From patchwork Wed May 17 09:19:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selvin Xavier X-Patchwork-Id: 9730515 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2809D60387 for ; Wed, 17 May 2017 09:21:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 23D4C26E39 for ; Wed, 17 May 2017 09:21:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 18C062871B; Wed, 17 May 2017 09:21:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B9A1927C2D for ; Wed, 17 May 2017 09:21:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753795AbdEQJVV (ORCPT ); Wed, 17 May 2017 05:21:21 -0400 Received: from mail-qt0-f169.google.com ([209.85.216.169]:33683 "EHLO mail-qt0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753709AbdEQJVU (ORCPT ); Wed, 17 May 2017 05:21:20 -0400 Received: by mail-qt0-f169.google.com with SMTP id t26so4551158qtg.0 for ; Wed, 17 May 2017 02:21:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=J45xJCqDO+69dnY4S0/IzU82yGypkFkkPpKmUl5YNWw=; b=THPOgB5S3Ljat0RuD30+gyEiWa3jMjAkiVW5DPLW3aN+zcoIcJXbwNu3IaMIka+LoM yZCbDzcgnH/OZzJJBvftEAUWS2Nt/Z3wZWm+GHLcmz+dXlsI7GUrtyUOYJBCRJ6IZYJJ UOaF9ydorU7D8wnTn/OjrdqGAzIMXcY8pnHMQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=J45xJCqDO+69dnY4S0/IzU82yGypkFkkPpKmUl5YNWw=; b=CDMl3M7WERs4q1SBt48fykOxGklJQT4HlC1eqTeTEXsegCcskKlY8YCUW7jaZf4GbC YLk4wvS80Kc0PUBokEnG5jHhoIerMRbp0wszfAYZSqMFD1CAc9wv6SegkNTRoVq3MIdU 7Upa7GZ16iv31fw0KujT01D8ecXtM5qYljLkuHmJiOIDu8gOrhW+mMAheoo6treB01xF vF7FW6O2D1dJ+b4R3AfncG7Duka9CidTpWdZOK6SHiT9QXcm1SLhNoRMvt0yAQck6jP8 qOi0rX6Qp30jghjp8Omdk0gQALeaOW9ZniwRRoWCl6t34Ddhxbb5NufQ4xNnmDegelAQ t9jw== X-Gm-Message-State: AODbwcAxgDA7kwGqi3jpWROSKwD4qa0vVb9M1hfliiw+eu9x3JX5xEO/ 9AcQrs5z9Z8r4j9K X-Received: by 10.200.53.77 with SMTP id z13mr1998771qtb.184.1495012874302; Wed, 17 May 2017 02:21:14 -0700 (PDT) Received: from dhcp-10-192-206-197.iig.avagotech.net ([192.19.239.250]) by smtp.gmail.com with ESMTPSA id t136sm998431qke.40.2017.05.17.02.21.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 17 May 2017 02:21:13 -0700 (PDT) From: Selvin Xavier To: dledford@redhat.com Cc: linux-rdma@vger.kernel.org, Selvin Xavier , Kalesh AP Subject: [PATCH V2 for-next 09/15] RDMA/bnxt_re: Do not free the ctx_tbl entry if delete GID fails Date: Wed, 17 May 2017 02:19:45 -0700 Message-Id: <1495012791-5053-10-git-send-email-selvin.xavier@broadcom.com> X-Mailer: git-send-email 2.5.5 In-Reply-To: <1495012791-5053-1-git-send-email-selvin.xavier@broadcom.com> References: <1495012791-5053-1-git-send-email-selvin.xavier@broadcom.com> Sender: linux-rdma-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This fix is added only to avoid system crash in some a specific scenario. When bnxt_re driver is loaded and if user tries to change interface mac address, delete GID fails because QP1 is still associated with existing MAC (default GID). If the above command fails GID tables are not modified in the h/w or driver, but the GID context memory is freed. Now, if the user changes the mac back to the original value, another add_gid comes to the driver where the driver reports that the GID is already present in its table and tries to access the context which was already freed. So, in this case, in order to avoid NULL pointer de-reference, this patch removes the context memory free if delete_gid fails and the same context memory is re-used in new add_gid. Memory cleanup will be taken care during driver unload, while deleting the GID table. v1 -> v2 : Adds the bug description in commit message Signed-off-by: Kalesh AP Signed-off-by: Selvin Xavier --- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.c b/drivers/infiniband/hw/bnxt_re/ib_verbs.c index 6fa6790..9848ab9 100644 --- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c +++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c @@ -375,15 +375,17 @@ int bnxt_re_del_gid(struct ib_device *ibdev, u8 port_num, return -EINVAL; ctx->refcnt--; if (!ctx->refcnt) { - rc = bnxt_qplib_del_sgid - (sgid_tbl, - &sgid_tbl->tbl[ctx->idx], true); - if (rc) + rc = bnxt_qplib_del_sgid(sgid_tbl, + &sgid_tbl->tbl[ctx->idx], + true); + if (rc) { dev_err(rdev_to_dev(rdev), "Failed to remove GID: %#x", rc); - ctx_tbl = sgid_tbl->ctx; - ctx_tbl[ctx->idx] = NULL; - kfree(ctx); + } else { + ctx_tbl = sgid_tbl->ctx; + ctx_tbl[ctx->idx] = NULL; + kfree(ctx); + } } } else { return -EINVAL;