From patchwork Thu Jan 29 18:00:02 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yann Droneaud <ydroneaud@opteya.com>
X-Patchwork-Id: 5744331
Return-Path: <linux-rdma-owner@kernel.org>
X-Original-To: patchwork-linux-rdma@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 64ABEBF440
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Thu, 29 Jan 2015 18:02:19 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 8A0A5200E5
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Thu, 29 Jan 2015 18:02:18 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 9534E2024D
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Thu, 29 Jan 2015 18:02:17 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753757AbbA2SCG (ORCPT
	<rfc822;patchwork-linux-rdma@patchwork.kernel.org>);
	Thu, 29 Jan 2015 13:02:06 -0500
Received: from smtpfb1-g21.free.fr ([212.27.42.9]:52365 "EHLO
	smtpfb1-g21.free.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752203AbbA2SCE (ORCPT
	<rfc822; linux-rdma@vger.kernel.org>); Thu, 29 Jan 2015 13:02:04 -0500
Received: from smtp4-g21.free.fr (smtp4-g21.free.fr [212.27.42.4])
	by smtpfb1-g21.free.fr (Postfix) with ESMTP id 413CF77D95B;
	Thu, 29 Jan 2015 19:02:01 +0100 (CET)
Received: from localhost.localdomain (unknown [37.161.184.214])
	by smtp4-g21.free.fr (Postfix) with ESMTP id 8AC224C8108;
	Thu, 29 Jan 2015 18:59:30 +0100 (CET)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by localhost.localdomain (8.14.9/8.14.8) with ESMTP id t0TI1vhY026352;
	Thu, 29 Jan 2015 19:01:57 +0100
Received: (from ydroneaud@localhost)
	by localhost.localdomain (8.14.9/8.14.9/Submit) id t0TI1uTG026351;
	Thu, 29 Jan 2015 19:01:56 +0100
From: Yann Droneaud <ydroneaud@opteya.com>
To: Sagi Grimberg <sagig@mellanox.com>,
	Shachar Raindel <raindel@mellanox.com>, Eli Cohen <eli@mellanox.com>,
	Haggai Eran <haggaie@mellanox.com>, Roland Dreier <roland@kernel.org>
Cc: Yann Droneaud <ydroneaud@opteya.com>, linux-rdma@vger.kernel.org,
	linux-api@vger.kernel.org
Subject: [PATCH v1 5/5] IB/core: ib_copy_to_udata(): don't silently truncate
	response
Date: Thu, 29 Jan 2015 19:00:02 +0100
Message-Id: 
 <c69af8952bf25fdbcdfc527b0636bc3177798b95.1422553023.git.ydroneaud@opteya.com>
X-Mailer: git-send-email 2.1.0
In-Reply-To: <cover.1422553023.git.ydroneaud@opteya.com>
References: <cover.1422553023.git.ydroneaud@opteya.com>
In-Reply-To: <cover.1422553023.git.ydroneaud@opteya.com>
References: <cover.1422553023.git.ydroneaud@opteya.com>
Sender: linux-rdma-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-rdma.vger.kernel.org>
X-Mailing-List: linux-rdma@vger.kernel.org
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	T_RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

While ib_copy_to_udata() should check for the available output
space as already proposed in some other patches [1][2][3], the
changes brought by commit 5a77abf9a97a ("IB/core: Add support for
extended query device caps") are silently truncating the data to
be written to userspace if the output buffer is not large enough
to hold the response data.

Silently truncating the response is not a reliable behavior as
userspace is not given any hint about this truncation: userspace
is leaved with garbage to play with.

Not checking the response buffer size and writing past the
userspace buffer is no good either, but it's the current behavior.

So this patch revert the particular change on ib_copy_to_udata()
as a better behavior is implemented in the upper level function
ib_uverbs_ex_query_device().

[1] "[PATCH 00/22] infiniband: improve userspace input check"

http://mid.gmane.org/cover.1376847403.git.ydroneaud@opteya.com

[2] "[PATCH 03/22] infiniband: ib_copy_from_udata(): check input length"

http://mid.gmane.org/2bf102a41c51f61965ee09df827abe8fefb523a9.1376847403.git.ydroneaud@opteya.com

[3] "[PATCH 04/22] infiniband: ib_copy_to_udata(): check output length"

http://mid.gmane.org/d27716a3a1c180f832d153a7402f65ea8a75b734.1376847403.git.ydroneaud@opteya.com

Link: http://mid.gmane.org/cover.1422553023.git.ydroneaud@opteya.com
Cc: Sagi Grimberg <sagig@mellanox.com>
Cc: Shachar Raindel <raindel@mellanox.com>
Cc: Eli Cohen <eli@mellanox.com>
Cc: Haggai Eran <haggaie@mellanox.com>
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Reviewed-by: Haggai Eran <haggaie@mellanox.com>
---
 include/rdma/ib_verbs.h | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h
index 0d74f1de99aa..65994a19e840 100644
--- a/include/rdma/ib_verbs.h
+++ b/include/rdma/ib_verbs.h
@@ -1707,10 +1707,7 @@ static inline int ib_copy_from_udata(void *dest, struct ib_udata *udata, size_t
 
 static inline int ib_copy_to_udata(struct ib_udata *udata, void *src, size_t len)
 {
-	size_t copy_sz;
-
-	copy_sz = min_t(size_t, len, udata->outlen);
-	return copy_to_user(udata->outbuf, src, copy_sz) ? -EFAULT : 0;
+	return copy_to_user(udata->outbuf, src, len) ? -EFAULT : 0;
 }
 
 /**