[PATCH] IB/i40iw: Fix error code in i40iw_create

Linux RDMA and InfiniBand development
 help / color / mirror / Atom feed

* [PATCH] IB/i40iw: Fix error code in i40iw_create_cq()
@ 2017-07-13  7:47 Dan Carpenter
  2017-07-13 14:42 ` Shiraz Saleem
  2017-07-22 17:27 ` Doug Ledford
  0 siblings, 2 replies; 3+ messages in thread
From: Dan Carpenter @ 2017-07-13  7:47 UTC (permalink / raw)
  To: Faisal Latif
  Cc: Shiraz Saleem, Doug Ledford, Sean Hefty, Hal Rosenstock,
	linux-rdma, kernel-janitors

We accidentally forgot to set the error code if ib_copy_from_udata()
fails.  It means we return ERR_PTR(0) which is NULL and results in a
NULL dereference in the callers.

Fixes: d37498417947 ("i40iw: add files for iwarp interface")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/drivers/infiniband/hw/i40iw/i40iw_verbs.c b/drivers/infiniband/hw/i40iw/i40iw_verbs.c
index 4dbe61ec7a77..91f1631ff32d 100644
--- a/drivers/infiniband/hw/i40iw/i40iw_verbs.c
+++ b/drivers/infiniband/hw/i40iw/i40iw_verbs.c
@@ -1161,8 +1161,10 @@ static struct ib_cq *i40iw_create_cq(struct ib_device *ibdev,
 		memset(&req, 0, sizeof(req));
 		iwcq->user_mode = true;
 		ucontext = to_ucontext(context);
-		if (ib_copy_from_udata(&req, udata, sizeof(struct i40iw_create_cq_req)))
+		if (ib_copy_from_udata(&req, udata, sizeof(struct i40iw_create_cq_req))) {
+			err_code = -EFAULT;
 			goto cq_free_resources;
+		}
 
 		spin_lock_irqsave(&ucontext->cq_reg_mem_list_lock, flags);
 		iwpbl = i40iw_get_pbl((unsigned long)req.user_cq_buffer,

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] IB/i40iw: Fix error code in i40iw_create_cq()
  2017-07-13  7:47 [PATCH] IB/i40iw: Fix error code in i40iw_create_cq() Dan Carpenter
@ 2017-07-13 14:42 ` Shiraz Saleem
  2017-07-22 17:27 ` Doug Ledford
  1 sibling, 0 replies; 3+ messages in thread
From: Shiraz Saleem @ 2017-07-13 14:42 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: Faisal Latif, Doug Ledford, Sean Hefty, Hal Rosenstock,
	linux-rdma, kernel-janitors

On Thu, Jul 13, 2017 at 10:47:22AM +0300, Dan Carpenter wrote:
> We accidentally forgot to set the error code if ib_copy_from_udata()
> fails.  It means we return ERR_PTR(0) which is NULL and results in a
> NULL dereference in the callers.
> 
> Fixes: d37498417947 ("i40iw: add files for iwarp interface")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/drivers/infiniband/hw/i40iw/i40iw_verbs.c b/drivers/infiniband/hw/i40iw/i40iw_verbs.c
> index 4dbe61ec7a77..91f1631ff32d 100644
> --- a/drivers/infiniband/hw/i40iw/i40iw_verbs.c
> +++ b/drivers/infiniband/hw/i40iw/i40iw_verbs.c
> @@ -1161,8 +1161,10 @@ static struct ib_cq *i40iw_create_cq(struct ib_device *ibdev,
>  		memset(&req, 0, sizeof(req));
>  		iwcq->user_mode = true;
>  		ucontext = to_ucontext(context);
> -		if (ib_copy_from_udata(&req, udata, sizeof(struct i40iw_create_cq_req)))
> +		if (ib_copy_from_udata(&req, udata, sizeof(struct i40iw_create_cq_req))) {
> +			err_code = -EFAULT;
>  			goto cq_free_resources;
> +		}
>  
>  		spin_lock_irqsave(&ucontext->cq_reg_mem_list_lock, flags);
>  		iwpbl = i40iw_get_pbl((unsigned long)req.user_cq_buffer,

Nice catch. Thank you!

Acked-by: Shiraz Saleem <shiraz.saleem@intel.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] IB/i40iw: Fix error code in i40iw_create_cq()
  2017-07-13  7:47 [PATCH] IB/i40iw: Fix error code in i40iw_create_cq() Dan Carpenter
  2017-07-13 14:42 ` Shiraz Saleem
@ 2017-07-22 17:27 ` Doug Ledford
  1 sibling, 0 replies; 3+ messages in thread
From: Doug Ledford @ 2017-07-22 17:27 UTC (permalink / raw)
  To: Dan Carpenter, Faisal Latif
  Cc: Shiraz Saleem, Sean Hefty, Hal Rosenstock, linux-rdma,
	kernel-janitors


[-- Attachment #1.1: Type: text/plain, Size: 547 bytes --]

On 7/13/2017 3:47 AM, Dan Carpenter wrote:
> We accidentally forgot to set the error code if ib_copy_from_udata()
> fails.  It means we return ERR_PTR(0) which is NULL and results in a
> NULL dereference in the callers.
> 
> Fixes: d37498417947 ("i40iw: add files for iwarp interface")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

This was accepted into 4.13-rc, thanks.

-- 
Doug Ledford <dledford@redhat.com>
    GPG Key ID: B826A3330E572FDD
    Key fingerprint = AE6B 1BDA 122B 23B4 265B  1274 B826 A333 0E57 2FDD


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 884 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2017-07-22 17:27 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-07-13  7:47 [PATCH] IB/i40iw: Fix error code in i40iw_create_cq() Dan Carpenter
2017-07-13 14:42 ` Shiraz Saleem
2017-07-22 17:27 ` Doug Ledford

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox