]> git.openfabrics.org - ~shefty/ibacm.git/commitdiff
projects / ~shefty / ibacm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d8807dd)
pick
authorSean Hefty <sean.hefty@intel.com>
Wed, 3 Dec 2014 19:42:54 +0000 (11:42 -0800)
committerSean Hefty <sean.hefty@intel.com>
Wed, 3 Dec 2014 19:42:54 +0000 (11:42 -0800)
meta patch | blob | history
patches/ibacm-incorrect-ifc_len-is-spe [new file with mode: 0644] patch | blob

diff --git a/meta b/meta
index 4fd863b0d6eb09fa045d0b8f15a2b072954d5d0c..2750ec30ebc145cc168ddcefa3b1e45a0dcb5619 100644 (file)
--- a/meta
+++ b/meta
@@ -1,9 +1,10 @@
 Version: 1
-Previous: f0c0965e79290ffe9fe0f78e5414e40dedfc5610
-Head: d017989d1d1412faf4c0defdcfb15bf2ea8dc88f
+Previous: 3ec4bef474ea30732d5d3d8de8148306f8bd5893
+Head: af47dd8d0ebde8a3f27ec71a335c64ba327e875e
 Applied:
   ibacmp-missing-in-acm_log-form: e6f07ef8a07ba838a296cf09e02a1869246c6c2f
   ibacm-close-the-provider-endpo: d017989d1d1412faf4c0defdcfb15bf2ea8dc88f
+  ibacm-incorrect-ifc_len-is-spe: af47dd8d0ebde8a3f27ec71a335c64ba327e875e
 Unapplied:
   suse: 7076e2a00570a3cda4e4ce034419399a23ebfb0a
   dev-name2ip: 8e00708e882239292492e13aa51c82042255933c
diff --git a/patches/ibacm-incorrect-ifc_len-is-spe b/patches/ibacm-incorrect-ifc_len-is-spe
new file mode 100644 (file)
index 0000000..9135125
--- /dev/null
+++ b/patches/ibacm-incorrect-ifc_len-is-spe
@@ -0,0 +1,50 @@
+Bottom: fab6eb4037e9f3c9e7e0ad14459441cbe31782cf
+Top:    17fbbacadc07cbaeafa34601564758a21db611ea
+Author: Kaike Wan <kaike.wan@intel.com>
+Date:   2014-12-03 11:42:54 -0800
+
+ibacm: incorrect ifc_len is specified in SIOCGIFCONF request
+
+The ifc->ifs_len in the ioctl SIOCGIFCONF request should only specify the
+associated ifreq buffer length and not include the ifc header length.
+This bug was found by running ibacm with Valgrind:
+
+==8201== Syscall param ioctl(SIOCGIFCONF).ifc_buf points to unaddressable byte(s)
+==8201==    at 0x3E886DF7B7: ioctl (in /lib64/libc-2.12.so)
+==8201==    by 0x40A11A: acm_if_iter_sys (acm_util.c:154)
+==8201==    by 0x406979: acm_get_system_ips (acm.c:1584)
+==8201==    by 0x4069FD: acm_assign_ep_names (acm.c:1602)
+==8201==    by 0x4070D1: acm_ep_up (acm.c:1744)
+==8201==    by 0x407799: acm_port_up (acm.c:1896)
+==8201==    by 0x407DE1: acm_activate_devices (acm.c:2027)
+==8201==    by 0x409CAC: main (acm.c:2728)
+==8201==  Address 0x5063470 is 0 bytes after a block of size 2,576 alloc'd
+==8201==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
+==8201==    by 0x40A0BB: acm_if_iter_sys (acm_util.c:144)
+==8201==    by 0x406979: acm_get_system_ips (acm.c:1584)
+==8201==    by 0x4069FD: acm_assign_ep_names (acm.c:1602)
+==8201==    by 0x4070D1: acm_ep_up (acm.c:1744)
+==8201==    by 0x407799: acm_port_up (acm.c:1896)
+==8201==    by 0x407DE1: acm_activate_devices (acm.c:2027)
+==8201==    by 0x409CAC: main (acm.c:2728)
+
+
+Signed-off-by: Kaike Wan <kaike.wan@intel.com>
+Reviewed-by: Ira Weiny <ira.weiny@intel.com>
+
+
+---
+
+diff --git a/src/acm_util.c b/src/acm_util.c
+index 50b46d8..d54f520 100644
+--- a/src/acm_util.c
++++ b/src/acm_util.c
+@@ -148,7 +148,7 @@ int acm_if_iter_sys(acm_if_iter_cb cb, void *ctx)
+       }
+       memset(ifc, 0, len);
+-      ifc->ifc_len = len;
++      ifc->ifc_len = len - sizeof(*ifc);
+       ifc->ifc_req = (struct ifreq *) (ifc + 1);
+       ret = ioctl(s, SIOCGIFCONF, ifc);
IB Communication Management Assistant