From patchwork Wed Jul 6 09:21:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Li Zhijian X-Patchwork-Id: 12907734 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0AACFCCA47C for ; Wed, 6 Jul 2022 09:21:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232944AbiGFJVW (ORCPT ); Wed, 6 Jul 2022 05:21:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35878 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233112AbiGFJVR (ORCPT ); Wed, 6 Jul 2022 05:21:17 -0400 Received: from esa9.fujitsucc.c3s2.iphmx.com (esa9.fujitsucc.c3s2.iphmx.com [68.232.159.90]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B06CF17A86 for ; Wed, 6 Jul 2022 02:21:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=fujitsu.com; i=@fujitsu.com; q=dns/txt; s=fj1; t=1657099275; x=1688635275; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=yOSPZbobAFl3EauTs+CILNxsTSr7kQG3ShWwVNwUydc=; b=tsOUDDPmIIF8tuovBeErwsUOpLUWw85MTT5wTsxKi2W7TVldpjxLDaqL LNTo+s/ctzVPKB9im3NoqJEiWN+IDSmFGKjLZ2ynsntRCbNJSIZpFp4aY MQ9Niuu+H2HHFs+yQu4PzDuulfbsATUbpD+nrr6pDWY7TWW4fYJ0BnAac pwPF2v1gQCdwi5RYccsznN8O5GOg5sp0DYng/zDbltkjp5sKP75x2NBD8 jUSSRyeggzhb79ajUOeIJ9NzZgQffIcZfyHZW1w01W+rYnZN6gcEEieOE FGRf3BTOoKA1bEmfo/gGwnZqWZULxs6A/NY01VLlOO9mEi9sNvD/9cxRH A==; X-IronPort-AV: E=McAfee;i="6400,9594,10399"; a="59913363" X-IronPort-AV: E=Sophos;i="5.92,249,1650898800"; d="scan'208";a="59913363" Received: from mail-os0jpn01lp2107.outbound.protection.outlook.com (HELO JPN01-OS0-obe.outbound.protection.outlook.com) ([104.47.23.107]) by ob1.fujitsucc.c3s2.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Jul 2022 18:21:12 +0900 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XnviKKwOfN3T4IPQ1qp1Vy2lK1StUMoHfubiI3vRBi6h6VyHXFYCuKkKZMtQnfRtRSyNSrCAVQInMf7vc0advsA0xFQOGmz6U2to0q55zgSNcmC5g7MbcLDHCBFAHsjdyAscgLtdj9X6p1VwjOUpgk1W4l8jIX97h8QTa0njOzNw1yOQIZZ9rr2lWHTStP0HfWchK/dh1GWaLZJEqDUl0I2iNl6nrysww7w4/+aR+g/SN2HtzQ2DKbnmHKZEjbUWB/sH4j+Pp/z6I+Tp4TdFkREuFj8Aeu+pzUYEVMGh0iXXKkRRLUDVyWCYmt8LyBFSSazcq3Gq3qfOGzw3qedA+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yOSPZbobAFl3EauTs+CILNxsTSr7kQG3ShWwVNwUydc=; b=YM0KhhyKh5q0zL0lt/U8rqCz6Ux783rR7XiStYO7n/L1AoK9z1EFKi7XTvG8fNNaQHKL3dfgeS8kWt8YzocIElQLKvUlAhGRLIbZhA6Pxwg/SolyYGARZP46bT/ldZQ63+XmdN3DELah2dWqz6huJ7qOFI9JYMXfHJQagIMJ7zj2FircQzKHBNeVkI3m7VyLFljn5xkVBYARrir/k6uQz1lrpEAtaoHRT6amRSXmVU7/ey1VOjJfk6sZrEj9ivPHo6nhryUHVEZB23GT49bnzol8r3S+Bv6C9vVn+IYXs9A7hUk8nRwKkCfU+OnlFqJolrhVDm3ZmiE6qZTTGaSx2A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fujitsu.com; dmarc=pass action=none header.from=fujitsu.com; dkim=pass header.d=fujitsu.