From patchwork Mon Oct 17 14:26:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Natalia Petrova X-Patchwork-Id: 3478 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp1484833wrs; Mon, 17 Oct 2022 07:37:14 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7uNJpypesDUEmtD8TetQCbZZ1CYPnixfF92ATMBaaY+h7YLvM7h0Riue/UgQ2rncPpGaOx X-Received: by 2002:a62:e911:0:b0:555:8c06:c9eb with SMTP id j17-20020a62e911000000b005558c06c9ebmr12829528pfh.52.1666017434072; Mon, 17 Oct 2022 07:37:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666017434; cv=none; d=google.com; s=arc-20160816; b=ukS1rGkNvY4qWD9PLF0mj1NlzIKEVDMjOt6J0edi0EEUyq49GvLsleVvcbjLDV8Idk UVk8l34MXxED/xqqylFMnkfaavJFqVThklyt5NjvOutlASzTPKJs+3TiUrtBhoN9Z47+ stX7YH+K5NTfZgIoHsVLTf94hVCUzXWMdJeX95OLNM9eGzUIdfbnDGqXe2lRhG+uz4ZS NuXDEuBxU5YlWzvrn3y6lS60TFht37TCKKhO1DhGDeXFvclEVCNeCwR2ZKwKGMtBIgXe bs2DnIU/IWcxbQSx8WwcdEDM7Qvy4RetWcmMved7gI8QA3ibRYGPqTe8ym/NH6rprcp5 DLNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=p9cftWrabE+OgPfZ1NRZ+5A9AqDDE/Csory8jBYw700=; b=e55rjHYF4tbVa0kcZcJUtw34rIWbRJp2Tsi4xwBTgRHho/ora4iYOs7VD2ertJOKSV U4ywcdouOh+Zo31W1YlU0incvHWVdMBPpeoKRfXltNkhGwW/U502y3notxNTFmpuXWdf /F8OOhCcWPNIilx4hN4YpT5KgMdxX36TN3VJxVtb/fOtWi4+BfOQEgrH39KvZhFAI+JE kSKhhp5IaZ02k7QBOWmJwVeiIBcDFa4z5INv3iK8z+cWtnu5KfLpNMOuJWASRxD1mb0k z4o8nIeN/0JHd7qahpz2SuXX/kiQR1Ry4WG+l11O9BWLhHRMEHvPbft8SkXC6DNl/i3v nwpw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r10-20020a1709028bca00b001789a178e33si10274334plo.428.2022.10.17.07.36.59; Mon, 17 Oct 2022 07:37:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230264AbiJQO2D (ORCPT + 99 others); Mon, 17 Oct 2022 10:28:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52942 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229738AbiJQO2B (ORCPT ); Mon, 17 Oct 2022 10:28:01 -0400 X-Greylist: delayed 62 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Mon, 17 Oct 2022 07:27:59 PDT Received: from exchange.fintech.ru (e10edge.fintech.ru [195.54.195.159]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 37A9E6581A; Mon, 17 Oct 2022 07:27:59 -0700 (PDT) Received: from Ex16-01.fintech.ru (10.0.10.18) by exchange.fintech.ru (195.54.195.169) with Microsoft SMTP Server (TLS) id 14.3.498.0; Mon, 17 Oct 2022 17:26:54 +0300 Received: from KANASHIN1.fintech.ru (10.0.253.125) by Ex16-01.fintech.ru (10.0.10.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Mon, 17 Oct 2022 17:26:53 +0300 From: Natalia Petrova To: Dennis Dalessandro , "Jason Gunthorpe" , Leon Romanovsky CC: Natalia Petrova , , , , "Alexey Khoroshilov" Subject: [PATCH] rdmavt: avoid NULL pointer dereference in rvt_qp_exit() Date: Mon, 17 Oct 2022 17:26:52 +0300 Message-ID: <20221017142652.13906-1-n.petrova@fintech.ru> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Originating-IP: [10.0.253.125] X-ClientProxiedBy: Ex16-01.fintech.ru (10.0.10.18) To Ex16-01.fintech.ru (10.0.10.18) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1746945896759607595?= X-GMAIL-MSGID: =?utf-8?q?1746945896759607595?= rvt_qp_exit() checks 'rdi->qp_dev' for NULL, but the pointer is dereferenced before that in rvt_free_all_qps(). Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: f92e48718889 ("IB/rdmavt: Reset all QPs when the device is shut down") Signed-off-by: Natalia Petrova Signed-off-by: Alexey Khoroshilov --- drivers/infiniband/sw/rdmavt/qp.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/infiniband/sw/rdmavt/qp.c b/drivers/infiniband/sw/rdmavt/qp.c index 3acab569fbb9..06e755975f61 100644 --- a/drivers/infiniband/sw/rdmavt/qp.c +++ b/drivers/infiniband/sw/rdmavt/qp.c @@ -459,13 +459,16 @@ static unsigned rvt_free_all_qps(struct rvt_dev_info *rdi) */ void rvt_qp_exit(struct rvt_dev_info *rdi) { - u32 qps_inuse = rvt_free_all_qps(rdi); + u32 qps_inuse = 0; + + if (!rdi->qp_dev) + return; + + qps_inuse = rvt_free_all_qps(rdi); if (qps_inuse) rvt_pr_err(rdi, "QP memory leak! %u still in use\n", qps_inuse); - if (!rdi->qp_dev) - return; kfree(rdi->qp_dev->qp_table); free_qpn_table(&rdi->qp_dev->qpn_table);