mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-26 20:44:32 +08:00
948a7287b2
If QP is not visible to the pid, then we try to decrease its reference
count and return from the function before the QP pointer is
initialized. This lead to NULL pointer dereference.
Fix it by pass directly the res to the rdma_restract_put as arg instead of
&qp->res.
This fixes below call trace:
[ 5845.110329] BUG: kernel NULL pointer dereference, address:
00000000000000dc
[ 5845.120482] Oops: 0002 [#1] SMP PTI
[ 5845.129119] RIP: 0010:rdma_restrack_put+0x5/0x30 [ib_core]
[ 5845.169450] Call Trace:
[ 5845.170544] rdma_counter_get_qp+0x5c/0x70 [ib_core]
[ 5845.172074] rdma_counter_bind_qpn_alloc+0x6f/0x1a0 [ib_core]
[ 5845.173731] nldev_stat_set_doit+0x314/0x330 [ib_core]
[ 5845.175279] rdma_nl_rcv_msg+0xeb/0x1d0 [ib_core]
[ 5845.176772] ? __kmalloc_node_track_caller+0x20b/0x2b0
[ 5845.178321] rdma_nl_rcv+0xcb/0x120 [ib_core]
[ 5845.179753] netlink_unicast+0x179/0x220
[ 5845.181066] netlink_sendmsg+0x2d8/0x3d0
[ 5845.182338] sock_sendmsg+0x30/0x40
[ 5845.183544] __sys_sendto+0xdc/0x160
[ 5845.184832] ? syscall_trace_enter+0x1f8/0x2e0
[ 5845.186209] ? __audit_syscall_exit+0x1d9/0x280
[ 5845.187584] __x64_sys_sendto+0x24/0x30
[ 5845.188867] do_syscall_64+0x48/0x120
[ 5845.190097] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes:
|
||
|---|---|---|
| .. | ||
| core | ||
| hw | ||
| sw | ||
| ulp | ||
| Kconfig | ||
| Makefile | ||