packages/rdma-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rdma-core/0038-libhns-Fix-reference-to-uninitialized-cq-pointer.patch
Xinghai Cen b6ac52e2e9 libhns: Fixed several bugs in libhns to openEuler-24.03-LTS 
Fixed several bugs in libhns:
libhns: Add error logs to help diagnosis
libhns: Fix coredump during QP destruction when send_cq == recv_cq
libhns: Fix memory leakage when DCA is enabled
libhns: Fix the exception branch of wr_start() is not locked
libhns: Fix reference to uninitialized cq pointer
libhns: Fix out-of-order issue of requester when setting FENCE
2025-01-09 20:02:07 +08:00

69 lines
2.5 KiB
Diff
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 18ec396f9e56062a97207643a4c0c453f24e07b1 Mon Sep 17 00:00:00 2001
From: Chengchang Tang <tangchengchang@huawei.com>
Date: Fri, 8 Nov 2024 17:04:08 +0800
Subject: [PATCH] libhns: Fix reference to uninitialized cq pointer
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
mainline inclusion
from mainline-master
commit 18e3117cdd161a3f40b8a917f24cfb5227a1d75a
category: bugfix
bugzilla: https://gitee.com/src-openeuler/rdma-core/issues/IB3ZHQ
CVE: NA
Reference: https://github.com/linux-rdma/rdma-core/pull/1513/commits/18e3117cdd161a3f40b8a917f24cfb5227a1d75a
----------------------------------------------------------------------
For QPs which do not have an SQ, such as XRC TGTthe send_cq
pointer will not be initailized. Since the supported max_gs
will be 0 in this case, check it and return before referencing
the send_cq pointer.
Fixes: cbdf5e32a855 ("libhns: Reimplement verbs of post_send and post_recv for hip08 RoCE")
Signed-off-by: Chengchang Tang <tangchengchang@huawei.com>
Signed-off-by: Junxian Huang <huangjunxian6@hisilicon.com>
Signed-off-by: Xinghai Cen <cenxinghai@h-partners.com>
---
providers/hns/hns_roce_u_hw_v2.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/providers/hns/hns_roce_u_hw_v2.c b/providers/hns/hns_roce_u_hw_v2.c
index 2debcb3..465ef1e 100644
--- a/providers/hns/hns_roce_u_hw_v2.c
+++ b/providers/hns/hns_roce_u_hw_v2.c
@@ -1579,7 +1579,7 @@ int hns_roce_u_v2_post_send(struct ibv_qp *ibvqp, struct ibv_send_wr *wr,
struct hns_roce_context *ctx = to_hr_ctx(ibvqp->context);
struct hns_roce_qp *qp = to_hr_qp(ibvqp);
struct hns_roce_sge_info sge_info = {};
- struct hns_roce_rc_sq_wqe *wqe;
+ struct hns_roce_rc_sq_wqe *wqe = NULL;
struct ibv_qp_attr attr = {};
unsigned int wqe_idx, nreq;
int ret;
@@ -1595,15 +1595,15 @@ int hns_roce_u_v2_post_send(struct ibv_qp *ibvqp, struct ibv_send_wr *wr,
sge_info.start_idx = qp->next_sge; /* start index of extend sge */
for (nreq = 0; wr; ++nreq, wr = wr->next) {
- if (hns_roce_v2_wq_overflow(&qp->sq, nreq,
- to_hr_cq(qp->verbs_qp.qp.send_cq))) {
- ret = ENOMEM;
+ if (wr->num_sge > (int)qp->sq.max_gs) {
+ ret = qp->sq.max_gs > 0 ? EINVAL : EOPNOTSUPP;
*bad_wr = wr;
goto out;
}
- if (wr->num_sge > qp->sq.max_gs) {
- ret = EINVAL;
+ if (hns_roce_v2_wq_overflow(&qp->sq, nreq,
+ to_hr_cq(qp->verbs_qp.qp.send_cq))) {
+ ret = ENOMEM;
*bad_wr = wr;
goto out;
}
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink