> -----Original Message----- > From: linux-rdma-owner@xxxxxxxxxxxxxxx > [mailto:linux-rdma-owner@xxxxxxxxxxxxxxx] On Behalf Of Weihang Li > Sent: Thursday, November 21, 2019 9:19 AM > To: jgg@xxxxxxxx; leon@xxxxxxxxxx > Cc: dledford@xxxxxxxxxx; linux-rdma@xxxxxxxxxxxxxxx; Linuxarm > Subject: [PATCH rdma-core 2/7] libhns: Optimize bind_mw for fixing null > pointer access > > From: Xi Wang <wangxi11@xxxxxxxxxx> > > The argument checking flow in hns_roce_u_bind_mw() will leads to access > on > a null address when the mr is not initialized in mw_bind. > > Fixes: 47eff6e8624d ("libhns: Adjust the order of parameter checking") > Signed-off-by: Xi Wang <wangxi11@xxxxxxxxxx> > Signed-off-by: Weihang Li <liweihang@xxxxxxxxxxxxx> > --- > providers/hns/hns_roce_u_verbs.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/providers/hns/hns_roce_u_verbs.c > b/providers/hns/hns_roce_u_verbs.c > index bd5060d..0acfd9a 100644 > --- a/providers/hns/hns_roce_u_verbs.c > +++ b/providers/hns/hns_roce_u_verbs.c > @@ -186,7 +186,10 @@ int hns_roce_u_bind_mw(struct ibv_qp *qp, > struct ibv_mw *mw, > if (!bind_info->mr && bind_info->length) > return EINVAL; > > - if ((mw->pd != qp->pd) || (mw->pd != bind_info->mr->pd)) > + if (mw->pd != qp->pd) > + return EINVAL; > + > + if (bind_info->mr && (mw->pd != bind_info->mr->pd)) > return EINVAL; > Errno should also be set properly in this function, please refer to: http://man7.org/linux/man-pages/man3/ibv_bind_mw.3.html > if (mw->type != IBV_MW_TYPE_1) > -- > 2.8.1
