UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

RDMA/cxgb4: Add a sanity check in process_work() 

The story is that Smatch marks skb->data as untrusted so it generates
a warning message here:

    drivers/infiniband/hw/cxgb4/cm.c:4100 process_work()
    error: buffer overflow 'work_handlers' 241 <= 255

In other places which handle this such as t4_uld_rx_handler() there is
some checking to make sure that the function pointer is not NULL.  I
have added bounds checking and a check for NULL here as well.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
This commit is contained in:
Dan Carpenter 2017-12-05 17:36:54 +03:00 committed by Jason Gunthorpe
parent 0cb65d421a
commit ccc04cdd55
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
drivers/infiniband/hw/cxgb4/cm.c
View File

@ -4097,9 +4097,15 @@ static void process_work(struct work_struct *work)
dev = *((struct c4iw_dev **) (skb->cb + sizeof(void *))); dev = *((struct c4iw_dev **) (skb->cb + sizeof(void *)));
opcode = rpl->ot.opcode; opcode = rpl->ot.opcode;
ret = work_handlers[opcode](dev, skb); if (opcode >= ARRAY_SIZE(work_handlers) ||
if (!ret) !work_handlers[opcode]) {
pr_err("No handler for opcode 0x%x.\n", opcode);
kfree_skb(skb); kfree_skb(skb);
} else {
ret = work_handlers[opcode](dev, skb);
if (!ret)
kfree_skb(skb);
}
process_timedout_eps(); process_timedout_eps();
} }
} }