linux-rdma.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Zengtao (B)" <prime.zeng@hisilicon.com>
To: liweihang <liweihang@hisilicon.com>,
	"jgg@ziepe.ca" <jgg@ziepe.ca>,
	"leon@kernel.org" <leon@kernel.org>
Cc: "dledford@redhat.com" <dledford@redhat.com>,
	"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
	Linuxarm <linuxarm@huawei.com>
Subject: RE: [PATCH rdma-core 2/7] libhns: Optimize bind_mw for fixing null pointer access
Date: Fri, 22 Nov 2019 03:02:03 +0000	[thread overview]
Message-ID: <678F3D1BB717D949B966B68EAEB446ED300CC8B9@dggemm526-mbx.china.huawei.com> (raw)
In-Reply-To: <1574299169-31457-3-git-send-email-liweihang@hisilicon.com>

> -----Original Message-----
> From: linux-rdma-owner@vger.kernel.org
> [mailto:linux-rdma-owner@vger.kernel.org] On Behalf Of Weihang Li
> Sent: Thursday, November 21, 2019 9:19 AM
> To: jgg@ziepe.ca; leon@kernel.org
> Cc: dledford@redhat.com; linux-rdma@vger.kernel.org; Linuxarm
> Subject: [PATCH rdma-core 2/7] libhns: Optimize bind_mw for fixing null
> pointer access
> 
> From: Xi Wang <wangxi11@huawei.com>
> 
> The argument checking flow in hns_roce_u_bind_mw() will leads to access
> on
> a null address when the mr is not initialized in mw_bind.
> 
> Fixes: 47eff6e8624d ("libhns: Adjust the order of parameter checking")
> Signed-off-by: Xi Wang <wangxi11@huawei.com>
> Signed-off-by: Weihang Li <liweihang@hisilicon.com>
> ---
>  providers/hns/hns_roce_u_verbs.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/providers/hns/hns_roce_u_verbs.c
> b/providers/hns/hns_roce_u_verbs.c
> index bd5060d..0acfd9a 100644
> --- a/providers/hns/hns_roce_u_verbs.c
> +++ b/providers/hns/hns_roce_u_verbs.c
> @@ -186,7 +186,10 @@ int hns_roce_u_bind_mw(struct ibv_qp *qp,
> struct ibv_mw *mw,
>  	if (!bind_info->mr && bind_info->length)
>  		return EINVAL;
> 
> -	if ((mw->pd != qp->pd) || (mw->pd != bind_info->mr->pd))
> +	if (mw->pd != qp->pd)
> +		return EINVAL;
> +
> +	if (bind_info->mr && (mw->pd != bind_info->mr->pd))
>  		return EINVAL;
> 
Errno should also be set properly in this function, please refer to:
http://man7.org/linux/man-pages/man3/ibv_bind_mw.3.html

>  	if (mw->type != IBV_MW_TYPE_1)
> --
> 2.8.1


  reply	other threads:[~2019-11-22  3:02 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-21  1:19 [PATCH rdma-core 0/7] libhns: Bugfix for hip08 Weihang Li
2019-11-21  1:19 ` [PATCH rdma-core 1/7] libhns: Fix calculation errors with ilog32() Weihang Li
2019-11-22  2:58   ` Zengtao (B)
2019-11-22  6:16     ` Weihang Li
2019-11-22 18:09     ` Jason Gunthorpe
2019-11-23  2:43       ` Weihang Li
2019-11-21  1:19 ` [PATCH rdma-core 2/7] libhns: Optimize bind_mw for fixing null pointer access Weihang Li
2019-11-22  3:02   ` Zengtao (B) [this message]
2019-11-22  6:40     ` Weihang Li
2019-11-21  1:19 ` [PATCH rdma-core 3/7] libhns: Bugfix for assigning sl Weihang Li
2019-11-21  1:19 ` [PATCH rdma-core 4/7] libhns: Bugfix for cleaning cq Weihang Li
2019-11-21  1:19 ` [PATCH rdma-core 5/7] libhns: Bugfix for updating qp params Weihang Li
2019-11-21  1:19 ` [PATCH rdma-core 6/7] libhns: Avoid null pointer operation Weihang Li
2019-11-21  1:19 ` [PATCH rdma-core 7/7] libhns: Return correct value of cqe num when flushing cqe failed Weihang Li

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=678F3D1BB717D949B966B68EAEB446ED300CC8B9@dggemm526-mbx.china.huawei.com \
    --to=prime.zeng@hisilicon.com \
    --cc=dledford@redhat.com \
    --cc=jgg@ziepe.ca \
    --cc=leon@kernel.org \
    --cc=linux-rdma@vger.kernel.org \
    --cc=linuxarm@huawei.com \
    --cc=liweihang@hisilicon.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).