Skip to content

TL/MLX5: validate mcast packet fields#1302

Open
janjust wants to merge 1 commit into
openucx:masterfrom
janjust:master-mlx5-mcast-validate-imm-data
Open

TL/MLX5: validate mcast packet fields#1302
janjust wants to merge 1 commit into
openucx:masterfrom
janjust:master-mlx5-mcast-validate-imm-data

Conversation

@janjust

@janjust janjust commented Apr 28, 2026

Copy link
Copy Markdown
Collaborator

Reject multicast packets with invalid decoded source rank, offset, or length before using wire-supplied fields for receive tracking or destination calculation.

Make packet recycling aware of pending-queue entries so dropped packets do not leave zero-copy receive tracking stale.

Reject multicast packets with invalid decoded source rank, offset, or length before using wire-supplied fields for receive tracking or destination calculation.

Make packet recycling aware of pending-queue entries so dropped packets do not leave zero-copy receive tracking stale.

Signed-off-by: Tomislav Janjusic <tomislavj@nvidia.com>
@janjust
janjust requested a review from MamziB April 28, 2026 22:55
@janjust

janjust commented Apr 29, 2026

Copy link
Copy Markdown
Collaborator Author

/build

@MamziB

MamziB commented Apr 29, 2026

Copy link
Copy Markdown
Collaborator

@janjust Thanks for the PR. However, what exact bug is this fixing? If there is a real case where we receive a bad/stale packet or hit an out-of-bounds access, please describe how to reproduce it and what should happen after the packet is dropped.

Right now this looks like extra defensive checks in a very sensitive receive path. Since the code silently drops packets and still returns UCC_OK, I’m worried it could change completion behavior or hang if the reliability path does not recover that packet.

@MamziB

MamziB commented Apr 30, 2026

Copy link
Copy Markdown
Collaborator

Hi @janjust
I thought about it more. I still don’t think this PR is the right fix, but I also don’t think we should reject the security finding entirely. So the safer position is: we accept that validation is needed, but we need a narrower fix that keeps completion semantics instead of silently dropping packets and returning UCC_OK

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants