Check that attribute ID, attribute modifier and transaction ID are the same in request and response.
Note that just by checking these we cover a very wide range of possible bugs in SMAs. Attribute modifier is used in PortInfo, LFT, MFT, and others. Signed-off-by: Yevgeny Kliteynik <klit...@dev.mellanox.co.il> --- libvendor/osm_vendor_ibumad.c | 57 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 45 insertions(+), 12 deletions(-) diff --git a/libvendor/osm_vendor_ibumad.c b/libvendor/osm_vendor_ibumad.c index e0c9f90..ca320a6 100644 --- a/libvendor/osm_vendor_ibumad.c +++ b/libvendor/osm_vendor_ibumad.c @@ -288,7 +288,7 @@ static void *umad_receiver(void *p_ptr) osm_umad_bind_info_t *p_bind; osm_mad_addr_t osm_addr; osm_madw_t *p_madw, *p_req_madw; - ib_mad_t *p_mad; + ib_mad_t *p_mad, *p_req_mad; void *umad = 0; int mad_agent, length; @@ -394,18 +394,51 @@ static void *umad_receiver(void *p_ptr) } p_req_madw = 0; - if (ib_mad_is_response(p_mad) && - !(p_req_madw = get_madw(p_vend, &p_mad->trans_id, - p_mad->mgmt_class))) { - OSM_LOG(p_vend->p_log, OSM_LOG_ERROR, "ERR 5413: " - "Failed to obtain request madw for received MAD" - " (class=0x%X method=0x%X attr=0x%X tid=0x%"PRIx64") -- dropping\n", - p_mad->mgmt_class, p_mad->method, - cl_ntoh16(p_mad->attr_id), - cl_ntoh64(p_mad->trans_id)); - osm_mad_pool_put(p_bind->p_mad_pool, p_madw); - continue; + if (ib_mad_is_response(p_mad)) { + p_req_madw = get_madw(p_vend, &p_mad->trans_id, + p_mad->mgmt_class); + if (PF(!p_req_madw)) { + OSM_LOG(p_vend->p_log, OSM_LOG_ERROR, + "ERR 5413: Failed to obtain request " + "madw for received MAD " + "(class=0x%X method=0x%X attr=0x%X " + "tid=0x%"PRIx64") -- dropping\n", + p_mad->mgmt_class, p_mad->method, + cl_ntoh16(p_mad->attr_id), + cl_ntoh64(p_mad->trans_id)); + osm_mad_pool_put(p_bind->p_mad_pool, p_madw); + continue; + } + + /* + * Check that request MAD was really a request, + * and make sure that attribute ID, attribute + * modifier and transaction ID are the same in + * request and response. + */ + p_req_mad = osm_madw_get_mad_ptr(p_req_madw); + if (PF(ib_mad_is_response(p_req_mad) || + p_mad->attr_id != p_req_mad->attr_id || + p_mad->attr_mod != p_req_mad->attr_mod || + p_mad->trans_id != p_req_mad->trans_id)) { + OSM_LOG(p_vend->p_log, OSM_LOG_ERROR, + "ERR 541A: " + "Response MAD validation failed " + "(request attr=0x%X modif=0x%X " + "tid=0x%"PRIx64", " + "response attr=0x%X modif=0x%X " + "tid=0x%"PRIx64") -- dropping\n", + cl_ntoh16(p_req_mad->attr_id), + cl_ntoh32(p_req_mad->attr_mod), + cl_ntoh64(p_req_mad->trans_id), + cl_ntoh16(p_mad->attr_id), + cl_ntoh32(p_mad->attr_mod), + cl_ntoh64(p_mad->trans_id)); + osm_mad_pool_put(p_bind->p_mad_pool, p_madw); + continue; + } } + #ifndef VENDOR_RMPP_SUPPORT if ((p_mad->mgmt_class != IB_MCLASS_SUBN_DIR) && (p_mad->mgmt_class != IB_MCLASS_SUBN_LID) && -- 1.7.11.1 -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html