On Fri, 08 Sep 2023 14:05:59 +0800, Cheng Xu wrote:
> Fix the crash of regmr_cmd called by erdma_ib_alloc_mr. The reason is
> that mr->mem.mtt is not initialized but it is accessed in regmr_cmd.
>
> The call trace information:
>
> BUG: kernel NULL pointer dereference, address: 0000000000000000
> <...>
> RIP: 0010:regmr_cmd+0x170/0x1c0 [erdma]
> <...>
> Call Trace:
> ? __die+0x20/0x70
> ? page_fault_oops+0x66/0x150
> ? do_user_addr_fault+0x61/0x660
> ? exc_page_fault+0x65/0x140
> ? asm_exc_page_fault+0x22/0x30
> ? regmr_cmd+0x170/0x1c0 [erdma]
> ? preempt_count_add+0x70/0xa0
> ? _raw_spin_lock_irqsave+0x19/0x50
> ? _raw_spin_unlock_irqrestore+0x1b/0x40
> ? erdma_alloc_idx+0x51/0x90 [erdma]
> erdma_get_dma_mr+0xa3/0x120 [erdma]
> __ib_alloc_pd+0xeb/0x1c0 [ib_core]
>
> [...]
Applied, thanks!
[1/1] RDMA/erdma: Fix NULL pointer access in regmr_cmd
https://git.kernel.org/rdma/rdma/c/b2abdffb505f7e
Best regards,
--
Leon Romanovsky <leon@xxxxxxxxxx>
