From patchwork Wed Dec  3 16:10:59 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Wan, Kaike" <kaike.wan@intel.com>
X-Patchwork-Id: 5432711
Return-Path: <linux-rdma-owner@kernel.org>
X-Original-To: patchwork-linux-rdma@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id A88C39F1D4
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Wed,  3 Dec 2014 18:12:05 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id D7CCE202FE
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Wed,  3 Dec 2014 18:12:04 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id EA144202B8
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Wed,  3 Dec 2014 18:12:03 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751106AbaLCSMC (ORCPT
	<rfc822;patchwork-linux-rdma@patchwork.kernel.org>);
	Wed, 3 Dec 2014 13:12:02 -0500
Received: from mga01.intel.com ([192.55.52.88]:1530 "EHLO mga01.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751342AbaLCSMC (ORCPT <rfc822;linux-rdma@vger.kernel.org>);
	Wed, 3 Dec 2014 13:12:02 -0500
Received: from orsmga001.jf.intel.com ([10.7.209.18])
	by fmsmga101.fm.intel.com with ESMTP; 03 Dec 2014 08:26:04 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.07,508,1413270000"; d="scan'208";a="617967227"
Received: from phlsvsds.ph.intel.com ([10.228.195.38])
	by orsmga001.jf.intel.com with ESMTP; 03 Dec 2014 08:11:03 -0800
Received: from phlsvsds.ph.intel.com (localhost.localdomain [127.0.0.1])
	by phlsvsds.ph.intel.com (8.13.8/8.13.8) with ESMTP id sB3GB2UI015212;
	Wed, 3 Dec 2014 11:11:02 -0500
Received: (from kaikewan@localhost)
	by phlsvsds.ph.intel.com (8.13.8/8.13.8/Submit) id sB3GB2vF015209;
	Wed, 3 Dec 2014 11:11:02 -0500
X-Authentication-Warning: phlsvsds.ph.intel.com: kaikewan set sender to
	kaike.wan@intel.com using -f
From: kaike.wan@intel.com
To: sean.hefty@intel.com
Cc: linux-rdma@vger.kernel.org, Kaike Wan <kaike.wan@intel.com>
Subject: [PATCH 1/1] ibacm: incorrect ifc_len is specified in SIOCGIFCONF
	request
Date: Wed,  3 Dec 2014 11:10:59 -0500
Message-Id: <1417623059-15183-1-git-send-email-kaike.wan@intel.com>
X-Mailer: git-send-email 1.7.1
Sender: linux-rdma-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-rdma.vger.kernel.org>
X-Mailing-List: linux-rdma@vger.kernel.org
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	T_RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Kaike Wan <kaike.wan@intel.com>

The ifc->ifs_len in the ioctl SIOCGIFCONF request should only specify the
associated ifreq buffer length and not include the ifc header length.
This bug was found by running ibacm with Valgrind:

==8201== Syscall param ioctl(SIOCGIFCONF).ifc_buf points to unaddressable byte(s)
==8201==    at 0x3E886DF7B7: ioctl (in /lib64/libc-2.12.so)
==8201==    by 0x40A11A: acm_if_iter_sys (acm_util.c:154)
==8201==    by 0x406979: acm_get_system_ips (acm.c:1584)
==8201==    by 0x4069FD: acm_assign_ep_names (acm.c:1602)
==8201==    by 0x4070D1: acm_ep_up (acm.c:1744)
==8201==    by 0x407799: acm_port_up (acm.c:1896)
==8201==    by 0x407DE1: acm_activate_devices (acm.c:2027)
==8201==    by 0x409CAC: main (acm.c:2728)
==8201==  Address 0x5063470 is 0 bytes after a block of size 2,576 alloc'd
==8201==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
==8201==    by 0x40A0BB: acm_if_iter_sys (acm_util.c:144)
==8201==    by 0x406979: acm_get_system_ips (acm.c:1584)
==8201==    by 0x4069FD: acm_assign_ep_names (acm.c:1602)
==8201==    by 0x4070D1: acm_ep_up (acm.c:1744)
==8201==    by 0x407799: acm_port_up (acm.c:1896)
==8201==    by 0x407DE1: acm_activate_devices (acm.c:2027)
==8201==    by 0x409CAC: main (acm.c:2728)


Signed-off-by: Kaike Wan <kaike.wan@intel.com>
Reviewed-by: Ira Weiny <ira.weiny@intel.com>
---
 src/acm_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/acm_util.c b/src/acm_util.c
index 50b46d8..d54f520 100644
--- a/src/acm_util.c
+++ b/src/acm_util.c
@@ -148,7 +148,7 @@ int acm_if_iter_sys(acm_if_iter_cb cb, void *ctx)
 	}
 
 	memset(ifc, 0, len);
-	ifc->ifc_len = len;
+	ifc->ifc_len = len - sizeof(*ifc);
 	ifc->ifc_req = (struct ifreq *) (ifc + 1);
 
 	ret = ioctl(s, SIOCGIFCONF, ifc);