From patchwork Wed Aug 31 01:47:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiao Yang X-Patchwork-Id: 12960252 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 966EEECAAA1 for ; Wed, 31 Aug 2022 01:48:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229723AbiHaBss (ORCPT ); Tue, 30 Aug 2022 21:48:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49348 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229720AbiHaBsq (ORCPT ); Tue, 30 Aug 2022 21:48:46 -0400 X-Greylist: delayed 63 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Tue, 30 Aug 2022 18:48:44 PDT Received: from esa15.fujitsucc.c3s2.iphmx.com (esa15.fujitsucc.c3s2.iphmx.com [68.232.156.107]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D2546DA3 for ; Tue, 30 Aug 2022 18:48:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=fujitsu.com; i=@fujitsu.com; q=dns/txt; s=fj1; t=1661910525; x=1693446525; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=XBa+9vKjKHkdD9svs8WBrNd/oyhJ1uCO8pmHKgBu4Gc=; b=KZkBFHa5CVHCNEESl6BeTuQxEB77x+enAr5v+CaAe50o0UVWekyfQbya 4Djv37rDceiDSKmyQTdzO59NQEDslibdYLPhmXizSufUYOT0LvPxa5Vc2 QWss3Uw/MW3F4CjElfcMVOy4/uBVAcL6xwwqtQkh0tON8lgKO6SmBDPUK SdwiRtW9F1yDEg3wQYvg27W8RgwzY20zobmvfdMHTlmxgyt8Zz19XhJis EaETcyEIBOhbArm7i4vpnl0TCP/GcHosPifqSYYqieVjC5O9JMJ6M7UK0 K41ZiRHzHSPsC6jmys/hPX7BWj1C4mKd6FGRZUFh2AqX2/QPyGoLQL7tu w==; X-IronPort-AV: E=McAfee;i="6500,9779,10455"; a="63935526" X-IronPort-AV: E=Sophos;i="5.93,276,1654527600"; d="scan'208";a="63935526" Received: from mail-os0jpn01lp2112.outbound.protection.outlook.com (HELO JPN01-OS0-obe.outbound.protection.outlook.com) ([104.47.23.112]) by ob1.fujitsucc.c3s2.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Aug 2022 10:47:37 +0900 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hP7BjDA7egQjeUgjc3Xrv2pf6wI2k0croWTK7E3YaUnURh3TBg39pf6KDa+qUieu/eV3CihxrUoqNSMRei9IYP+gG0My9x5IkfSNp817XAEeLIgTC83JrDrVk/cG+nGAycehCGnHfDzm+zkYZbshZdYb03tgGDY4rea0jDaE4bnFTK0UWrwbNIvb4dgKfU2RxloO3ZAfMMxNrKCNS5Qtv0ir0J/YkQjwUv+m8D0vH9HCWZRO1TLoBRCBBn0VNm79CwvX5jduivgYRgw2jLwQ/67Vw1cRxwvPRByD3wxumKCkGjSnKHEii+8jA2lH4PDUOu6fyG4UquwkUV+878NopQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XBa+9vKjKHkdD9svs8WBrNd/oyhJ1uCO8pmHKgBu4Gc=; b=ii6KpCU5EauGs7DYn+wSsBSPkr4hsyT0J8FNWbX9FBsHSAc3qt8KtXwEAwXGDvEo2UlTh28a7O8dBU3NMazdwZsljQKozHB2FT7p2kpATy4yDMPnJ5OsJ9LXs6JqOIIGc7+YzOK8xyHxJedBJqwQ8+WZX8IshtBcyqtaoGmC7NpkhdJ2jvKAb37XXNwwi7tGIKnVB4EiRUgsRgQttPxkFNYsOSl9mnHUzTQFBbpjWAeXEO38aRtTd4X9OPnC20/1vY7peOQOv/gAymsgJAQ/FY+pQmSEzVjc9vL6643Y1C8fQ9Sl8p3yfjiR9b21xQx6l+BZUTN+qlIQg1pS42rUeg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fujitsu.com; dmarc=pass action=none header.from=fujitsu.com; dkim=pass header.d=fujitsu.com; arc=none Received: from OS3PR01MB9499.jpnprd01.prod.outlook.com (2603:1096:604:1c8::5) by