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fujitsu.onmicrosoft.com; s=selector2-fujitsu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yOSPZbobAFl3EauTs+CILNxsTSr7kQG3ShWwVNwUydc=; b=pflF8/aNElJpJg29net5nIfdxA/1YAxd5b5UCYccwe4BYaEOaXQAEczMRGuJrD96pbOUsFPsYFKEYI6+RetDnFXzNbc/CqTD8mga5oio3gPY/CJtygK4gwjDmdyjZusKE8/omvmEOmGjNbBk5KLnzMrhIlBgXKEeBTcaSNkb9hw= Received: from TYCPR01MB9305.jpnprd01.prod.outlook.com (2603:1096:400:196::10) by TYAPR01MB6009.jpnprd01.prod.outlook.com (2603:1096:402:37::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.15; Wed, 6 Jul 2022 09:21:09 +0000 Received: from TYCPR01MB9305.jpnprd01.prod.outlook.com ([fe80::8d7a:baa8:3b18:cd93]) by TYCPR01MB9305.jpnprd01.prod.outlook.com ([fe80::8d7a:baa8:3b18:cd93%6]) with mapi id 15.20.5395.021; Wed, 6 Jul 2022 09:21:09 +0000 From: "lizhijian@fujitsu.com" To: Yanjun Zhu , Jason Gunthorpe , "linux-rdma@vger.kernel.org" , Bob Pearson CC: "lizhijian@fujitsu.com" Subject: [PATCH for-next] RDMA/rxe: check rxe_pd before rxe_put in rxe_mr_cleanup() Thread-Topic: [PATCH for-next] RDMA/rxe: check rxe_pd before rxe_put in rxe_mr_cleanup() Thread-Index: AQHYkRm6Bw1pQgLwyUy00KjkER3CYw== Date: Wed, 6 Jul 2022 09:21:09 +0000 Message-ID: <20220706092811.1756290-1-lizhijian@fujitsu.com> Accept-Language: zh-CN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.31.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=fujitsu.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: be83ab2d-fa53-4a9d-0801-08da5f30dcbc x-ms-traffictypediagnostic: TYAPR01MB6009:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 6rENP0pAfOpj8H3WxjM5AP+3lESQY3rAtHUQ4lODqMKtGKpGp08mMUV6taCtxGYX4AomzZ/Edx/G9mPUvWsberjs3UK0aAYrO+gfAFakrWwKvSBKf+yL1qe5krykjsTgx/HUVvn3SQCSSHgo7vlxlp4CQbE1xgFw0+a6OL39P1HFw/r+ROjmMAOfBAsReOh1LfCkxhwSJnethr+tWBGNrlj5XwyBFE7HJbJec43CbWllCHu1Cf+WdrsYpf89vZQIxCaepusRDhax1Wj2V0/CqvF30iqHzPEON6f0JMedyfdDrcRhHctgphdXuqlx2TROdA3C88IaFWhcTgm4zeMQgDfrrxZyJnt8VKwEyjQlpYNej0e6+Nb1MmIdEBWYnqH68dpGuosxbqnuOxasjD79DWBfn7rGLCqDpu3G4svTtgkpCXn/2EjatldEGkUqnsOqCxTSvEAkv/JezOX+mnrOP6cUQ0QDJT3L+7tfB2tXHwKjNTkLfYBCxVJFNGaSA3OxMcuM55Bo4bngHosnF3G4SPsxpAXgIltbKRU+0VvAdLxJ7yn/eYjdkXwYGe9C9CxYaIDz2VNoLqKZUDf5p40r+I7v/6IFRCtRH0DSedreTUnatQhjMajjFfgruQd4U8GpEzRGRtTJHRgNwjK7oOfUbDGfL/JJBO3OX0q/CmLgpv7vRS4X+YUmBKFYfn4kOi/aec3Meq5O08NgqRSUjupf8NBxJxH8RxYBr2PhBz5ls39IkkNa2jGuVjnFk6XQd/SmfCxcgR6N/6I1ZFJ6AYgbPSr+GKqh9YbAbl44ifL/+o8tK6zlig0jayK0eNHJ4OpS x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TYCPR01MB9305.jpnprd01.