Commit 19b9def2 authored by Matan Barak's avatar Matan Barak Committed by Jason Gunthorpe

IB/uverbs: Allow an empty namespace in ioctl() framework

The ioctl parser framework wrongly assumed that each namespace is
populated. This could lead to NULL dereferences. Fix the parser to
always check that a given namespace indeed exists.

Fixes: fac9658c ("IB/core: Add new ioctl interface")
Signed-off-by: default avatarMatan Barak <matanb@mellanox.com>
Signed-off-by: default avatarLeon Romanovsky <leonro@mellanox.com>
Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
parent 2d9c1bd7
...@@ -199,6 +199,9 @@ static int uverbs_finalize_attrs(struct uverbs_attr_bundle *attrs_bundle, ...@@ -199,6 +199,9 @@ static int uverbs_finalize_attrs(struct uverbs_attr_bundle *attrs_bundle,
spec_hash[i]; spec_hash[i];
unsigned int j; unsigned int j;
if (!curr_spec_bucket)
continue;
for (j = 0; j < curr_bundle->num_attrs; j++) { for (j = 0; j < curr_bundle->num_attrs; j++) {
struct uverbs_attr *attr; struct uverbs_attr *attr;
const struct uverbs_attr_spec *spec; const struct uverbs_attr_spec *spec;
...@@ -247,7 +250,7 @@ static int uverbs_uattrs_process(struct ib_device *ibdev, ...@@ -247,7 +250,7 @@ static int uverbs_uattrs_process(struct ib_device *ibdev,
struct uverbs_attr_spec_hash *attr_spec_bucket; struct uverbs_attr_spec_hash *attr_spec_bucket;
ret = uverbs_ns_idx(&attr_id, method->num_buckets); ret = uverbs_ns_idx(&attr_id, method->num_buckets);
if (ret < 0) { if (ret < 0 || !method->attr_buckets[ret]) {
if (uattr->flags & UVERBS_ATTR_F_MANDATORY) { if (uattr->flags & UVERBS_ATTR_F_MANDATORY) {
uverbs_finalize_attrs(attr_bundle, uverbs_finalize_attrs(attr_bundle,
method->attr_buckets, method->attr_buckets,
...@@ -290,6 +293,9 @@ static int uverbs_validate_kernel_mandatory(const struct uverbs_method_spec *met ...@@ -290,6 +293,9 @@ static int uverbs_validate_kernel_mandatory(const struct uverbs_method_spec *met
struct uverbs_attr_spec_hash *attr_spec_bucket = struct uverbs_attr_spec_hash *attr_spec_bucket =
method_spec->attr_buckets[i]; method_spec->attr_buckets[i];
if (!attr_spec_bucket)
continue;
if (!bitmap_subset(attr_spec_bucket->mandatory_attrs_bitmask, if (!bitmap_subset(attr_spec_bucket->mandatory_attrs_bitmask,
attr_bundle->hash[i].valid_bitmap, attr_bundle->hash[i].valid_bitmap,
attr_spec_bucket->num_attrs)) attr_spec_bucket->num_attrs))
...@@ -403,7 +409,12 @@ static long ib_uverbs_cmd_verbs(struct ib_device *ib_dev, ...@@ -403,7 +409,12 @@ static long ib_uverbs_cmd_verbs(struct ib_device *ib_dev,
* filled at a later stage (uverbs_process_attr) * filled at a later stage (uverbs_process_attr)
*/ */
for (i = 0; i < method_spec->num_buckets; i++) { for (i = 0; i < method_spec->num_buckets; i++) {
unsigned int curr_num_attrs = method_spec->attr_buckets[i]->num_attrs; unsigned int curr_num_attrs;
if (!method_spec->attr_buckets[i])
continue;
curr_num_attrs = method_spec->attr_buckets[i]->num_attrs;
ctx->uverbs_attr_bundle->hash[i].attrs = curr_attr; ctx->uverbs_attr_bundle->hash[i].attrs = curr_attr;
curr_attr += curr_num_attrs; curr_attr += curr_num_attrs;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment