| Message ID | 20230215101045.476291-1-n.petrova@fintech.ru |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp108082wrn;
Wed, 15 Feb 2023 02:18:13 -0800 (PST)
X-Google-Smtp-Source:
AK7set8qgPMeISYYzi2QUtkx0m+0Ado5NcidFYn1pRQyYZhy7Nh2u/0MrefA676hq/lUbvOzR6IE
X-Received: by 2002:a05:6402:2046:b0:4a0:b554:c26c with SMTP id
bc6-20020a056402204600b004a0b554c26cmr1544188edb.21.1676456293710;
Wed, 15 Feb 2023 02:18:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1676456293; cv=none;
d=google.com; s=arc-20160816;
b=PBJyZVHPRcWZ0vexIzItZnxmZvId9qjdBKHw0CoaYyvzh98VfPUrOgXd+oIp/Mc7KZ
vZhI2GMnBqJ8iCLbE0xCEJxkfb4IwR5fX1GbRb4KdPoaMIso4AqViulzzmu/4Jw8Hjdn
VjUoHVIwYGrKX7PtZaRMGg+/4+gH28dd1MjCkPODS7KEICbXBEs7OzyAWitaLuRy41hL
qsZdvRQe9CGQVSHGqh4CDVUDcKQg5vVPYocCcbRtCjx0WibOHPdv3/xZ04WxdDW3Tg93
yx1824G7sKl/eQen7Rc0veEU/lNV+EwzdjLRK9Emq+86SfWcJXLlb23abryw1V2tarOz
2W1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from;
bh=FMN6REK7e1ey0bdR+ZFqShLYh0ySKnS4TE9RLOF+BUY=;
b=etLdnuGNB1rSG4ZG7WECBJKjzL310aoOlM9bfFwhhdKrYXXiFXsDCVPfv367AIkf/Q
OC04s9D6X0hne9B2kd1bEoJseZyUB7rgR0IQP33qznFvBHJYJhqUBAbnAgwPK9YdsCd3
OQm5QsBzknn/5yfYgoUNa3sIxpmnFrOaEvRX83V+SCObQV+aYbkbjSWZZ309g1DT1V2o
L8Hmo3J3H26alF1FSSwXzreOo9dn1kLPh7ViyHizc0IIhSB53Y0SVuJryxDLwpCm08pU
8iJRBgWhW5c31fgxn9R+sIrjUnqcwPTxCBfWua/4BnsfS8ehvwtGTSvZocRDS3RFbo6i
QNIQ==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
c4-20020a056402100400b004aac4b670f2si20240927edu.625.2023.02.15.02.17.49;
Wed, 15 Feb 2023 02:18:13 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S233619AbjBOKLD (ORCPT <rfc822;tebrre53rla2o@gmail.com>
+ 99 others); Wed, 15 Feb 2023 05:11:03 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39510 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229536AbjBOKLC (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 15 Feb 2023 05:11:02 -0500
Received: from exchange.fintech.ru (e10edge.fintech.ru [195.54.195.159])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1F5A3BBBB;
Wed, 15 Feb 2023 02:10:58 -0800 (PST)
Received: from Ex16-01.fintech.ru (10.0.10.18) by exchange.fintech.ru
(195.54.195.169) with Microsoft SMTP Server (TLS) id 14.3.498.0; Wed, 15 Feb
2023 13:10:48 +0300
Received: from KANASHIN1.fintech.ru (10.0.253.125) by Ex16-01.fintech.ru
(10.0.10.18) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Wed, 15 Feb
2023 13:10:48 +0300
From: Natalia Petrova <n.petrova@fintech.ru>
To: Jason Gunthorpe <jgg@ziepe.ca>
CC: Natalia Petrova <n.petrova@fintech.ru>,
Leon Romanovsky <leon@kernel.org>,
<linux-rdma@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<lvc-project@linuxtesting.org>
Subject: [PATCH] ocrdma: Fix potential null-ptr-deref in
ocrdma_is_qp_in_rq_flushlist()
Date: Wed, 15 Feb 2023 13:10:45 +0300
Message-ID: <20230215101045.476291-1-n.petrova@fintech.ru>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type: text/plain; charset=US-ASCII
X-Originating-IP: [10.0.253.125]
X-ClientProxiedBy: Ex16-01.fintech.ru (10.0.10.18) To Ex16-01.fintech.ru
(10.0.10.18)
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1757891834726259538?=
X-GMAIL-MSGID: =?utf-8?q?1757891834726259538?=
|
| Series |
ocrdma: Fix potential null-ptr-deref in ocrdma_is_qp_in_rq_flushlist()
|
|
Commit Message
Natalia Petrova
Feb. 15, 2023, 10:10 a.m. UTC
The 'qp->rq_cq' pointer can be equal to null in ocrdma_destroy_qp()
function. That's why 'qp->rq_cq' should be checked for null in
ocrdma_del_flush_qp() before it will be dereferenced in
ocrdma_is_qp_in_rq_flushlist().
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: fe2caefcdf58 ("RDMA/ocrdma: Add driver for Emulex OneConnect IBoE RDMA adapter")
Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
---
drivers/infiniband/hw/ocrdma/ocrdma_verbs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On Wed, Feb 15, 2023 at 01:10:45PM +0300, Natalia Petrova wrote: > The 'qp->rq_cq' pointer can be equal to null in ocrdma_destroy_qp() How is it possible that we will have valid QP without rq_cq? Thanks > function. That's why 'qp->rq_cq' should be checked for null in > ocrdma_del_flush_qp() before it will be dereferenced in > ocrdma_is_qp_in_rq_flushlist(). > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: fe2caefcdf58 ("RDMA/ocrdma: Add driver for Emulex OneConnect IBoE RDMA adapter") > Signed-off-by: Natalia Petrova <n.petrova@fintech.ru> > --- > drivers/infiniband/hw/ocrdma/ocrdma_verbs.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c b/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c > index dd4021b11963..a3d994ee178c 100644 > --- a/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c > +++ b/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c > @@ -1660,7 +1660,7 @@ void ocrdma_del_flush_qp(struct ocrdma_qp *qp) > found = ocrdma_is_qp_in_sq_flushlist(qp->sq_cq, qp); > if (found) > list_del(&qp->sq_entry); > - if (!qp->srq) { > + if (!qp->srq && qp->rq_cq) { > found = ocrdma_is_qp_in_rq_flushlist(qp->rq_cq, qp); > if (found) > list_del(&qp->rq_entry); > -- > 2.34.1 >
diff --git a/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c b/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c index dd4021b11963..a3d994ee178c 100644 --- a/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c +++ b/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c @@ -1660,7 +1660,7 @@ void ocrdma_del_flush_qp(struct ocrdma_qp *qp) found = ocrdma_is_qp_in_sq_flushlist(qp->sq_cq, qp); if (found) list_del(&qp->sq_entry); - if (!qp->srq) { + if (!qp->srq && qp->rq_cq) { found = ocrdma_is_qp_in_rq_flushlist(qp->rq_cq, qp); if (found) list_del(&qp->rq_entry);