.id >= gc->max_num_cqs)
> > +		return -EINVAL;
> >  	/* Create CQ table entry */
> >  	WARN_ON(gc->cq_table[cq->queue.id]);
> >  	gdma_cq = kzalloc(sizeof(*gdma_cq), GFP_KERNEL);
> > --
> > 2.43.0
Long Li April 25, 2024, 8:31 p.m. UTC | #3 
> Subject: [PATCH rdma-next 5/6] RDMA/mana_ib: boundary check before
> installing cq callbacks
> 
> From: Konstantin Taranov <kotaranov@microsoft.com>
> 
> Add a boundary check inside mana_ib_install_cq_cb to prevent index overflow.
> 
> Fixes: 2a31c5a7e0d8 ("RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper
> function")
> Signed-off-by: Konstantin Taranov <kotaranov@microsoft.com>

Reviewed-by: Long Li <longli@microsoft.com>

> ---
>  drivers/infiniband/hw/mana/cq.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/infiniband/hw/mana/cq.c b/drivers/infiniband/hw/mana/cq.c
> index 6c3bb8c..8323085 100644
> --- a/drivers/infiniband/hw/mana/cq.c
> +++ b/drivers/infiniband/hw/mana/cq.c
> @@ -70,6 +70,8 @@ int mana_ib_install_cq_cb(struct mana_ib_dev *mdev,
> struct mana_ib_cq *cq)
>  	struct gdma_context *gc = mdev_to_gc(mdev);
>  	struct gdma_queue *gdma_cq;
> 
> +	if (cq->queue.id >= gc->max_num_cqs)
> +		return -EINVAL;
>  	/* Create CQ table entry */
>  	WARN_ON(gc->cq_table[cq->queue.id]);
>  	gdma_cq = kzalloc(sizeof(*gdma_cq), GFP_KERNEL);
> --
> 2.43.0
diff mbox series

Patch

diff --git a/drivers/infiniband/hw/mana/cq.c b/drivers/infiniband/hw/mana/cq.c
index 6c3bb8c..8323085 100644
--- a/drivers/infiniband/hw/mana/cq.c
+++ b/drivers/infiniband/hw/mana/cq.c
@@ -70,6 +70,8 @@  int mana_ib_install_cq_cb(struct mana_ib_dev *mdev, struct mana_ib_cq *cq)
 	struct gdma_context *gc = mdev_to_gc(mdev);
 	struct gdma_queue *gdma_cq;
 
+	if (cq->queue.id >= gc->max_num_cqs)
+		return -EINVAL;
 	/* Create CQ table entry */
 	WARN_ON(gc->cq_table[cq->queue.id]);
 	gdma_cq = kzalloc(sizeof(*gdma_cq), GFP_KERNEL);