Re: [PATCH] rdma: infiniband: Added __alloc_cq request value Return value non-zero value determination

From: Jason Gunthorpe
Date: Mon Apr 07 2025 - 12:33:39 EST

Next message: Jeremy Linton: "[PATCH v2 4/6] arm64: probes: Add GCS support to bl/blr/ret"
Previous message: Jeremy Linton: "[PATCH v2 5/6] arm64: uprobes: Add GCS support to uretprobes"
In reply to: luoqing: "[PATCH] rdma: infiniband: Added __alloc_cq request value Return value non-zero value determination"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 07, 2025 at 05:33:41PM +0800, luoqing wrote:
> From: luoqing <luoqing@xxxxxxxxxx>
>
> When the kernel allocates memory for completion queue object ib_cq on the specified
> InfiniBand device dev and ensures that the allocated memory is cleared to zero,
> if the ib_cq object is not initialized to 0, a non-null value is still returned,
> and the kernel should exit and give a warning.
> Avoid kernel crash when this memory is initialized.

?? This doesn't make any sense.

> ib_mad_init_device
> -->ib_mad_port_open
> -->__ib_alloc_cq
> -->rdma_zalloc_drv_obj(dev, ib_cq);

rdma_zalloc_drv_obj() must return memory that is validly castable to
the struct ib_cq.

> When ib_cq is zero, the return value of cq is ZERO_SIZE_PTR ((void *)16) and is not non-null
> cq = rdma_zalloc_drv_obj(dev, ib_cq);

It looks to me like the driver returned the wrong size for the ib_cq
in the ops->size_ib_cq. It is not allowed to be 0 if the driver is
supporting cq.

Arguably we should check that the size_* pointers have the requirement
minimum size when registering the driver.

Allocation time is too late.

Jason

Next message: Jeremy Linton: "[PATCH v2 4/6] arm64: probes: Add GCS support to bl/blr/ret"
Previous message: Jeremy Linton: "[PATCH v2 5/6] arm64: uprobes: Add GCS support to uretprobes"
In reply to: luoqing: "[PATCH] rdma: infiniband: Added __alloc_cq request value Return value non-zero value determination"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]