From: Steve Best <sbest@redhat.com> Date: Tue, 9 Mar 2010 14:27:01 -0500 Subject: [infiniband] ehca: require in_wc in process_mad Message-id: <20100309141907.29301.80876.sendpatchset@squad5-lp1.lab.bos.redhat.com> Patchwork-id: 23523 O-Subject: [PATCH RHEL5.6 BZ571517] IB/ehca: Require in_wc in process_mad() Bugzilla: 571517 RH-Acked-by: Doug Ledford <dledford@redhat.com> RH-Acked-by: David Howells <dhowells@redhat.com> RH-Acked-by: Stefan Assmann <sassmann@redhat.com> RHBZ#: ====== https://bugzilla.redhat.com/show_bug.cgi?id=571517 Description: ============ If the caller does not pass a valid in_wc to process_mad(), return Management Datagram (MAD) failure status, as it is not possible to generate a valid MAD redirect response (and redirects are the only MAD responses ehca generates). RHEL Version Found: =================== RHEL 5.5 kABI Status: ============ No symbols were harmed. Brew: ===== http://brewweb.devel.redhat.com/brew/taskinfo?taskID=2307500 Upstream Status: ================ Back ported of patch located here http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=45e354e3f235ecb51e16576d6668c43cddbb6e68 Signed-off-by: Alexander Schmidt <alexs@linux.vnet.ibm.com> Signed-off-by: Roland Dreier <rolandd@cisco.com> Test Status: ============ Tested by IBM test team. When reading performance counter values from eHCA IB devices in sysfs, the process_mad() function in the ehca driver causes a kernel crash (NULL pointer dereference). Path to the faulty sysfs files, e.g.: /sys/devices/ibmebus/23000200.lhca/infiniband/ehca0/ports/1/counters/* Signed-off-by: Jarod Wilson <jarod@redhat.com> diff --git a/drivers/infiniband/hw/ehca/ehca_sqp.c b/drivers/infiniband/hw/ehca/ehca_sqp.c index 706d97a..7519142 100644 --- a/drivers/infiniband/hw/ehca/ehca_sqp.c +++ b/drivers/infiniband/hw/ehca/ehca_sqp.c @@ -188,7 +188,7 @@ int ehca_process_mad(struct ib_device *ibdev, int mad_flags, u8 port_num, { int ret; - if (!port_num || port_num > ibdev->phys_port_cnt) + if (!port_num || port_num > ibdev->phys_port_cnt || !in_wc) return IB_MAD_RESULT_FAILURE; /* accept only pma request */