On Mon, Feb 20, 2017 at 11:23:41PM -0700, Shaobo wrote: > Dear developers, > > My name is Shaobo He and I am a graduate student at University of > Utah. I am applying a static analysis tool to the Linux device > drivers and got an error trace of null pointer dereference in > drivers/infiniband/core starting from function `ucma_accept`: it > calls `rdma_accept` with the second argument being NULL. In > `rdma_accept`, `cma_accept_iw` is called with the second argument > also being NULL. Then in `cma_accept_iw`, `cma_modify_qp_rtr` can > return 0 if `id_priv->id.qp` is NULL, which can be suggested by an > if statement in `rdma_accept`. Finally, the second argument > `conn_param` of `cma_accept_iw` gets dereferenced. As you can see, > the error trace is only plausible since it depends on certain > conditions. Therefore, I was wondering if you could confirm it. > > Thanks for your time. I am looking forward to your reply. Suggesting to prepare a patch and ask for review. I believe the issue will get faster attention this way. > > Best, > Shaobo > -- > To unsubscribe from this list: send the line "unsubscribe linux-rdma" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
