projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1bc0299)
IB/hfi1: Ensure VL index is within bounds
authorKaike Wan <kaike.wan@intel.com>
Thu, 31 May 2018 18:30:17 +0000 (11:30 -0700)
committerJason Gunthorpe <jgg@mellanox.com>
Mon, 4 Jun 2018 19:33:16 +0000 (13:33 -0600)
Improve the safety of the code and ensure the array cannot be indexed
out of bounds when picking the CPU for a given SDMA engine.

Reviewed-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Kaike Wan <kaike.wan@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
drivers/infiniband/hw/hfi1/sdma.c patch | blob | history

diff --git a/drivers/infiniband/hw/hfi1/sdma.c b/drivers/infiniband/hw/hfi1/sdma.c
index 1f20330..298e0e3 100644 (file)
--- a/drivers/infiniband/hw/hfi1/sdma.c
+++ b/drivers/infiniband/hw/hfi1/sdma.c
@@ -1,5 +1,5 @@
 /*
- * Copyright(c) 2015, 2016 Intel Corporation.
+ * Copyright(c) 2015 - 2018 Intel Corporation.
  *
  * This file is provided under a dual BSD/GPLv2 license.  When using or
  * redistributing this file, you may do so under either license.
@@ -923,9 +923,10 @@ ssize_t sdma_set_cpu_to_sde_map(struct sdma_engine *sde, const char *buf,
        cpumask_var_t mask, new_mask;
        unsigned long cpu;
        int ret, vl, sz;
+       struct sdma_rht_node *rht_node;
 
        vl = sdma_engine_get_vl(sde);
-       if (unlikely(vl < 0))
+       if (unlikely(vl < 0 || vl >= ARRAY_SIZE(rht_node->map)))
                return -EINVAL;
 
        ret = zalloc_cpumask_var(&mask, GFP_KERNEL);
@@ -953,19 +954,12 @@ ssize_t sdma_set_cpu_to_sde_map(struct sdma_engine *sde, const char *buf,
        mutex_lock(&process_to_sde_mutex);
 
        for_each_cpu(cpu, mask) {
-               struct sdma_rht_node *rht_node;
-
                /* Check if we have this already mapped */
                if (cpumask_test_cpu(cpu, &sde->cpu_mask)) {
                        cpumask_set_cpu(cpu, new_mask);
                        continue;
                }
 
-               if (vl >= ARRAY_SIZE(rht_node->map)) {
-                       ret = -EINVAL;
-                       goto out;
-               }
-
                rht_node = rhashtable_lookup_fast(dd->sdma_rht, &cpu,
                                                  sdma_rht_params);
                if (!rht_node) {
Domain: System / Kernel;