On Mon, Jun 05, 2017 at 05:39:48PM +0800, Jia-Ju Bai wrote:
> The driver may sleep under a spin lock, and the function call path is:
> post_one_send (acquire the lock by spin_lock_irqsave)
> init_send_wqe
> copy_from_user --> may sleep
>
> There is no flow that makes "qp->is_user" true, and copy_from_user may
> cause bug when a non-user pointer is used. So, the line of copy_from_user
> is removed.
>
> Signed-off-by: Jia-Ju Bai <baijiaju1990@xxxxxxx>
> ---
> V4:
> * Remove the line of copy_from_user.
>
> V3:
> * It corrects the mistakes of remaining legacy code in V2.
> (Thank Ram for pointing it out)
>
> V2:
> * The parameter "flags" is added to restore and save the irq status.
> Thank Leon for good advice.
> ---
> drivers/infiniband/sw/rxe/rxe_verbs.c | 6 +-----
> 1 file changed, 1 insertion(+), 5 deletions(-)
>
> diff --git a/drivers/infiniband/sw/rxe/rxe_verbs.c b/drivers/infiniband/sw/rxe/rxe_verbs.c
> index 83d709e..7c52c7c 100644
> --- a/drivers/infiniband/sw/rxe/rxe_verbs.c
> +++ b/drivers/infiniband/sw/rxe/rxe_verbs.c
> @@ -740,11 +740,7 @@ static int init_send_wqe(struct rxe_qp *qp, struct ib_send_wr *ibwr,
>
> sge = ibwr->sg_list;
> for (i = 0; i < num_sge; i++, sge++) {
> - if (qp->is_user && copy_from_user(p, (__user void *)
> - (uintptr_t)sge->addr, sge->length))
> - return -EFAULT;
> -
> - else if (!qp->is_user)
> + if (!qp->is_user)
According to the Moni's previous responses the line above is always true.
> memcpy(p, (void *)(uintptr_t)sge->addr,
> sge->length);
>
> --
> 1.7.9.5
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Attachment:
signature.asc
Description: PGP signature
