From patchwork Tue Jan 9 14:16:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael J. Ruhl" X-Patchwork-Id: 10152269 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id F2207603ED for ; Tue, 9 Jan 2018 14:17:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E5F6D21C9A for ; Tue, 9 Jan 2018 14:17:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DA7B023F88; Tue, 9 Jan 2018 14:17:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5772521C9A for ; Tue, 9 Jan 2018 14:17:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754928AbeAIORD convert rfc822-to-8bit (ORCPT ); Tue, 9 Jan 2018 09:17:03 -0500 Received: from mga09.intel.com ([134.134.136.24]:64416 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752096AbeAIORB (ORCPT ); Tue, 9 Jan 2018 09:17:01 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 09 Jan 2018 06:17:01 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,335,1511856000"; d="scan'208";a="193556570" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by fmsmga006.fm.intel.com with ESMTP; 09 Jan 2018 06:17:00 -0800 Received: from fmsmsx152.amr.corp.intel.com (10.18.125.5) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 9 Jan 2018 06:17:00 -0800 Received: from fmsmsx107.amr.corp.intel.com ([169.254.6.59]) by FMSMSX152.amr.corp.intel.com ([169.254.6.14]) with mapi id 14.03.0319.002; Tue, 9 Jan 2018 06:17:00 -0800 From: "Ruhl, Michael J" To: Dan Carpenter , "Marciniszyn, Mike" CC: "Dalessandro, Dennis" , Doug Ledford , Jason Gunthorpe , "linux-rdma@vger.kernel.org" , "kernel-janitors@vger.kernel.org" Subject: RE: [PATCH] IB/hfi1: Prevent a NULL dereference Thread-Topic: [PATCH] IB/hfi1: Prevent a NULL dereference Thread-Index: AQHTiSzPml3Gc+0VlEuRPg/YXac8F6Nrg5eA Date: Tue, 9 Jan 2018 14:16:59 +0000 Message-ID: <14063C7AD467DE4B82DEDB5C278E8663A9F7F391@fmsmsx107.amr.corp.intel.com> References: <20180109092714.valolokywtmbprw7@mwanda> In-Reply-To: <20180109092714.valolokywtmbprw7@mwanda> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNzE0YjBlNWQtNWJiMi00NzQwLTgwMWMtZDU4N2E1MGExY2Y0IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE2LjUuOS4zIiwiVHJ1c3RlZExhYmVsSGFzaCI6InlcL3ZKTzFoMVhDUVcwZ0ZFNHNpNEs1b3Fxb29pUDdQV0pYYmFDSlRIbzVBPSJ9 x-originating-ip: [10.1.200.106] MIME-Version: 1.0 Sender: linux-rdma-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP > -----Original Message----- > From: Dan Carpenter [mailto:dan.carpenter@oracle.com] > Sent: Tuesday, January 9, 2018 4:27 AM > To: Marciniszyn, Mike ; Ruhl, Michael J > > Cc: Dalessandro, Dennis ; Doug Ledford > ; Jason Gunthorpe ; linux- > rdma@vger.kernel.org; kernel-janitors@vger.kernel.org > Subject: [PATCH] IB/hfi1: Prevent a NULL dereference > > In the original code, we set "fd->uctxt" to NULL and then dereference it > which will cause an Oops. > > Fixes: f2a3bc00a03c ("IB/hfi1: Protect context array set/clear with spinlock") > Signed-off-by: Dan Carpenter > > diff --git a/drivers/infiniband/hw/hfi1/file_ops.c > b/drivers/infiniband/hw/hfi1/file_ops.c > index 82086241aac3..3de1ac94bb85 100644 > --- a/drivers/infiniband/hw/hfi1/file_ops.c > +++ b/drivers/infiniband/hw/hfi1/file_ops.c > @@ -763,10 +763,10 @@ static int complete_subctxt(struct hfi1_filedata *fd) > } > > if (ret) { > + __clear_bit(fd->subctxt, fd->uctxt->in_use_ctxts); > hfi1_rcd_put(fd->uctxt); > fd->uctxt = NULL; > spin_lock_irqsave(&fd->dd->uctxt_lock, flags); > - __clear_bit(fd->subctxt, fd->uctxt->in_use_ctxts); > spin_unlock_irqrestore(&fd->dd->uctxt_lock, flags); > } > Hi Dan, Thanks for catching this. However, the patch is not quite correct. The __clear_bit() spin_lock_irqsave/restore need stay together. The patch should be: the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/infiniband/hw/hfi1/file_ops.c b/drivers/infiniband/hw/hfi1/ index 7750a9c..1df7da4 100644 --- a/drivers/infiniband/hw/hfi1/file_ops.c +++ b/drivers/infiniband/hw/hfi1/file_ops.c @@ -763,11 +763,11 @@ static int complete_subctxt(struct hfi1_filedata *fd) } if (ret) { - hfi1_rcd_put(fd->uctxt); - fd->uctxt = NULL; spin_lock_irqsave(&fd->dd->uctxt_lock, flags); __clear_bit(fd->subctxt, fd->uctxt->in_use_ctxts); spin_unlock_irqrestore(&fd->dd->uctxt_lock, flags); + hfi1_rcd_put(fd->uctxt); + fd->uctxt = NULL; } -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in