linux-sg2042/include/rdma
Roland Dreier 84652aefb3 RDMA/ucma: Introduce safer rdma_addr_size() variants
There are several places in the ucma ABI where userspace can pass in a
sockaddr but set the address family to AF_IB.  When that happens,
rdma_addr_size() will return a size bigger than sizeof struct sockaddr_in6,
and the ucma kernel code might end up copying past the end of a buffer
not sized for a struct sockaddr_ib.

Fix this by introducing new variants

    int rdma_addr_size_in6(struct sockaddr_in6 *addr);
    int rdma_addr_size_kss(struct __kernel_sockaddr_storage *addr);

that are type-safe for the types used in the ucma ABI and return 0 if the
size computed is bigger than the size of the type passed in.  We can use
these new variants to check what size userspace has passed in before
copying any addresses.

Reported-by: <syzbot+6800425d54ed3ed8135d@syzkaller.appspotmail.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2018-03-28 16:13:36 -06:00
..
ib.h new helper: uaccess_kernel() 2017-03-28 16:43:25 -04:00
ib_addr.h RDMA/ucma: Introduce safer rdma_addr_size() variants 2018-03-28 16:13:36 -06:00
ib_cache.h RDMA/core: export ib_get_cached_port_state 2017-01-12 23:00:00 -05:00
ib_cm.h IB/SA: Rename ib_sa_path_rec to sa_path_rec 2017-05-01 14:37:28 -04:00
ib_fmr_pool.h RDMA: Improve include file coding style 2008-07-14 23:48:44 -07:00
ib_hdrs.h IB/hfi1: Remove unnecessary fecn and becn fields 2018-02-01 15:43:29 -07:00
ib_mad.h IB/core: Enforce security on management datagrams 2017-05-23 12:27:21 -04:00
ib_marshall.h IB/core: Convert ah_attr from OPA to IB when copying to user 2017-08-08 14:47:18 -04:00
ib_pack.h IB/core: Fix calculation of maximum RoCE MTU 2017-10-18 12:11:36 -04:00
ib_pma.h IB/core: Display extended counter set if available 2015-12-23 15:58:30 -05:00
ib_sa.h IB/{core, cm, cma, ipoib}: Rename ib_init_ah_from_path to ib_init_ah_attr_from_path 2017-12-18 15:37:11 -07:00
ib_smi.h IB/core: Move SM class defines from ib_mad.h to ib_smi.h 2015-09-03 15:50:32 -04:00
ib_umem.h IB/umem: Add contiguous ODP support 2017-04-25 15:40:28 -04:00
ib_umem_odp.h RDMA/umem: Avoid partial declaration of non-static function 2017-11-10 13:02:12 -05:00
ib_verbs.h RDMA/verbs: Remove restrack entry from XRCD structure 2018-03-19 14:10:30 -06:00
iw_cm.h rdma_cm: add rdma_reject_msg() helper function 2016-12-14 11:38:28 -05:00
iw_portmap.h RDMA/core: Enable the iWarp Port Mapper to provide the actual address of the connecting peer to its clients 2015-05-05 09:18:01 -04:00
mr_pool.h IB/core: add a simple MR pool 2016-05-13 13:37:18 -04:00
opa_addr.h IB/SA: Check dlid before SA agent queries for ClassPortInfo 2017-12-22 13:33:30 -07:00
opa_port_info.h IB/hfi1: Virtual Network Interface Controller (VNIC) HW support 2017-04-20 15:19:35 -04:00
opa_smi.h IB/mad: Eliminate redundant SM class version defines for OPA 2016-12-14 11:01:58 -05:00
opa_vnic.h IB/hfi1: Add support to receive 16B bypass packets 2017-08-22 14:22:37 -04:00
rdma_cm.h RDMA/cma: Introduce API to read GIDs for multiple transports 2018-01-19 13:05:38 -07:00
rdma_cm_ib.h RDMA/{cma, ucma}: Simplify and rename rdma_set_ib_paths 2018-01-10 22:00:33 -07:00
rdma_netlink.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rdma_vt.h IB/{rdmavt, hfi1, qib}: Remove get_card_name() downcall 2018-01-05 13:34:55 -05:00
rdmavt_cq.h IB/rdmavt: Add completion queue functions 2016-03-10 20:37:24 -05:00
rdmavt_mr.h IB/rdmavt: Handle dereg of inuse MRs properly 2017-08-28 19:12:31 -04:00
rdmavt_qp.h IB/rdmavt: Correct issues with read-mostly and send size cache lines 2017-10-04 15:39:45 -04:00
restrack.h RDMA/restrack: Remove unimplemented XRCD object 2018-02-15 14:59:44 -07:00
rw.h rdma core: Add rdma_rw_mr_payload() 2017-09-05 15:15:30 -04:00
uverbs_ioctl.h IB/uverbs: Use u64_to_user_ptr() not a union 2018-02-15 14:59:45 -07:00
uverbs_std_types.h IB/core: Assign root to all drivers 2017-08-31 08:35:14 -04:00
uverbs_types.h IB/core: Explicitly destroy an object while keeping uobject 2017-08-31 08:35:11 -04:00