| Message ID | 1502132526-18355-1-git-send-email-bharat@chelsio.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
Hi Doug, Please pull this change for next rc if you feel the change appropriate. Thanks, Bharat. On Tuesday, August 08/08/17, 2017 at 00:32:06 +0530, Potnuri Bharat Teja wrote: > Initializing cq_context with ev_queue in create_cq(), leads to NULL pointer > dereference in ib_uverbs_comp_handler(), if application doesnot use completion > channel. This patch fixes the cq_context initialization. > > Fixes: 1e7710f3f65 ("IB/core: Change completion channel to use the reworked") > Signed-off-by: Potnuri Bharat Teja <bharat@chelsio.com> > Tested-by: Logan Gunthorpe <logang@deltatee.com> > Reviewed-by: Matan Barak <matanb@mellanox.com> > --- > drivers/infiniband/core/uverbs_cmd.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c > index 2c98533a0203..50a6c64f0388 100644 > --- a/drivers/infiniband/core/uverbs_cmd.c > +++ b/drivers/infiniband/core/uverbs_cmd.c > @@ -1015,7 +1015,7 @@ static struct ib_ucq_object *create_cq(struct ib_uverbs_file *file, > cq->uobject = &obj->uobject; > cq->comp_handler = ib_uverbs_comp_handler; > cq->event_handler = ib_uverbs_cq_event_handler; > - cq->cq_context = &ev_file->ev_queue; > + cq->cq_context = ev_file ? &ev_file->ev_queue : NULL; > atomic_set(&cq->usecnt, 0); > > obj->uobject.object = cq; > -- > 2.5.3 > -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
> > Hi Doug, > Please pull this change for next rc if you feel the change appropriate. > Thanks, > Bharat. I think this commit needs to be pushed to stable as well. I see the commit it fixes in linux-4.12.y. Doug can you please add the stable tag when you merge this? Steve. -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
> > > > Hi Doug, > > Please pull this change for next rc if you feel the change appropriate. > > Thanks, > > Bharat. > > I think this commit needs to be pushed to stable as well. I see the commit it > fixes in linux-4.12.y. Doug can you please add the stable tag when you merge > this? > Hey Doug, another ping to make sure this is destined for 4.13-rc and stable. Thanks! Steve. -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c index 2c98533a0203..50a6c64f0388 100644 --- a/drivers/infiniband/core/uverbs_cmd.c +++ b/drivers/infiniband/core/uverbs_cmd.c @@ -1015,7 +1015,7 @@ static struct ib_ucq_object *create_cq(struct ib_uverbs_file *file, cq->uobject = &obj->uobject; cq->comp_handler = ib_uverbs_comp_handler; cq->event_handler = ib_uverbs_cq_event_handler; - cq->cq_context = &ev_file->ev_queue; + cq->cq_context = ev_file ? &ev_file->ev_queue : NULL; atomic_set(&cq->usecnt, 0); obj->uobject.object = cq;
Initializing cq_context with ev_queue in create_cq(), leads to NULL pointer dereference in ib_uverbs_comp_handler(), if application doesnot use completion channel. This patch fixes the cq_context initialization. Fixes: 1e7710f3f65 ("IB/core: Change completion channel to use the reworked") Signed-off-by: Potnuri Bharat Teja <bharat@chelsio.com> Tested-by: Logan Gunthorpe <logang@deltatee.com> Reviewed-by: Matan Barak <matanb@mellanox.com> --- drivers/infiniband/core/uverbs_cmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)