On Thu, Dec 03, 2020 at 09:08:07PM +0200, Leon Romanovsky wrote:
> From: Maor Gottlieb <maorg@xxxxxxxxxx>
>
> Currently, DM MR registration flow doesn't set the mlx5_ib_dev
> pointer and can cause NULL pointer dereference.
> Fix it by assign the IB device together with the other fields and
> remove unessecary reference of mlx5_ib_dev from mlx5_ib_mr.
>
> Fixes: 6c29f57ea475 ("IB/mlx5: Device memory mr registration support")
> Signed-off-by: Maor Gottlieb <maorg@xxxxxxxxxx>
> Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxx>
> ---
> drivers/infiniband/hw/mlx5/mlx5_ib.h | 6 +++-
> drivers/infiniband/hw/mlx5/mr.c | 17 ++++++------
> drivers/infiniband/hw/mlx5/odp.c | 40 ++++++++++++++-------------
> drivers/infiniband/hw/mlx5/restrack.c | 2 +-
> 4 files changed, 35 insertions(+), 30 deletions(-)
This really should be backported, an unconditional user triggerable
null pointer deref is clearly cc: stable stuff. I've added that.
This has all kinds of conflicts with the current rc branch so I'm
putting it in for-next, someone will have to make the backport
Jason
