Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp25167img; Tue, 19 Mar 2019 14:43:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqy3zXPzcAFNU+Wfufdy8YU72OzxNtFEeEZuA+wrLFvfKbfrSl7wkq3qz9n+IsOL7XMkQJ3R X-Received: by 2002:a63:e70c:: with SMTP id b12mr3909197pgi.399.1553031823429; Tue, 19 Mar 2019 14:43:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553031823; cv=none; d=google.com; s=arc-20160816; b=NK0n4U1eb5vdYGQScfH1ox/OfxtJ0mx2gWWhIHoP0WQ6z2Vsvu0N3crYjaiFfW7nWe jTbXuwJbwUSThQNnay/3jxEu2h4klCQwiVG2rN5TfbkepPg5o51W7ykOfqeSYLp4G0zQ 1O0zzEs1bh1NYJfLJ6eOrL009nnqIWTo+jUKKDyNjz2JsuEJ9dVubYtS9+kBpA2bVExO S6hFrfsj6ej+gq5Cugq1oFADcI8ZdPK+8rf/pd1hDZcaSj318HjtCAQLsE4j3+I4u74b 0M2rOW5eY9QSdxpd6h05wGG5rz2zECCXG4k0mVBe9+e8Dj07hZtdkNK5opJW2FEuJJT5 c1wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=V5vdRUOMTzyVp4ECrS0AB5gyBJ7sCUPHuwXXx+dSqDo=; b=gLnenLsxTLWLwFkV1MbIUhwmp7mmTo37Emh2Fm5w4aBUKX902Tdnce6g9uSQD5ZefA VfwlveMK7DkXv7EMDbCohUD68wWeJqZVNFcHbcFoN0cW6n+6cnBD1+XrmIQN862mgEpZ FJRTnlBviBWOdREmdEY7UFPraekYFre8aHkA8EN0uSrkGkjMa6jcLZfDOKTyqjiiZnOs bxoE9nmg2EWxXjmKHz8Vxp865IimbcVQnXFdJ2x8IS6ofrxgKkjopBUB4OK2th5cr56y qrSfB509QypZGbcLqblvL8/CkwRi5fOiYgopup6NBY0sdeFM71aw60aKigqUrEWJso+F kD8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=TykP1apy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w14si95890plq.262.2019.03.19.14.43.27; Tue, 19 Mar 2019 14:43:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=TykP1apy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727116AbfCSVmu (ORCPT + 99 others); Tue, 19 Mar 2019 17:42:50 -0400 Received: from mta-p5.oit.umn.edu ([134.84.196.205]:42792 "EHLO mta-p5.oit.umn.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726823AbfCSVmt (ORCPT ); Tue, 19 Mar 2019 17:42:49 -0400 Received: from localhost (unknown [127.0.0.1]) by mta-p5.oit.umn.edu (Postfix) with ESMTP id 4FF2ACDE for ; Tue, 19 Mar 2019 21:42:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at umn.edu Received: from mta-p5.oit.umn.edu ([127.0.0.1]) by localhost (mta-p5.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wgVUtEURjOz2 for ; Tue, 19 Mar 2019 16:42:48 -0500 (CDT) Received: from mail-io1-f69.google.com (mail-io1-f69.google.com [209.85.166.69]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p5.oit.umn.edu (Postfix) with ESMTPS id 1F63FCAF for ; Tue, 19 Mar 2019 16:42:48 -0500 (CDT) Received: by mail-io1-f69.google.com with SMTP id k5so132838ioh.13 for ; Tue, 19 Mar 2019 14:42:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=from:to:cc:subject:date:message-id; bh=V5vdRUOMTzyVp4ECrS0AB5gyBJ7sCUPHuwXXx+dSqDo=; b=TykP1apyox9zAtmDdTXPECynaDG5eASTOCQTnvnSFH6sPpbdsE4VhBervN1poV2UQm o115hKiwpoeExx/hYRK6h3Bg8E+B37B3F1Nhz7bXUYRIOreO+Q6DP2C7BqBWSDdPKevj 248qKO0L4zxnpsj92yBC3l0ILr6pdJqaudvNq39pi8nTTQH3qeag1PFE2NoclaRUfbcK GoNnNRnk+31aITJHWo++7igvE/E0PHZCBM6ckmNxmWniXBiLn7XRedFQ/E9OOVZZwMrT rH3Zg1YSFuuL+52Ad3tnYnUEPdlaSo7UkSPImbQ2FViGDuP0dK7+96Pzv+50Dy1/Xn8v Hntg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=V5vdRUOMTzyVp4ECrS0AB5gyBJ7sCUPHuwXXx+dSqDo=; b=OG2MuCYb58XuZipa3OJbfdDmExlroU8mlLpE29T1PEWMDNN//zpo7bBzVdprUpU0Ic