Re: [PATCH] infiniband/qedr: Potential null ptr dereference of qp

From: Leon Romanovsky <leon@kernel.org>
To: Aditya Pakki <pakki001@umn.edu>
Cc: kjlu@umn.edu, Michal Kalderon <Michal.Kalderon@cavium.com>,
	Ariel Elior <Ariel.Elior@cavium.com>,
	Doug Ledford <dledford@redhat.com>,
	Jason Gunthorpe <jgg@ziepe.ca>,
	linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] infiniband/qedr: Potential null ptr dereference of qp
Date: Tue, 25 Dec 2018 06:26:10 +0200	[thread overview]
Message-ID: <20181225042610.GC10329@mtr-leonro.mtl.com> (raw)
In-Reply-To: <20181224182445.21256-1-pakki001@umn.edu>

[-- Attachment #1: Type: text/plain, Size: 1046 bytes --]

On Mon, Dec 24, 2018 at 12:24:45PM -0600, Aditya Pakki wrote:
> idr_find() may fail and return a NULL pointer. The fix checks the
> return value of the function and returns an error in case of NULL.
>
> Signed-off-by: Aditya Pakki <pakki001@umn.edu>
> ---
>  drivers/infiniband/hw/qedr/qedr_iw_cm.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/drivers/infiniband/hw/qedr/qedr_iw_cm.c b/drivers/infiniband/hw/qedr/qedr_iw_cm.c
> index 505fa3648762..93b16237b767 100644
> --- a/drivers/infiniband/hw/qedr/qedr_iw_cm.c
> +++ b/drivers/infiniband/hw/qedr/qedr_iw_cm.c
> @@ -492,6 +492,8 @@ int qedr_iw_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
>  	int i;
>
>  	qp = idr_find(&dev->qpidr.idr, conn_param->qpn);
> +	if (unlikely(!qp))
> +		return -EINVAL;

As was already pointed, qedr is racy in their accesses to idr_find() and
NULL pointer is less worry about their IDR code.

>
>  	laddr = (struct sockaddr_in *)&cm_id->m_local_addr;
>  	raddr = (struct sockaddr_in *)&cm_id->m_remote_addr;
> --
> 2.17.1
>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 801 bytes --]