Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp1612434ybi; Sat, 27 Jul 2019 14:00:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqzER6PjVh3uc64mxs5Hj5lWsSxjiaa31oFpyBogkCvGlkYK6LNfc4JsiVThMHFPSOYA7hre X-Received: by 2002:a17:90a:cf8f:: with SMTP id i15mr52701208pju.110.1564261218364; Sat, 27 Jul 2019 14:00:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564261218; cv=none; d=google.com; s=arc-20160816; b=Zrj1lrKW8FAFjfBnQqVPYdWasL14BwsbzWqrCfe+pgo+xXNxmwZpFjsxyeTqVBGEdx 4pKMpwQdoAEV9Q7Zjk8/yP83Guh6WCSqcDKmO/+Q5MaXNybeeC2KLnbzTlT6L7EZ7c3P KWPMB66wCOge3lpUBntNsiaouCdE8rY3NI6Qj9t7cMWZxhpPDPqPZHu4kDIzdZ/R0BKe KKDl7mEVlq4iHqIDifJ3WqXSD8apIB3+q+ZD9UUN2cPTICY/AqwTtswfF9sbhRzZWM+2 lWdWIJ6GboepqjpYuoQrF6mqSrPiXtTNBNxNtpWSdw0fVC94gvWaWlr62JVR2/E+8AJo gXNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date; bh=1L7p3TQaFe9UqY2JSeCVfoOgsIm5ptx6s3eJtdyebnU=; b=Ys+H4o+Rskf2FKvatM0Sor1urZlIS3izWRAkrBDaE5X1Zt+ad3qwMRsoQ6K3OtUgm0 H5eP+OZyx0ks8zQwebvedBwz7JNlKortaqHe1EltZGMKI2MTp1bBAq7kE7Gc49m79Uhu /ZCkX5glkLam+vy2V1GPHRcjDQ7x/jlPBD7+/ZJydhWuxC39cix/VxK6fagcXm7KurIq 4cE3XOt8IPSnPHz03nEo+p4Kwd9deGxiLuZ0m7kQZsgMhCpRSNtie/BAtK5uX+oeknWr Uf/QS8DxCPL3ppeXWIXgVy1Ky1ylW7xUzawCwq/GIljDYfd0aM4J+pFoSb7qLbvtS4X+ y2Mg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f4si22979794pgg.334.2019.07.27.14.00.02; Sat, 27 Jul 2019 14:00:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388319AbfG0U62 (ORCPT + 99 others); Sat, 27 Jul 2019 16:58:28 -0400 Received: from shards.monkeyblade.net ([23.128.96.9]:40156 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388150AbfG0U61 (ORCPT ); Sat, 27 Jul 2019 16:58:27 -0400 Received: from localhost (unknown [IPv6:2601:601:9f80:35cd::d71]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id E6DC41534D217; Sat, 27 Jul 2019 13:58:26 -0700 (PDT) Date: Sat, 27 Jul 2019 13:58:26 -0700 (PDT) Message-Id: <20190727.135826.2041392966126684368.davem@davemloft.net> To: baijiaju1990@gmail.com Cc: santosh.shilimkar@oracle.com, netdev@vger.kernel.org, linux-rdma@vger.kernel.org, rds-devel@oss.oracle.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH] net: rds: Fix possible null-pointer dereferences in rds_rdma_cm_event_handler_cmn() From: David Miller In-Reply-To: <20190726141705.9585-1-baijiaju1990@gmail.com> References: <20190726141705.9585-1-baijiaju1990@gmail.com> X-Mailer: Mew version 6.8 on Emacs 26.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Sat, 27 Jul 2019 13:58:27 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jia-Ju Bai Date: Fri, 26 Jul 2019 22:17:05 +0800 > In rds_rdma_cm_event_handler_cmn(), there are some if statements to > check whether conn is NULL, such as on lines 65, 96 and 112. > But conn is not checked before being used on line 108: > trans->cm_connect_complete(conn, event); > and on lines 140-143: > rdsdebug("DISCONNECT event - dropping connection " > "%pI6c->%pI6c\n", &conn->c_laddr, > &conn->c_faddr); > rds_conn_drop(conn); > > Thus, possible null-pointer dereferences may occur. > > To fix these bugs, conn is checked before being used. > > These bugs are found by a static analysis tool STCheck written by us. > > Signed-off-by: Jia-Ju Bai Applied.