rxe: Fix a sleep-in-atomic bug in post_one_send
The driver may sleep under a spin lock, and the function call path is: post_one_send (acquire the lock by spin_lock_irqsave) init_send_wqe copy_from_user --> may sleep There is no flow that makes "qp->is_user" true, and copy_from_user may cause bug when a non-user pointer is used. So the lines of copy_from_user and check of "qp->is_user" are removed. Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com> Reviewed-by: Leon Romanovsky <leonro@mellanox.com> Acked-by: Moni Shoua <monis@mellanox.com> Signed-off-by: Doug Ledford <dledford@redhat.com>
This commit is contained in:
parent
e57bb6be5e
commit
07d432bb97
|
@ -740,13 +740,8 @@ static int init_send_wqe(struct rxe_qp *qp, struct ib_send_wr *ibwr,
|
|||
|
||||
sge = ibwr->sg_list;
|
||||
for (i = 0; i < num_sge; i++, sge++) {
|
||||
if (qp->is_user && copy_from_user(p, (__user void *)
|
||||
(uintptr_t)sge->addr, sge->length))
|
||||
return -EFAULT;
|
||||
|
||||
else if (!qp->is_user)
|
||||
memcpy(p, (void *)(uintptr_t)sge->addr,
|
||||
sge->length);
|
||||
memcpy(p, (void *)(uintptr_t)sge->addr,
|
||||
sge->length);
|
||||
|
||||
p += sge->length;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue