From: Dan Carpenter <dan.carpenter@oracle.com>
To: ira.weiny@intel.com
Cc: devel@driverdev.osuosl.org, linux-rdma@vger.kernel.org,
gregkh@linuxfoundation.org,
Mitko Haralanov <mitko.haralanov@intel.com>,
dledford@redhat.com, dennis.dalessandro@intel.com
Subject: Re: [PATCH v2 14/22] staging/rdma/hfi1: Implement Expected Receive TID caching
Date: Thu, 22 Oct 2015 13:41:58 +0300 [thread overview]
Message-ID: <20151022104158.GL7340@mwanda> (raw)
In-Reply-To: <1445307097-8244-15-git-send-email-ira.weiny@intel.com>
On Mon, Oct 19, 2015 at 10:11:29PM -0400, ira.weiny@intel.com wrote:
> + case HFI1_CMD_TID_INVAL_READ:
> + ret = hfi1_user_exp_rcv_invalid(fp, &tinfo);
> + if (!ret) {
> + addr = (unsigned long)cmd.addr +
> + offsetof(struct hfi1_tid_info, tidcnt);
> + if (copy_to_user((void __user *)addr, &tinfo.tidcnt,
> + sizeof(tinfo.tidcnt)))
> + ret = -EFAULT;
> + }
> + break;
This switch statement uses success handling throughtout instead of
error handling. It's better if you write it like this:
case HFI1_CMD_TID_INVAL_READ:
ret = hfi1_user_exp_rcv_invalid(fp, &tinfo);
if (ret)
break;
addr = (unsigned long)cmd.addr +
offsetof(struct hfi1_tid_info, tidcnt);
if (copy_to_user((void __user *)addr, &tinfo.tidcnt,
sizeof(tinfo.tidcnt)))
ret = -EFAULT;
break;
The casting is sort of ugly... It would be better to make address a
pointer. It does cut down on the lines of code but at least the cast is
all done at once and really "addr" is actually a pointer.
case HFI1_CMD_TID_INVAL_READ:
ret = hfi1_user_exp_rcv_invalid(fp, &tinfo);
if (ret)
break;
addr = (void __user *)(unsigned long)cmd.addr +
offsetof(struct hfi1_tid_info, tidcnt);
if (copy_to_user(addr, &tinfo.tidcnt, sizeof(tinfo.tidcnt)))
ret = -EFAULT;
break;
> case HFI1_CMD_TID_FREE:
> - ret = exp_tid_free(fp, &tinfo);
> + ret = hfi1_user_exp_rcv_clear(fp, &tinfo);
> + addr = (unsigned long)cmd.addr +
> + offsetof(struct hfi1_tid_info, tidcnt);
> + if (copy_to_user((void __user *)addr, &tinfo.tidcnt,
> + sizeof(tinfo.tidcnt)))
> + ret = -EFAULT;
> break;
This is an information leak. We should break if
hfi1_user_exp_rcv_clear() fails, but instead we copy uninitialized
variables to the user.
> case HFI1_CMD_RECV_CTRL:
> ret = manage_rcvq(uctxt, subctxt_fp(fp), (int)user_val);
> @@ -607,9 +603,9 @@ static int hfi1_file_mmap(struct file *fp, struct vm_area_struct *vma)
> * Use the page where this context's flags are. User level
> * knows where it's own bitmap is within the page.
> */
> - memaddr = ((unsigned long)dd->events +
> - ((uctxt->ctxt - dd->first_user_ctxt) *
> - HFI1_MAX_SHARED_CTXTS)) & PAGE_MASK;
> + memaddr = (unsigned long)(dd->events +
> + ((uctxt->ctxt - dd->first_user_ctxt) *
> + HFI1_MAX_SHARED_CTXTS)) & PAGE_MASK;
I am too lazy to investigate the types of all these variables but I'm
instead going to assert that moving the cast to later is an unrelated
white space change. Don't mix white space changes in with a behavior
change patch because it makes it hard to review.
