Re: [PATCH] RDMA/addr: potential uninitialized variable in ib_nl_process_good_ip_rsep()

From: Leon Romanovsky
Date: Sun Apr 04 2021 - 06:34:02 EST

Next message: Leon Romanovsky: "Re: [PATCH v3] IB/mlx5: Reduce max order of memory allocated for xlt update"
Previous message: Matthew Wilcox: "Something is leaking RCU holds from interrupt context"
In reply to: Dan Carpenter: "[PATCH] RDMA/addr: potential uninitialized variable in ib_nl_process_good_ip_rsep()"
Next in thread: Mark Bloch: "Re: [PATCH] RDMA/addr: potential uninitialized variable in ib_nl_process_good_ip_rsep()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 02, 2021 at 02:47:23PM +0300, Dan Carpenter wrote:
> The nla_len() is less than or equal to 16. If it's less than 16 then
> end of the "gid" buffer is uninitialized.
>
> Fixes: ae43f8286730 ("IB/core: Add IP to GID netlink offload")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> ---
> I just spotted this in review. I think it's a bug but I'm not 100%.

I tend to agree with you, that it is a bug.

LS_NLA_TYPE_DGID is declared as NLA_BINARY which doesn't complain if
data is less than declared ".len". However, the fix needs to be in
ib_nl_is_good_ip_resp(), it shouldn't return "true" if length not equal
to 16.

Thanks

Next message: Leon Romanovsky: "Re: [PATCH v3] IB/mlx5: Reduce max order of memory allocated for xlt update"
Previous message: Matthew Wilcox: "Something is leaking RCU holds from interrupt context"
In reply to: Dan Carpenter: "[PATCH] RDMA/addr: potential uninitialized variable in ib_nl_process_good_ip_rsep()"
Next in thread: Mark Bloch: "Re: [PATCH] RDMA/addr: potential uninitialized variable in ib_nl_process_good_ip_rsep()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]