From: Xi Wang <wangxi11@xxxxxxxxxx>
The argument checking flow in hns_roce_u_bind_mw() will leads to access on
a null address when the mr is not initialized in mw_bind.
Fixes: 47eff6e8624d ("libhns: Adjust the order of parameter checking")
Signed-off-by: Xi Wang <wangxi11@xxxxxxxxxx>
Signed-off-by: Weihang Li <liweihang@xxxxxxxxxxxxx>
---
providers/hns/hns_roce_u_verbs.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/providers/hns/hns_roce_u_verbs.c b/providers/hns/hns_roce_u_verbs.c
index bd5060d..0acfd9a 100644
--- a/providers/hns/hns_roce_u_verbs.c
+++ b/providers/hns/hns_roce_u_verbs.c
@@ -186,7 +186,10 @@ int hns_roce_u_bind_mw(struct ibv_qp *qp, struct ibv_mw *mw,
if (!bind_info->mr && bind_info->length)
return EINVAL;
- if ((mw->pd != qp->pd) || (mw->pd != bind_info->mr->pd))
+ if (mw->pd != qp->pd)
+ return EINVAL;
+
+ if (bind_info->mr && (mw->pd != bind_info->mr->pd))
return EINVAL;
if (mw->type != IBV_MW_TYPE_1)
--
2.8.1