TYAPR01MB4397.jpnprd01.prod.outlook.com (2603:1096:404:12d::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5566.15; Wed, 31 Aug 2022 01:47:34 +0000 Received: from OS3PR01MB9499.jpnprd01.prod.outlook.com ([fe80::9d81:6e2:6f1:e08e]) by OS3PR01MB9499.jpnprd01.prod.outlook.com ([fe80::9d81:6e2:6f1:e08e%8]) with mapi id 15.20.5588.010; Wed, 31 Aug 2022 01:47:34 +0000 From: "yangx.jy@fujitsu.com" To: "bvanassche@acm.org" , "jgg@nvidia.com" , "leon@kernel.org" CC: "linux-rdma@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "yangx.jy@fujitsu.com" Subject: [PATCH] RDMA/srp: Set scmnd->result only when scmnd is not NULL Thread-Topic: [PATCH] RDMA/srp: Set scmnd->result only when scmnd is not NULL Thread-Index: AQHYvNukv4zzfaSRMEm9MHXMyi33Ug== Date: Wed, 31 Aug 2022 01:47:34 +0000 Message-ID: <20220831014730.17566-1-yangx.jy@fujitsu.com> Accept-Language: zh-CN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.34.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=fujitsu.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 3d187550-e131-465a-c4b4-08da8af2c699 x-ms-traffictypediagnostic: TYAPR01MB4397:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: VQxInG40ZOQamBrrHnR0XnQl90c+/qzep7/aAqi5612yWqJoELfNWseaTkcISylp9buemzrLgRYias8EWVzN49jMdSeFcyPncU+gFTdJW78yBDTv0986S17YVcYYnj9ZEOZWD5k+9kCLQbvBSn8Cv47uCrduw2BwK7HhlAuwJrTIFs1mWUl26itl8fB20ta8UwtkLHlMV7ARx+gKOQx6MvgoooLIjxmtIwYvgxKVorlh7GcH3yqRa29ztP+UBwPYsw+CTTzCk4vheITDhDQDC4OoOb6CFjfXWGQt0btGJeJR/BQvsS4nWl8fGD2DYyQBIRKC3o/hKbHjE9HzrlYe2t0CSU53i+xYWT2Eh+l8PbwGhDerBavn2Oxf0bC+SbxVm+hWhwCy8Ltx/WL/jGW+5O1eCOhDL5pGiZM+vX5Km/Ku/mPLmFoAS9DlioTswiByqPqP0gWAKFQb1I/hR7xjILHFSKsSvCX1b8bhb3zPo7ey0kzLd0juEqGBDNjZaoAaRYSK6eEToB9jiqbsVgodsVPJEZcGyfoV35mP2yFXyBMAJyDHw/Fv3GyG1fvsrqMjlU3Acg3lFe85rzEfuyCQKEqZmeLOGgtYH2X5WEhD3BJdx5EkNxmMAsZqJ39MindWoKAB/5H9uUwl3yb52+fLYviWg95l7XkU6w2SoeLHqCmVxXmQaB54Yar7h/bdVPeUzK/HXyJJHffPKRm1VgcGD75I1O3mIbNelLeL2OsLydQoaQt30GDK10G6gjuxsBTRVBQ8YnmI02PQY8HmsK0SnuFpbJOt8aICHxog1hBGwI4= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:OS3PR01MB9499.jpnprd01.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(4636009)(346002)(366004)(376002)(136003)(396003)(39860400002)(1590799006)(66476007)(122000001)(76116006)(86362001)(38070700005)(82960400001)(91956017)(54906003)(66446008)(66556008)(110136005)(8676002)(66946007)(64756008)(4326008)(41300700001)(5660300002)(8936002)(38100700002)(6486002)(316002)(1076003)(478600001)(186003)(2616005)(71200400001)(2906002)(6512007)(1580799003)(6506007)(36756003)(107886003)(83380400001)(85182001)(26005);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?eucgb2312_cn?b?TEhnL1poRGJyMWVTc3kzR3lo?= =?eucgb2312_cn?b?T25LSE1GN1ZIWUpDMFc2cFduZXNWMTJ2NzVaTXhEMW1ZbHJBNU0yQ3piLzZLVWxT?= =?eucgb2312_cn?b?ZnZVU0F5anNQRTcvR1pUQ3MvbXpsL1Arc0MwWGVjakRSNUVmZng2N3ZHNWhZREpy?