From patchwork Wed Feb 15 10:10:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Natalia Petrova X-Patchwork-Id: 57467 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp108082wrn; Wed, 15 Feb 2023 02:18:13 -0800 (PST) X-Google-Smtp-Source: AK7set8qgPMeISYYzi2QUtkx0m+0Ado5NcidFYn1pRQyYZhy7Nh2u/0MrefA676hq/lUbvOzR6IE X-Received: by 2002:a05:6402:2046:b0:4a0:b554:c26c with SMTP id bc6-20020a056402204600b004a0b554c26cmr1544188edb.21.1676456293710; Wed, 15 Feb 2023 02:18:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676456293; cv=none; d=google.com; s=arc-20160816; b=PBJyZVHPRcWZ0vexIzItZnxmZvId9qjdBKHw0CoaYyvzh98VfPUrOgXd+oIp/Mc7KZ vZhI2GMnBqJ8iCLbE0xCEJxkfb4IwR5fX1GbRb4KdPoaMIso4AqViulzzmu/4Jw8Hjdn VjUoHVIwYGrKX7PtZaRMGg+/4+gH28dd1MjCkPODS7KEICbXBEs7OzyAWitaLuRy41hL qsZdvRQe9CGQVSHGqh4CDVUDcKQg5vVPYocCcbRtCjx0WibOHPdv3/xZ04WxdDW3Tg93 yx1824G7sKl/eQen7Rc0veEU/lNV+EwzdjLRK9Emq+86SfWcJXLlb23abryw1V2tarOz 2W1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=FMN6REK7e1ey0bdR+ZFqShLYh0ySKnS4TE9RLOF+BUY=; b=etLdnuGNB1rSG4ZG7WECBJKjzL310aoOlM9bfFwhhdKrYXXiFXsDCVPfv367AIkf/Q OC04s9D6X0hne9B2kd1bEoJseZyUB7rgR0IQP33qznFvBHJYJhqUBAbnAgwPK9YdsCd3 OQm5QsBzknn/5yfYgoUNa3sIxpmnFrOaEvRX83V+SCObQV+aYbkbjSWZZ309g1DT1V2o L8Hmo3J3H26alF1FSSwXzreOo9dn1kLPh7ViyHizc0IIhSB53Y0SVuJryxDLwpCm08pU 8iJRBgWhW5c31fgxn9R+sIrjUnqcwPTxCBfWua/4BnsfS8ehvwtGTSvZocRDS3RFbo6i QNIQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c4-20020a056402100400b004aac4b670f2si20240927edu.625.2023.02.15.02.17.49; Wed, 15 Feb 2023 02:18:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233619AbjBOKLD (ORCPT + 99 others); Wed, 15 Feb 2023 05:11:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39510 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229536AbjBOKLC (ORCPT ); Wed, 15 Feb 2023 05:11:02 -0500 Received: from exchange.fintech.ru (e10edge.fintech.ru [195.54.195.159]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1F5A3BBBB; Wed, 15 Feb 2023 02:10:58 -0800 (PST) Received: from Ex16-01.fintech.ru (10.0.10.18) by exchange.fintech.ru (195.54.195.169) with Microsoft SMTP Server (TLS) id 14.3.498.0; Wed, 15 Feb 2023 13:10:48 +0300 Received: from KANASHIN1.fintech.ru (10.0.253.125) by Ex16-01.fintech.ru (10.0.10.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Wed, 15 Feb 2023 13:10:48 +0300 From: Natalia Petrova To: Jason Gunthorpe CC: Natalia Petrova , Leon Romanovsky , , , Subject: [PATCH] ocrdma: Fix potential null-ptr-deref in ocrdma_is_qp_in_rq_flushlist() Date: Wed, 15 Feb 2023 13:10:45 +0300 Message-ID: <20230215101045.476291-1-n.petrova@fintech.ru> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Originating-IP: [10.0.253.125] X-ClientProxiedBy: Ex16-01.fintech.ru (10.0.10.18) To Ex16-01.fintech.ru (10.0.10.18) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757891834726259538?= X-GMAIL-MSGID: =?utf-8?q?1757891834726259538?= The 'qp->rq_cq' pointer can be equal to null in ocrdma_destroy_qp() function. That's why 'qp->rq_cq' should be checked for null in ocrdma_del_flush_qp() before it will be dereferenced in ocrdma_is_qp_in_rq_flushlist(). Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: fe2caefcdf58 ("RDMA/ocrdma: Add driver for Emulex OneConnect IBoE RDMA adapter") Signed-off-by: Natalia Petrova --- drivers/infiniband/hw/ocrdma/ocrdma_verbs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c b/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c index dd4021b11963..a3d994ee178c 100644 --- a/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c +++ b/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c @@ -1660,7 +1660,7 @@ void ocrdma_del_flush_qp(struct ocrdma_qp *qp) found = ocrdma_is_qp_in_sq_flushlist(qp->sq_cq, qp); if (found) list_del(&qp->sq_entry); - if (!qp->srq) { + if (!qp->srq && qp->rq_cq) { found = ocrdma_is_qp_in_rq_flushlist(qp->rq_cq, qp); if (found) list_del(&qp->rq_entry);