From: "Zengtao (B)" <prime.zeng@hisilicon.com>
To: liweihang <liweihang@hisilicon.com>,
"jgg@ziepe.ca" <jgg@ziepe.ca>,
"leon@kernel.org" <leon@kernel.org>
Cc: "dledford@redhat.com" <dledford@redhat.com>,
"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
Linuxarm <linuxarm@huawei.com>
Subject: RE: [PATCH rdma-core 2/7] libhns: Optimize bind_mw for fixing null pointer access
Date: Fri, 22 Nov 2019 03:02:03 +0000 [thread overview]
Message-ID: <678F3D1BB717D949B966B68EAEB446ED300CC8B9@dggemm526-mbx.china.huawei.com> (raw)
In-Reply-To: <1574299169-31457-3-git-send-email-liweihang@hisilicon.com>
> -----Original Message-----
> From: linux-rdma-owner@vger.kernel.org
> [mailto:linux-rdma-owner@vger.kernel.org] On Behalf Of Weihang Li
> Sent: Thursday, November 21, 2019 9:19 AM
> To: jgg@ziepe.ca; leon@kernel.org
> Cc: dledford@redhat.com; linux-rdma@vger.kernel.org; Linuxarm
> Subject: [PATCH rdma-core 2/7] libhns: Optimize bind_mw for fixing null
> pointer access
>
> From: Xi Wang <wangxi11@huawei.com>
>
> The argument checking flow in hns_roce_u_bind_mw() will leads to access
> on
> a null address when the mr is not initialized in mw_bind.
>
> Fixes: 47eff6e8624d ("libhns: Adjust the order of parameter checking")
> Signed-off-by: Xi Wang <wangxi11@huawei.com>
> Signed-off-by: Weihang Li <liweihang@hisilicon.com>
> ---
> providers/hns/hns_roce_u_verbs.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/providers/hns/hns_roce_u_verbs.c
> b/providers/hns/hns_roce_u_verbs.c
> index bd5060d..0acfd9a 100644
> --- a/providers/hns/hns_roce_u_verbs.c
> +++ b/providers/hns/hns_roce_u_verbs.c
> @@ -186,7 +186,10 @@ int hns_roce_u_bind_mw(struct ibv_qp *qp,
> struct ibv_mw *mw,
> if (!bind_info->mr && bind_info->length)
> return EINVAL;
>
> - if ((mw->pd != qp->pd) || (mw->pd != bind_info->mr->pd))
> + if (mw->pd != qp->pd)
> + return EINVAL;
> +
> + if (bind_info->mr && (mw->pd != bind_info->mr->pd))
> return EINVAL;
>
Errno should also be set properly in this function, please refer to:
http://man7.org/linux/man-pages/man3/ibv_bind_mw.3.html
> if (mw->type != IBV_MW_TYPE_1)
> --
> 2.8.1
next prev parent reply other threads:[~2019-11-22 3:02 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-21 1:19 [PATCH rdma-core 0/7] libhns: Bugfix for hip08 Weihang Li
2019-11-21 1:19 ` [PATCH rdma-core 1/7] libhns: Fix calculation errors with ilog32() Weihang Li
2019-11-22 2:58 ` Zengtao (B)
2019-11-22 6:16 ` Weihang Li
2019-11-22 18:09 ` Jason Gunthorpe
2019-11-23 2:43 ` Weihang Li
2019-11-21 1:19 ` [PATCH rdma-core 2/7] libhns: Optimize bind_mw for fixing null pointer access Weihang Li
2019-11-22 3:02 ` Zengtao (B) [this message]
2019-11-22 6:40 ` Weihang Li
2019-11-21 1:19 ` [PATCH rdma-core 3/7] libhns: Bugfix for assigning sl Weihang Li
2019-11-21 1:19 ` [PATCH rdma-core 4/7] libhns: Bugfix for cleaning cq Weihang Li
2019-11-21 1:19 ` [PATCH rdma-core 5/7] libhns: Bugfix for updating qp params Weihang Li
2019-11-21 1:19 ` [PATCH rdma-core 6/7] libhns: Avoid null pointer operation Weihang Li
2019-11-21 1:19 ` [PATCH rdma-core 7/7] libhns: Return correct value of cqe num when flushing cqe failed Weihang Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=678F3D1BB717D949B966B68EAEB446ED300CC8B9@dggemm526-mbx.china.huawei.com \
--to=prime.zeng@hisilicon.com \
--cc=dledford@redhat.com \
--cc=jgg@ziepe.ca \
--cc=leon@kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linuxarm@huawei.com \
--cc=liweihang@hisilicon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).