projects
/
platform
/
kernel
/
linux-rpi.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
497158a
)
IB/core : Add null pointer check in addr_resolve
author
Muneendra Kumar M
<muneendra.kumar@broadcom.com>
Wed, 28 Feb 2018 05:51:49 +0000
(21:51 -0800)
committer
Jason Gunthorpe
<jgg@mellanox.com>
Wed, 28 Feb 2018 19:10:33 +0000
(12:10 -0700)
dev_get_by_index is being called in addr_resolve
function which returns NULL and NULL pointer access
leads to kernel crash.
Following call trace is observed while running
rdma_lat test application
[ 146.173149] BUG: unable to handle kernel NULL pointer dereference
at
00000000000004a0
[ 146.173198] IP: addr_resolve+0x9e/0x3e0 [ib_core]
[ 146.173221] PGD 0 P4D 0
[ 146.173869] Oops: 0000 [#1] SMP PTI
[ 146.182859] CPU: 8 PID: 127 Comm: kworker/8:1 Tainted: G O 4.15.0-rc6+ #18
[ 146.183758] Hardware name: LENOVO System x3650 M5: -[
8871AC1
]-/01KN179,
BIOS-[TCE132H-2.50]- 10/11/2017
[ 146.184691] Workqueue: ib_cm cm_work_handler [ib_cm]
[ 146.185632] RIP: 0010:addr_resolve+0x9e/0x3e0 [ib_core]
[ 146.186584] RSP: 0018:
ffffc9000362faa0
EFLAGS:
00010246
[ 146.187521] RAX:
000000000000001b
RBX:
ffffc9000362fc08
RCX:
0000000000000006
[ 146.188472] RDX:
0000000000000000
RSI:
0000000000000096
RDI
:
ffff88087fc16990
[ 146.189427] RBP:
ffffc9000362fb18
R08:
00000000ffffff9d
R09:
00000000000004ac
[ 146.190392] R10:
00000000000001e7
R11:
0000000000000001
R12:
ffff88086af2e090
[ 146.191361] R13:
0000000000000000
R14:
0000000000000001
R15:
00000000ffffff9d
[ 146.192327] FS:
0000000000000000
(0000) GS:
ffff88087fc00000
(0000)
knlGS:
0000000000000000
[ 146.193301] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 146.194274] CR2:
00000000000004a0
CR3:
000000000220a002
CR4:
00000000003606e0
[ 146.195258] DR0:
0000000000000000
DR1:
0000000000000000
DR2:
0000000000000000
[ 146.196256] DR3:
0000000000000000
DR6:
00000000fffe0ff0
DR7:
0000000000000400
[ 146.197231] Call Trace:
[ 146.198209] ? rdma_addr_register_client+0x30/0x30 [ib_core]
[ 146.199199] rdma_resolve_ip+0x1af/0x280 [ib_core]
[ 146.200196] rdma_addr_find_l2_eth_by_grh+0x154/0x2b0 [ib_core]
The below patch adds the missing NULL pointer check
returned by dev_get_by_index before accessing the netdev to
avoid kernel crash.
We observed the below crash when we try to do the below test.
server client
--------- ---------
|1.1.1.1|<----rxe-channel--->|1.1.1.2|
--------- ---------
On server: rdma_lat -c -n 2 -s 1024
On client:rdma_lat 1.1.1.1 -c -n 2 -s 1024
Fixes: 200298326b27 ("IB/core: Validate route when we init ah")
Signed-off-by: Muneendra <muneendra.kumar@broadcom.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
drivers/infiniband/core/addr.c
patch
|
blob
|
history
diff --git
a/drivers/infiniband/core/addr.c
b/drivers/infiniband/core/addr.c
index a5b4cf030c11b74291baa6859ee370295fd0c42f..9183d148d644484c11f4e26fc87ff332c4fbb4eb 100644
(file)
--- a/
drivers/infiniband/core/addr.c
+++ b/
drivers/infiniband/core/addr.c
@@
-550,18
+550,13
@@
static int addr_resolve(struct sockaddr *src_in,
dst_release(dst);
}
- if (ndev->flags & IFF_LOOPBACK) {
- ret = rdma_translate_ip(dst_in, addr);
- /*
- * Put the loopback device and get the translated
- * device instead.
- */
+ if (ndev) {
+ if (ndev->flags & IFF_LOOPBACK)
+ ret = rdma_translate_ip(dst_in, addr);
+ else
+ addr->bound_dev_if = ndev->ifindex;
dev_put(ndev);
- ndev = dev_get_by_index(addr->net, addr->bound_dev_if);
- } else {
- addr->bound_dev_if = ndev->ifindex;
}
- dev_put(ndev);
return ret;
}