On 2019/11/22 11:02, Zengtao (B) wrote: >> -----Original Message----- >> From: linux-rdma-owner@xxxxxxxxxxxxxxx >> [mailto:linux-rdma-owner@xxxxxxxxxxxxxxx] On Behalf Of Weihang Li >> Sent: Thursday, November 21, 2019 9:19 AM >> To: jgg@xxxxxxxx; leon@xxxxxxxxxx >> Cc: dledford@xxxxxxxxxx; linux-rdma@xxxxxxxxxxxxxxx; Linuxarm >> Subject: [PATCH rdma-core 2/7] libhns: Optimize bind_mw for fixing null >> pointer access >> >> From: Xi Wang <wangxi11@xxxxxxxxxx> >> >> The argument checking flow in hns_roce_u_bind_mw() will leads to access >> on >> a null address when the mr is not initialized in mw_bind. >> >> Fixes: 47eff6e8624d ("libhns: Adjust the order of parameter checking") >> Signed-off-by: Xi Wang <wangxi11@xxxxxxxxxx> >> Signed-off-by: Weihang Li <liweihang@xxxxxxxxxxxxx> >> --- >> providers/hns/hns_roce_u_verbs.c | 5 ++++- >> 1 file changed, 4 insertions(+), 1 deletion(-) >> >> diff --git a/providers/hns/hns_roce_u_verbs.c >> b/providers/hns/hns_roce_u_verbs.c >> index bd5060d..0acfd9a 100644 >> --- a/providers/hns/hns_roce_u_verbs.c >> +++ b/providers/hns/hns_roce_u_verbs.c >> @@ -186,7 +186,10 @@ int hns_roce_u_bind_mw(struct ibv_qp *qp, >> struct ibv_mw *mw, >> if (!bind_info->mr && bind_info->length) >> return EINVAL; >> >> - if ((mw->pd != qp->pd) || (mw->pd != bind_info->mr->pd)) >> + if (mw->pd != qp->pd) >> + return EINVAL; >> + >> + if (bind_info->mr && (mw->pd != bind_info->mr->pd)) >> return EINVAL; >> > Errno should also be set properly in this function, please refer to: > http://man7.org/linux/man-pages/man3/ibv_bind_mw.3.html > Hi Zengtao, Do you mean that all these conditions should return errno different with each other? IMHO, EINVAL is OK here, because all these returns is caused by "Invalid Argument" Thank you Weihang >> if (mw->type != IBV_MW_TYPE_1) >> -- >> 2.8.1 > > > . >
