From patchwork Tue Sep 11 15:29:52 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yevgeny Kliteynik <kliteyn@mellanox.co.il>
X-Patchwork-Id: 1438671
X-Patchwork-Delegate: alexne@voltaire.com
Return-Path: <linux-rdma-owner@vger.kernel.org>
X-Original-To: patchwork-linux-rdma@patchwork.kernel.org
Delivered-To: patchwork-process-083081@patchwork1.kernel.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by patchwork1.kernel.org (Postfix) with ESMTP id 6AA814025E
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Tue, 11 Sep 2012 15:30:04 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756690Ab2IKPaC (ORCPT
	<rfc822;patchwork-linux-rdma@patchwork.kernel.org>);
	Tue, 11 Sep 2012 11:30:02 -0400
Received: from eu1sys200aog107.obsmtp.com ([207.126.144.123]:35304 "HELO
	eu1sys200aog107.obsmtp.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with SMTP id S1756604Ab2IKPaB (ORCPT
	<rfc822;linux-rdma@vger.kernel.org>);
	Tue, 11 Sep 2012 11:30:01 -0400
Received: from MTLCAS01.mtl.com ([193.47.165.155]) (using TLSv1) by
	eu1sys200aob107.postini.com ([207.126.147.11]) with SMTP
	ID DSNKUE9Y9wAU+S8kwPCwYliPGr4BwAR5yjgW@postini.com;
	Tue, 11 Sep 2012 15:30:00 UTC
Received: from [10.7.17.62] (10.0.13.1) by MTLCAS01.mtl.com (10.0.8.71) with
	Microsoft SMTP Server id 14.2.247.3;
	Tue, 11 Sep 2012 18:29:57 +0300
Message-ID: <504F58F0.5000009@mellanox.co.il>
Date: Tue, 11 Sep 2012 18:29:52 +0300
From: Yevgeny Kliteynik <kliteyn@mellanox.co.il>
Reply-To: <kliteyn@dev.mellanox.co.il>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: <alexne@mellanox.com>, Linux RDMA <linux-rdma@vger.kernel.org>,
	Yevgeny Kliteynik <kliteyn@dev.mellanox.co.il>
Subject: [PATCH 6/8 v2] opensm/libvendor/osm_vendor_ibumad.c: validate
	response MAD properties
X-Originating-IP: [10.0.13.1]
Sender: linux-rdma-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-rdma.vger.kernel.org>
X-Mailing-List: linux-rdma@vger.kernel.org

Check that attribute ID, attribute modifier and
transaction ID are the same in request and response.

Note that just by checking these we cover a very wide
range of possible bugs in SMAs. Attribute modifier is
used in PortInfo, LFT, MFT, and others.

Signed-off-by: Yevgeny Kliteynik <kliteyn@dev.mellanox.co.il>
---
 libvendor/osm_vendor_ibumad.c | 57 ++++++++++++++++++++++++++++++++++---------
 1 file changed, 45 insertions(+), 12 deletions(-)

diff --git a/libvendor/osm_vendor_ibumad.c b/libvendor/osm_vendor_ibumad.c
index e0c9f90..ca320a6 100644
--- a/libvendor/osm_vendor_ibumad.c
+++ b/libvendor/osm_vendor_ibumad.c
@@ -288,7 +288,7 @@ static void *umad_receiver(void *p_ptr)
 	osm_umad_bind_info_t *p_bind;
 	osm_mad_addr_t osm_addr;
 	osm_madw_t *p_madw, *p_req_madw;
-	ib_mad_t *p_mad;
+	ib_mad_t *p_mad, *p_req_mad;
 	void *umad = 0;
 	int mad_agent, length;

@@ -394,18 +394,51 @@ static void *umad_receiver(void *p_ptr)
 		}

 		p_req_madw = 0;
-		if (ib_mad_is_response(p_mad) &&
-		    !(p_req_madw = get_madw(p_vend, &p_mad->trans_id,
-					    p_mad->mgmt_class))) {
-			OSM_LOG(p_vend->p_log, OSM_LOG_ERROR, "ERR 5413: "
-				"Failed to obtain request madw for received MAD"
-				" (class=0x%X method=0x%X attr=0x%X tid=0x%"PRIx64") -- dropping\n",
-				p_mad->mgmt_class, p_mad->method,
-				cl_ntoh16(p_mad->attr_id),
-				cl_ntoh64(p_mad->trans_id));
-			osm_mad_pool_put(p_bind->p_mad_pool, p_madw);
-			continue;
+		if (ib_mad_is_response(p_mad)) {
+			p_req_madw = get_madw(p_vend, &p_mad->trans_id,
+					      p_mad->mgmt_class);
+			if (PF(!p_req_madw)) {
+				OSM_LOG(p_vend->p_log, OSM_LOG_ERROR,
+					"ERR 5413: Failed to obtain request "
+					"madw for received MAD "
+					"(class=0x%X method=0x%X attr=0x%X "
+					"tid=0x%"PRIx64") -- dropping\n",
+					p_mad->mgmt_class, p_mad->method,
+					cl_ntoh16(p_mad->attr_id),
+					cl_ntoh64(p_mad->trans_id));
+				osm_mad_pool_put(p_bind->p_mad_pool, p_madw);
+				continue;
+			}
+
+			/*
+			 * Check that request MAD was really a request,
+			 * and make sure that attribute ID, attribute
+			 * modifier and transaction ID are the same in
+			 * request and response.
+			 */
+			p_req_mad = osm_madw_get_mad_ptr(p_req_madw);
+			if (PF(ib_mad_is_response(p_req_mad) ||
+			       p_mad->attr_id != p_req_mad->attr_id ||
+			       p_mad->attr_mod != p_req_mad->attr_mod ||
+			       p_mad->trans_id != p_req_mad->trans_id)) {
+				OSM_LOG(p_vend->p_log, OSM_LOG_ERROR,
+					"ERR 541A: "
+					"Response MAD validation failed "
+					"(request attr=0x%X modif=0x%X "
+					"tid=0x%"PRIx64", "
+					"response attr=0x%X modif=0x%X "
+					"tid=0x%"PRIx64") -- dropping\n",
+					cl_ntoh16(p_req_mad->attr_id),
+					cl_ntoh32(p_req_mad->attr_mod),
+					cl_ntoh64(p_req_mad->trans_id),
+					cl_ntoh16(p_mad->attr_id),
+					cl_ntoh32(p_mad->attr_mod),
+					cl_ntoh64(p_mad->trans_id));
+				osm_mad_pool_put(p_bind->p_mad_pool, p_madw);
+				continue;
+			}
 		}
+
 #ifndef VENDOR_RMPP_SUPPORT
 		if ((p_mad->mgmt_class != IB_MCLASS_SUBN_DIR) &&
 		    (p_mad->mgmt_class != IB_MCLASS_SUBN_LID) &&