linux/drivers/infiniband/core
Muneendra Kumar M 4cd482c12b IB/core : Add null pointer check in addr_resolve
dev_get_by_index is being called in addr_resolve
function which returns NULL and NULL pointer access
leads to kernel crash.

Following call trace is observed while running
rdma_lat test application

[  146.173149] BUG: unable to handle kernel NULL pointer dereference
at 00000000000004a0
[  146.173198] IP: addr_resolve+0x9e/0x3e0 [ib_core]
[  146.173221] PGD 0 P4D 0
[  146.173869] Oops: 0000 [#1] SMP PTI
[  146.182859] CPU: 8 PID: 127 Comm: kworker/8:1 Tainted: G  O 4.15.0-rc6+ #18
[  146.183758] Hardware name: LENOVO System x3650 M5: -[8871AC1]-/01KN179,
 BIOS-[TCE132H-2.50]- 10/11/2017
[  146.184691] Workqueue: ib_cm cm_work_handler [ib_cm]
[  146.185632] RIP: 0010:addr_resolve+0x9e/0x3e0 [ib_core]
[  146.186584] RSP: 0018:ffffc9000362faa0 EFLAGS: 00010246
[  146.187521] RAX: 000000000000001b RBX: ffffc9000362fc08 RCX:
0000000000000006
[  146.188472] RDX: 0000000000000000 RSI: 0000000000000096 RDI
: ffff88087fc16990
[  146.189427] RBP: ffffc9000362fb18 R08: 00000000ffffff9d R09:
00000000000004ac
[  146.190392] R10: 00000000000001e7 R11: 0000000000000001 R12:
ffff88086af2e090
[  146.191361] R13: 0000000000000000 R14: 0000000000000001 R15:
00000000ffffff9d
[  146.192327] FS:  0000000000000000(0000) GS:ffff88087fc00000(0000)
knlGS:0000000000000000
[  146.193301] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  146.194274] CR2: 00000000000004a0 CR3: 000000000220a002 CR4:
00000000003606e0
[  146.195258] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[  146.196256] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[  146.197231] Call Trace:
[  146.198209]  ? rdma_addr_register_client+0x30/0x30 [ib_core]
[  146.199199]  rdma_resolve_ip+0x1af/0x280 [ib_core]
[  146.200196]  rdma_addr_find_l2_eth_by_grh+0x154/0x2b0 [ib_core]

The below patch adds the missing NULL pointer check
returned by dev_get_by_index before accessing the netdev to
avoid kernel crash.

We observed the below crash when we try to do the below test.

 server                       client
 ---------                    ---------
 |1.1.1.1|<----rxe-channel--->|1.1.1.2|
 ---------                    ---------

