From patchwork Wed Aug 31 08:16:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiao Yang X-Patchwork-Id: 12960530 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 950ABECAAD1 for ; Wed, 31 Aug 2022 08:16:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229710AbiHaIQj (ORCPT ); Wed, 31 Aug 2022 04:16:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34846 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229616AbiHaIQi (ORCPT ); Wed, 31 Aug 2022 04:16:38 -0400 Received: from esa12.fujitsucc.c3s2.iphmx.com (esa12.fujitsucc.c3s2.iphmx.com [216.71.156.125]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8D4517CB53; Wed, 31 Aug 2022 01:16:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=fujitsu.com; i=@fujitsu.com; q=dns/txt; s=fj1; t=1661933797; x=1693469797; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=079trhfMbcr2i+jlp/rj5cMAvGuWeQpO5MzCFJWNpc8=; b=GdJY7ffBOLMy/YofFMTmkq2pnNSDvlvN7rhHOpZNVRzPECR025iJ+MFj diPu93wyfgMkJBMPs8yRZm/FfORJFgu0cte1uA1QFvydGfOc529/ZSgop OBND/DdxCE2R2hX+3+wYRqron4MY4xD2O76kiurr8xT5/oU3dUOJOfBat YmA1yiY0aSXsmmm9jZmB4Y52FxX1A+t/BYSl9SnMNueEEXF9tJihscs6m Ak7izYkRvIhtys1R7x6XH7F9RdT5uuR57dMxGu02Pk3ktPS5KjyiafAML QGSPpOrtNxE8snvLp/K7S9WkZbeGnYJ8cHbcE5QcI0KZOBNkDRtS2tuTK w==; X-IronPort-AV: E=McAfee;i="6500,9779,10455"; a="64140224" X-IronPort-AV: E=Sophos;i="5.93,277,1654527600"; d="scan'208";a="64140224" Received: from mail-os0jpn01lp2108.outbound.protection.outlook.com (HELO JPN01-OS0-obe.outbound.protection.outlook.com) ([104.47.23.108]) by ob1.fujitsucc.c3s2.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Aug 2022 17:16:33 +0900 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kANDmP2M4//oPnk8S4S1gkjfstG+IGDCZAcbj6+mqR6Gjt9Q3FizOzXFYtWbEioGC/8qasQfjaYW880us6lqq+xknRND2D6rl5NOHMVNi4jogkD5p/sAu71uXH2GYMVHP73DFhPPUbAGS87SwYkeJW1jU4ZvAzqIvMFFPsJnDBWA93Hr5XQ6TpVlmMiDa9bK25uQ2GWVnvd3EjD6RI8fd58Hpz1RTKf6VG5GDlyT+gcD6oscGtDswqWwwOQ7YAiYscAzw94Kv+sUUSUInXHb0tn8gWDjmkZ3+1Rvw4DTBCeXGauZ2m3hRhuLZUM77SP3/01jUUJE7swFnuzB889FsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=079trhfMbcr2i+jlp/rj5cMAvGuWeQpO5MzCFJWNpc8=; b=YTxBhM3tmOhZdad//5an3QnDNv+kLhUPuMHrTmRs3SdvhhgmeKGxBZrgxs1U839YXUHbHjWde8jCrZrKV8LZ5j67+IEhHWYlArrJJQV8urQddUiIb7js5nZmwvvlnqvU0GerxJe5h1VsEyiTpDGBxkdsZrti8C4Y2Y2AvYJ3H7Uk3wZ1se+iUqzAFs48c7qvkd04CEYMgYth8tqakhO403A7ZRGlSyVuww8Sszq78u3pbLHFAVYLiWgnUbjg/IyjWw9qqvMc/+m2+VbEpqcWKyBHa6Nv60Sqpv0BWskKt9GqCRsguLiIP6FR7lXXqU1pc20UQ9yONR9kXvIGEv0bIQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fujitsu.com; dmarc=pass action=none header.from=fujitsu.com; dkim=pass header.d=fujitsu.com; arc=none Received: from OS3PR01MB9499.jpnprd01.prod.outlook.com (2603:1096:604:1c8::5) by TYCPR01MB9465.jpnprd01.prod.outlook.com (2603:1096:400:199::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5566.15; Wed, 31 Aug 2022 08:16:30 +0000 Received: from OS3PR01MB9499.jpnprd01.prod.outlook.com ([fe80::9d81:6e2:6f1:e08e]) by OS3PR01MB9499.jpnprd01.prod.outlook.com ([fe80::9d81:6e2:6f1:e08e%8]) with mapi id 15.20.5588.010; Wed, 31 Aug 2022 08:16:30 +0000 From: "yangx.jy@fujitsu.com" To: "bvanassche@acm.org" , "jgg@nvidia.com" , "leon@kernel.org" CC: "linux-rdma@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "lizhijian@fujitsu.com" , "yangx.jy@fujitsu.com" Subject: [PATCH v2] RDMA/srp: Set scmnd->result only when scmnd is not NULL Thread-Topic: [PATCH v2] RDMA/srp: Set scmnd->result only when scmnd is not NULL Thread-Index: AQHYvRH5uRIv+1zFNk2EIbUJMkAGyg== Date: Wed, 31 Aug 2022 08:16:29 +0000 Message-ID: <20220831081626.18712-1-yangx.jy@fujitsu.com> Accept-Language: zh-CN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.34.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=fujitsu.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f8e359ef-4234-4830-20af-08da8b291ba0 x-ms-traffictypediagnostic: TYCPR01MB9465:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: bgO69SX0MUVk94hTJ+CQ9Mj0Le/VBOwkeEf3HjnYI8wJNKZIqWab1YiEjyPAwq996HAR5CLMdmtnB3tekJ8fLFkEbw/NVYjVoGDGf/pLEHIm7Us4agtYWMW4EVJ3xcI3hMWvOzHvk2HG6AYqmwrVuGgQTBBybzIAnIqZiDUzAPkP5DRVed/sbyOEZIm2Hdr/g7i0yax+3fPViOzi/FWyzDKnKICfv4oxD7ZpXQ5EREDtzlrro/ERr7NYsYrDA5DPcUk1VPorLv1QXopXZMVlgwlWc2GsNCAMcrwHtDPxStulnPPN2QZK1b2Y32dsvBBKGMyH1Cqj4dl9190OMZwrHUtkeEyGkH+E3pUH9rm4U6vH+w/WskjuAXtTri7g6hDKRLrtc/Y5of79ailokm8NNOESBFJHiM0XtMmZxcERIaE6IqUUV79mUPa+UN+EwjBAygOVc10iNIPGR0P9XM1Pi7I0HUXJAXz9/fWwqmjpFNoPBS+OEnlmenQEP/Tpc7bg49ZkPHEwQz+Bc/vaK0JGBvmi+4B3q4uIl1nZIZgZ5d1Jh6ftsuxdRBzFgowifOtCygTU9sW3UBYggVhGU/OT6OKkV+YElWpdWjdchh9tbKeLjM+IUvPKEzEnuzdxvSt03eQVxeAN5M2eyJvMhMFmAuuw87kAEJtoOM7JxgioVArCV3Ljjcj0ZP2Pcdo14ZKfAtiZcinWAyqSViBvBE2gRpx7z5VDbM/A8PunqdX/A18FBlm2MWyymbfhnuL4b0eKvO2Vk68RXw8vh33jGb90ygbWkquxfOPF7m2NYLvVNyo= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:OS3PR01MB9499.jpnprd01.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(4636009)(376002)(396003)(346002)(39860400002)(366004)(136003)(1590799006)(2616005)(110136005)(64756008)(91956017)(66556008)(66946007)(2906002)(66446008)(107886003)(8676002)(6486002)(6506007)(54906003)(4326008)(66476007)(76116006)(36756003)(71200400001)(1580799003)(85182001)(186003)(83380400001)(1076003)(316002)(122000001)(82960400001)(38100700002)(26005)(478600001)(86362001)(38070700005)(8936002)(6512007)(41300700001)(5660300002);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?eucgb2312_cn?b?VUZoeitaOGxCcWFlSXduKzBw?= =?eucgb2312_cn?b?VksrWnNyOHUzV3NlSzRjT2pPcmpIN1RrcHJjY1Mxc0grZm8yZXd0ZUZ2czNRL0RD?