= =?eucgb2312_cn?b?eDk1SE1VN3lVSkdySW9HeG1EbDFmNkNwck1jbzh0L0NRMjg3cVhBU1Q4UGNZcGlV?= =?eucgb2312_cn?b?Ym0xbWlMaC9wM0svK0F1SXlYMVh4a1dYR3ZRNzREb0x5eXNQWUw2dU13ZWVaWUJm?= =?eucgb2312_cn?b?eWJzRkpzSUNNNmc3dGgrS3U2eU5BTGIvME0xRTBUcmJEVG9TUnMrRTNXWkFCZ1pq?= =?eucgb2312_cn?b?WU1seDJyeTFtSVJyUHpKM2pKUlFkVHJjV09EZmVQVWRtdFB1bFFwYkJ0RG9BR3Bt?= =?eucgb2312_cn?b?NWFpQmY1RzdlcWpFSWVIRnU2MVlVWkRuZVY4YXhSU1I0a2NHY0RCLzh3ZXRHT29S?= =?eucgb2312_cn?b?NE1zSEpPdGMrU1V4ZXc2U0hEOWJ2TTBIVDk0Q09rZU4wQUcwMXlab3ZkR0wydW9r?= =?eucgb2312_cn?b?ZEk2NVZOUStUWUhpUjVLUzFqdURTaWFvK2prYmxNalZaelFPNnZQOVc3Z2EvSnJY?= =?eucgb2312_cn?b?aGFkejB6Yzg3K3NtRXpKUUdZT0hxcmdIZDkyMC96d3RldnRwWDlXYjFKOE1DaUdk?= =?eucgb2312_cn?b?TGxSVmRYWlJSVHlQU3JCNVpiL1lnQmRhcjY1WlRuN1dWTTBDdTN4NmRzcDhiTEs5?= =?eucgb2312_cn?b?MzhNQ2lheGs5bUNjRmNScDFVZmlCdHJMRFBsS0xpb2t6OTk2MTkwTWhwWi9lN2V6?= =?eucgb2312_cn?b?YUFzVng3V2xvWWNPT0Z6cFNjT2Vpa0paMTFHTnlsVkRsNFNLVUdITFNhdlpzSHNu?= =?eucgb2312_cn?b?cDBEM3BFNHQ0Ri9wYmhhVHhPRkhsR1Y1Ukt3VEhKbHRVZU9oTy9PVG4yZWtwOTN0?= =?eucgb2312_cn?b?K2hoRERWQmZtc2FZc3cxTDlNdGRxTENpN2t3MU1NNjhTSms2Tk9yd0dsemhGdWRw?= =?eucgb2312_cn?b?NGxmdWwyam9RblFJZzBJMjk3T1htL0FyOUkvT3Q3aU5ycGZlMmhiOHBzMEIreUVs?= =?eucgb2312_cn?b?S0c4cG5neFVWbHlnb0R2MUlnb1V4dzRyN2krTkR5WVhmNDA4SWlDNzI1Z3h2TnZJ?= =?eucgb2312_cn?b?QTdzNFB1SXZ6NHlKcFdaNC9VcjlsNnFqcklmUXBDTlh3U0hRc2RaUHpzc3dmUkNS?= =?eucgb2312_cn?b?MHFodUNEcXpqVisxUFhVdjdDNHRiK1JaYmF3d2FlZmdSWTFtVGw5aDZFS1VIYzFs?= =?eucgb2312_cn?b?SnZUNTM1c2syTGFiVXE4RjVURm91b20yYTNiR29zc1dWZC9ZaXRoZ2VGcFFuME1x?= =?eucgb2312_cn?b?eHlSMjNyNjIxcVB0LzJicHJ2b0h3eW4yUThDanRtZGlFWEhXbjJQdlpHbmYzSmZ4?= =?eucgb2312_cn?b?QUFDZ0hRdTJraVJqWm96L0xGYXpzTUZwd0NrZXhhUFNSMllQQ1Fmd0p2dGhxVEVo?= =?eucgb2312_cn?b?MHQzRnFDbzE2c1RVemZ2bC9KanptNmF3Sy9iVm1saGhmd09hRysrcHBqRXdydjF6?= =?eucgb2312_cn?b?ZWxHUU8yUW5YK2V5VktmU2xGR280WU83bzRnMFZXYWdWWkRYVVNReGxuU0I1UTNr?= =?eucgb2312_cn?b?OXlsT3lvekN3Q0t5eTNwaUlFQUxYWHVmU2ZJSDFsR0w3bTQ0aytzN3B2ZWE2eWNy?= =?eucgb2312_cn?b?NzgxNUhuY3BkQmdKRkNxa3pvQXN3QzlTTlBpS2U3dnhRUnovRDlqTGpudmhlK3RF?= =?eucgb2312_cn?b?cmk0c2N1R1RBdlJLN051emZpWndVUGsrak5UNHVYNEloUGp2MmdxMXNWVm5LMTNi?= =?eucgb2312_cn?b?NGhobklpdG1NY1RrMVpmWXBURU85b2x0Q1ZxazV6RXJyTXRpeWxmYWpvdVdHc3cy?= =?eucgb2312_cn?b?bThVcGJRS2dkTTF6K3FyZjJhc2hCVU9ERlZyZ0xMS3pZTWdaSFo2bXNHUHlzNnpQ?= =?eucgb2312_cn?b?WlZMcmx1TWpYVDVaakFsenBzVUU2RVBsa21aVy9WUGpKZCtkdFpEVmh3bVd1RzF4?= =?eucgb2312_cn?b?WkR3aHhmQkRvVzY1Tm82UkVyenRsNTUvMHBzbXBkZ0lHOTBac1N3ejBYdXZPTlhE?= =?eucgb2312_cn?b?clpodk5jWXZGQkFSa2QwRHV0K0V2eXZkMS9RTlBlTyttWEg3YXgvNXgxWmhkVW0r?= =?eucgb2312_cn?b?SkpCZlgyaVFEWUJreTNCc0w5WkNMTTNvRy9PYVRzbUVIbFFRdld2WDBuN2Zpa1FK?= =?eucgb2312_cn?b?UkhwaFh5M0RCRlBvVmFLUTlLSWc9PQ==?= MIME-Version: 1.0 X-OriginatorOrg: fujitsu.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: OS3PR01MB9499.jpnprd01.