From patchwork Wed Nov 19 14:46:47 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Wan, Kaike" <kaike.wan@intel.com>
X-Patchwork-Id: 5337921
Return-Path: <linux-rdma-owner@kernel.org>
X-Original-To: patchwork-linux-rdma@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 6DD83C11AC
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Wed, 19 Nov 2014 14:47:27 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id A136520172
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Wed, 19 Nov 2014 14:47:26 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id B37CA20122
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Wed, 19 Nov 2014 14:47:25 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755450AbaKSOrZ (ORCPT
	<rfc822;patchwork-linux-rdma@patchwork.kernel.org>);
	Wed, 19 Nov 2014 09:47:25 -0500
Received: from mga09.intel.com ([134.134.136.24]:40336 "EHLO mga09.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752950AbaKSOrY (ORCPT <rfc822;linux-rdma@vger.kernel.org>);
	Wed, 19 Nov 2014 09:47:24 -0500
Received: from orsmga001.jf.intel.com ([10.7.209.18])
	by orsmga102.jf.intel.com with ESMTP; 19 Nov 2014 06:45:12 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.07,417,1413270000"; d="scan'208";a="610466772"
Received: from phlsvsds.ph.intel.com ([10.228.195.38])
	by orsmga001.jf.intel.com with ESMTP; 19 Nov 2014 06:47:22 -0800
Received: from phlsvsds.ph.intel.com (localhost.localdomain [127.0.0.1])
	by phlsvsds.ph.intel.com (8.13.8/8.13.8) with ESMTP id sAJElMU8006834;
	Wed, 19 Nov 2014 09:47:22 -0500
Received: (from kaikewan@localhost)
	by phlsvsds.ph.intel.com (8.13.8/8.13.8/Submit) id sAJElMI4006831;
	Wed, 19 Nov 2014 09:47:22 -0500
X-Authentication-Warning: phlsvsds.ph.intel.com: kaikewan set sender to
	kaike.wan@intel.com using -f
From: kaike.wan@intel.com
To: sean.hefty@intel.com
Cc: linux-rdma@vger.kernel.org, Kaike Wan <kaike.wan@intel.com>
Subject: [PATCH 3/3] ibacm/ibacmp: fix a crash when SM restarts
Date: Wed, 19 Nov 2014 09:46:47 -0500
Message-Id: <1416408407-6774-4-git-send-email-kaike.wan@intel.com>
X-Mailer: git-send-email 1.7.1
In-Reply-To: <1416408407-6774-1-git-send-email-kaike.wan@intel.com>
References: <1416408407-6774-1-git-send-email-kaike.wan@intel.com>
Sender: linux-rdma-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-rdma.vger.kernel.org>
X-Mailing-List: linux-rdma@vger.kernel.org
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	T_RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Kaike Wan <kaike.wan@intel.com>

Ibacm may cause segfault when the SM restarts: when the SM restarts, ibacm will
receive P_Key change event and instruct ibacmp to close all endpoints. However,
ibacmp only resets the core endpoint pointer in its ep structure and keeps the ep
in the port's ep_list. Afterwards, the ibacm core will ask ibacmp to create
an ep for each pkey enumerated from the local port. The ep will be found
from the port's ep_list if it exists. However, if an old pkey is not present
in the new SM configuration, the old ep will still be linked in the port's
ep_list with the ep->endpoint being set to NULL. When the ibacm core forwards
the client reregistration event to ibacmp, ibacmp will enumerate the ep_list and
try to join multicast group for each ep, including any one with ep->endpoint
set to NULL. In this case, it will cause segfault in acm_send_sa_mad().
Additional check should be able to avoid the crash.

Signed-off-by: Kaike Wan <kaike.wan@intel.com>
---
 prov/acmp/src/acmp.c |    4 ++++
 src/acm.c            |    4 ++++
 2 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/prov/acmp/src/acmp.c b/prov/acmp/src/acmp.c
index 7568b9c..2b85958 100644
--- a/prov/acmp/src/acmp.c
+++ b/prov/acmp/src/acmp.c
@@ -1446,6 +1446,10 @@ static int acmp_port_join(void *port_context)
 	for (ep_entry = port->ep_list.Next; ep_entry != &port->ep_list;
 		 ep_entry = ep_entry->Next) {
 		ep = container_of(ep_entry, struct acmp_ep, entry);
+		if (!ep->endpoint) {
+			/* Stale endpoint */
+			continue;
+		}
 		acmp_ep_join(ep);
 	}
 	acm_log(1, "joins for device %s port %d complete\n",
diff --git a/src/acm.c b/src/acm.c
index d807c73..2d0d2e1 100644
--- a/src/acm.c
+++ b/src/acm.c
@@ -2352,6 +2352,10 @@ acm_alloc_sa_mad(const struct acm_endpoint *endpoint, void *context,
 {
 	struct acmc_sa_req *req;
 
+	if (!endpoint) {
+		acm_log(0, "Error: NULL endpoint\n");
+		return NULL;
+	}
 	req = calloc(1, sizeof (*req));
 	if (!req) {
 		acm_log(0, "Error: failed to allocate sa request\n");