IB/core: Implement a limit on UMAD receive List
stable inclusion from stable-v4.19.318 commit 1288cf1cceb0e6df276e182f5412370fb4169bcb category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGSPA CVE: CVE-2024-42145 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1288cf1cceb0e6df276e182f5412370fb4169bcb -------------------------------- [ Upstream commit ca0b44e20a6f3032224599f02e7c8fb49525c894 ] The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extract packets from this list, the rate of extraction may not match the rate of incoming packets, leading to potential list overflow. To address this, we introduce a limit to the size of the list. After considering typical scenarios, such as OpenSM processing, which can handle approximately 100k packets per second, and the 1-second retry timeout for most packets, we set the list size limit to 200k. Packets received beyond this limit are dropped, assuming they are likely timed out by the time they are handled by user-space. Notably, packets queued on the receive list due to reasons like timed-out sends are preserved even when the list is full. Signed-off-by:Michael Guralnik <michaelgur@nvidia.com> Reviewed-by:
Mark Zhang <markzhang@nvidia.com> Link: https://lore.kernel.org/r/7197cb58a7d9e78399008f25036205ceab07fbd5.1713268818.git.leon@kernel.org Signed-off-by:
Leon Romanovsky <leon@kernel.org> Signed-off-by:
Sasha Levin <sashal@kernel.org> Signed-off-by:
Zhang Changzhong <zhangchangzhong@huawei.com>
Loading
Please register or sign in to comment