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3d187550-e131-465a-c4b4-08da8af2c699 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Aug 2022 01:47:34.4875 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a19f121d-81e1-4858-a9d8-736e267fd4c7 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: wfl9nRnrVZy38i+GLXx0z7gGj1kUnTdyMIk4SZLYbIUVwOwzIIzAiHbuBAvToA6Czhf/XGejGwiQQUol9M5RoQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYAPR01MB4397 Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org This change fixes the following kernel NULL pointer dereference which is reproduced by blktests srp/007 occasionally. BUG: kernel NULL pointer dereference, address: 0000000000000170 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 9 Comm: kworker/0:1H Kdump: loaded Not tainted 6.0.0-rc1+ #37 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-29-g6a62e0cb0dfe-prebuilt.qemu.org 04/01/2014 Workqueue: 0x0 (kblockd) RIP: 0010:srp_recv_done+0x176/0x500 [ib_srp] Code: 00 4d 85 ff 0f 84 52 02 00 00 48 c7 82 80 02 00 00 00 00 00 00 4c 89 df 4c 89 14 24 e8 53 d3 4a f6 4c 8b 14 24 41 0f b6 42 13 <41> 89 87 70 01 00 00 41 0f b6 52 12 f6 c2 02 74 44 41 8b 42 1c b9 RSP: 0018:ffffaef7c0003e28 EFLAGS: 00000282 RAX: 0000000000000000 RBX: ffff9bc9486dea60 RCX: 0000000000000000 RDX: 0000000000000102 RSI: ffffffffb76bbd0e RDI: 00000000ffffffff RBP: ffff9bc980099a00 R08: 0000000000000001 R09: 0000000000000001 R10: ffff9bca53ef0000 R11: ffff9bc980099a10 R12: ffff9bc956e14000 R13: ffff9bc9836b9cb0 R14: ffff9bc9557b4480 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff9bc97ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000170 CR3: 0000000007e04000 CR4: 00000000000006f0 Call Trace: __ib_process_cq+0xb7/0x280 [ib_core] ib_poll_handler+0x2b/0x130 [ib_core] irq_poll_softirq+0x93/0x150 __do_softirq+0xee/0x4b8 irq_exit_rcu+0xf7/0x130 sysvec_apic_timer_interrupt+0x8e/0xc0 Fixes: aef9ec39c47f ("IB: Add SCSI RDMA Protocol (SRP) initiator") Signed-off-by: Xiao Yang --- drivers/infiniband/ulp/srp/ib_srp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c index 7720ea270ed8..528cdd0daba4 100644 --- a/drivers/infiniband/ulp/srp/ib_srp.c +++ b/drivers/infiniband/ulp/srp/ib_srp.c @@ -1961,6 +1961,7 @@ static void srp_process_rsp(struct srp_rdma_ch *ch, struct srp_rsp *rsp) if (scmnd) { req = scsi_cmd_priv(scmnd); scmnd = srp_claim_req(ch, req, NULL, scmnd); + scmnd->result = rsp->status; } else { shost_printk(KERN_ERR, target->scsi_host, "Null scmnd for RSP w/tag %#016llx received on ch %td / QP %#x\n", @@ -1972,7 +1973,6 @@ static void srp_process_rsp(struct srp_rdma_ch *ch, struct srp_rsp *rsp) return; } - scmnd->result = rsp->status; if (rsp->flags & SRP_RSP_FLAG_SNSVALID) { memcpy(scmnd->sense_buffer, rsp->data +