regards,
dan carpenter
next prev parent reply other threads:[~2015-10-22 10:41 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-20 2:11 [PATCH v2 00/22] staging/rdma/hfi1: Fix bugs and performance issues ira.weiny-ral2JQCrhuEAvxtiuMwx3w
[not found] ` <1445307097-8244-1-git-send-email-ira.weiny-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2015-10-20 2:11 ` [PATCH v2 01/22] staging/rdma/hfi1: Fix regression in send performance ira.weiny-ral2JQCrhuEAvxtiuMwx3w
[not found] ` <1445307097-8244-2-git-send-email-ira.weiny-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2015-10-21 13:18 ` Dan Carpenter
2015-10-26 2:10 ` ira.weiny
2015-10-20 2:11 ` [PATCH v2 02/22] staging/rdma/hfi1: Fix code to reset ASIC CSRs on FLR ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 03/22] staging/rdma/hfi1: Extend the offline timeout ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 04/22] staging/rdma/hfi1: Prevent host software lock up ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 05/22] staging/rdma/hfi1: Remove QSFP_ENABLED from HFI capability mask ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 06/22] staging/rdma/hfi1: Add coalescing support for SDMA TX descriptors ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 07/22] staging/rdma/hfi1: Fix sparse error in sdma.h file ira.weiny-ral2JQCrhuEAvxtiuMwx3w
[not found] ` <1445307097-8244-8-git-send-email-ira.weiny-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2015-10-21 14:12 ` Dan Carpenter
2015-10-21 16:29 ` Weiny, Ira
2015-10-22 10:01 ` Dan Carpenter
2015-10-25 1:59 ` gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r
2015-10-20 2:11 ` [PATCH v2 08/22] staging/rdma/hfi1: close shared context security hole ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 09/22] staging/rdma/hfi1: Reset firmware instead of reloading Sbus ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 10/22] staging/rdma/hfi1: Add a schedule in send thread ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 11/22] staging/rdma/hfi1: Fix port bounce issues with 0.22 DC firmware ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 12/22] staging/rdma/hfi1: Prevent silent data corruption with user SDMA ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 13/22] staging/rdma/hfi1: Macro code clean up ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 14/22] staging/rdma/hfi1: Implement Expected Receive TID caching ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-22 10:41 ` Dan Carpenter [this message]
2015-10-22 23:18 ` ira.weiny
[not found] ` <20151022231819.GB4019-W4f6Xiosr+yv7QzWx2u06xL4W9x8LtSr@public.gmane.org>
2015-10-23 3:53 ` Dan Carpenter
2015-10-20 2:11 ` [PATCH v2 15/22] staging/rdma/hfi1: Allow tuning of SDMA interrupt rate ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-22 10:54 ` Dan Carpenter
2015-10-22 22:27 ` ira.weiny
2015-10-20 2:11 ` [PATCH v2 16/22] staging/rdma/hfi1: Add irqsaves in the packet processing path ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 17/22] staging/rdma/hfi1: Thread the receive interrupt ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 18/22] staging/rdma/hfi: modify workqueue for parallelism ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 19/22] staging/rdma/hfi1: Load SBus firmware once per ASIC ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 20/22] staging/rdma/hfi1: Add unit # to verbs txreq cache name ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 21/22] staging/rdma/hfi1: add additional rc traces ira.weiny-ral2JQCrhuEAvxtiuMwx3w
2015-10-20 2:11 ` [PATCH v2 22/22] staging/rdma/hfi1: Update driver version string to 0.9-294 ira.weiny-ral2JQCrhuEAvxtiuMwx3w
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151022104158.GL7340@mwanda \
--to=dan.carpenter@oracle.com \
--cc=dennis.dalessandro@intel.com \
--cc=devel@driverdev.osuosl.org \
--cc=dledford@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=ira.weiny@intel.com \
--cc=linux-rdma@vger.kernel.org \
--cc=mitko.haralanov@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).