diff --git a/.gitignore b/.gitignore index cc64e63..45c7d2a 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ /rdma-core-39.0.tar.gz /rdma-core-41.0.tar.gz /rdma-core-44.0.tar.gz +/rdma-core-45.0.tar.gz diff --git a/0001-util-fix-overflow-in-remap_node_name.patch b/0001-util-fix-overflow-in-remap_node_name.patch deleted file mode 100644 index 860c153..0000000 --- a/0001-util-fix-overflow-in-remap_node_name.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 5075b961a29ff9c418e1fefe78432e95dd0a5fcc Mon Sep 17 00:00:00 2001 -From: Michal Schmidt -Date: Wed, 1 Feb 2023 22:41:06 +0100 -Subject: [PATCH 1/3] util: fix overflow in remap_node_name() - -The function remap_node_name() assumes the parameter 'nodedesc' is at -least IB_SMP_DATA_SIZE + 1 (i.e. 65) bytes long, because it passes it to -clean_nodedesc() that writes a nul-terminator to it at offset -IB_SMP_DATA_SIZE. Callers in infiniband-diags/saquery.c pass -a (struct ib_node_desc_t).description as the argument, which is only -IB_NODE_DESCRIPTION_SIZE (i.e. 64) bytes long. This is an overflow. - -An odd thing about remap_node_name() is that it may (but does not -always) rewrite the nodedesc in-place. Callers do not appear to -appreciate this behavior. Most of them are various print_* and dump_* -functions where rewriting the input makes no sense. Some callers make a -local copy of the nodedesc first, possibly to protect the original. -One caller (infiniband-diags/saquery.c:print_node_records()) checks if -either the original description or the remapped one matches a given -requested_name - so it looks like it prefers the original to be -not rewritten. - -Let's make remap_node_name() a bit safer and more convenient to use. -Allocate a fixed-sized copy first. Then use strncpy to copy from -'nodedesc', never reading more than IB_SMP_DATA_SIZE (64) bytes. -Apply clean_nodedesc() on the correctly-sized copy. This solves the -overflow bug. Also, the in-place rewrite of 'nodedesc' is gone and it -can become a (const char*). - -The overflow was found by a static checker (covscan). - -Fixes: d974c4e398d2 ("Fix max length of node description (ibnetdiscover and smpquery)") -Signed-off-by: Michal Schmidt ---- - util/node_name_map.c | 12 +++++++++--- - util/node_name_map.h | 3 +-- - 2 files changed, 10 insertions(+), 5 deletions(-) - -diff --git a/util/node_name_map.c b/util/node_name_map.c -index 30b73eb1448e..511cb92ef19c 100644 ---- a/util/node_name_map.c -+++ b/util/node_name_map.c -@@ -95,7 +95,7 @@ void close_node_name_map(nn_map_t * map) - free(map); - } - --char *remap_node_name(nn_map_t * map, uint64_t target_guid, char *nodedesc) -+char *remap_node_name(nn_map_t * map, uint64_t target_guid, const char *nodedesc) - { - char *rc = NULL; - name_map_item_t *item = NULL; -@@ -108,8 +108,14 @@ char *remap_node_name(nn_map_t * map, uint64_t target_guid, char *nodedesc) - rc = strdup(item->name); - - done: -- if (rc == NULL) -- rc = strdup(clean_nodedesc(nodedesc)); -+ if (rc == NULL) { -+ rc = malloc(IB_SMP_DATA_SIZE + 1); -+ if (rc) { -+ strncpy(rc, nodedesc, IB_SMP_DATA_SIZE); -+ rc[IB_SMP_DATA_SIZE] = '\0'; -+ clean_nodedesc(rc); -+ } -+ } - return (rc); - } - -diff --git a/util/node_name_map.h b/util/node_name_map.h -index e78d274b116e..d83d672782c4 100644 ---- a/util/node_name_map.h -+++ b/util/node_name_map.h -@@ -12,8 +12,7 @@ typedef struct nn_map nn_map_t; - - nn_map_t *open_node_name_map(const char *node_name_map); - void close_node_name_map(nn_map_t *map); --/* NOTE: parameter "nodedesc" may be modified here. */ --char *remap_node_name(nn_map_t *map, uint64_t target_guid, char *nodedesc); -+char *remap_node_name(nn_map_t *map, uint64_t target_guid, const char *nodedesc); - char *clean_nodedesc(char *nodedesc); - - #endif --- -2.39.1 - diff --git a/0002-infiniband-diags-drop-unnecessary-nodedesc-local-cop.patch b/0002-infiniband-diags-drop-unnecessary-nodedesc-local-cop.patch deleted file mode 100644 index 7927ba6..0000000 --- a/0002-infiniband-diags-drop-unnecessary-nodedesc-local-cop.patch +++ /dev/null @@ -1,95 +0,0 @@ -From d5723a0f69577fd3022024ca17c27e273a29695b Mon Sep 17 00:00:00 2001 -From: Michal Schmidt -Date: Wed, 1 Feb 2023 22:41:16 +0100 -Subject: [PATCH 2/3] infiniband-diags: drop unnecessary nodedesc local copies - -Now that remap_node_name() never rewrites nodedesc in-place, some -copying can be avoided. - -Signed-off-by: Michal Schmidt ---- - infiniband-diags/dump_fts.c | 14 +++----------- - 1 file changed, 3 insertions(+), 11 deletions(-) - -diff --git a/infiniband-diags/dump_fts.c b/infiniband-diags/dump_fts.c -index ce6bfb9ecc33..acef9efe692d 100644 ---- a/infiniband-diags/dump_fts.c -+++ b/infiniband-diags/dump_fts.c -@@ -109,7 +109,6 @@ static void dump_multicast_tables(ibnd_node_t *node, unsigned startl, - unsigned endl, struct ibmad_port *mad_port) - { - ib_portid_t *portid = &node->path_portid; -- char nd[IB_SMP_DATA_SIZE + 1] = { 0 }; - char str[512]; - char *s; - uint64_t nodeguid; -@@ -119,7 +118,6 @@ static void dump_multicast_tables(ibnd_node_t *node, unsigned startl, - char *mapnd = NULL; - int n = 0; - -- memcpy(nd, node->nodedesc, strlen(node->nodedesc)); - nports = node->numports; - nodeguid = node->guid; - -@@ -149,7 +147,7 @@ static void dump_multicast_tables(ibnd_node_t *node, unsigned startl, - endl = IB_MAX_MCAST_LID; - } - -- mapnd = remap_node_name(node_name_map, nodeguid, nd); -+ mapnd = remap_node_name(node_name_map, nodeguid, node->nodedesc); - - printf("Multicast mlids [0x%x-0x%x] of switch %s guid 0x%016" PRIx64 - " (%s):\n", startl, endl, portid2str(portid), nodeguid, -@@ -224,8 +222,6 @@ static int dump_lid(char *str, int str_len, int lid, int valid, - ibnd_fabric_t *fabric, int *last_port_lid, - int *base_port_lid, uint64_t *portguid) - { -- char nd[IB_SMP_DATA_SIZE + 1] = { 0 }; -- - ibnd_port_t *port = NULL; - - char ntype[50], sguid[30]; -@@ -276,14 +272,12 @@ static int dump_lid(char *str, int str_len, int lid, int valid, - baselid = port->base_lid; - lmc = port->lmc; - -- memcpy(nd, port->node->nodedesc, strlen(port->node->nodedesc)); -- - if (lmc > 0) { - *base_port_lid = baselid; - *last_port_lid = baselid + (1 << lmc) - 1; - } - -- mapnd = remap_node_name(node_name_map, nodeguid, nd); -+ mapnd = remap_node_name(node_name_map, nodeguid, port->node->nodedesc); - - rc = snprintf(str, str_len, ": (%s portguid %s: '%s')", - mad_dump_val(IB_NODE_TYPE_F, ntype, sizeof ntype, -@@ -302,7 +296,6 @@ static void dump_unicast_tables(ibnd_node_t *node, int startl, int endl, - { - ib_portid_t * portid = &node->path_portid; - char lft[IB_SMP_DATA_SIZE] = { 0 }; -- char nd[IB_SMP_DATA_SIZE + 1] = { 0 }; - char str[200]; - uint64_t nodeguid; - int block, i, e, top; -@@ -315,7 +308,6 @@ static void dump_unicast_tables(ibnd_node_t *node, int startl, int endl, - mad_decode_field(node->switchinfo, IB_SW_LINEAR_FDB_TOP_F, &top); - nodeguid = node->guid; - nports = node->numports; -- memcpy(nd, node->nodedesc, strlen(node->nodedesc)); - - if (!endl || endl > top) - endl = top; -@@ -326,7 +318,7 @@ static void dump_unicast_tables(ibnd_node_t *node, int startl, int endl, - endl = IB_MAX_UCAST_LID; - } - -- mapnd = remap_node_name(node_name_map, nodeguid, nd); -+ mapnd = remap_node_name(node_name_map, nodeguid, node->nodedesc); - - printf("Unicast lids [0x%x-0x%x] of switch %s guid 0x%016" PRIx64 - " (%s):\n", startl, endl, portid2str(portid), nodeguid, --- -2.39.1 - diff --git a/0003-libibnetdisc-fix-printing-a-possibly-non-NUL-termina.patch b/0003-libibnetdisc-fix-printing-a-possibly-non-NUL-termina.patch deleted file mode 100644 index 2a5cc84..0000000 --- a/0003-libibnetdisc-fix-printing-a-possibly-non-NUL-termina.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 45fcc7ad41216a93bafb452f7d7a4507d52722cd Mon Sep 17 00:00:00 2001 -From: Michal Schmidt -Date: Wed, 1 Feb 2023 23:30:52 +0100 -Subject: [PATCH 3/3] libibnetdisc: fix printing a possibly non-NUL-terminated - string - -Found by a static check (covscan). - -Fixes: d974c4e398d2 ("Fix max length of node description (ibnetdiscover and smpquery)") -Signed-off-by: Michal Schmidt ---- - libibnetdisc/chassis.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/libibnetdisc/chassis.c b/libibnetdisc/chassis.c -index a3ec1d82807c..bc1a8aff8acb 100644 ---- a/libibnetdisc/chassis.c -+++ b/libibnetdisc/chassis.c -@@ -597,7 +597,7 @@ static int fill_mellanox_chassis_record(ibnd_node_t * node) - int p = 0; - ibnd_port_t *port; - -- char node_desc[IB_SMP_DATA_SIZE]; -+ char node_desc[IB_SMP_DATA_SIZE + 1]; - char *system_name; - char *system_type; - char *system_slot_name; -@@ -617,6 +617,7 @@ static int fill_mellanox_chassis_record(ibnd_node_t * node) - */ - - memcpy(node_desc, node->nodedesc, IB_SMP_DATA_SIZE); -+ node_desc[IB_SMP_DATA_SIZE] = '\0'; - - IBND_DEBUG("fill_mellanox_chassis_record: node_desc:%s \n",node_desc); - --- -2.39.1 - diff --git a/rdma-core.spec b/rdma-core.spec index 01f87b3..42870de 100644 --- a/rdma-core.spec +++ b/rdma-core.spec @@ -1,5 +1,5 @@ Name: rdma-core -Version: 44.0 +Version: 45.0 Release: %autorelease Summary: RDMA core userspace libraries and daemons @@ -10,10 +10,6 @@ Summary: RDMA core userspace libraries and daemons License: GPLv2 or BSD Url: https://github.com/linux-rdma/rdma-core Source: https://github.com/linux-rdma/rdma-core/releases/download/v%{version}/%{name}-%{version}.tar.gz -# 0001-0003: https://github.com/linux-rdma/rdma-core/pull/1308 -Patch1: 0001-util-fix-overflow-in-remap_node_name.patch -Patch2: 0002-infiniband-diags-drop-unnecessary-nodedesc-local-cop.patch -Patch3: 0003-libibnetdisc-fix-printing-a-possibly-non-NUL-termina.patch Patch9998: 9998-kernel-boot-Do-not-perform-device-rename-on-OPA-devi.patch Patch9999: 9999-udev-keep-NAME_KERNEL-as-default-interface-naming-co.patch # Do not build static libs by default. @@ -277,14 +273,11 @@ easy, object-oriented access to IB verbs. %prep %setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 %if 0%{?fedora} -%patch9998 -p1 +%patch 9998 -p1 %endif %if 0%{?rhel} -%patch9999 -p1 +%patch 9999 -p1 %endif %build diff --git a/sources b/sources index 0445cc7..3849e2f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (rdma-core-44.0.tar.gz) = f31c63aee415fb4aa721fdec2e4d9fb2bef964b1bea93f0170d30fb03b1e798cb11d46bb123db4b2a5002dec17ec16dc6e6aeaebe9f84517bf538dd114726ae1 +SHA512 (rdma-core-45.0.tar.gz) = 3a6728990065867d6fd2abe2a13e3275df513a491da6e3c07a75ec79e8f9ad7fe30f6cbbf04951d0976f1318bf45e0d562c260e9d633c96e4c167d0f9fa71d1b