IB/uverbs: Allow an empty namespace in ioctl() framework

The ioctl parser framework wrongly assumed that each namespace is
populated. This could lead to NULL dereferences. Fix the parser to
always check that a given namespace indeed exists.

Fixes: fac9658cabb9 ("IB/core: Add new ioctl interface")
Signed-off-by: Matan Barak <matanb@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>

diff --git a/drivers/infiniband/core/uverbs_ioctl.c b/drivers/infiniband/core/uverbs_ioctl.c
index 5ac2950..20be683 100644 (file)
--- a/drivers/infiniband/core/uverbs_ioctl.c
+++ b/drivers/infiniband/core/uverbs_ioctl.c
@@ -199,6 +199,9 @@ static int uverbs_finalize_attrs(struct uverbs_attr_bundle *attrs_bundle,
                        spec_hash[i];
                unsigned int j;
 
+               if (!curr_spec_bucket)
+                       continue;
+
                for (j = 0; j < curr_bundle->num_attrs; j++) {
                        struct uverbs_attr *attr;
                        const struct uverbs_attr_spec *spec;
@@ -247,7 +250,7 @@ static int uverbs_uattrs_process(struct ib_device *ibdev,
                struct uverbs_attr_spec_hash *attr_spec_bucket;
 
                ret = uverbs_ns_idx(&attr_id, method->num_buckets);
-               if (ret < 0) {
+               if (ret < 0 || !method->attr_buckets[ret]) {
                        if (uattr->flags & UVERBS_ATTR_F_MANDATORY) {
                                uverbs_finalize_attrs(attr_bundle,
                                                      method->attr_buckets,
@@ -290,6 +293,9 @@ static int uverbs_validate_kernel_mandatory(const struct uverbs_method_spec *met
                struct uverbs_attr_spec_hash *attr_spec_bucket =
                        method_spec->attr_buckets[i];
 
+               if (!attr_spec_bucket)
+                       continue;
+
                if (!bitmap_subset(attr_spec_bucket->mandatory_attrs_bitmask,
                                   attr_bundle->hash[i].valid_bitmap,
                                   attr_spec_bucket->num_attrs))
@@ -403,7 +409,12 @@ static long ib_uverbs_cmd_verbs(struct ib_device *ib_dev,
         * filled at a later stage (uverbs_process_attr)
         */
        for (i = 0; i < method_spec->num_buckets; i++) {
-               unsigned int curr_num_attrs = method_spec->attr_buckets[i]->num_attrs;
+               unsigned int curr_num_attrs;
+
+               if (!method_spec->attr_buckets[i])
+                       continue;
+
+               curr_num_attrs = method_spec->attr_buckets[i]->num_attrs;
 
                ctx->uverbs_attr_bundle->hash[i].attrs = curr_attr;
                curr_attr += curr_num_attrs;