diff options
| author | Arnd Bergmann <arnd@arndb.de> | 2015-03-11 17:46:59 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2015-03-12 00:28:01 -0400 |
| commit | f862e07cf95d5b62a5fc5e981dd7d0dbaf33a501 (patch) | |
| tree | 7d93064db9c1d903692457c993353ae87cefd632 /net | |
| parent | 3a8dd9711e0792f64394edafadd66c2d1f1904df (diff) | |
rds: avoid potential stack overflow
The rds_iw_update_cm_id function stores a large 'struct rds_sock' object
on the stack in order to pass a pair of addresses. This happens to just
fit withint the 1024 byte stack size warning limit on x86, but just
exceed that limit on ARM, which gives us this warning:
net/rds/iw_rdma.c:200:1: warning: the frame size of 1056 bytes is larger than 1024 bytes [-Wframe-larger-than=]
As the use of this large variable is basically bogus, we can rearrange
the code to not do that. Instead of passing an rds socket into
rds_iw_get_device, we now just pass the two addresses that we have
available in rds_iw_update_cm_id, and we change rds_iw_get_mr accordingly,
to create two address structures on the stack there.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/rds/iw_rdma.c | 40 |
1 files changed, 22 insertions, 18 deletions
diff --git a/net/rds/iw_rdma.c b/net/rds/iw_rdma.c index a817705ce2d0..dba8d0864f18 100644 --- a/net/rds/iw_rdma.c +++ b/net/rds/iw_rdma.c | |||
| @@ -88,7 +88,9 @@ static unsigned int rds_iw_unmap_fastreg_list(struct rds_iw_mr_pool *pool, | |||
| 88 | int *unpinned); | 88 | int *unpinned); |
| 89 | static void rds_iw_destroy_fastreg(struct rds_iw_mr_pool *pool, struct rds_iw_mr *ibmr); | 89 | static void rds_iw_destroy_fastreg(struct rds_iw_mr_pool *pool, struct rds_iw_mr *ibmr); |
| 90 | 90 | ||
| 91 | static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwdev, struct rdma_cm_id **cm_id) | 91 | static int rds_iw_get_device(struct sockaddr_in *src, struct sockaddr_in *dst, |
| 92 | struct rds_iw_device **rds_iwdev, | ||
| 93 | struct rdma_cm_id **cm_id) | ||
| 92 | { | 94 | { |
| 93 | struct rds_iw_device *iwdev; | 95 | struct rds_iw_device *iwdev; |
| 94 | struct rds_iw_cm_id *i_cm_id; | 96 | struct rds_iw_cm_id *i_cm_id; |
| @@ -112,15 +114,15 @@ static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwd | |||
| 112 | src_addr->sin_port, | 114 | src_addr->sin_port, |
| 113 | dst_addr->sin_addr.s_addr, | 115 | dst_addr->sin_addr.s_addr, |
| 114 | dst_addr->sin_port, | 116 | dst_addr->sin_port, |
| 115 | rs->rs_bound_addr, | 117 | src->sin_addr.s_addr, |
| 116 | rs->rs_bound_port, | 118 | src->sin_port, |
| 117 | rs->rs_conn_addr, | 119 | dst->sin_addr.s_addr, |
| 118 | rs->rs_conn_port); | 120 | dst->sin_port); |
| 119 | #ifdef WORKING_TUPLE_DETECTION | 121 | #ifdef WORKING_TUPLE_DETECTION |
| 120 | if (src_addr->sin_addr.s_addr == rs->rs_bound_addr && | 122 | if (src_addr->sin_addr.s_addr == src->sin_addr.s_addr && |
| 121 | src_addr->sin_port == rs->rs_bound_port && | 123 | src_addr->sin_port == src->sin_port && |
| 122 | dst_addr->sin_addr.s_addr == rs->rs_conn_addr && | 124 | dst_addr->sin_addr.s_addr == dst->sin_addr.s_addr && |
| 123 | dst_addr->sin_port == rs->rs_conn_port) { | 125 | dst_addr->sin_port == dst->sin_port) { |
