On Tue, 25 Jul 2023 at 12:36, Peter Maydell <peter.mayd...@linaro.org> wrote:
>
> In query_port() we pass the address of a local pvrdma_port_attr
> struct to the rdma_query_backend_port() function. Unfortunately,
> rdma_backend_query_port() wants a pointer to a struct ibv_port_attr,
> and the two are not the same length.
>
> Coverity spotted this (CID 1507146): pvrdma_port_attr is 48 bytes
> long, and ibv_port_attr is 52 bytes, because it has a few extra
> fields at the end.
>
> Fortunately, all we do with the attrs struct after the call is to
> read a few specific fields out of it which are all at the same
> offsets in both structs, so we can simply make the local variable the
> correct type. This also lets us drop the cast (which should have
> been a bit of a warning flag that we were doing something wrong
> here).
>
> Cc: qemu-sta...@nongnu.org
> Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
> ---
> I don't know anything about the rdma code so this fix is based
> purely on looking at the code, and is untested beyond just
> make check/make check-avocado.
> ---
> hw/rdma/vmw/pvrdma_cmd.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
> index c6ed0259821..d31c1875938 100644
> --- a/hw/rdma/vmw/pvrdma_cmd.c
> +++ b/hw/rdma/vmw/pvrdma_cmd.c
> @@ -129,14 +129,13 @@ static int query_port(PVRDMADev *dev, union
> pvrdma_cmd_req *req,
> {
> struct pvrdma_cmd_query_port *cmd = &req->query_port;
> struct pvrdma_cmd_query_port_resp *resp = &rsp->query_port_resp;
> - struct pvrdma_port_attr attrs = {};
> + struct ibv_port_attr attrs = {};
>
> if (cmd->port_num > MAX_PORTS) {
> return -EINVAL;
> }
>
> - if (rdma_backend_query_port(&dev->backend_dev,
> - (struct ibv_port_attr *)&attrs)) {
> + if (rdma_backend_query_port(&dev->backend_dev, &attrs)) {
> return -ENOMEM;
> }
Ping for review/testing by the rdma folks, please ?
Whose tree should this patch go through?
thanks
-- PMM
