On Mon, Dec 07, 2020 at 04:03:06PM -0400, Jason Gunthorpe wrote:
> On Thu, Dec 03, 2020 at 09:08:07PM +0200, Leon Romanovsky wrote:
> > From: Maor Gottlieb <maorg@xxxxxxxxxx>
> >
> > Currently, DM MR registration flow doesn't set the mlx5_ib_dev
> > pointer and can cause NULL pointer dereference.
> > Fix it by assign the IB device together with the other fields and
> > remove unessecary reference of mlx5_ib_dev from mlx5_ib_mr.
> >
> > Fixes: 6c29f57ea475 ("IB/mlx5: Device memory mr registration support")
> > Signed-off-by: Maor Gottlieb <maorg@xxxxxxxxxx>
> > Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxx>
> > ---
> > drivers/infiniband/hw/mlx5/mlx5_ib.h | 6 +++-
> > drivers/infiniband/hw/mlx5/mr.c | 17 ++++++------
> > drivers/infiniband/hw/mlx5/odp.c | 40 ++++++++++++++-------------
> > drivers/infiniband/hw/mlx5/restrack.c | 2 +-
> > 4 files changed, 35 insertions(+), 30 deletions(-)
>
> This really should be backported, an unconditional user triggerable
> null pointer deref is clearly cc: stable stuff. I've added that.
>
> This has all kinds of conflicts with the current rc branch so I'm
> putting it in for-next, someone will have to make the backport
Thanks, this is why I sent it to the -next branch.
>
> Jason