fm+2ftB+KUx6B2z4GEthEI1CceGJFdCl1CIBAEhSdLDApxqoe9vIS8T/91wf00v6Bcvo trGIekNiYU+f2pI1pNvSGIYFoslxHt/DX0+krJrHI3ZWW30jwEt8wAzGIbrUEJsLfZsJ WzNtjqGGgci2Qefk9Si7jIQKPwCmWdTsqY3q5cHE0J0uJO9Ukx8NK99ah6d6QU132N5a noZ971lHSCmvtHRTMjlXKSnDZ50+tMZukbpboe2K5LzbB2lkoRvQAtwOUBl2TaQslWey vmYQ== X-Gm-Message-State: APjAAAVIIq1ykW/HLP34RLUAaOKxC49XeNRMD/dinonzmNmVkmUST9cs m/B390BNW6k4Q3Dt16dnoji/uabYsHC8oe1Jds69tFPJgl640XO+uX/Ty/ssJinAZ3IHDRxEFiQ C5nMgPr1r4kQAdcmH+uoDPeh0Wl5z X-Received: by 2002:a24:7908:: with SMTP id z8mr3012329itc.16.1553031767786; Tue, 19 Mar 2019 14:42:47 -0700 (PDT) X-Received: by 2002:a24:7908:: with SMTP id z8mr3012318itc.16.1553031767566; Tue, 19 Mar 2019 14:42:47 -0700 (PDT) Received: from cs-u-syssec1.dtc.umn.edu (cs-u-syssec1.cs.umn.edu. [128.101.106.66]) by smtp.gmail.com with ESMTPSA id i14sm132892itc.34.2019.03.19.14.42.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 19 Mar 2019 14:42:46 -0700 (PDT) From: Aditya Pakki To: pakki001@umn.edu Cc: kjlu@umn.edu, Boris Pismenny , Saeed Mahameed , Leon Romanovsky , "David S. Miller" , Ilya Lesokhin , Wei Yongjun , netdev@vger.kernel.org, linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4] net: mlx5: Add a missing check on idr_find, free buf Date: Tue, 19 Mar 2019 16:42:40 -0500 Message-Id: <20190319214244.20212-1-pakki001@umn.edu> X-Mailer: git-send-email 2.17.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org idr_find() can return a NULL value to 'flow' which is used without a check. The patch adds a check to avoid potential NULL pointer dereference. In case of mlx5_fpga_sbu_conn_sendmsg() failure, free buf allocated using kzalloc. Fixes: ab412e1dd7db ("net/mlx5: Accel, add TLS rx offload routines") --- v3: Reorder buf allocations and flow check. v2: failure to return in case of flow failure. v1: Failed to free buf in case of flow failure. Signed-off-by: Aditya Pakki --- drivers/net/ethernet/mellanox/mlx5/core/fpga/tls.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fpga/tls.c b/drivers/net/ethernet/mellanox/mlx5/core/fpga/tls.c index 5cf5f2a9d51f..8de64e88c670 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/fpga/tls.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/fpga/tls.c @@ -217,15 +217,21 @@ int mlx5_fpga_tls_resync_rx(struct mlx5_core_dev *mdev, u32 handle, u32 seq, void *cmd; int ret; + rcu_read_lock(); + flow = idr_find(&mdev->fpga->tls->rx_idr, ntohl(handle)); + rcu_read_unlock(); + + if (!flow) { + WARN_ONCE(1, "Received NULL pointer for handle\n"); + return -EINVAL; + } + buf = kzalloc(size, GFP_ATOMIC); if (!buf) return -ENOMEM; cmd = (buf + 1); - rcu_read_lock(); - flow = idr_find(&mdev->fpga->tls->rx_idr, ntohl(handle)); - rcu_read_unlock(); mlx5_fpga_tls_flow_to_cmd(flow, cmd); MLX5_SET(tls_cmd, cmd, swid, ntohl(handle)); @@ -238,6 +244,8 @@ int mlx5_fpga_tls_resync_rx(struct mlx5_core_dev *mdev, u32 handle, u32 seq, buf->complete = mlx_tls_kfree_complete; ret = mlx5_fpga_sbu_conn_sendmsg(mdev->fpga->tls->conn, buf); + if (ret < 0) + kfree(buf); return ret; } -- 2.17.1