On server: rdma_lat -c -n 2 -s 1024
On client:rdma_lat 1.1.1.1 -c -n 2 -s 1024

Fixes: 200298326b ("IB/core: Validate route when we init ah")
Signed-off-by: Muneendra <muneendra.kumar@broadcom.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2018-02-28 12:10:33 -07:00
..
addr.c IB/core : Add null pointer check in addr_resolve 2018-02-28 12:10:33 -07:00
agent.c IB/core: Rename ib_destroy_ah to rdma_destroy_ah 2017-05-01 14:32:43 -04:00
agent.h IB/mad: Add final OPA MAD processing 2015-06-12 14:49:18 -04:00
cache.c {net, IB}/mlx5: Manage port association for multiport RoCE 2018-01-08 11:42:22 -07:00
cgroup.c IB/core: added support to use rdma cgroup controller 2017-01-10 11:14:27 -05:00
cm_msgs.h IB/core: Fix unaligned accesses 2015-05-05 13:21:27 -04:00
cm.c RDMA/cm: Fix access to uninitialized variable 2018-01-28 14:07:16 -07:00
cma_configfs.c IB/cma: use strlcpy() instead of strncpy() 2018-01-15 15:33:21 -07:00
cma.c RDMA/cma: Use existing netif_is_bond_master function 2018-01-28 14:07:16 -07:00
core_priv.h RDMA/restrack: don't use uaccess_kernel() 2018-02-16 10:18:11 -07:00
cq.c RDMA/core: Add resource tracking for create and destroy CQs 2018-01-29 20:21:40 -07:00
device.c IB/core: Fix missing RDMA cgroups release in case of failure to register device 2018-02-28 12:10:32 -07:00
fmr_pool.c infiniband: fix core/fmr_pool.c kernel-doc notation 2018-01-10 22:00:34 -07:00
iwcm.c RDMA/netlink: Fix general protection fault 2017-12-07 15:28:07 -05:00
iwcm.h iw_cm: free cm_id resources on the last deref 2016-08-02 13:15:18 -04:00
iwpm_msg.c RDMA/iwpm: Properly mark end of NL messages 2017-09-29 11:32:42 -04:00
iwpm_util.c RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() 2017-12-13 10:55:49 -07:00
iwpm_util.h iwpm: crash fix for large connections test 2016-03-16 13:48:32 -04:00
mad_priv.h IB/mad: use CQ abstraction 2016-01-19 15:25:45 -05:00
mad_rmpp.c IB/mad: Change slid in RMPP recv from 16 to 32 bits 2017-08-08 14:47:18 -04:00
mad_rmpp.h
mad.c drivers: infiniband: remove duplicate includes 2017-12-22 09:39:35 -07:00
Makefile RDMA/restrack: Add general infrastructure to track RDMA resources 2018-01-29 20:21:39 -07:00
mr_pool.c IB/core: add a simple MR pool 2016-05-13 13:37:18 -04:00
multicast.c IB/core: Define 'ib' and 'roce' rdma_ah_attr types 2017-05-01 14:32:43 -04:00
netlink.c RDMA/netlink: Simplify code of autoload modules 2018-01-02 13:36:57 -07:00
nldev.c RDMA/nldev: missing error code in nldev_res_get_doit() 2018-02-01 15:24:32 -07:00
opa_smi.h IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
packer.c IB/core: trivial prink cleanup. 2016-03-03 10:20:25 -05:00
rdma_core.c IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy 2018-02-15 15:31:26 -07:00
rdma_core.h IB/core: Add new ioctl interface 2017-08-31 08:35:09 -04:00
restrack.c RDMA/restrack: don't use uaccess_kernel() 2018-02-16 10:18:11 -07:00
roce_gid_mgmt.c {net, IB}/mlx5: Manage port association for multiport RoCE 2018-01-08 11:42:22 -07:00
rw.c IB/core: remove redundant check on prot_sg_cnt 2017-10-10 10:49:45 -04:00
sa_query.c IB/SA: Check dlid before SA agent queries for ClassPortInfo 2017-12-22 13:33:30 -07:00
sa.h
security.c Merge branch 'from-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git 2017-12-27 21:50:46 -07:00
smi.c IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
smi.h IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
sysfs.c IB/core: Fix two kernel warnings triggered by rxe registration 2018-01-03 17:26:59 -07:00
ucm.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ucma.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ud_header.c IB/core: trivial prink cleanup. 2016-03-03 10:20:25 -05:00
umem_odp.c RDMA/umem: Avoid partial declaration of non-static function 2017-11-10 13:02:12 -05:00
umem.c IB/umem: Fix use of npages/nmap fields 2017-12-18 15:37:06 -07:00
user_mad.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
uverbs_cmd.c RDMA/uverbs: Fix kernel panic while using XRC_TGT QP type 2018-02-21 13:52:19 -05:00
uverbs_ioctl_merge.c IB/uverbs: Fix method merging in uverbs_ioctl_merge 2018-02-15 14:59:45 -07:00
uverbs_ioctl.c IB/uverbs: Fix possible oops with duplicate ioctl attributes 2018-02-15 14:59:46 -07:00
uverbs_main.c RDMA/uverbs: Protect from command mask overflow 2018-02-15 15:31:26 -07:00
uverbs_marshall.c IB/core: Convert OPA AH to IB for Extended LIDs only 2017-11-13 15:53:57 -05:00
uverbs_std_types.c IB/uverbs: Use u64_to_user_ptr() not a union 2018-02-15 14:59:45 -07:00
uverbs.h IB/uverbs: Allow CQ moderation with modify CQ 2017-11-13 16:59:22 -05:00
verbs.c RDMA/restrack: don't use uaccess_kernel() 2018-02-16 10:18:11 -07:00