forked from Minki/linux
4cd482c12b
dev_get_by_index is being called in addr_resolve
function which returns NULL and NULL pointer access
leads to kernel crash.
Following call trace is observed while running
rdma_lat test application
[ 146.173149] BUG: unable to handle kernel NULL pointer dereference
at 00000000000004a0
[ 146.173198] IP: addr_resolve+0x9e/0x3e0 [ib_core]
[ 146.173221] PGD 0 P4D 0
[ 146.173869] Oops: 0000 [#1] SMP PTI
[ 146.182859] CPU: 8 PID: 127 Comm: kworker/8:1 Tainted: G O 4.15.0-rc6+ #18
[ 146.183758] Hardware name: LENOVO System x3650 M5: -[8871AC1]-/01KN179,
BIOS-[TCE132H-2.50]- 10/11/2017
[ 146.184691] Workqueue: ib_cm cm_work_handler [ib_cm]
[ 146.185632] RIP: 0010:addr_resolve+0x9e/0x3e0 [ib_core]
[ 146.186584] RSP: 0018:ffffc9000362faa0 EFLAGS: 00010246
[ 146.187521] RAX: 000000000000001b RBX: ffffc9000362fc08 RCX:
0000000000000006
[ 146.188472] RDX: 0000000000000000 RSI: 0000000000000096 RDI
: ffff88087fc16990
[ 146.189427] RBP: ffffc9000362fb18 R08: 00000000ffffff9d R09:
00000000000004ac
[ 146.190392] R10: 00000000000001e7 R11: 0000000000000001 R12:
ffff88086af2e090
[ 146.191361] R13: 0000000000000000 R14: 0000000000000001 R15:
00000000ffffff9d
[ 146.192327] FS: 0000000000000000(0000) GS:ffff88087fc00000(0000)
knlGS:0000000000000000
[ 146.193301] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 146.194274] CR2: 00000000000004a0 CR3: 000000000220a002 CR4:
00000000003606e0
[ 146.195258] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 146.196256] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 146.197231] Call Trace:
[ 146.198209] ? rdma_addr_register_client+0x30/0x30 [ib_core]
[ 146.199199] rdma_resolve_ip+0x1af/0x280 [ib_core]
[ 146.200196] rdma_addr_find_l2_eth_by_grh+0x154/0x2b0 [ib_core]
The below patch adds the missing NULL pointer check
returned by dev_get_by_index before accessing the netdev to
avoid kernel crash.
We observed the below crash when we try to do the below test.
server client
--------- ---------
|1.1.1.1|<----rxe-channel--->|1.1.1.2|
--------- ---------
On server: rdma_lat -c -n 2 -s 1024
On client:rdma_lat 1.1.1.1 -c -n 2 -s 1024
Fixes:
|
||
---|---|---|
.. | ||
addr.c | ||
agent.c | ||
agent.h | ||
cache.c | ||
cgroup.c | ||
cm_msgs.h | ||
cm.c | ||
cma_configfs.c | ||
cma.c | ||
core_priv.h | ||
cq.c | ||
device.c | ||
fmr_pool.c | ||
iwcm.c | ||
iwcm.h | ||
iwpm_msg.c | ||
iwpm_util.c | ||
iwpm_util.h | ||
mad_priv.h | ||
mad_rmpp.c | ||
mad_rmpp.h | ||
mad.c | ||
Makefile | ||
mr_pool.c | ||
multicast.c | ||
netlink.c | ||
nldev.c | ||
opa_smi.h | ||
packer.c | ||
rdma_core.c | ||
rdma_core.h | ||
restrack.c | ||
roce_gid_mgmt.c | ||
rw.c | ||
sa_query.c | ||
sa.h | ||
security.c | ||
smi.c | ||
smi.h | ||
sysfs.c | ||
ucm.c | ||
ucma.c | ||
ud_header.c | ||
umem_odp.c | ||
umem.c | ||
user_mad.c | ||
uverbs_cmd.c | ||
uverbs_ioctl_merge.c | ||
uverbs_ioctl.c | ||
uverbs_main.c | ||
uverbs_marshall.c | ||
uverbs_std_types.c | ||
uverbs.h | ||
verbs.c |