Received: by 10.192.165.156 with SMTP id m28csp147489imm;
        Thu, 12 Apr 2018 18:41:56 -0700 (PDT)
X-Google-Smtp-Source: AIpwx48rTu6f6C6vPtDBofbu8Z+05HH5GET8AOQkI1N0RDVrqKUMgPAsM13gjDKQ2wGIWqh2gGgH
X-Received: by 10.101.100.132 with SMTP id e4mr2488254pgv.240.1523583716168;
        Thu, 12 Apr 2018 18:41:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523583716; cv=none;
        d=google.com; s=arc-20160816;
        b=S1+88es2D7KXYcCYBauB0MbcGWijtomV6eqLGIn7C9BrPPPnG2Hsp/esOBsM9oTM7z
         oZd3JxnfmP0tdQLAlTHCCwpz3DEjBQBpN09V8ditjiiHAx0lzOZyNRq+f4l+QI8VZrJE
         Qj3ZArjmFDoQQlIr7bWAw744M0nwc0crAIe8KNO2B2LCrh1E++5DFrlKrQUYxu3yBh/v
         oexhLSw8Zf0tUDxv+U6WZXzSH4AJePpGX7G+aJTAH2ICcY0SYW0RNPy8cMuITZMpYrUM
         HlI4VVwQ3012g2WBzlgFjEyWpJvTZdKzhKj1CdSMK6ICSYzGapxcbnZII9HnLJjAz6Cp
         9I6g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature
         :arc-authentication-results;
        bh=cTIeVhY7sPB8Folz7Y5SiswlSGOnY+c008NUuUGF+oU=;
        b=NZfwmyGZTxE331eL+ybXQLY8widJh2Y24+MHAxpZbkAbyne5XYU5NHgpVBmx7JvKg8
         ZOp95pGEgnqrd5NMe8U/ew1AoiAxkMzdQN7FVaDeIOIJoFEIMC/i+CTBIWUTyn1GOltF
         9YsYh8e8l1p2RIlaUH+aN/bUTx8ZFla8dVY1ZP8DBqsA3OF2TLiHVsRw/yMxE1SORlGc
         vHiIPEFIVx4gBQBhBB2HPBr4gEbQD5NyobuUlAUb6ZmTHWUpA4oe3kl1OmsK1JdOCi3B
         53+c3pFPVievFbq0ohTOBnKlEDhQvNpt+eyQ/Qc7uvNSmlyQKj2Lb64y7b2aCMOfXAwT
         Gw2g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=gMUYHxHD;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b2si3061988pgq.646.2018.04.12.18.41.40;
        Thu, 12 Apr 2018 18:41:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=gMUYHxHD;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753443AbeDLXoF (ORCPT <rfc822;chenhe.dev@gmail.com>
        + 99 others); Thu, 12 Apr 2018 19:44:05 -0400
Received: from mail-it0-f65.google.com ([209.85.214.65]:56224 "EHLO
        mail-it0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752677AbeDLXoE (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 12 Apr 2018 19:44:04 -0400
Received: by mail-it0-f65.google.com with SMTP id 142-v6so1063517itl.5
        for <linux-kernel@vger.kernel.org>; Thu, 12 Apr 2018 16:44:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=cTIeVhY7sPB8Folz7Y5SiswlSGOnY+c008NUuUGF+oU=;
        b=gMUYHxHDffqW8ppyYsauqqliCX5YVMtt3H9zv6Vi/PlFL/asWBjh09CpWj5+aRDsvq
         J5NnhIrg2Yrr8Eo41unnF10K6yCuAi1wvJJMOFJPTvEtUtq6HxUkuuQGfj5wOwnWtfP5
         PWx+v8WjkBK1Xjrb2luYVtnzIfIWQlqwdlGgSbKWpLEJzB4M6+U/jEgVsIDw/cZ+Yxtl
         4sK0NB7qxk3XE0yEJe+15Zqu/qxernGNcWXCfFiGR01HO8blziXervNvIkONdyn/iVny
         e3tStkWqWYmZukv9YJCfWjHOuhXXlqcCEW0aGXDRS/hh3laqz6F2S9UDIdlO/6tRsFmZ
         elJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=cTIeVhY7sPB8Folz7Y5SiswlSGOnY+c008NUuUGF+oU=;
        b=VhXe76wlbxb7dW7JF0u1cDJ47sR0uGQ6IdvsKgCTjpLFpi10I/QCRoVIrUD92wvc2t
         q9GyGfm2zs0sZiZcjSpk9enFclFh0YS0vobeylZOzqiZFa3QxbXoZfyNn524zZYIPbMd
