From: shefty Date: Tue, 20 Jan 2009 21:34:40 +0000 (+0000) Subject: mthca/mlx4: add check to validate output data sizes X-Git-Url: http://git.etherboot.org/mirror/winof/.git/commitdiff_plain/d8cc9ef43d29ce4f42cbd5e85e53edcffb240f0e mthca/mlx4: add check to validate output data sizes Only the hardware drivers know what size the output data buffer must be for ndi_modify_qp. Have the drivers verify that the provided data buffer is large enough. This fixes a crash if (say, a buggy) userspace (library under development) does not provide a response buffer. Signed-off-by: Sean Hefty git-svn-id: svn://openib.tc.cornell.edu/gen1/trunk@1858 ad392aa1-c5ef-ae45-8dd8-e69d62a5ef86 --- diff --git a/hw/mlx4/kernel/hca/qp.c b/hw/mlx4/kernel/hca/qp.c index 71d31697..2e7a16a6 100644 --- a/hw/mlx4/kernel/hca/qp.c +++ b/hw/mlx4/kernel/hca/qp.c @@ -326,6 +326,11 @@ mlnx_ndi_modify_qp ( HCA_ENTER(HCA_DBG_QP); + if (buf_size < sizeof(resp.qp_state)) { + status = IB_INVALID_PARAMETER; + goto out; + } + /* imitate umv_buf */ umv_buf.command = TRUE; /* special case for NDI. Usually it's TRUE */ umv_buf.input_size = 0; @@ -339,6 +344,7 @@ mlnx_ndi_modify_qp ( *p_outbuf = resp.qp_state; } +out: HCA_EXIT(HCA_DBG_QP); return status; } diff --git a/hw/mthca/kernel/hca_verbs.c b/hw/mthca/kernel/hca_verbs.c index 3bd5acc5..ca3acf58 100644 --- a/hw/mthca/kernel/hca_verbs.c +++ b/hw/mthca/kernel/hca_verbs.c @@ -1266,6 +1266,11 @@ mlnx_ndi_modify_qp ( HCA_ENTER(HCA_DBG_QP); + if (buf_size < sizeof(resp.qp_state)) { + status = IB_INVALID_PARAMETER; + goto out; + } + /* imitate umv_buf */ umv_buf.command = TRUE; /* special case for NDI. Usually it's TRUE */ umv_buf.input_size = 0; @@ -1279,6 +1284,7 @@ mlnx_ndi_modify_qp ( *p_outbuf = resp.qp_state; } +out: HCA_EXIT(HCA_DBG_QP); return status; }