On Sun, 2017-08-06 at 11:08 +0300, Matan Barak wrote:
> On Tue, Aug 1, 2017 at 8:28 AM, Potnuri Bharat Teja <bharat@chelsio.c
> om> wrote:
> > Initializing cq_context with ev_queue in create_cq(), leads to NULL
> > pointer
> > dereference in ib_uverbs_comp_handler(), if application doesnot use
> > completion
> > channel. This patch fixes the cq_context initialization.
> >
> > Fixes: 1e7710f3f65 ("IB/core: Change completion channel to use the
> > reworked")
> > Signed-off-by: Potnuri Bharat Teja <bharat@xxxxxxxxxxx>
> > ---
> > drivers/infiniband/core/uverbs_cmd.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/infiniband/core/uverbs_cmd.c
> > b/drivers/infiniband/core/uverbs_cmd.c
> > index 2c98533a0203..8c829522d8c4 100644
> > --- a/drivers/infiniband/core/uverbs_cmd.c
> > +++ b/drivers/infiniband/core/uverbs_cmd.c
> > @@ -1015,7 +1015,8 @@ static struct ib_ucq_object *create_cq(struct
> > ib_uverbs_file *file,
> > cq->uobject = &obj->uobject;
> > cq->comp_handler = ib_uverbs_comp_handler;
> > cq->event_handler = ib_uverbs_cq_event_handler;
> > - cq->cq_context = &ev_file->ev_queue;
> > + cq->cq_context = (cmd->comp_channel >= 0) ?
> > + &ev_file->ev_queue : NULL;
> > atomic_set(&cq->usecnt, 0);
> >
> > obj->uobject.object = cq;
> > --
> > 2.5.3
> >
>
> Nice catch, thanks.
> I would prefer:
> cq->cq_context = ev_file ? &ev_file->ev_queue : NULL;
>
> However, this fix is fine too.
>
> Reviewed-by: Matan Barak <matanb@xxxxxxxxxxxx>
I agree, I like your solution better. Patch fixed up and applied.
--
Doug Ledford <dledford@xxxxxxxxxx>
GPG KeyID: B826A3330E572FDD
Key fingerprint = AE6B 1BDA 122B 23B4 265B 1274 B826 A333 0E57 2FDD
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