         HQdxlxZIRzrh7FhD1A0I4m4wxsrFXO9GlLRBxPOMKtrv0rzE/ytRJjNkhJD7nnZrzys1
         OBrpMoFiaObYV3FOiv4POSs1j5uyRKTSwU5TU37br97R7hpnl9nT6M33vNaRu3YfFauf
         A4/7Cf3Ds4MD0II9GtImwDZXO7R+lcABQjN4IZg2C4pdL4S2ByHBbjhgQEMWRv6a8ymC
         878g==
X-Gm-Message-State: ALQs6tB6Wg3P7pXkBUdGNJebbimqdZgx5txrX2qFtbtMS4wGRX56UgSh
        xhmb3VGWkt4SPAIdmPYHfaL+57tBg6U=
X-Received: by 2002:a24:5852:: with SMTP id f79-v6mr3174467itb.108.1523576643591;
        Thu, 12 Apr 2018 16:44:03 -0700 (PDT)
Received: from [10.0.2.15] (CPEac9e17937810-CM64777dd8e660.cpe.net.cable.rogers.com. [99.245.240.231])
        by smtp.gmail.com with ESMTPSA id e65sm1252516iod.34.2018.04.12.16.44.01
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 12 Apr 2018 16:44:02 -0700 (PDT)
Subject: Re: [PATCH] rapidio: fix rio_dma_transfer error handling
To:     Andrew Morton <akpm@linux-foundation.org>,
        Ioan Nicu <ioan.nicu.ext@nokia.com>
Cc:     Barry Wood <barry.wood@idt.com>,
        Matt Porter <mporter@kernel.crashing.org>,
        Christophe JAILLET <christophe.jaillet@wanadoo.fr>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Logan Gunthorpe <logang@deltatee.com>,
        Chris Wilson <chris@chris-wilson.co.uk>,
        Tvrtko Ursulin <tvrtko.ursulin@intel.com>,
        Frank Kunz <frank.kunz@nokia.com>,
        Alexander Sverdlin <alexander.sverdlin@nokia.com>,
        linux-kernel@vger.kernel.org
References: <20180412150605.GA31409@nokia.com>
 <20180412142803.cd235a40155503700dc73b21@linux-foundation.org>
From:   Alexandre Bounine <alex.bou9@gmail.com>
Message-ID: <d77db0b1-2cca-c0f6-987d-32ffb45cb16f@gmail.com>
Date:   Thu, 12 Apr 2018 19:44:01 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <20180412142803.cd235a40155503700dc73b21@linux-foundation.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


On 2018-04-12 05:28 PM, Andrew Morton wrote:
> On Thu, 12 Apr 2018 17:06:05 +0200 Ioan Nicu <ioan.nicu.ext@nokia.com> wrote:
> 
>> Some of the mport_dma_req structure members were initialized late
>> inside the do_dma_request() function, just before submitting the
>> request to the dma engine. But we have some error branches before
>> that. In case of such an error, the code would return on the error
>> path and trigger the calling of dma_req_free() with a req structure
>> which is not completely initialized. This causes a NULL pointer
>> dereference in dma_req_free().
>>
>> This patch fixes these error branches by making sure that all
>> necessary mport_dma_req structure members are initialized in
>> rio_dma_transfer() immediately after the request structure gets
>> allocated.
> 
> This sounds like something which someone has actually triggered in a
> real-world situation.  So I added a cc:stable.  Please let me know if
> that was inappropriate.
> 
> And please remember to always include all information regarding
> end-user impact when fixing bugs.
> 
This bug fix is applicable to versions starting from v4.6