Received: by 2002:ab2:3350:0:b0:1f4:6588:b3a7 with SMTP id o16csp1858248lqe;
        Tue, 9 Apr 2024 02:30:44 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCXYinsq4pdKNoqc4ST6EQZBOLQln+nywLny+G/npqzMNRI0goR2xGEkqf06d0qjoBMoAcd43yf6E0qK5PBYOXKz5PXY9N6/r43SxzeHgQ==
X-Google-Smtp-Source: AGHT+IF+NvCBz67Zn0W/3DyIHtJexW9thV/aZXOm9b6GOTBzSGavY2pK51m9pGNhZsGTmWoOms/y
X-Received: by 2002:a17:902:e882:b0:1e3:e1d5:c680 with SMTP id w2-20020a170902e88200b001e3e1d5c680mr10381418plg.63.1712655044144;
        Tue, 09 Apr 2024 02:30:44 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1712655044; cv=pass;
        d=google.com; s=arc-20160816;
        b=k4TLCYPyRoHWJOw/ozT4WL6+h2NtP7kK4BAcZOcaUIeY6K6k+JOy7GqML5xBAg/f6N
         oGdBlhX/7kIwCY/NI7DoitKYkGRQazeJlAWanm9B1qeAHcAohqYIXS/DsdTkSt/DDe6A
         ryFTRbw7tgieyOsK96zq7VJ23vfz1Mvy/CLtBttd4ikK/Wkp1AUpMMhY/eVmMv+B9/rg
         Mae5bIy5j9VMqUsHMAbNqwJuZTfSW00kBvttvCz+jT0Nhbm8ZUiE61/1gExzftMArdKe
         16GLp1xk/heCzjDVC0jihACRrKMJJD91ChmOgErL8aU3BpkkKjkr3Z4ZT397c52OylHL
         JsIw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=8qJB+aLMW39LAWzgtsVmgeu043DNuvOaAVZlVet2IHU=;
        fh=LbEbcIkfYzg+YYp/hadI8epZNbpgmZb/HNXn4/5bqUI=;
        b=oeUqLU1Sy+n4DHzaZ9PWyy7dmj6wrXZFVD2h3dvQEvLKHx2i+7KEEZyOxXI3noHcFp
         5Z3ac2pK0GZhPvHFzSAKlwxLYkpiq9OPIgsD6wlfH4Kc7088G6P6hxUpo7NwQbTtmANl
         D2zMLxsS0sOIGob59Dmphrh+m5s4he5A/YkzndwSLqgCI8tSKv4xcGKbUYKG49TQ/TQi
         ai1wGoRiY7wkMhLKI36UKxjmvtyy/BggSHjpVV+DWgmJvhl8GBxT2TNWKkEb4abtilrq
         REa6zBECOWebUgdAoDx0mFOaXN222gt7J6+rCqDvw4e+e4fwt5GI1Myc5j21FkNDgKEZ
         uCJw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=MnuVt8sZ;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-136563-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-136563-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-136563-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1])
        by mx.google.com with ESMTPS id i10-20020a170902cf0a00b001e48565b415si1774312plg.373.2024.04.09.02.30.43
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 Apr 2024 02:30:44 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-136563-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=MnuVt8sZ;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-136563-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-136563-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 4434BB23AED
	for <linux.lists.archive@gmail.com>; Tue,  9 Apr 2024 09:27:48 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 6F5217EF02;
	Tue,  9 Apr 2024 09:26:06 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="MnuVt8sZ"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8D01E7F7EE;
	Tue,  9 Apr 2024 09:26:05 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1712654765; cv=none; b=sSs+WkXYyk0pau8Cj9edSn3TCTHfSb2ZbDrfbvzLLbZXGQFyk+IpN96GvnpqLEKV0Oskstz0nVYwbFFm7e6ReN+Qrt/AGfWPAak82bSDVTiTDMOXr2wHGuqcVgnluuqCphyv0I0Lcp8Yi/B+S4HwtMsSA3tEDfR3dCFHvNqhlOQ=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1712654765; c=relaxed/simple;
	bh=bgcIIjJjQFMe0flCyT/HZgtC54nQJKBb0Lkxfw4i+C8=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=LHuJEyqFCXTnhuI5EL2lWnDggaVIxR65Ru4HJNTCmDRs0XXmhMPgf7uwGJSZWkaOhKUpgcBNysiMR/gpYee90kib3fkBAzhSBuRhgmyWAxYkwmhplyUB0rD/DyYEqyNPzw9Y4VNHE5QDBLrZVFL1HNQYo9ANF5S57b9wSCrDcRs=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=MnuVt8sZ; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id A374EC433C7;
	Tue,  9 Apr 2024 09:26:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1712654765;
	bh=bgcIIjJjQFMe0flCyT/HZgtC54nQJKBb0Lkxfw4i+C8=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=MnuVt8sZEIN4xRBsPy63HgFIKhaFZC5kAA64dqeQKsa7mzOkESgc+4CNL+iG9T5Go
	 CNVcWDGolZOUQ1xerW6bdmcF43wxJBZ3K1KeVHS43PFtH9QeJHLkqgkF5Xmtwtchnx
	 XwhS/H8KiyLWoHmWKNg7/3eACpY9Z0evJue1Oz+z7fKqyZZrWd9k3SYCfEbiCL7pbp
	 yCErnJ8g/xYtCK/KlXkCVS6yEFYiI2mRSZxcHruFDEqC8+Hy7Y0HqCCTJKqLaVsI1w
	 AGXlpMvimqRbz9U7fZ00oBx0ILykEzy8dwjaaq8756pFLI7OIndRqiT/lN2QbpeI1+
	 tCpzn2nYaoiTQ==
Date: Tue, 9 Apr 2024 12:26:01 +0300
From: Leon Romanovsky <leon@kernel.org>
To: Aleksandr Mishin <amishin@t-argos.ru>
Cc: Wei Xu <xuwei5@hisilicon.com>,
	Chengchang Tang <tangchengchang@huawei.com>,
	Junxian Huang <huangjunxian6@hisilicon.com>,
	Jason Gunthorpe <jgg@ziepe.ca>, Xi Wang <wangxi11@huawei.com>,
	Shengming Shu <shushengming1@huawei.com>,
	Weihang Li <liweihang@huawei.com>, linux-rdma@vger.kernel.org,
	linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org
Subject: Re: [PATCH] RDMA: hns: Fix possible null pointer dereference
Message-ID: <20240409092601.GG4195@unreal>
References: <20240409083047.15784-1-amishin@t-argos.ru>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20240409083047.15784-1-amishin@t-argos.ru>

