Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Jul 2018 09:15:51 +0000 (UTC)
From:      Hans Petter Selasky <hselasky@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r336375 - head/sys/ofed/drivers/infiniband/core
Message-ID:  <201807170915.w6H9FpaT013320@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: hselasky
Date: Tue Jul 17 09:15:50 2018
New Revision: 336375
URL: https://svnweb.freebsd.org/changeset/base/336375

Log:
  Fix access to non-initialized CM_ID object in ibcore.
  
  The attempt to join multicast group without ensuring that CMA device
  exists will lead to the following crash reported by syzkaller.
  
  Linux commit:
  7688f2c3bbf55e52388e37ac5d63ca471a7712e1
  
  MFC after:		1 week
  Sponsored by:		Mellanox Technologies

Modified:
  head/sys/ofed/drivers/infiniband/core/ib_cma.c

Modified: head/sys/ofed/drivers/infiniband/core/ib_cma.c
==============================================================================
--- head/sys/ofed/drivers/infiniband/core/ib_cma.c	Tue Jul 17 09:14:20 2018	(r336374)
+++ head/sys/ofed/drivers/infiniband/core/ib_cma.c	Tue Jul 17 09:15:50 2018	(r336375)
@@ -4064,6 +4064,9 @@ int rdma_join_multicast(struct rdma_cm_id *id, struct 
 	struct cma_multicast *mc;
 	int ret;
 
+	if (!id->device)
+		return -EINVAL;
+
 	id_priv = container_of(id, struct rdma_id_private, id);
 	if (!cma_comp(id_priv, RDMA_CM_ADDR_BOUND) &&
 	    !cma_comp(id_priv, RDMA_CM_ADDR_RESOLVED))

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807170915.w6H9FpaT013320>