• Jason Gunthorpe's avatar
    IB/uverbs: Handle IDR and FD types without truncation · 1250c304
    Jason Gunthorpe authored
    Our ABI for write() uses a s32 for FDs and a u32 for IDRs, but internally
    we ended up implicitly casting these ABI values into an 'int'. For ioctl()
    we use a s64 for FDs and a u64 for IDRs, again casting to an int.
    
    The various casts to int are all missing range checks which can cause
    userspace values that should be considered invalid to be accepted.
    
    Fix this by making the generic lookup routine accept a s64, which does not
    truncate the write API's u32/s32 or the ioctl API's s64. Then push the
    detailed range checking down to the actual type implementations to be
    shared by both interfaces.
    
    Finally, change the copy of the uobj->id to sign extend into a s64, so eg,
    if we ever wish to return a negative value for a FD it is carried
    properly.
    
    This ensures that userspace values are never weirdly interpreted due to
    the various trunctations and everything that is really out of range gets
    an EINVAL.
    Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
    1250c304
uverbs_cmd.c 103 KB