On Tue, Apr 09, 2024 at 11:30:47AM +0300, Aleksandr Mishin wrote:
> In hns_roce_hw_v2_get_cfg() pci_match_id() may return
> NULL which is later dereferenced. Fix this bug by adding NULL check.

I don't know, this NULL can't happen in this flow.

Thanks

> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 0b567cde9d7a ("RDMA/hns: Enable RoCE on virtual functions")
> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
> ---
>  drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 13 +++++++++++--
>  1 file changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
> index ba7ae792d279..31a2093334d9 100644
> --- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
> +++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
> @@ -6754,7 +6754,7 @@ static const struct pci_device_id hns_roce_hw_v2_pci_tbl[] = {
>  
>  MODULE_DEVICE_TABLE(pci, hns_roce_hw_v2_pci_tbl);
>  
> -static void hns_roce_hw_v2_get_cfg(struct hns_roce_dev *hr_dev,
> +static int hns_roce_hw_v2_get_cfg(struct hns_roce_dev *hr_dev,
>  				  struct hnae3_handle *handle)
>  {
>  	struct hns_roce_v2_priv *priv = hr_dev->priv;
> @@ -6763,6 +6763,9 @@ static void hns_roce_hw_v2_get_cfg(struct hns_roce_dev *hr_dev,
>  
>  	hr_dev->pci_dev = handle->pdev;
>  	id = pci_match_id(hns_roce_hw_v2_pci_tbl, hr_dev->pci_dev);
> +	if (!id)
> +		return -ENXIO;
> +
>  	hr_dev->is_vf = id->driver_data;
>  	hr_dev->dev = &handle->pdev->dev;
>  	hr_dev->hw = &hns_roce_hw_v2;
> @@ -6789,6 +6792,8 @@ static void hns_roce_hw_v2_get_cfg(struct hns_roce_dev *hr_dev,
>  
>  	hr_dev->reset_cnt = handle->ae_algo->ops->ae_dev_reset_cnt(handle);
>  	priv->handle = handle;
> +
> +	return 0;
>  }
>  
>  static int __hns_roce_hw_v2_init_instance(struct hnae3_handle *handle)
> @@ -6806,7 +6811,11 @@ static int __hns_roce_hw_v2_init_instance(struct hnae3_handle *handle)
>  		goto error_failed_kzalloc;
>  	}
>  
> -	hns_roce_hw_v2_get_cfg(hr_dev, handle);
> +	ret = hns_roce_hw_v2_get_cfg(hr_dev, handle);
> +	if (ret) {
> +		dev_err(hr_dev->dev, "RoCE Engine cfg failed!\n");
> +		goto error_failed_roce_init;
> +	}
>  
>  	ret = hns_roce_init(hr_dev);
>  	if (ret) {
> -- 
> 2.30.2
>