Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp116327rdb; Mon, 18 Sep 2023 09:39:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEDbv9xmKkJVlj+10tpNdP5vxd3BzjOayXoUCMpT73CH3lttJwoxoZlNrsF2a/+Q9o9yytZ X-Received: by 2002:a92:dccc:0:b0:34b:b16d:aa38 with SMTP id b12-20020a92dccc000000b0034bb16daa38mr10659605ilr.29.1695055168055; Mon, 18 Sep 2023 09:39:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695055168; cv=none; d=google.com; s=arc-20160816; b=OSfA7joar99F6TZ6GOV7JZBsH8fTVOlNNMRq8OE8LBotnGUxpLvqM3kVMO1DuP+zoN cTScJ6q4wILD1UZl2P1bqDWqjROoxp8UrAMVnEBy5LifLLqle5biZBd7N4SWVwMnu5uH pnKAJZa0mH7DXSPVzb6zf9PBb+QsgdF3d6/Ie5hSxThiFHbDI6lBjz9MLIiHFEZ31XcP ZuO8BGIu7LNDYb73Lh1iCM6Ti02CL8e8pOhjFqM5GMZxWNGVvZFAZs9Un/MYSxX3zEzJ HKVrLyv4CcrepVxBJZrHyKRSAxiP66tZdd1Nz/NFZQFeXuNOqu3hSWGRmITiyZ4/1aEL RY0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=IytEPXRcUnxP4uaX+mZLwtKkUxhmioWlAp7uSdhnqs8=; fh=Cg6VkJunOXCGlz4Bh2WBikHvCfmyACRCN7rAZRfbiGo=; b=U26cN3OkhImvB5kFHLS9GsIjwROsFNnGbHndMTeKjPJYP2nDIQz+5JK6ynbqb0O6d/ nstuEmHRFBXLM8RiP7A2zGRLnDnel0HHEBj8N+T6SbboAmtKcUXsdLBajeP52pAE0P+0 Xy0H3WXoeU9/d2/dClimnI26bLe6P3jTIj0xxW4rLj406yRQEBJ4GHvoyNNXKyNA3F+y zr8N+UkWd+O/53IxumM/xeyWhDGLwYmGNLLkn7SZJkG2w2Tb8bNG8W9Pu5trGYroNbv8 ANLMHaz/pqDtf87XI5JsDO7/9ZuFsdcoDNtT9kuQS6CUyGqpaMtPnjd8K6llZ7JIEz/o dETw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=red-soft.ru Return-Path: Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id y190-20020a638ac7000000b00577a9ed62e7si8276746pgd.405.2023.09.18.09.39.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Sep 2023 09:39:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=red-soft.ru Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id BEB85801CEE0; Mon, 18 Sep 2023 09:29:34 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229865AbjIRQ32 (ORCPT + 99 others); Mon, 18 Sep 2023 12:29:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40912 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230107AbjIRQ3G (ORCPT ); Mon, 18 Sep 2023 12:29:06 -0400 Received: from gw.red-soft.ru (red-soft.ru [188.246.186.2]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 99651449D; Mon, 18 Sep 2023 09:25:51 -0700 (PDT) Received: from localhost.biz (unknown [10.81.81.211]) by gw.red-soft.ru (Postfix) with ESMTPA id 5C95F3E19AE; Mon, 18 Sep 2023 16:56:28 +0300 (MSK) From: Artem Chernyshev To: Santosh Shilimkar Cc: Artem Chernyshev , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , netdev@vger.kernel.org, linux-rdma@vger.kernel.org, rds-devel@oss.oracle.com, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org Subject: [PATCH] net: rds: Fix possible NULL-pointer dereference Date: Mon, 18 Sep 2023 16:56:23 +0300 Message-Id: <20230918135623.630654-1-artem.chernyshev@red-soft.ru> X-Mailer: git-send-email 2.37.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-KLMS-Rule-ID: 1 X-KLMS-Message-Action: clean X-KLMS-AntiSpam-Lua-Profiles: 179930 [Sep 18 2023] X-KLMS-AntiSpam-Version: 5.9.59.0 X-KLMS-AntiSpam-Envelope-From: artem.chernyshev@red-soft.ru X-KLMS-AntiSpam-Rate: 0 X-KLMS-AntiSpam-Status: not_detected X-KLMS-AntiSpam-Method: none X-KLMS-AntiSpam-Auth: dkim=none X-KLMS-AntiSpam-Info: LuaCore: 530 530 ecb1547b3f72d1df4c71c0b60e67ba6b4aea5432, {Tracking_from_domain_doesnt_match_to}, d41d8cd98f00b204e9800998ecf8427e.com:7.1.1;red-soft.ru:7.1.1;localhost.biz:7.1.1;127.0.0.199:7.1.2, FromAlignment: s X-MS-Exchange-Organization-SCL: -1 X-KLMS-AntiSpam-Interceptor-Info: scan successful X-KLMS-AntiPhishing: Clean, bases: 2023/09/18 10:00:00 X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2023/09/18 03:27:00 #21914376 X-KLMS-AntiVirus-Status: Clean, skipped X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Mon, 18 Sep 2023 09:29:34 -0700 (PDT) In rds_rdma_cm_event_handler_cmn() check, if conn pointer exists before dereferencing it as rdma_set_service_type() argument Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: fd261ce6a30e ("rds: rdma: update rdma transport for tos") Signed-off-by: Artem Chernyshev --- net/rds/rdma_transport.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/net/rds/rdma_transport.c b/net/rds/rdma_transport.c index d36f3f6b4351..b506d9bd215c 100644 --- a/net/rds/rdma_transport.c +++ b/net/rds/rdma_transport.c @@ -86,11 +86,13 @@ static int rds_rdma_cm_event_handler_cmn(struct rdma_cm_id *cm_id, break; case RDMA_CM_EVENT_ADDR_RESOLVED: - rdma_set_service_type(cm_id, conn->c_tos); - rdma_set_min_rnr_timer(cm_id, IB_RNR_TIMER_000_32); - /* XXX do we need to clean up if this fails? */ - ret = rdma_resolve_route(cm_id, - RDS_RDMA_RESOLVE_TIMEOUT_MS); + if (conn) { + rdma_set_service_type(cm_id, conn->c_tos); + rdma_set_min_rnr_timer(cm_id, IB_RNR_TIMER_000_32); + /* XXX do we need to clean up if this fails? */ + ret = rdma_resolve_route(cm_id, + RDS_RDMA_RESOLVE_TIMEOUT_MS); + } break; case RDMA_CM_EVENT_ROUTE_RESOLVED: -- 2.37.3