= =?eucgb2312_cn?b?YkxOTTI3eSs2d28xTVFBTStKK3JkcUdndzRMMzZaNGI4SHVzcWNSK2VRZHJCNnVO?= =?eucgb2312_cn?b?emVLNEhsUEpsdVliTVJUU1NjQkFkVDhTdnR2VnptWGlSdVdrWGZ6SDZSRkhMQ0pj?= =?eucgb2312_cn?b?VS9DdHZnZ2xGbnU1Y0taVGphVDc1YkllMEptU0ttT3BibUQ4aXljeXpDQmdTdnkz?= =?eucgb2312_cn?b?dkowYndVRUlCbzJNZWk5S0Y5UmF0MmMzU3NTejdFeDdibnc0Umt3bThKWVQwSnlP?= =?eucgb2312_cn?b?RGVwditFWm1HSUZGZWNVOXVJdURZbzFPQUxZWm9VenhqMzR6V0Jucnkrd3BVTytE?= =?eucgb2312_cn?b?ZXFHQ0ZWSG1mR1FzNlA4TkZCRGhRZmk2OGVwN3pmSnNlb1dUbWhCV2NWVm16QXFZ?= =?eucgb2312_cn?b?VmxsY3Jpai9UVHdIOG1QL05ocC91aVQrQk53TDVHbmpPd3BNMVM1TEhhSHlLT3Jx?= =?eucgb2312_cn?b?M2RIOEphWVhBQ3dtc3R6SE9ZTTV1OWxwQnBGNzFXamtnTjNESmVIWmRYQlhBMWZD?= =?eucgb2312_cn?b?Y2l2eTF6enU5czlMcjZON3p0Rkl0ZDdUNmZxdjZ4QlZLTkpVcjAzQ0RKdmkzMlNk?= =?eucgb2312_cn?b?U3BLVitGUXQzYWlnNXhJQ25ZakN0QTgxNUo4MVhZRnk5TDdEZE00cDhPS3dNbS9r?= =?eucgb2312_cn?b?OE9DNnVqYXRPUFdJNUpTU1BGSlNOZ3pWdTBJU1VuUkppZXFnK1pBTWZiZ0ZuUUZk?= =?eucgb2312_cn?b?ZUlvQk9ZbTZwOHkyOFEvWEJoS20vZ2xIUWpuTnFYb0hBcWdDNzZoSWZyKzFuNkZp?= =?eucgb2312_cn?b?UWJIdlVrMUZXcGpTV3dIOUxoRk93djlVLy9oZ2ErUFlnMFozRUYzR0NWSUszTmY3?= =?eucgb2312_cn?b?U2lHRys1b1U4aVJNYjBWMXhjYTh2L1R6cUxZK2xibDIraHM4aW9XbE5mN1VTRVdS?= =?eucgb2312_cn?b?NldCOGVUdmY4TzBFNHJPTkVNVWNVTmd6RU0xK2tLb2N1ck0vRHRORGlFQXY4cTFE?= =?eucgb2312_cn?b?UDhVV01ZYWkyb2Z2RGUySUhRdU12YzltZW14eFJrVDMvL05tcVZjSytYMDVEaTk0?= =?eucgb2312_cn?b?eXRBNlozOGxIVVcrcWNiSi9rdUlZS0pFY0E1dG9BZ3pLbFl5Z1lqRW5zN0VRVHFx?= =?eucgb2312_cn?b?UDJqS3pNcjIyZ1hHd0FQalhoVDJrVVl1SFdrbThYVXprZWdCM0c5ZjZqOS9LNFQ1?= =?eucgb2312_cn?b?T2ZtTjJzdnZXRkUxQU5vbW8xSjNNOEZEN0hoVEJ3RWM3MzRxV3VvMEJHczNoUnAx?= =?eucgb2312_cn?b?MjQrUlFVa25ZZWtJTzRtdFNWWWtZZHcrRFFYaHVia09sc3VhZThCNWF1U0JDNjEz?= =?eucgb2312_cn?b?YUlxWlZMKzU1bkhvalRDYmRSbXh4R3ZjTDlMNUhEcGRnVFAwV1pVRVdZTFc5QjdD?= =?eucgb2312_cn?b?M0t4UXhVOWVjbmRJejZLMk5MQkZ4R202V3dsVHd1YVFreGx3T25YN0tyMkZQWGli?= =?eucgb2312_cn?b?T0ZvSnhWTlRBaDV5MWRvMFRRY20xb21pRklPNkE5OTNudzB4WUxGdlppZy9UV1FM?= =?eucgb2312_cn?b?ZWREWW5hcDNldnUyUnRucWdsczl3S005dlNFYkErTUlrM3BKVFprMGYxU21QT2pB?= =?eucgb2312_cn?b?NjVKVjA0TnlkVVB1VEFTNE5OUTBKQnBiMXJtOVAreGppMHI5alZucmhybnVlWHhY?= =?eucgb2312_cn?b?S0JpMmlyVzJRUCtucUovL0t3c293VnphUnJJc0g1TlgxQktBcmlmdXREQ2Y5LzVN?= =?eucgb2312_cn?b?NjA3c29tM05CeGlVQ3Q2N25yMmYya1ZLMERHQlp1bFlwZlpsaktSVWJLSlBBVTNT?= =?eucgb2312_cn?b?MDhaUFlWNEVjdk92dWtaWlgxZnNuWWxmL1pRY0VFeFZPT3FTUytuUUNuUU5aeEMr?= =?eucgb2312_cn?b?ck5TYnkrbWdEaWh5bUdwajBvdmZEQXZ0UTR2d0Z0OWl5dnEyREhaWU0zMTJUSlpu?= =?eucgb2312_cn?b?RVdYbWJ4T0ZMS2Rpd0FUcGxjU0FwNXd6NjljUHd1VkRaR21hNVVydEMwVUZnSlV5?= =?eucgb2312_cn?b?ajRSU3Z3VW1oNlRoeU1UM3BMQVovU1Y0L1g4czdBdW5odUhkRHpTZUplVGMvTmho?= =?eucgb2312_cn?b?RGcyZ1lOUjBkbWkyYmdZTjhoVWRKUlpFMmpaR1dFZ1hHMGNoMXNJVlc2S2dCRzBM?= =?eucgb2312_cn?b?ZCtaK21GMmRDK1RvVURON2NHOFE9PQ==?= MIME-Version: 1.0 X-OriginatorOrg: fujitsu.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: OS3PR01MB9499.jpnprd01.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f8e359ef-4234-4830-20af-08da8b291ba0 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Aug 2022 08:16:29.9433 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a19f121d-81e1-4858-a9d8-736e267fd4c7 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: GtWNg9zaXS7GV88vc8VuPow9R8M/MqOxFza41s6CeXvG1V/WJbzaPguGWJP/4V8Ltg9qlnd8DpFcxmbstn6aaQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYCPR01MB9465 Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org This change fixes the following kernel NULL pointer dereference which is reproduced by blktests srp/007 occasionally. BUG: kernel NULL pointer dereference, address: 0000000000000170 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 9 Comm: kworker/0:1H Kdump: loaded Not tainted 6.0.0-rc1+ #37 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-29-g6a62e0cb0dfe-prebuilt.qemu.org 04/01/2014 Workqueue: 0x0 (kblockd) RIP: 0010:srp_recv_done+0x176/0x500 [ib_srp] Code: 00 4d 85 ff 0f 84 52 02 00 00 48 c7 82 80 02 00 00 00 00 00 00 4c 89 df 4c 89 14 24 e8 53 d3 4a f6 4c 8b 14 24 41 0f b6 42 13 <41> 89 87 70 01 00 00 41 0f b6 52 12 f6 c2 02 74 44 41 8b 42 1c b9 RSP: 0018:ffffaef7c0003e28 EFLAGS: 00000282 RAX: 0000000000000000 RBX: ffff9bc9486dea60 RCX: 0000000000000000 RDX: 0000000000000102 RSI: ffffffffb76bbd0e RDI: 00000000ffffffff RBP: ffff9bc980099a00 R08: 0000000000000001 R09: 0000000000000001 R10: ffff9bca53ef0000 R11: ffff9bc980099a10 R12: ffff9bc956e14000 R13: ffff9bc9836b9cb0 R14: ffff9bc9557b4480 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff9bc97ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000170 CR3: 0000000007e04000 CR4: 00000000000006f0 Call Trace: __ib_process_cq+0xb7/0x280 [ib_core] ib_poll_handler+0x2b/0x130 [ib_core] irq_poll_softirq+0x93/0x150 __do_softirq+0xee/0x4b8 irq_exit_rcu+0xf7/0x130 sysvec_apic_timer_interrupt+0x8e/0xc0 Fixes: ad215aaea4f9 ("RDMA/srp: Make struct scsi_cmnd and struct srp_request adjacent") Signed-off-by: Xiao Yang Acked-by: Bart Van Assche --- drivers/infiniband/ulp/srp/ib_srp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c index 7720ea270ed8..d7f69e593a63 100644 --- a/drivers/infiniband/ulp/srp/ib_srp.c +++ b/drivers/infiniband/ulp/srp/ib_srp.c @@ -1961,7 +1961,8 @@ static void srp_process_rsp(struct srp_rdma_ch *ch, struct srp_rsp *rsp) if (scmnd) { req = scsi_cmd_priv(scmnd); scmnd = srp_claim_req(ch, req, NULL, scmnd); - } else { + } + if (!scmnd) { shost_printk(KERN_ERR, target->scsi_host, "Null scmnd for RSP w/tag %#016llx received on ch %td / QP %#x\n", rsp->tag, ch - target->ch, ch->qp->qp_num);