Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp2987815ybi;
        Sun, 28 Jul 2019 22:33:32 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxRNCYrUxbARiQJPnbC+09u4TvLRBRPom9IcFDEl+cb4gq0VnH9XZiHXSxWvILrlBgLMkmL
X-Received: by 2002:a17:902:9346:: with SMTP id g6mr108040682plp.61.1564378411911;
        Sun, 28 Jul 2019 22:33:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1564378411; cv=none;
        d=google.com; s=arc-20160816;
        b=t4GZffybCkLlz0UmOlNciu5JRTBTwD9Dmk0SKhkYxjIRJTvbDwbFy4ML3Pj4y153mH
         j/gcXVnRbV+tzP+mFd9wSwkNpk6eVti7fx3k/35DXhk3qTP6w7Nypt9vZTT0UkO6/USY
         1+QgOIHOdaiTqYYna0rnQkT+/hvWeTuwdj25yi25ib+PyLWlqhYTv3uqOmDbVH/kohEU
         W17Rfd0s69laa4NQl9KuCJcKtvtnGmqYKaQ0jiwY3VvGudKI7AUKowCJv+mKvE5m6YV6
         P2VFbajy+T6AGM8YdBXL/iIL8lZp8iLRbU9xl3XolMUjt35JH170wEwV7o419FlVhdXR
         smwQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-transfer-encoding:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=3H4Qq+X2h7U7AUDwFAS5XVO9Z9CyMul1Qd23T2fsMsk=;
        b=z/OPoIdWDRMvGq1MOar726OrIsLT+YIx1VlPgLdlf5ICUvNTBZHL4EDEksWR0MYZ8e
         g+n0EGXl7Lj6uwN1nbBBT/EAimo2JR83RPssDlVfCDBXMv9QbHpRH5+bEQjM7/+dwrvW
         3C6NJjmsIWoIGGsfWoD4cv3XDs/7p/lC/V9JUeVJTvKAk9Xc+6YxICGwF4NYFOnxY5se
         LoKwYJ0G97pb6jbMvPo8B080LaKEoRV9pl1JsC5dWbqqDQCjEZn3HYt1VuFzr9kjcd5M
         LP5TVATWc8oHTh5lteNks6MTFj04x9W7XieHfW6iyfDsufHHiRhw634dlPqvHxKfZRIm
         hxLQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=xeRP+kml;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n184si25737564pgn.399.2019.07.28.22.33.14;
        Sun, 28 Jul 2019 22:33:31 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=xeRP+kml;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726708AbfG2FUs (ORCPT <rfc822;parkch98@gmail.com> + 99 others);
        Mon, 29 Jul 2019 01:20:48 -0400
Received: from mail.kernel.org ([198.145.29.99]:49556 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726332AbfG2FUs (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 29 Jul 2019 01:20:48 -0400
Received: from localhost (unknown [77.137.115.125])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 615ED2070D;
        Mon, 29 Jul 2019 05:20:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1564377647;
        bh=3H4Qq+X2h7U7AUDwFAS5XVO9Z9CyMul1Qd23T2fsMsk=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=xeRP+kmlFnXNNMsvae3POjeVUJRyZct6auKZ2KdLUBCmT0cquuBKdt2ZU3Rp/NOnW
         6ax8RY110UEFQIvXDW9OmBAFC6GMoZ6aV/b8Uu4KS4UPNyM09R8P/ZkZ7Y+lQ70pYV
         yiwkeNt00ytfknpsYm6vJq0vpSbCfvu8WcJEDX7g=
Date:   Mon, 29 Jul 2019 08:20:43 +0300
From:   Leon Romanovsky <leon@kernel.org>
To:     Jia-Ju Bai <baijiaju1990@gmail.com>
Cc:     dledford@redhat.com, jgg@ziepe.ca, linux-rdma@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [BUG] infiniband: mlx5: a possible null-pointer dereference in
 set_roce_addr()
Message-ID: <20190729052043.GJ4674@mtr-leonro.mtl.com>
References: <f99031cc-795e-92bd-9310-29c669ada7dc@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <f99031cc-795e-92bd-9310-29c669ada7dc@gmail.com>
User-Agent: Mutt/1.12.0 (2019-05-25)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Jul 29, 2019 at 10:16:30AM +0800, Jia-Ju Bai wrote:
> In set_roce_addr(), there is an if statement on line 589 to check whether
> gid is NULL:
> ??? if (gid)
>
> When gid is NULL, it is used on line 613:
> ??? return mlx5_core_roce_gid_set(..., gid->raw, ...);
>
> Thus, a possible null-pointer dereference may occur.
>
> This bug is found by a static analysis tool STCheck written by us.
>
> I do not know how to correctly fix this bug, so I only report it.

You should fix the tool, gid and gid->raw are the same pointers in C.

In this case, "mlx5_core_roce_gid_set(..., gid->raw, ...);" will be
equal to "mlx5_core_roce_gid_set(..., NULL, ...);" and
mlx5_core_roce_gid_set() is designed to handle this case.

Thanks

>
>
> Best wishes,
> Jia-Ju Bai