From e20de83892bcba8e8944cbf83e8acc9192d514bb Mon Sep 17 00:00:00 2001 From: Chengchang Tang Date: Mon, 3 Jul 2023 15:22:57 +0800 Subject: [PATCH 2/2] libhns: Fix reference to uninitialized cq pointer mainline inclusion from mainline-v47.0 commit e850ebe1570c06990cc60e96d0085d5d2a1cfcaa category: bugfix bugzilla: https://gitee.com/src-openeuler/rdma-core/issues/I7NTLE CVE: NA Reference: https://github.com/linux-rdma/rdma-core/commit/e850ebe1570c06990cc60e96d0085d5d2a1cfcaa ---------------------------------------------------------------------- In cases such as using XRC and SRQ where RQs are not created, the recv_cq pointer will not be initailized, and thus the unsupported post recv function should return before referencing the recv_cq pointer. Fixes: 4ea9a4f77ac8 ("libhns: Remove unnecessary QP checks") Signed-off-by: Chengchang Tang Signed-off-by: Junxian Huang Signed-off-by: Juan Zhou --- providers/hns/hns_roce_u_hw_v2.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/providers/hns/hns_roce_u_hw_v2.c b/providers/hns/hns_roce_u_hw_v2.c index 688eff8..9238fe5 100644 --- a/providers/hns/hns_roce_u_hw_v2.c +++ b/providers/hns/hns_roce_u_hw_v2.c @@ -1599,15 +1599,15 @@ static int hns_roce_u_v2_post_recv(struct ibv_qp *ibvqp, struct ibv_recv_wr *wr, max_sge = qp->rq.max_gs - qp->rq.rsv_sge; for (nreq = 0; wr; ++nreq, wr = wr->next) { - if (hns_roce_v2_wq_overflow(&qp->rq, nreq, - to_hr_cq(qp->verbs_qp.qp.recv_cq))) { - ret = ENOMEM; + if (wr->num_sge > max_sge) { + ret = max_sge > 0 ? EINVAL : EOPNOTSUPP; *bad_wr = wr; goto out; } - if (wr->num_sge > max_sge) { - ret = EINVAL; + if (hns_roce_v2_wq_overflow(&qp->rq, nreq, + to_hr_cq(qp->verbs_qp.qp.recv_cq))) { + ret = ENOMEM; *bad_wr = wr; goto out; } -- 2.25.1