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(4636009)(376002)(39860400002)(346002)(366004)(396003)(136003)(2906002)(41300700001)(2616005)(107886003)(1076003)(38100700002)(316002)(36756003)(85182001)(110136005)(6506007)(6512007)(76116006)(66946007)(66556008)(66476007)(66446008)(64756008)(8676002)(4326008)(71200400001)(86362001)(478600001)(186003)(83380400001)(91956017)(82960400001)(122000001)(38070700005)(26005)(6486002)(8936002)(5660300002);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?eucgb2312_cn?b?Z2NsZnJyZWhBL2ZtNXQxbXpP?= =?eucgb2312_cn?b?Qzd6N1FOUUl1RlVWalV5NEdKdHVVUnRTV2ZsMVFUTTMxU3R4dGQ1WFhuSTl6U0JG?= =?eucgb2312_cn?b?a0gwSjN1V2N5NDArLzUvRmFtbHVDa3NoRDBYZEhUdFZpaXh3TnJkcGVoSmhtdDlM?= =?eucgb2312_cn?b?MDJ2cXNmbWJycExYQ3FlQVZ6dmgxR2czVjRkeGJ3NFh0Q21zVk1jRTFDSTRvUjh6?= =?eucgb2312_cn?b?MzNCaC9Ldnphc0hXaUVOV0hqbEN2ZXYwTWxKSVFEbll0QXZmMzFTWnZtMlhjeFNO?= =?eucgb2312_cn?b?Zit0cFlubzNvK2xrU0V6QUVUbEc1RkJIUlA3blhLVTkvenIrclN1dy9NYlY1eUp0?= =?eucgb2312_cn?b?UGdLMVNvclB0YTBSWTQ2a1dJVWFMeXRhcDNicFc5QWlKNmh2Mm9qWTNaTWIzTVVN?= =?eucgb2312_cn?b?K3AzQWgyNHZTT1phekl6Um5NQm5hbThwQ1diZUJ0RklleGE5VENjVVZxWlBqTnMz?= =?eucgb2312_cn?b?NXoyaXBHZTNLOVJKSWpNWkoyb2ZWZ2ZaenNmelorbFhMYkFTS0JsNnQ3ZW5RZmpY?= =?eucgb2312_cn?b?UUx3UHd6bk5iUlFsV0ZQUW5ZclNzK2xYZmNZUzRiT3o2T21FeGNZN0FXNm9hd0Vk?= =?eucgb2312_cn?b?cXBoem5Ua2lPcVdYbk9WRWV6MEg4enVzSWVMSFBKMmI3bDRtakFTRzJMTmc1VUt5?= =?eucgb2312_cn?b?aklxd0dZMThvNlZWT2c5dFZWbXF0MHpyd3ZYcEVjYzFkVTRMdE02RWtYbkR4cDdN?= =?eucgb2312_cn?b?UURkVlN5Y2lqbGFEeUE1NVF0NlVYYkpQNWVEb1VRaW5JaTZXaVJXbHBNVnd0QTNX?= =?eucgb2312_cn?b?clVZdi9DdkNxRVdtMFVvMjZLT2hFMnA1dFlpM3NIcVgvbXZyVFp2dHc3dEdjWVFO?= =?eucgb2312_cn?b?VHdNb0tGbmxkT0szbDMwcWIzR2VXRnBMdElXSGpVTXVtSHl5STNDa3NpenYzS09B?= =?eucgb2312_cn?b?VzFHOHplbEs0djJnczBrQjA3dHVFS3EwS1NhcjJoT1RxWUZLMGdTTUVuMEVqdVVl?= =?eucgb2312_cn?b?dkpBVWRtWnJJTnAvYVBhclZ6RzFnbEtKUThvVkVvZUlQSkc3OFRMZURQcFFVdlRv?= =?eucgb2312_cn?b?TzRqSW9ONGoxdFdZcXZVNWtzdXVrMkYzT01JWnk4NWNKWVVJaHhZd09sN1A4c2h3?= =?eucgb2312_cn?b?NVBvL2hNeWxWcDU2Mi9ndVRzdHBqSkRqL3RCaE9OL3NsU1gzV1hlQUtGamFGclND?= =?eucgb2312_cn?b?ZGdUR05ucDkzQXVTNklUbFhFUlRzNExIcWF5VzBra0pSUDFTZWd1bGVZREJkK1V2?= =?eucgb2312_cn?b?UVY5VXB3aDFEeEpzalVrbW9uTjNVMHNaUG8wcGp0TWpOYVJVYVVWSjBMQU8zZytL?= =?eucgb2312_cn?b?N2sxY285WVNXVkNzd3p6QTVXaHB5VzN2aUh1eHpMTk5nVENad2tqK05FSjFHakxq?= =?eucgb2312_cn?b?U1pKRkJsdHNPWmNKLzI0cUFNSzQxSDQ1Y2ZtaHlUK0E5bnF6djJvUWdPZWpMZ09o?