ba7a351bb3
The issues mainly lies in the memory empty check, variable range inconsistency, parameter verification, and print format. Signed-off-by: Luoyouming <luoyouming@huawei.com> Signed-off-by: Chengchang Tang <tangchengchang@huawei.com Signed-off-by: Ran Zhou <zhouran10@h-partners.com> (cherry picked from commit 918525387673e173835fd287995470cbaccad784)
65 lines
2.1 KiB
Diff
65 lines
2.1 KiB
Diff
From 9e3f4aa0a83ea0ff9512678e3932e611186d573e Mon Sep 17 00:00:00 2001
|
|
From: Chengchang Tang <tangchengchang@huawei.com>
|
|
Date: Mon, 27 Nov 2023 16:39:50 +0800
|
|
Subject: [PATCH 74/75] libhns: Fix possible overflow in cq clean
|
|
|
|
driver inclusion
|
|
category: bugfix
|
|
bugzilla: https://gitee.com/src-openeuler/rdma-core/issues/I8J2XP?from=project-issue
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
The ci/pi of hns roce cq allows data to be flipped. but in
|
|
__hns_roce_v2_cq_clean(), this flip may lead to an wrong number
|
|
of loops.
|
|
|
|
This patch fixes it by extending the data type to avoid data
|
|
flipping.
|
|
|
|
Signed-off-by: Chengchang Tang <tangchengchang@huawei.com>
|
|
---
|
|
providers/hns/hns_roce_u_hw_v2.c | 25 +++++++++++++------------
|
|
1 file changed, 13 insertions(+), 12 deletions(-)
|
|
|
|
diff --git a/providers/hns/hns_roce_u_hw_v2.c b/providers/hns/hns_roce_u_hw_v2.c
|
|
index b48cabd..fc938de 100644
|
|
--- a/providers/hns/hns_roce_u_hw_v2.c
|
|
+++ b/providers/hns/hns_roce_u_hw_v2.c
|
|
@@ -1847,20 +1847,21 @@ out:
|
|
static void __hns_roce_v2_cq_clean(struct hns_roce_cq *cq, uint32_t qpn,
|
|
struct hns_roce_srq *srq)
|
|
{
|
|
- int nfreed = 0;
|
|
- bool is_recv_cqe;
|
|
- uint8_t owner_bit;
|
|
- uint16_t wqe_index;
|
|
- uint32_t prod_index;
|
|
- struct hns_roce_v2_cqe *cqe, *dest;
|
|
- struct hns_roce_context *ctx = to_hr_ctx(cq->verbs_cq.cq.context);
|
|
-
|
|
- for (prod_index = cq->cons_index; get_sw_cqe_v2(cq, prod_index);
|
|
- ++prod_index)
|
|
- if (prod_index > cq->cons_index + cq->verbs_cq.cq.cqe)
|
|
+ struct hns_roce_context *ctx = to_hr_ctx(cq->verbs_cq.cq.context);
|
|
+ uint64_t cons_index = cq->cons_index;
|
|
+ uint64_t prod_index = cq->cons_index;
|
|
+ struct hns_roce_v2_cqe *cqe, *dest;
|
|
+ uint16_t wqe_index;
|
|
+ uint8_t owner_bit;
|
|
+ bool is_recv_cqe;
|
|
+ int nfreed = 0;
|
|
+
|
|
+ for (; get_sw_cqe_v2(cq, prod_index); ++prod_index)
|
|
+ if (prod_index > cons_index + cq->verbs_cq.cq.cqe)
|
|
break;
|
|
|
|
- while ((int) --prod_index - (int) cq->cons_index >= 0) {
|
|
+ while (prod_index - cons_index > 0) {
|
|
+ prod_index--;
|
|
cqe = get_cqe_v2(cq, prod_index & cq->verbs_cq.cq.cqe);
|
|
if (hr_reg_read(cqe, CQE_LCL_QPN) == qpn) {
|
|
is_recv_cqe = hr_reg_read(cqe, CQE_S_R);
|
|
--
|
|
2.25.1
|
|
|