From: Leon Romanovsky <leon@kernel.org>
To: Aleksandr Mishin <amishin@t-argos.ru>
Cc: Wei Xu <xuwei5@hisilicon.com>,
Chengchang Tang <tangchengchang@huawei.com>,
Junxian Huang <huangjunxian6@hisilicon.com>,
Jason Gunthorpe <jgg@ziepe.ca>, Xi Wang <wangxi11@huawei.com>,
Shengming Shu <shushengming1@huawei.com>,
Weihang Li <liweihang@huawei.com>,
linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org,
lvc-project@linuxtesting.org
Subject: Re: [PATCH] RDMA: hns: Fix possible null pointer dereference
Date: Tue, 9 Apr 2024 12:26:01 +0300 [thread overview]
Message-ID: <20240409092601.GG4195@unreal> (raw)
In-Reply-To: <20240409083047.15784-1-amishin@t-argos.ru>
On Tue, Apr 09, 2024 at 11:30:47AM +0300, Aleksandr Mishin wrote:
> In hns_roce_hw_v2_get_cfg() pci_match_id() may return
> NULL which is later dereferenced. Fix this bug by adding NULL check.
I don't know, this NULL can't happen in this flow.
Thanks
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 0b567cde9d7a ("RDMA/hns: Enable RoCE on virtual functions")
> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
> ---
> drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 13 +++++++++++--
> 1 file changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
> index ba7ae792d279..31a2093334d9 100644
> --- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
> +++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
> @@ -6754,7 +6754,7 @@ static const struct pci_device_id hns_roce_hw_v2_pci_tbl[] = {
>
> MODULE_DEVICE_TABLE(pci, hns_roce_hw_v2_pci_tbl);
>
> -static void hns_roce_hw_v2_get_cfg(struct hns_roce_dev *hr_dev,
> +static int hns_roce_hw_v2_get_cfg(struct hns_roce_dev *hr_dev,
> struct hnae3_handle *handle)
> {
> struct hns_roce_v2_priv *priv = hr_dev->priv;
> @@ -6763,6 +6763,9 @@ static void hns_roce_hw_v2_get_cfg(struct hns_roce_dev *hr_dev,
>
> hr_dev->pci_dev = handle->pdev;
> id = pci_match_id(hns_roce_hw_v2_pci_tbl, hr_dev->pci_dev);
> + if (!id)
> + return -ENXIO;
> +
> hr_dev->is_vf = id->driver_data;
> hr_dev->dev = &handle->pdev->dev;
> hr_dev->hw = &hns_roce_hw_v2;
> @@ -6789,6 +6792,8 @@ static void hns_roce_hw_v2_get_cfg(struct hns_roce_dev *hr_dev,
>
> hr_dev->reset_cnt = handle->ae_algo->ops->ae_dev_reset_cnt(handle);
> priv->handle = handle;
> +
> + return 0;
> }
>
> static int __hns_roce_hw_v2_init_instance(struct hnae3_handle *handle)
> @@ -6806,7 +6811,11 @@ static int __hns_roce_hw_v2_init_instance(struct hnae3_handle *handle)
> goto error_failed_kzalloc;
> }
>
> - hns_roce_hw_v2_get_cfg(hr_dev, handle);
> + ret = hns_roce_hw_v2_get_cfg(hr_dev, handle);
> + if (ret) {
> + dev_err(hr_dev->dev, "RoCE Engine cfg failed!\n");
> + goto error_failed_roce_init;
> + }
>
> ret = hns_roce_init(hr_dev);
> if (ret) {
> --
> 2.30.2
>
next prev parent reply other threads:[~2024-04-09 9:26 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-09 8:30 [PATCH] RDMA: hns: Fix possible null pointer dereference Aleksandr Mishin
2024-04-09 9:26 ` Leon Romanovsky [this message]
2024-04-09 11:10 ` Junxian Huang
2024-04-09 18:01 ` Aleksandr Mishin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240409092601.GG4195@unreal \
--to=leon@kernel.org \
--cc=amishin@t-argos.ru \
--cc=huangjunxian6@hisilicon.com \
--cc=jgg@ziepe.ca \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=liweihang@huawei.com \
--cc=lvc-project@linuxtesting.org \
--cc=shushengming1@huawei.com \
--cc=tangchengchang@huawei.com \
--cc=wangxi11@huawei.com \
--cc=xuwei5@hisilicon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.