| 124 | #else | 126 | #else |
| 125 | /* FIXME - needs to compare the local and remote | 127 | /* FIXME - needs to compare the local and remote |
| 126 | * ipaddr/port tuple, but the ipaddr is the only | 128 | * ipaddr/port tuple, but the ipaddr is the only |
| @@ -128,7 +130,7 @@ static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwd | |||
| 128 | * zero'ed. It doesn't appear to be properly populated | 130 | * zero'ed. It doesn't appear to be properly populated |
| 129 | * during connection setup... | 131 | * during connection setup... |
| 130 | */ | 132 | */ |
| 131 | if (src_addr->sin_addr.s_addr == rs->rs_bound_addr) { | 133 | if (src_addr->sin_addr.s_addr == src->sin_addr.s_addr) { |
| 132 | #endif | 134 | #endif |
| 133 | spin_unlock_irq(&iwdev->spinlock); | 135 | spin_unlock_irq(&iwdev->spinlock); |
| 134 | *rds_iwdev = iwdev; | 136 | *rds_iwdev = iwdev; |
| @@ -180,19 +182,13 @@ int rds_iw_update_cm_id(struct rds_iw_device *rds_iwdev, struct rdma_cm_id *cm_i | |||
| 180 | { | 182 | { |
| 181 | struct sockaddr_in *src_addr, *dst_addr; | 183 | struct sockaddr_in *src_addr, *dst_addr; |
| 182 | struct rds_iw_device *rds_iwdev_old; | 184 | struct rds_iw_device *rds_iwdev_old; |
| 183 | struct rds_sock rs; | ||
| 184 | struct rdma_cm_id *pcm_id; | 185 | struct rdma_cm_id *pcm_id; |
| 185 | int rc; | 186 | int rc; |
| 186 | 187 | ||
| 187 | src_addr = (struct sockaddr_in *)&cm_id->route.addr.src_addr; | 188 | src_addr = (struct sockaddr_in *)&cm_id->route.addr.src_addr; |
| 188 | dst_addr = (struct sockaddr_in *)&cm_id->route.addr.dst_addr; | 189 | dst_addr = (struct sockaddr_in *)&cm_id->route.addr.dst_addr; |
| 189 | 190 | ||
| 190 | rs.rs_bound_addr = src_addr->sin_addr.s_addr; | 191 | rc = rds_iw_get_device(src_addr, dst_addr, &rds_iwdev_old, &pcm_id); |
| 191 | rs.rs_bound_port = src_addr->sin_port; | ||
| 192 | rs.rs_conn_addr = dst_addr->sin_addr.s_addr; | ||
| 193 | rs.rs_conn_port = dst_addr->sin_port; | ||
| 194 | |||
| 195 | rc = rds_iw_get_device(&rs, &rds_iwdev_old, &pcm_id); | ||
| 196 | if (rc) | 192 | if (rc) |
| 197 | rds_iw_remove_cm_id(rds_iwdev, cm_id); | 193 | rds_iw_remove_cm_id(rds_iwdev, cm_id); |
| 198 | 194 | ||
| @@ -598,9 +594,17 @@ void *rds_iw_get_mr(struct scatterlist *sg, unsigned long nents, | |||
| 598 | struct rds_iw_device *rds_iwdev; | 594 | struct rds_iw_device *rds_iwdev; |
| 599 | struct rds_iw_mr *ibmr = NULL; | 595 | struct rds_iw_mr *ibmr = NULL; |
| 600 | struct rdma_cm_id *cm_id; | 596 | struct rdma_cm_id *cm_id; |
| 597 | struct sockaddr_in src = { | ||
| 598 | .sin_addr.s_addr = rs->rs_bound_addr, | ||
| 599 | .sin_port = rs->rs_bound_port, | ||
| 600 | }; | ||
| 601 | struct sockaddr_in dst = { | ||
| 602 | .sin_addr.s_addr = rs->rs_conn_addr, | ||
| 603 | .sin_port = rs->rs_conn_port, | ||
| 604 | }; | ||
| 601 | int ret; | 605 | int ret; |
| 602 | 606 | ||
| 603 | ret = rds_iw_get_device(rs, &rds_iwdev, &cm_id); | 607 | ret = rds_iw_get_device(&src, &dst, &rds_iwdev, &cm_id); |
| 604 | if (ret || !cm_id) { | 608 | if (ret || !cm_id) { |
| 605 | ret = -ENODEV; | 609 | ret = -ENODEV; |
| 606 | goto out; | 610 | goto out; |