On Thu, Dec 26, 2019 at 10:52:52AM +0800, xiyuyang19@xxxxxxxxxxxx wrote:
> From: Xiyu Yang <xiyuyang19@xxxxxxxxxxxx>
>
> in_dev_get may return a NULL object. The fix handles the situation
> by adding a check to avoid NULL pointer dereference on idev,
> as pick_local_ipaddrs does.
>
> Signed-off-by: Xiyu Yang <xiyuyang19@xxxxxxxxxxxx>
> Signed-off-by: Xin Tan <tanxin.ctf@xxxxxxxxx>
> ---
> drivers/infiniband/hw/i40iw/i40iw_main.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/infiniband/hw/i40iw/i40iw_main.c b/drivers/infiniband/hw/i40iw/i40iw_main.c
> index d44cf33d..18587cc 100644
> --- a/drivers/infiniband/hw/i40iw/i40iw_main.c
> +++ b/drivers/infiniband/hw/i40iw/i40iw_main.c
> @@ -1225,6 +1225,8 @@ static void i40iw_add_ipv4_addr(struct i40iw_device *iwdev)
> const struct in_ifaddr *ifa;
>
> idev = in_dev_get(dev);
> + if (!idev)
> + return;
1. You forgot to release rtnl lock.
2. The rtnl_trylock()/rtnl_unlock() scheme is wrong in this function.
That lock is global and any devices can take it and prevent from i40iw
to success in rtnl_trylock(), after that in_dev_for_each_ifa_rtnl() will
be incorrect.
> in_dev_for_each_ifa_rtnl(ifa, idev) {
> i40iw_debug(&iwdev->sc_dev, I40IW_DEBUG_CM,
> "IP=%pI4, vlan_id=%d, MAC=%pM\n", &ifa->ifa_address,
> --
> 2.7.4
>
