Skip to content

cuda.core: validate IPC buffer import size against mapped extent (Glasswing V2.2)#2224

Open
Andy-Jost wants to merge 1 commit into
NVIDIA:mainfrom
Andy-Jost:ajost/glasswing-v2-2-ipc-size-vs-extent
Open

cuda.core: validate IPC buffer import size against mapped extent (Glasswing V2.2)#2224
Andy-Jost wants to merge 1 commit into
NVIDIA:mainfrom
Andy-Jost:ajost/glasswing-v2-2-ipc-size-vs-extent

Conversation

@Andy-Jost

@Andy-Jost Andy-Jost commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Summary

Addresses Glasswing finding V2.2 (NVBUG 6268889): a peer-supplied IPCBufferDescriptor.size was trusted as buf._size and used as the cuMemcpyAsync length without checking against the actual mapped allocation extent, enabling an oversized device copy when the receiver imported and copied a forged descriptor.

Changes

  • cuda_core/cuda/core/_memory/_ipc.pyx: after deviceptr_import_ipc, query CU_POINTER_ATTRIBUTE_RANGE_SIZE on the imported pointer and reject descriptors whose advertised size exceeds the mapped extent before calling Buffer_from_deviceptr_handle
  • cuda_core/tests/memory_ipc/test_errors.py: TestImportOversizedBufferDescriptorSize — cross-process harness that forges an oversized size on a valid export payload and asserts import raises ValueError

Test Coverage

  • TestImportOversizedBufferDescriptorSize — peer forges oversized size on a valid 64-byte export blob; child import raises ValueError (DeviceMR and PinnedMR parametrizations)

Related Work

@Andy-Jost
cuda.core: validate IPC buffer import size against mapped extent
f7c29fa 
Reject peer-supplied IPCBufferDescriptor sizes larger than the driver-reported
allocation extent before storing buf._size, preventing oversized cuMemcpyAsync
lengths on imported buffers (Glasswing V2.2).
@Andy-Jost Andy-Jost added this to the cuda.core v1.1.0 milestone Jun 15, 2026
@Andy-Jost Andy-Jost added bug Something isn't working P1 Medium priority - Should do cuda.core Everything related to the cuda.core module labels Jun 15, 2026
@Andy-Jost Andy-Jost self-assigned this Jun 15, 2026
@Andy-Jost Andy-Jost requested a review from rwgk June 15, 2026 19:03
@Andy-Jost Andy-Jost mentioned this pull request Jun 15, 2026
Open
@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown
Doc Preview CI

🚀 View preview at
https://nvidia.github.io/cuda-python/pr-preview/pr-2224/

https://nvidia.github.io/cuda-python/pr-preview/pr-2224/cuda-core/

https://nvidia.github.io/cuda-python/pr-preview/pr-2224/cuda-bindings/

https://nvidia.github.io/cuda-python/pr-preview/pr-2224/cuda-pathfinder/


Preview will be ready when the GitHub Pages deployment is complete.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mdboom mdboom mdboom approved these changes

@rwgk rwgk Awaiting requested review from rwgk

Assignees

@Andy-Jost Andy-Jost

Labels

bug Something isn't working cuda.core Everything related to the cuda.core module P1 Medium priority - Should do

Projects

None yet

Milestone

cuda.core v1.1.0

Development

Successfully merging this pull request may close these issues.

2 participants

@Andy-Jost @mdboom