[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20250407162559.GA1562048@ziepe.ca>
Date: Mon, 7 Apr 2025 13:25:59 -0300
From: Jason Gunthorpe <jgg@...pe.ca>
To: luoqing <l1138897701@....com>
Cc: luoqing@...inos.cn, Leon Romanovsky <leon@...nel.org>,
linux-rdma@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] rdma: infiniband: Added __alloc_cq request value Return
value non-zero value determination
On Mon, Apr 07, 2025 at 05:33:41PM +0800, luoqing wrote:
> From: luoqing <luoqing@...inos.cn>
>
> When the kernel allocates memory for completion queue object ib_cq on the specified
> InfiniBand device dev and ensures that the allocated memory is cleared to zero,
> if the ib_cq object is not initialized to 0, a non-null value is still returned,
> and the kernel should exit and give a warning.
> Avoid kernel crash when this memory is initialized.
?? This doesn't make any sense.
> ib_mad_init_device
> -->ib_mad_port_open
> -->__ib_alloc_cq
> -->rdma_zalloc_drv_obj(dev, ib_cq);
rdma_zalloc_drv_obj() must return memory that is validly castable to
the struct ib_cq.
> When ib_cq is zero, the return value of cq is ZERO_SIZE_PTR ((void *)16) and is not non-null
> cq = rdma_zalloc_drv_obj(dev, ib_cq);
It looks to me like the driver returned the wrong size for the ib_cq
in the ops->size_ib_cq. It is not allowed to be 0 if the driver is
supporting cq.
Arguably we should check that the size_* pointers have the requirement
minimum size when registering the driver.
Allocation time is too late.
Jason
Powered by blists - more mailing lists