= =?eucgb2312_cn?b?S0ZFRVpyWGlIQkZQajJjWnBJU1J0dW5FVUh4b280ZGxncmIralVNNTZZVit3a1Zv?= =?eucgb2312_cn?b?SnA2bFlmTHNTVG9EMENCZDhwM0dDNWxhLzhEL2NMSWtPY2wyek5HZDdJSEVlN1FY?= =?eucgb2312_cn?b?RkFKaTEwakhsdk1zQ045MUk4NUtXL3dvR1VZMURQSi9yRjk2WDBON0hkaXdJMC9h?= =?eucgb2312_cn?b?QUk4RlBKalNiTGZ4cWhxK25GelB1aVROK0lxTzB1Zms1NzN3RzhzRm9YZGlZRjFL?= =?eucgb2312_cn?b?QkR2SkQwcDBOdFdqbEcvNE8vNzNqL1BDK2lIbW0ybUNXQlFWRUhIYVhWSm1OOGpJ?= =?eucgb2312_cn?b?YW5pWXVlT0VXc0xwWnFFRWN0UDlYUTZ5ajhmN09kTjRUTGpBNW5IbTNWMk5NY1FE?= =?eucgb2312_cn?b?di9jUWNPNEc5ZGYyK2ZKYzJldkYxc1N6ZkV5VVJrdER6T3F1QVpxTVIyOEtvQ0xr?= =?eucgb2312_cn?b?YyttMEhBRkh3ZWdlakxOVk9KekM2N0JSRHptUklKWU5Bc0hVMTJMdFVoeXBsWnhP?= =?eucgb2312_cn?b?NFdaRFllU1lFQjNYNzZkZENUOHhLZHNVdGRqRHhNVFpLQ1BLUTJyZ3BEUjdSUTZR?= =?eucgb2312_cn?b?aHZob0VxK3lpbU1PSEsybW1RMjZvdjRzK0JOc0p0Uy9WVFZMT3pnN2hGbFdqVzlX?= =?eucgb2312_cn?b?YTVFOU13YUtyOTFwSlBpUXhIblZCR0xjYjQxbVlUWVBodi9kMWFWZ2wzeDNCdjlC?= =?eucgb2312_cn?b?VHFXUFA4bU12VWxCL3ZjWHlsT2c9PQ==?= MIME-Version: 1.0 X-OriginatorOrg: fujitsu.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: TYCPR01MB9305.jpnprd01.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: be83ab2d-fa53-4a9d-0801-08da5f30dcbc X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jul 2022 09:21:09.2569 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a19f121d-81e1-4858-a9d8-736e267fd4c7 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: qwN/5I6Y+ZmD7OscAYJ5cxPDi/hKy0uD0O+8LKpHzwF/WD0gmXyFib22E3Wfmx2oI6Bg2G1xeZ9rieHmBfF91Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYAPR01MB6009 Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org It's possible mr_pd(mr) returns NULL if rxe_mr_alloc() fails. it fixes below panic: [ 114.163945] RPC: Registered rdma backchannel transport module. [ 116.868003] eth0 speed is unknown, defaulting to 1000 [ 120.173114] rdma_rxe: rxe_mr_init_user: Unable to allocate memory for map [ 120.173159] ================================================================== [ 120.173161] BUG: KASAN: null-ptr-deref in __rxe_put+0x18/0x60 [rdma_rxe] [ 120.173194] Write of size 4 at addr 0000000000000080 by task rdma_flush_serv/685 [ 120.173197] [ 120.173199] CPU: 0 PID: 685 Comm: rdma_flush_serv Not tainted 5.19.0-rc1-roce-flush+ #90 [ 120.173203] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-27-g64f37cc530f1-prebuilt.qemu.org 04/01/2014 [ 120.173208] Call Trace: [ 120.173216] [ 120.173217] dump_stack_lvl+0x34/0x44 [ 120.173250] kasan_report+0xab/0x120 [ 120.173261] ? __rxe_put+0x18/0x60 [rdma_rxe] [ 120.173277] kasan_check_range+0xf9/0x1e0 [ 120.173282] __rxe_put+0x18/0x60 [rdma_rxe] [ 120.173311] rxe_mr_cleanup+0x21/0x140 [rdma_rxe] [ 120.173328] __rxe_cleanup+0xff/0x1d0 [rdma_rxe] [ 120.173344] rxe_reg_user_mr+0xa7/0xc0 [rdma_rxe] [ 120.173360] ib_uverbs_reg_mr+0x265/0x460 [ib_uverbs] [ 120.173387] ? ib_uverbs_modify_qp+0x8b/0xd0 [ib_uverbs] [ 120.173433] ? ib_uverbs_create_cq+0x100/0x100 [ib_uverbs] [ 120.173461] ? uverbs_fill_udata+0x1d8/0x330 [ib_uverbs] [ 120.173488] ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0x19d/0x250 [ib_uverbs] [ 120.173517] ? ib_uverbs_handler_UVERBS_METHOD_QUERY_CONTEXT+0x190/0x190 [ib_uverbs] [ 120.173547] ? radix_tree_next_chunk+0x31e/0x410 [ 120.173559] ? uverbs_fill_udata+0x255/0x330 [ib_uverbs] [ 120.173587] ib_uverbs_cmd_verbs+0x11c2/0x1450 [ib_uverbs] [ 120.173616] ? ucma_put_ctx+0x16/0x50 [rdma_ucm] [ 120.173623] ? __rcu_read_unlock+0x43/0x60 [ 120.173633] ? ib_uverbs_handler_UVERBS_METHOD_QUERY_CONTEXT+0x190/0x190 [ib_uverbs] [ 120.173661] ? uverbs_fill_udata+0x330/0x330 [ib_uverbs] [ 120.173711] ? avc_ss_reset+0xb0/0xb0 [ 120.173722] ? vfs_fileattr_set+0x450/0x450 [ 120.173742] ? should_fail+0x78/0x2b0 [ 120.173745] ? __fsnotify_parent+0x38a/0x4e0 [ 120.173764] ? ioctl_has_perm.constprop.0.isra.0+0x198/0x210 [ 120.173784] ? should_fail+0x78/0x2b0 [ 120.173787] ? selinux_bprm_creds_for_exec+0x550/0x550 [ 120.173792] ib_uverbs_ioctl+0x114/0x1b0 [ib_uverbs] [ 120.173820] ? ib_uverbs_cmd_verbs+0x1450/0x1450 [ib_uverbs] [ 120.173861] __x64_sys_ioctl+0xb4/0xf0 [ 120.173867] do_syscall_64+0x3b/0x90 [ 120.173877] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 120.173884] RIP: 0033:0x7f4b563c14eb [ 120.173889] Code: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 55 b9 0c 00 f7 d8 64 89 01 48 [ 120.173892] RSP: 002b:00007ffe0e4a6fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000010 Signed-off-by: Li Zhijian --- drivers/infiniband/sw/rxe/rxe_mr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/infiniband/sw/rxe/rxe_mr.c b/drivers/infiniband/sw/rxe/rxe_mr.c index 9a5c2af6a56f..cec5775a72f2 100644 --- a/drivers/infiniband/sw/rxe/rxe_mr.c +++ b/drivers/infiniband/sw/rxe/rxe_mr.c @@ -695,8 +695,10 @@ int rxe_dereg_mr(struct ib_mr *ibmr, struct ib_udata *udata) void rxe_mr_cleanup(struct rxe_pool_elem *elem) { struct rxe_mr *mr = container_of(elem, typeof(*mr), elem); + struct rxe_pd *pd = mr_pd(mr); - rxe_put(mr_pd(mr)); + if (pd) + rxe_put(pd); ib_umem_release(mr->umem);