On Tue, 27 Nov 2018 18:32:35 +0300
Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
> On Tue, Nov 27, 2018 at 05:25:55PM +0200, jackm wrote:
> > On Tue, 27 Nov 2018 10:10:23 +0300
> > Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:copy_to
> >
> > Thanks, Dan -- you are correct, all other kernel users of
> > copy_to_user return -EFAULT to their callers if non-zero is
> > returned by copy_to_user.
> >
> > I'll fix this; The fix needs to be submitted to
> > netdev@xxxxxxxxxxxxxxx, since the bug is under drivers/net/ethernet.
> >
> > (Tariq Toukan will submit the fix when it is ready).
> >
>
> Yeah... That doesn't matter too much because the caller does this:
>
> 385 cq_context->mtt_base_addr_h = mtt_addr >> 32;
> 386 cq_context->mtt_base_addr_l = cpu_to_be32(mtt_addr &
> 0xffffffff); 387 cq_context->db_rec_addr =
> cpu_to_be64(db_rec); 388
> 389 if (sw_cq_init) {
> 390 if (user_cq) {
> 391 err = mlx4_init_user_cqes(buf_addr,
> nent, 392
> dev->caps.cqe_size); 393 if (err)
> 394 sw_cq_init = false;
>
> If mlx4_init_user_cqes() returns any non-zero it's treated the same.
> We set sw_cq_init to false.
>
> 395 } else {
> 396 mlx4_init_kernel_cqes(buf_addr, nent,
> 397
> dev->caps.cqe_size); 398 }
> 399 }
> 400
> 401 err = mlx4_SW2HW_CQ(dev, mailbox, cq->cqn,
> sw_cq_init); ^^^ ^^^^^^^^^^
> Then use it here. The err is never returned to the user.
>
> 402
> 403 mlx4_free_cmd_mailbox(dev, mailbox);
> 404 if (err)
> 405 goto err_radix;
> 406
> 407 cq->cons_index = 0;
> 408 cq->arm_sn = 1;
>
>
Thx, Dan!
As you point out, the bug does not really have an effect.
However, we'll fix this anyway, because that will be cleaner/neater.
-Jack
